Weekly Vulnerabilities Reports > February 2 to 8, 2004

Overview

34 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 20 high severity vulnerabilities. This weekly summary report vulnerabilities in 49 products from 32 vendors including Microsoft, IBM, Phpgroupware, Apple, and Apache. Vulnerabilities are notably categorized as "Permissions, Privileges, and Access Controls", and "Improper Input Validation".

  • 27 reported vulnerabilities are remotely exploitables.
  • 34 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 8 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

0 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS

20 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2004-02-08 CVE-2004-2087 Sandsurfer User Authentication vulnerability in Sandsurfer 1.6.5

Unknown vulnerability in SandSurfer before 1.7.0 allows remote attackers to gain access as a logged-in user.

7.5
2004-02-08 CVE-2004-1244 Microsoft Unspecified vulnerability in Microsoft Windows Media Player 9

Windows Media Player 9 allows remote attackers to execute arbitrary code via a PNG file containing large (1) width or (2) height values, aka the "PNG Processing Vulnerability."

7.5
2004-02-03 CVE-2004-1082 Apache
Apple
Avaya
HP
IBM
Openbsd
SCO
SUN
mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
7.5
2004-02-03 CVE-2004-0045 ISC Buffer Overrun vulnerability in ISC INN 2.4.0

Buffer overflow in the ARTpost function in art.c in the control message handling code for INN 2.4.0 may allow remote attackers to execute arbitrary code.

7.5
2004-02-03 CVE-2004-0044 Cisco Unspecified vulnerability in Cisco Personal Assistant 1.4(1)/1.4(2)

Cisco Personal Assistant 1.4(1) and 1.4(2) disables password authentication when "Allow Only Cisco CallManager Users" is enabled and the Corporate Directory settings refer to the directory service being used by Cisco CallManager, which allows remote attackers to gain access with a valid username.

7.5
2004-02-03 CVE-2004-0043 Yahoo Buffer Overrun Variant vulnerability in Yahoo! Messenger File Transfer

Buffer overflow in Yahoo Instant Messenger 5.6.0.1351 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long filename in the download feature.

7.5
2004-02-03 CVE-2004-0041 MOD Auth Shadow Permissions, Privileges, and Access Controls vulnerability in MOD Auth Shadow MOD Auth Shadow

The mod_auth_shadow module 1.4 and earlier does not properly enforce the expiration of a user account and password, which could allow remote authenticated users to bypass intended access restrictions.

7.5
2004-02-03 CVE-2004-0028 Samba Remote Arbitrary Command Execution vulnerability in Samba Jitterbug 1.6.2

jitterbug 1.6.2 does not properly sanitize inputs, which allows remote authenticated users to execute arbitrary commands.

7.5
2004-02-03 CVE-2004-0017 Phpgroupware Module SQL Injection vulnerability in PHPgroupware 0.9.14

Multiple SQL injection vulnerabilities in the (1) calendar and (2) infolog modules for phpgroupware 0.9.14 allow remote attackers to perform unauthorized database operations.

7.5
2004-02-03 CVE-2004-0016 Phpgroupware Unspecified vulnerability in PHPgroupware 0.9.14

The calendar module for phpgroupware 0.9.14 does not enforce the "save extension" feature for holiday files, which allows remote attackers to create and execute PHP files.

7.5
2004-02-03 CVE-2003-0902 Minimalist Unspecified vulnerability in Minimalist 2.2/2.4

Unknown vulnerability in minimalist mailing list manager 2.4, 2.2, and possibly other versions, allows remote attackers to execute arbitrary commands.

7.5
2004-02-03 CVE-2003-0823 Microsoft Unspecified vulnerability in Microsoft IE and Internet Explorer

Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027.

7.5
2004-02-03 CVE-2003-0817 Microsoft Unspecified vulnerability in Microsoft IE and Internet Explorer

Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object.

7.5
2004-02-03 CVE-2003-0816 Microsoft Unspecified vulnerability in Microsoft IE and Internet Explorer

Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability.

7.5
2004-02-03 CVE-2003-0815 Microsoft Unspecified vulnerability in Microsoft IE and Internet Explorer

Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability.

7.5
2004-02-03 CVE-2003-0814 Microsoft Unspecified vulnerability in Microsoft IE and Internet Explorer

Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability.

7.5
2004-02-03 CVE-2003-0119 IBM Unspecified vulnerability in IBM AIX 4.3.3/5.1/5.2

The secldapclntd daemon in AIX 4.3, 5.1 and 5.2 uses an Internet socket when communicating with the loadmodule, which allows remote attackers to directly connect to the daemon and conduct unauthorized activities.

7.5
2004-02-06 CVE-2004-2073 Vserver Linux-VServer 1.24 allows local users with root privileges on a virtual server to gain access to the filesystem outside the virtual server via a modified chroot-again exploit using the chmod command.
7.2
2004-02-03 CVE-2004-0015 Vbox3 Local Privilege Escalation vulnerability in VBox3 For ISDN4Linux

vbox3 0.1.8 and earlier does not properly drop privileges before executing a user-provided TCL script, which allows local users to gain privileges.

