Weekly Vulnerabilities Reports > March 15 to 21, 2004

Overview

39 new vulnerabilities reported during this period, including 2 critical vulnerabilities and 18 high severity vulnerabilities. This weekly summary report vulnerabilities in 48 products from 29 vendors including Apple, Warpspeed, Expinion NET, Linux, and Symantec. Vulnerabilities are notably categorized as .

  • 34 reported vulnerabilities are remotely exploitables.
  • 39 reported vulnerabilities are exploitable by an anonymous user.
  • Apple has the most reported vulnerabilities, with 5 reported vulnerabilities.
  • Apple has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

2 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2004-03-15 CVE-2004-0185 Washington University Remote Buffer Overrun vulnerability in Washington University Wu-Ftpd 2.6.2

Buffer overflow in the skey_challenge function in ftpd.c for wu-ftp daemon (wu-ftpd) 2.6.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a s/key (SKEY) request with a long name.

10.0
2004-03-15 CVE-2004-0168 Apple Unspecified vulnerability in Apple mac OS X and mac OS X Server

Unknown vulnerability in CoreFoundation for Mac OS X 10.3.2, related to "notification logging."

10.0

18 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2004-03-20 CVE-2004-1847 Expinion NET Multiple vulnerability in Expinion.net News Manager Lite

News Manager Lite 2.5 allows remote attackers to bypass authentication and gain administrator privileges by setting the ADMIN parameter in the NEWS_LOGIN cookie.

7.5
2004-03-20 CVE-2004-1846 Expinion NET Multiple vulnerability in Expinion.Net News Manager Lite 2.5

Multiple SQL injection vulnerabilities in News Manager Lite 2.5 allow remote attackers to execute arbitrary SQL code via the (1) ID parameter to more.asp, (2) ID parameter to category_news.asp, or (3) filter parameter to news_sort.asp.

7.5
2004-03-20 CVE-2004-1843 Expinion NET SQL Injection vulnerability in Expinion.net Member Management System ID Parameter

SQL injection vulnerability in Member Management System 2.1 allows remote attackers to execute arbitrary SQL via the ID parameter to (1) resend.asp or (2) news_view.asp.

7.5
2004-03-20 CVE-2004-1833 Borland Software Privilege Escalation vulnerability in Borland Interbase Database User

The admin.ib file in Borland Interbase 7.1 for Linux has default world writable permissions, which allows local users to gain database administrative privileges.

7.5
2004-03-16 CVE-2004-1826 Mambo SQL Injection vulnerability in Mambo Open Source

SQL injection vulnerability in index.php in Mambo Open Source 4.5 stable 1.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2004-03-15 CVE-2004-1821 Warpspeed Multiple vulnerability in Warpspeed 4Nalbum Module 0.92

SQL injection vulnerability in 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to gain privileges or perform unauthorized database operations via the gid parameter.

7.5
2004-03-15 CVE-2004-1820 Warpspeed Multiple vulnerability in Warpspeed 4Nalbum Module 0.92

PHP remote file inclusion vulnerability in displaycategory.php in 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to execute arbitrary PHP code by modifying the basepath parameter to reference a URL on a remote web server that contains fileFunctions.php.

7.5
2004-03-15 CVE-2004-0193 ISS Heap Overflow vulnerability in Internet Security Systems Protocol Analysis Module SMB Parsing

Heap-based buffer overflow in the ISS Protocol Analysis Module (PAM), as used in certain versions of RealSecure Network 7.0 and Server Sensor 7.0, Proventia A, G, and M Series, RealSecure Desktop 7.0 and 3.6, RealSecure Guard 3.6, RealSecure Sentry 3.6, BlackICE PC Protection 3.6, and BlackICE Server Protection 3.6, allows remote attackers to execute arbitrary code via an SMB packet containing an authentication request with a long username.

7.5
2004-03-15 CVE-2004-0190 Symantec Unspecified vulnerability in Symantec products

Symantec FireWall/VPN Appliance model 200 records a cleartext password for the password administration page, which may be cached on the administrator's local system or in a proxy, which allows attackers to steal the password and gain privileges.

7.5
2004-03-15 CVE-2004-0189 Squid Unspecified vulnerability in Squid

The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ("%00") character, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists.

