Weekly Vulnerabilities Reports > September 6 to 12, 2004

Overview

12 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 5 high severity vulnerabilities. This weekly summary report vulnerabilities in 16 products from 12 vendors including Icewarp, Apple, Merak, Solarwinds, and F Secure. Vulnerabilities are notably categorized as and "Improper Input Validation".

  • 10 reported vulnerabilities are remotely exploitables.
  • 12 reported vulnerabilities are exploitable by an anonymous user.
  • Icewarp has the most reported vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

0 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS

5 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2004-09-12 CVE-2004-1676 Gadu Gadu Remote Heap Overflow vulnerability in Gadu-Gadu Instant Messenger 6.0/6.0Build149

Heap-based buffer overflow in the image sending feature in Gadu-Gadu 6.0 build 149 allows remote attackers to execute arbitrary code via a crafted GG_MSG_IMAGE_REPLY message.

7.5
2004-09-10 CVE-2004-1670 Icewarp
Merak
Remote Input Validation vulnerability in IceWarp Web Mail

Multiple directory traversal vulnerabilities Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7, and possibly other versions, allow remote attackers to (1) create arbitrary directories via a ..

7.5
2004-09-10 CVE-2004-1668 Easyweb SQL Injection vulnerability in Easyweb Factory Subjects Module 2.0

Multiple SQL injection vulnerabilities in index.php in Subjects 2.0 Postnuke module allow remote attackers to execute arbitrary SQL commands via the (1) pageid, (2) subid, or (3) catid parameters.

7.5
2004-09-07 CVE-2004-0823 Openldap
Apple
OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and 10.3.5 and possibly other operating systems, may allow certain authentication schemes to use hashed (crypt) passwords in the userPassword attribute as if they were plaintext passwords, which allows remote attackers to re-use hashed passwords without decrypting them.
7.5
2004-09-07 CVE-2004-0822 Apple Environment Variable Buffer Overflow vulnerability in Apple CoreFoundation

Buffer overflow in The Core Foundation framework (CoreFoundation.framework) in Mac OS X 10.2.8, 10.3.4, and 10.3.5 allows local users to execute arbitrary code via a certain environment variable.

7.2

6 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2004-09-12 CVE-2004-1677 Logicnow Information Disclosure vulnerability in PerlDesk

pdesk.cgi in PerlDesk allows remote attackers to gain sensitive information via an invalid lang parameter, which includes pathname information in an error message.

5.0
2004-09-11 CVE-2004-1675 Solarwinds Improper Input Validation vulnerability in Solarwinds Serv-U File Server

Serv-U FTP server 4.x and 5.x allows remote attackers to cause a denial of service (application crash) via a STORE UNIQUE (STOU) command with an MS-DOS device name argument such as (1) COM1, (2) LPT1, (3) PRN, or (4) AUX.

5.0
2004-09-09 CVE-2004-1667 Gearbox Software Remote Denial Of Service vulnerability in Gearbox Software Halo Combat Evolved Game Server

Off-by-one error in Halo Combat Evolved 1.04 and earlier allows remote attackers to cause a denial of service (server crash) via a long client response.

5.0
2004-09-09 CVE-2004-0830 F Secure Remote Denial of Service vulnerability in F-Secure products

The Content Scanner Server in F-Secure Anti-Virus for Microsoft Exchange 6.21 and earlier, F-Secure Anti-Virus for Microsoft Exchange 6.01 and earlier, and F-Secure Internet Gatekeeper 6.32 and earlier allow remote attackers to cause a denial of service (service crash due to unhandled exception) via a certain malformed packet.

5.0
2004-09-06 CVE-2004-1348 SUN Remote Denial of Service vulnerability in Sun Solaris in.named

Unknown vulnerability in in.named on Solaris 8 allows remote attackers to cause a denial of service (process crash).

5.0
2004-09-10 CVE-2004-1669 Icewarp
Merak
Remote Input Validation vulnerability in IceWarp Web Mail

Cross-site scripting (XSS) vulnerability in MERAK Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to execute arbitrary web script or HTML via the (1) User name parameter to accountsettings.html or (2) Search string parameter to search.html.

4.3

1 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2004-09-08 CVE-2004-0851 Ulrich Callmeier Symbolic Link vulnerability in Ulrich Callmeier Net-Acct 0.6/0.7/0.71

The (1) write_list and (2) dump_curr_list functions in Net-Acct before 0.71 allows local users to overwrite arbitrary files via a symlink attack on temporary files.

2.1