7.2
2004-02-03 CVE-2003-0994 Symantec Unspecified vulnerability in Symantec products

The GUI functionality for an interactive session in Symantec LiveUpdate 1.70.x through 1.90.x, as used in Norton Internet Security 2001 through 2004, SystemWorks 2001 through 2004, and AntiVirus and Norton AntiVirus Pro 2001 through 2004, AntiVirus for Handhelds v3.0, allows local users to gain SYSTEM privileges.

7.2

12 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2004-02-08 CVE-2004-2077 Nadeo Remote Denial of Service vulnerability in Nadeo Game Engine, Trackmania and Virtual Skipper

Nadeo Game Engine for Nadeo TrackMania and Nadeo Virtual Skipper 3 allows remote attackers to cause a denial of service (server crash) via malformed data to TCP port 2350, possibly due to long values or incorrect size fields.

5.0
2004-02-07 CVE-2004-2090 Microsoft Unspecified vulnerability in Microsoft IE and Internet Explorer

Microsoft Internet Explorer 5.0.1 through 6.0 allows remote attackers to determine the existence of arbitrary files via the VBScript LoadPicture method, which returns an error code if the file does not exist.

5.0
2004-02-06 CVE-2004-2089 Matrix Matrix FTP Server allows remote attackers to cause a denial of service (crash) by logging in using four spaces as the username and password and then issuing a LIST command.
5.0
2004-02-06 CVE-2004-2086 Sambar Buffer Overflow vulnerability in Sambar Server 6.0

Stack-based buffer overflow in results.stm for Sambar Server before the 6.0 production release allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP POST request with a long query parameter.

5.0
2004-02-03 CVE-2004-0042 Beasts Remote Security vulnerability in Beasts Vsftpd 1.1.3

vsftpd 1.1.3 generates different error messages depending on whether or not a valid username exists, which allows remote attackers to identify valid usernames.

5.0
2004-02-03 CVE-2004-0013 Jabber Software Foundation Denial of Service vulnerability in Jabber Server SSL Handling

jabber 1.4.2, 1.4.2a, and possibly earlier versions, does not properly handle SSL connections, which allows remote attackers to cause a denial of service (crash).

5.0
2004-02-03 CVE-2003-0368 Nokia Improper Input Validation vulnerability in Nokia Ggsn Release1

Nokia Gateway GPRS support node (GGSN) allows remote attackers to cause a denial of service (kernel panic) via a malformed IP packet with a 0xFF TCP option.

5.0
2004-02-03 CVE-2003-0949 Michael Bischoff Local Command Execution vulnerability in Michael Bischoff Xsok 1.02

xsok 1.02 does not properly drop privileges before finding and executing the "gunzip" program, which allows local users to execute arbitrary commands.

4.6
2004-02-03 CVE-2002-0034 Microsoft Local Security vulnerability in Microsoft Windows 2000 and Windows XP

The Microsoft CONVERT.EXE program, when used on Windows 2000 and Windows XP systems, does not apply the default NTFS permissions when converting a FAT32 file system, which could cause the conversion to produce a file system with less secure permissions than expected.

4.6
2004-02-07 CVE-2004-2084 Jshop E Commerce Cross-Site Scripting vulnerability in JShop E-Commerce Suite xSearch

Cross-site scripting (XSS) vulnerability in search.php in JShop E-Commerce Server allows remote attackers to inject arbitrary web script or HTML via the xSearch parameter.

4.3
2004-02-04 CVE-2004-2085 Brad Fears HTML Injection vulnerability in Brad Fears PHPCodeCabinet comments.php

Multiple cross-site scripting (XSS) vulnerabilities in Brad Fears phpCodeCabinet 0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via multiple parameters, including (1) the sid parameter to comments.php, (2) the cid, cf, or rfd parameters to category.php, or the cid parameter to (3) input.php, (4) browse.php, (5) themes/facade/header.php, or (6) themes/phpcc/header.php.

4.3
2004-02-03 CVE-2004-0046 Snapstream Cross-Site Scripting vulnerability in SnapStream PVS Lite

Cross-site scripting (XSS) vulnerability in SnapStream PVS LITE allows remote attackers to inject arbitrary web script or HTML via a GET request containing a terminating '"' (double quote) character.

4.3

2 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2004-02-03 CVE-2003-0175 SGI Local Denial Of Service vulnerability in SGI IRIX PIOCSWATCH

SGI IRIX before 6.5.21 allows local users to cause a denial of service (kernel panic) via a certain call to the PIOCSWATCH ioctl.

2.1
2004-02-03 CVE-2002-0712 Entrust Authorization Circumvention vulnerability in Entrust Authority Security Manager 5.0/6.0

Entrust Authority Security Manager (EASM) 6.0 does not properly require multiple master users to change the password of a master user, which could allow a master user to perform operations that require multiple authorizations.

2.1