7.5
2004-03-15 CVE-2004-0167 Apple Remote vulnerability in Multiple Apple Mac OS X Local And

DiskArbitration in Mac OS X 10.2.8 and 10.3.2 does not properly initialize writeable removable media.

7.5
2004-03-15 CVE-2004-0159 Samhain Labs Remote Format String vulnerability in Samhain Labs HSFTP

Format string vulnerability in hsftp 1.11 allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via file names containing format string characters that are not properly handled when executing an "ls" command.

7.5
2004-03-15 CVE-2004-0110 SGI
Xmlsoft
Remote URI Parsing Buffer Overrun vulnerability in libxml2

Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft Libxml 2 (Libxml2) 2.6.0 through 2.6.5 allow remote attackers to execute arbitrary code via a long URL.

7.5
2004-03-15 CVE-2004-0094 Xfree86 Project Buffer Overflow vulnerability in XFree86 Direct Rendering Infrastructure

Integer signedness errors in XFree86 4.1.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code when using the GLX extension and Direct Rendering Infrastructure (DRI).

7.5
2004-03-15 CVE-2004-0093 Xfree86 Project Buffer Overflow vulnerability in XFree86 Direct Rendering Infrastructure

XFree86 4.1.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an out-of-bounds array index when using the GLX extension and Direct Rendering Infrastructure (DRI).

7.5
2004-03-15 CVE-2004-0188 Calife Unspecified vulnerability in Calife 2.8.4C/2.8.5

Heap-based buffer overflow in Calife 2.8.5 and earlier may allow local users to execute arbitrary code via a long password.

7.2
2004-03-15 CVE-2004-0186 Samba
Linux
Local Privilege Elevation vulnerability in Linux Kernel Samba Share

smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid, allows local users to gain root privileges by mounting a Samba share that contains a setuid root program, whose setuid attributes are not cleared when the share is mounted.

7.2
2004-03-15 CVE-2004-0172 Juan Cespedes Local Command Line Parameter Heap Overflow vulnerability in Juan Cespedes Ltrace 0.3.10

Heap-based buffer overflow in the search_for_command function of ltrace 0.3.10, if it is installed setuid, could allow local users to execute arbitrary code via a long filename.

7.2

17 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2004-03-15 CVE-2004-1818 Warpspeed Multiple vulnerability in WarpSpeed 4nAlbum Module For PHPNuke

Cross-site scripting (XSS) vulnerability in nmimage.php in 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to execute arbitrary script as other users by injecting arbitrary script into the z parameter.

6.8
2004-03-15 CVE-2004-0192 Symantec Cross-Site Scripting vulnerability in Symantec Gateway Security 5400 2.0

Cross-site scripting (XSS) vulnerability in the Management Service for Symantec Gateway Security 2.0 allows remote attackers to steal cookies and hijack a management session via a /sgmi URL that contains malicious script, which is not quoted in the resulting error page.

6.8
2004-03-15 CVE-2004-0191 Mozilla Cross-Site Scripting vulnerability in Mozilla Browser Zombie Document

Mozilla before 1.4.2 executes Javascript events in the context of a new page while it is being loaded, allowing it to interact with the previous page (zombie document) and enable cross-domain and cross-site scripting (XSS) attacks, as demonstrated using onmousemove events.

6.8
2004-03-19 CVE-2004-1853 Atari Remote Client Buffer Overflow vulnerability in Atari Terminator 3 WAR of the Machines 1.0

Buffer overflow in Terminator 3: War of the Machines 1.0 allows remote attackers to cause a denial of service via a long ServerInfo variable.

5.0
2004-03-18 CVE-2004-1830 Francisco Burzi Multiple vulnerability in Francisco Burzi PHP-Nuke 6.0

error.php in Error Manager 2.1 for PHP-Nuke 6.0 allows remote attackers to obtain sensitive information via an invalid (1) language, (2) newlang, or (3) lang parameter, which leaks the pathname in a PHP error message.

5.0
2004-03-15 CVE-2004-1819 Warpspeed Multiple vulnerability in Warpspeed 4Nalbum Module 0.92

4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to obtain sensitive information via a direct request to displaycategory.php, which reveals the path in an error message.

