Weekly Vulnerabilities Reports > February 16 to 22, 2004

Overview

42 new vulnerabilities reported during this period, including 2 critical vulnerabilities and 17 high severity vulnerabilities. This weekly summary report vulnerabilities in 39 products from 31 vendors including Linux, Phpgedview, LBL, Lionmax Software, and GNU. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Cross-site Scripting".

  • 36 reported vulnerabilities are remotely exploitables.
  • 1 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 41 reported vulnerabilities are exploitable by an anonymous user.
  • Linux has the most reported vulnerabilities, with 3 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

2 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2004-02-17 CVE-2003-0903 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Data Access Components

Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request.

10.0
2004-02-17 CVE-2003-0819 Microsoft Buffer Errors vulnerability in Microsoft Proxy Server 2.0

Buffer overflow in the H.323 filter of Microsoft Internet Security and Acceleration Server 2000 allows remote attackers to execute arbitrary code in the Microsoft Firewall Service via certain H.323 traffic, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.

10.0

17 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2004-02-17 CVE-2004-0073 Stoitsov Remote PHP File Include vulnerability in Stoitsov Easydynamicpages 2.0

PHP remote file inclusion vulnerability in (1) config.php and (2) config_page.php for EasyDynamicPages 2.0 allows remote attackers to execute arbitrary PHP code by modifying the edp_relative_path parameter to reference a URL on a remote web server that contains a malicious serverdata.php script.

7.5
2004-02-17 CVE-2004-0070 Visualshapers Remote Command Execution vulnerability in VisualShapers EZContents Module.PHP

PHP remote file inclusion vulnerability in module.php for ezContents allows remote attackers to execute arbitrary PHP code by modifying the link parameter to reference a URL on a remote web server that contains the code.

7.5
2004-02-17 CVE-2004-0069 HD Soft Unspecified vulnerability in HD Soft Windows FTP Server

Format string vulnerability in HD Soft Windows FTP Server 1.6 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the username, which is processed by the wscanf function.

7.5
2004-02-17 CVE-2004-0068 Phpdig NET Remote Command Execution vulnerability in PHPDig Config.PHP Include

PHP remote file inclusion vulnerability in config.php for PhpDig 1.6.5 and earlier allows remote attackers to execute arbitrary PHP code by modifying the $relative_script_path parameter to reference a URL on a remote web server that contains the code.

7.5
2004-02-17 CVE-2004-0065 Phpgedview SQL Injection vulnerability in PhpGedView Placelist.PHP

Multiple SQL injection vulnerabilities in phpGedView before 2.65 allow remote attackers to execute arbitrary SQL via (1) timeline.php and (2) placelist.php.

7.5
2004-02-17 CVE-2004-0063 Ncipher Unspecified vulnerability in Ncipher Payshield SPP Library 1.3.12/1.5.18/1.6.18

The SPP_VerifyPVV function in nCipher payShield SPP library 1.3.12, 1.5.18 and 1.6.18 returns a Status_OK value even if the HSM returns a different status code, which could cause applications to make incorrect security-critical decisions, e.g.

7.5
2004-02-17 CVE-2004-0062 Fishnet Remote Security vulnerability in FishCart

Integer overflow in the rnd arithmetic rounding function for various versions of FishCart before 3.1 allows remote attackers to "cause negative totals" via an order with a large quantity.

7.5
2004-02-17 CVE-2004-0061 Lionmax Software Security Bypass vulnerability in WWW File Share Pro

WWW File Share Pro 2.42 and earlier allows remote attackers to bypass directory access restrictions via (1) a URL with a trailing .

7.5
2004-02-17 CVE-2004-0056 Nortel Unspecified vulnerability in Nortel products

Multiple vulnerabilities in the H.323 protocol implementation for Nortel Networks Business Communications Manager (BCM), Succession 1000 IP Trunk and IP Peer Networking, and 802.11 Wireless IP Gateway allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.

7.5
2004-02-17 CVE-2004-0054 Cisco Unspecified vulnerability in Cisco IOS

Multiple vulnerabilities in the H.323 protocol implementation for Cisco IOS 11.3T through 12.2T allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.

7.5
2004-02-17 CVE-2004-0004 Openca Unspecified vulnerability in Openca

The libCheckSignature function in crypto-utils.lib for OpenCA 0.9.1.6 and earlier only compares the serial of the signer's certificate and the one in the database, which can cause OpenCA to incorrectly accept a signature if the certificate's chain is trusted by OpenCA's chain directory, allowing remote attackers to spoof requests from other users.

