Weekly Vulnerabilities Reports > June 14 to 20, 2004

Overview

11 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 5 high severity vulnerabilities. This weekly summary report vulnerabilities in 14 products from 10 vendors including Microsoft, Mcafee, Symantec, SUN, and CVS. Vulnerabilities are notably categorized as .

  • 10 reported vulnerabilities are remotely exploitables.
  • 11 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

0 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS

5 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2004-06-14 CVE-2004-0396 CVS Heap Overflow vulnerability in CVS Malformed Entry Modified and Unchanged Flag Insertion

Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and 1.12.x up to 1.12.7, when using the pserver mechanism allows remote attackers to execute arbitrary code via Entry lines.

7.5
2004-06-14 CVE-2004-0227 Triornis Remote Buffer Overflow vulnerability in Triornis ZoneMinder

Buffer overflow in the zms script in ZoneMinder before 1.19.2 may allow a remote attacker to execute arbitrary code via a long query string.

7.5
2004-06-14 CVE-2004-0038 Mcafee Remote Code Execution vulnerability in Mcafee Epolicy Orchestrator 2.5/2.5.1/3.0

McAfee ePolicy Orchestrator (ePO) 2.5.1 Patch 13 and 3.0 SP2a Patch 3 allows remote attackers to execute arbitrary commands via certain HTTP POST requests to the spipe/file handler on ePO TCP port 81.

7.5
2004-06-14 CVE-2003-1041 Microsoft Unspecified vulnerability in Microsoft IE and Internet Explorer

Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." (dot dot) sequences and a filename that ends in "::" which is treated as a .chm file even if it does not have a .chm extension.

7.5
2004-06-14 CVE-2002-1580 Carnegie Mellon University Unspecified vulnerability in Carnegie Mellon University Cyrus Imap Server

Integer overflow in imapparse.c for Cyrus IMAP server 1.4 and 2.1.10 allows remote attackers to execute arbitrary code via a large length value that facilitates a buffer overflow attack, a different vulnerability than CVE-2002-1347.

7.5

5 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2004-06-14 CVE-2004-0199 Microsoft Unspecified vulnerability in Microsoft Windows 2003 Server and Windows XP

Help and Support Center in Microsoft Windows XP and Windows Server 2003 SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code, as demonstrated using certain hcp:// URLs that access the DVD Upgrade capability (dvdupgrd.htm).

5.1
2004-06-15 CVE-2004-1754 Symantec Unspecified vulnerability in Symantec Enterprise Firewall and Gateway Security

The DNS proxy (DNSd) for multiple Symantec Gateway Security products allows remote attackers to poison the DNS cache via a malicious DNS server query response that contains authoritative or additional records.

5.0
2004-06-14 CVE-2004-0392 Kame Unspecified vulnerability in Kame Racoon

racoon before 20040407b allows remote attackers to cause a denial of service (infinite loop and dropped connections) via an IKE message with a malformed Generic Payload Header containing invalid (1) "Security Association Next Payload" and (2) "RESERVED" fields.

5.0
2004-06-14 CVE-2004-0154 NFS Denial Of Service vulnerability in NFS-Utils rpc.mountd

rpc.mountd in nfs-utils after 1.0.3 and before 1.0.6 allows attackers to cause a denial of service (crash) via an NFS mount of a directory from a client whose reverse DNS lookup name is different from the forward lookup name.

5.0
2004-06-14 CVE-2004-0050 Verity Unspecified vulnerability in Verity Ultraseek

Verity Ultraseek before 5.2.2 allows remote attackers to obtain the full pathname of the document root via an MS-DOS device name in the web search option, such as (1) NUL, (2) CON, (3) AUX, (4) COM1, (5) COM2, and others.

5.0

1 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2004-06-19 CVE-2004-1346 SUN Denial Of Service vulnerability in SUN Solaris 9.0

The Sun Solaris Volume Manager (SVM) on Solaris 9 allows local users to cause a denial of service (kernel panic) via a malformed probe request to the SVM.

2.1