5.0
2004-03-15 CVE-2004-1816 Macromedia
SUN
Denial Of Service vulnerability in Multiple Vendor SOAP Server Undisclosed Request

Unknown vulnerability in Sun Java System Application Server 7.0 Update 2 and earlier, when a SOAP web service expects an array of objects as an argument, allows remote attackers to cause a denial of service (memory consumption).

5.0
2004-03-15 CVE-2004-1815 Macromedia
SUN
Denial Of Service vulnerability in Multiple Vendor SOAP Server Undisclosed Request

Unknown vulnerability in ColdFusion MX 6.0 and 6.1, and JRun 4.0, when a SOAP web service expects an array of objects as an argument, allows remote attackers to cause a denial of service (memory consumption).

5.0
2004-03-15 CVE-2004-0171 Freebsd
Openbsd
Remote Denial Of Service vulnerability in BSD Out Of Sequence Packets

FreeBSD 5.1 and earlier, and Mac OS X before 10.3.4, allows remote attackers to cause a denial of service (resource exhaustion of memory buffers and system crash) via a large number of out-of-sequence TCP packets, which prevents the operating system from creating new connections.

5.0
2004-03-15 CVE-2004-0169 Apple Remote Denial of Service vulnerability in Apple Darwin Streaming Server 4.1.3

QuickTime Streaming Server in MacOS X 10.2.8 and 10.3.2 allows remote attackers to cause a denial of service (crash) via DESCRIBE requests with long User-Agent fields, which causes an Assert error to be triggered in the BufferIsFull function.

5.0
2004-03-15 CVE-2004-0166 Apple Unspecified vulnerability in Apple mac OS X and mac OS X Server

Unknown vulnerability in Safari web browser for Mac OS X 10.2.8 related to "the display of URLs in the status bar."

5.0
2004-03-15 CVE-2004-0165 Apple Unspecified vulnerability in Apple mac OS X and mac OS X Server

Format string vulnerability in Point-to-Point Protocol (PPP) daemon (pppd) 2.4.0 for Mac OS X 10.3.2 and earlier allows remote attackers to read arbitrary pppd process data, including PAP or CHAP authentication credentials, to gain privileges.

5.0
2004-03-18 CVE-2004-1829 Error Manager Multiple vulnerability in Error Manager PHP-Nuke Module 2.1

Multiple cross-site scripting (XSS) vulnerabilities in error.php in Gijza.net Error Manager 2.1 for PHP-Nuke 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) pagetitle or (2) error parameters, or (3) certain parameters in the error log.

4.3
2004-03-16 CVE-2004-1825 Mambo Cross-Site Scripting vulnerability in Mambo Open Source 4.51.0.0/4.51.0.1

Cross-site scripting (XSS) vulnerability in index.php in Mambo Open Source 4.5 stable 1.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) return or (2) mos_change_template parameters.

4.3
2004-03-15 CVE-2004-1827 Simple Machines
Yabb
Cross-Site Scripting Vulnerabilites in YABB/YABB SE

Cross-site scripting (XSS) vulnerability in YaBB 1 Gold(SP1.3) and YaBB SE 1.5.1 Final allows remote attackers to inject arbitrary web script via the background:url property in (1) glow or (2) shadow tags.

4.3
2004-03-15 CVE-2004-1822 Phorum Module Cross-Site Scripting vulnerability in Phorum

Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.1 through 5.0.3 beta allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP_REFERER parameter to login.php, (2) HTTP_REFERER parameter to register.php, or (3) target parameter to profile.php.

4.3
2004-03-15 CVE-2004-1817 Francisco Burzi Cross-Site Scripting vulnerability in Francisco Burzi PHP-Nuke 7.1

Cross-site scripting (XSS) vulnerability in modules.php in Php-Nuke 7.1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) Your Name field, (2) e-mail field, (3) nicname field, (4) fname parameter, (5) ratenum parameter, or (6) search field.

4.3

2 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2004-03-20 CVE-2004-1834 Apache Unspecified vulnerability in Apache Http Server

mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.

2.1
2004-03-15 CVE-2004-0075 Linux Unspecified vulnerability in Linux Kernel

The Vicam USB driver in Linux before 2.4.25 does not use the copy_from_user function when copying data from userspace to kernel space, which crosses security boundaries and allows local users to cause a denial of service.

2.1