7.5
2004-02-17 CVE-2003-1030 Dameware Development Buffer Overflow vulnerability in Dameware Development Mini Remote Control Server 3.70.0.0/3.71.0.0/3.72.0.0

Buffer overflow in DameWare Mini Remote Control before 3.73 allows remote attackers to execute arbitrary code via a long pre-authentication request to TCP port 6129.

7.5
2004-02-17 CVE-2003-0989 Redhat Denial Of Service vulnerability in Redhat Linux and Tcpdump

tcpdump before 3.8.1 allows remote attackers to cause a denial of service (infinite loop) via certain ISAKMP packets, a different vulnerability than CVE-2004-0057.

7.5
2004-02-17 CVE-2003-0988 KDE Remote Buffer Overflow vulnerability in KDE Personal Information Management Suite VCF File

Buffer overflow in the VCF file information reader for KDE Personal Information Management (kdepim) suite in KDE 3.1.0 through 3.1.4 allows attackers to execute arbitrary code via a VCF file.

7.5
2004-02-17 CVE-2003-0966 ELM Development Group Remote Buffer Overflow vulnerability in ELM frm Command

Buffer overflow in the frm command in elm 2.5.6 and earlier, and possibly later versions, allows remote attackers to execute arbitrary code via a long Subject line.

7.5
2004-02-17 CVE-2003-0700 Redhat Remote Security vulnerability in Kernel 2.4.208/2.4.21

The C-Media PCI sound driver in Linux before 2.4.22 does not use the get_user function to access userspace in certain conditions, which crosses security boundaries and may facilitate the exploitation of vulnerabilities, a different vulnerability than CVE-2003-0699.

7.5
2004-02-17 CVE-2004-0001 Linux Unspecified vulnerability in Linux Kernel 2.6.20.1

Unknown vulnerability in the eflags checking in the 32-bit ptrace emulation for the Linux kernel on AMD64 systems allows local users to gain privileges.

7.2

19 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2004-02-17 CVE-2004-0049 Realnetworks Unspecified vulnerability in Realnetworks products

Helix Universal Server/Proxy 9 and Mobile Server 10 allow remote attackers to cause a denial of service via certain HTTP POST messages to the Administration System port.

6.8
2004-02-17 CVE-2003-0965 GNU Cross-Site Scripting vulnerability in GNU Mailman Admin Page

Cross-site scripting (XSS) vulnerability in the admin CGI script for Mailman before 2.1.4 allows remote attackers to steal session cookies and conduct unauthorized activities.

6.8
2004-02-21 CVE-2004-0466 Openconnect Unspecified vulnerability in Openconnect Webconnect 6.4.4/6.5

WebConnect 6.5, 6.4.4, and possibly earlier versions allows remote attackers to cause a denial of service (hang) via a URL containing an MS-DOS device name such as (1) AUX, (2) CON, (3) PRN, (4) COM1, or (5) LPT1.

5.0
2004-02-17 CVE-2004-0095 Mcafee Buffer Mismanagement vulnerability in Mcafee Epolicy Orchestrator 3.6.0

McAfee ePolicy Orchestrator agent allows remote attackers to cause a denial of service (memory consumption and crash) and possibly execute arbitrary code via an HTTP POST request with an invalid Content-Length value, possibly triggering a buffer overflow.

5.0
2004-02-17 CVE-2004-0072 Accipiter Remote File Disclosure vulnerability in Accipiter Direct Server 6.0

Directory traversal vulnerability in Accipiter Direct Server 6.0 allows remote attackers to read arbitrary files via encoded \..

5.0
2004-02-17 CVE-2004-0071 Information Disclosure vulnerability in Andy's PHP Projects Man Page Lookup Script

Directory traversal vulnerability in buildManPage in class.manpagelookup.php for PHP Man Page Lookup 1.2.0 allows remote attackers to read arbitrary files via the command parameter ($cmd variable) to index.php.

5.0
2004-02-17 CVE-2004-0066 Phpgedview Remote Security vulnerability in PhpGedView

phpGedView before 2.65 allows remote attackers to obtain the absolute path of the web server via malformed parameters to (1) indilist.php, (2) famlist.php, (3) placelist.php, (4) imageview.php, (5) timeline.php, (6) clippings.php, (7) login.php, and (8) gdbi.php.

5.0
2004-02-17 CVE-2004-0060 Lionmax Software Denial-Of-Service vulnerability in WWW File Share Pro

WWW File Share Pro 2.42 and earlier allows remote attackers to cause a denial of service (crash) via a large POST request.

5.0
2004-02-17 CVE-2004-0059 Lionmax Software Directory Traversal vulnerability in WWW File Share Pro

Directory traversal vulnerability in upload capability of WWW File Share Pro 2.42 and earlier allows remote attackers to overwrite arbitrary files via ..

5.0
2004-02-17 CVE-2004-0057 LBL Remote Buffer Overflow vulnerability in TCPDump ISAKMP Decoding Routines

The rawprint function in the ISAKMP decoding routines (print-isakmp.c) for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via malformed ISAKMP packets that cause invalid "len" or "loc" values to be used in a loop, a different vulnerability than CVE-2003-0989.

5.0
2004-02-17 CVE-2004-0055 LBL Denial Of Service vulnerability in TCPDump Malformed RADIUS Packet

The print_attr_string function in print-radius.c for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a RADIUS attribute with a large length value.

5.0
2004-02-17 CVE-2003-1032 PI3 Buffer Overflow vulnerability in PI3 Pi3Web 2.0.2Beta1

Pi3Web web server 2.0.2 Beta 1, when the Directory Index is configured to use the "Name" column and sort using the column title as a hyperlink, allows remote attackers to cause a denial of service (crash) via a malformed URL to the web server, possibly involving a buffer overflow.

5.0
2004-02-17 CVE-2003-1029 LBL Unspecified vulnerability in LBL Tcpdump

The L2TP protocol parser in tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (infinite loop and memory consumption) via a packet with invalid data to UDP port 1701, which causes l2tp_avp_print to use a bad length value when calling print_octets.

5.0
2004-02-16 CVE-2004-1180 SUN
Debian
Mandrakesoft
Unknown vulnerability in the rwho daemon (rwhod) before 0.17, on little endian architectures, allows remote attackers to cause a denial of service (application crash).
5.0
2004-02-17 CVE-2004-0074 Michael Bischoff Local Buffer Overrun vulnerability in Michael Bischoff Xsok 1.02

Multiple buffer overflows in xsok 1.02 allows local users to gain privileges via (1) a long LANG environment variable, or (2) a long -xsokdir command line argument, a different vulnerability than CVE-2003-0949.

4.6
2004-02-17 CVE-2004-0091 Jelsoft Unspecified vulnerability in Jelsoft Vbulletin 3.0Beta2

** DISPUTED ** NOTE: this issue has been disputed by the vendor.

4.3
2004-02-17 CVE-2004-0067 Phpgedview Cross-Site Scripting vulnerability in PHPgedview

Multiple cross-site scripting (XSS) vulnerabilities in phpGedView before 2.65 allow remote attackers to inject arbitrary HTML or web script via (1) descendancy.php, (2) index.php, (3) individual.php, (4) login.php, (5) relationship.php, (6) source.php, (7) imageview.php, (8) calendar.php, (9) gedrecord.php, (10) login.php, and (11) gdbi_interface.php.

4.3
2004-02-17 CVE-2003-1031 Jelsoft Cross-Site Scripting vulnerability in vBulletin

Cross-site scripting (XSS) vulnerability in register.php for vBulletin 3.0 Beta 2 allows remote attackers to inject arbitrary HTML or web script via optional fields such as (1) "Interests-Hobbies", (2) "Biography", or (3) "Occupation."

4.3
2004-02-17 CVE-2003-0992 GNU Unspecified vulnerability in GNU Mailman

Cross-site scripting (XSS) vulnerability in the create CGI script for Mailman before 2.1.3 allows remote attackers to steal cookies of other users.

4.3

4 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2004-02-17 CVE-2003-0924 Netpbm Unspecified vulnerability in Netpbm

netpbm 9.25 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files.

3.7
2004-02-19 CVE-2004-2136 Linux Local Security vulnerability in Linux Kernel 2.6.0

dm-crypt on Linux kernel 2.6.x, when used on certain file systems with a block size 1024 or greater, has certain "IV computation" weaknesses that allow watermarked files to be detected without decryption.

2.1
2004-02-17 CVE-2004-0064 Suse Local Insecure File Creation Symlink vulnerability in Suse Linux 9.0

The SuSEconfig.gnome-filesystem script for YaST in SuSE 9.0 allows local users to overwrite arbitrary files via a symlink attack on files within the tmp.SuSEconfig.gnome-filesystem.$RANDOM temporary directory.

2.1
2004-02-17 CVE-2004-0058 Linux Local Security vulnerability in AntiVir

Antivir / Linux 2.0.9-9, and possibly earlier versions, allows local users to overwrite arbitrary files via a symlink attack on the .pid_antivir_$$ temporary file.

2.1