Weekly Vulnerabilities Reports > September 13 to 19, 2004

Overview

27 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 7 high severity vulnerabilities. This weekly summary report vulnerabilities in 52 products from 35 vendors including Conectiva, Suse, Microsoft, Redhat, and Mozilla. Vulnerabilities are notably categorized as and "Incorrect Resource Transfer Between Spheres".

  • 22 reported vulnerabilities are remotely exploitables.
  • 27 reported vulnerabilities are exploitable by an anonymous user.
  • Conectiva has the most reported vulnerabilities, with 5 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

0 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS

7 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2004-09-18 CVE-2004-1693 Mambo Input Validation vulnerability in Mambo 4.51.0.9

PHP remote file inclusion vulnerability in Function.php in Mambo 4.5 (1.0.9) allows remote attackers to execute arbitrary PHP code by modifying the mosConfig_absolute_path parameter to reference a URL on a remote web server that contains the code.

7.5
2004-09-16 CVE-2004-1379 Xine Heap Overflow vulnerability in Xine-lib DVD Subpicture Decoder

Heap-based buffer overflow in the DVD subpicture decoder in xine xine-lib 1-rc5 and earlier allows remote attackers to execute arbitrary code via a (1) DVD or (2) MPEG subpicture header where the second field reuses RLE data from the end of the first field.

7.5
2004-09-16 CVE-2004-0866 KDE
Mozilla
Microsoft
Suse
Internet Explorer 6.0 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session.
7.5
2004-09-16 CVE-2004-0827 Enlightenment
Imagemagick
SUN
Conectiva
Mandrakesoft
Redhat
Suse
Turbolinux
Ubuntu
Multiple buffer overflows in the ImageMagick graphics library 5.x before 5.4.4, and 6.x before 6.0.6.2, allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via malformed (1) AVI, (2) BMP, or (3) DIB files.
7.5
2004-09-16 CVE-2004-0801 Linuxprinting ORG
SUN
Conectiva
Trustix
Unknown vulnerability in foomatic-rip in Foomatic before 3.0.2 allows local users or remote attackers with access to CUPS to execute arbitrary commands.
7.5
2004-09-15 CVE-2004-1685 SMC Networks Authentication Bypass vulnerability in SMC Networks Smc7004Vwbr and Smc7008Abr

SMC routers SMC7004VWBR running firmware 1.00.014 and SMC7008ABR EU running firmware 1.42.003 allow remote attackers to bypass authentication by connecting to it from the same IP address as the administrator who is logged in, then accessing the setup_status.htm or status.HTM pages.

7.5
2004-09-14 CVE-2004-0831 Mcafee Local Security vulnerability in Virusscan 4.5/4.5.1

McAfee VirusScan 4.5.1 does not drop SYSTEM privileges before allowing users to browse for files via the "System Scan" properties of the System Tray applet, which could allow local users to gain privileges.

7.2

17 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2004-09-18 CVE-2004-1691 Rhinosoft Denial Of Service And Cross-Site Scripting vulnerability in Rhinosoft Dns4Me 3.0.0.4

The Web Server in DNS4Me 3.0.0.4 allows remote attackers to cause a denial of service (CPU consumption and crash) via a large amount of data.

5.0
2004-09-16 CVE-2004-1688 Tech Noel Remote Denial Of Service vulnerability in Tech-Noel Pigeon Server 3.02.0143

Pigeon Server 3.02.0143 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a long login name sent to port 3103.

5.0
2004-09-16 CVE-2004-1687 Snitz Communications Unspecified vulnerability in Snitz Communications Snitz Forums 2000

CRLF injection vulnerability in down.asp for Snitz Forums 2000 3.4.04 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the location parameter.

5.0
2004-09-16 CVE-2004-0872 Opera Incorrect Resource Transfer Between Spheres vulnerability in Opera Browser 7.51

Opera does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection."

5.0
2004-09-16 CVE-2004-0871 Mozilla Remote Security vulnerability in Mozilla 0.9.2

Mozilla does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection."

5.0
2004-09-16 CVE-2004-0870 KDE Remote Security vulnerability in Konqueror

KDE Konqueror does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection."

5.0
2004-09-16 CVE-2004-0869 Microsoft Remote Security vulnerability in Microsoft IE 6

Internet Explorer does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection."

5.0
2004-09-16 CVE-2004-0809 Conectiva
Apache
HP
Redhat
Gentoo
Mandrakesoft
Trustix
Turbolinux
The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
5.0
2004-09-15 CVE-2004-1686 Microsoft Unspecified vulnerability in Microsoft IE 6.0

Internet Explorer 6.0 in Windows XP SP2 allows remote attackers to bypass the Information Bar prompt for ActiveX and Javascript via an XHTML page that contains an Internet Explorer formatted comment between the DOCTYPE tag and the HTML tag, as demonstrated using the DesignScience MathPlayer ActiveX plugin.

5.0
2004-09-13 CVE-2004-1684 Zyxel Information Disclosure vulnerability in Zyxel Prestige and Zynos

Zyxel P681 running ZyNOS Vt020225a contains portions of memory in an ARP request, which allows remote attackers to obtain sensitive information by sniffing the network.

5.0
2004-09-13 CVE-2004-1680 Pingtel Remote Denial Of Service vulnerability in Pingtel Xpressa Handset

application.cgi in the Pingtel Xpressa handset running firmware 2.1.11.24 allows remote authenticated users to cause a denial of service (VxWorks OS crash) via a long HTTP GET request, possibly triggering a buffer overflow.

5.0
2004-09-13 CVE-2004-1678 Logicnow Unspecified vulnerability in Logicnow Perldesk

Directory traversal vulnerability in pdesk.cgi in PerlDesk allows remote attackers to read portions of arbitrary files and possibly execute arbitrary Perl modules via ".." sequences terminated by a %00 (null) character in the lang parameter, which can leak portions of the requested files if a compilation error message occurs.

5.0
2004-09-13 CVE-2004-0807 Samba
SGI
Conectiva
Mandrakesoft
Suse
Samba 3.0.6 and earlier allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via certain malformed requests that cause new processes to be spawned and enter an infinite loop.
5.0
2004-09-14 CVE-2004-0905 Mozilla
Netscape
Conectiva
Redhat
Suse
Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain.
4.6
2004-09-18 CVE-2004-1692 Mambo Input Validation vulnerability in Mambo Open Source 4.51.0.9

Cross-site scripting (XSS) vulnerability in index.php in Mambo 4.5 (1.0.9) allows remote attackers to inject arbitrary web script or HTML via the (1) Itemid, (2) mosmsg, or (3) limit parameters.

4.3
2004-09-18 CVE-2004-1690 Rhinosoft Denial Of Service And Cross-Site Scripting vulnerability in Rhinosoft Dns4Me 3.0.0.4

Cross-site scripting (XSS) vulnerability in the Web Server in DNS4Me 3.0.0.4 allows remote attackers to execute arbitrary web script or HTML via the URL.

4.3
2004-09-17 CVE-2004-0534 Businessobjects Remote File Name HTML Injection vulnerability in Businessobjects Infoview and Webintelligence

Cross-site scripting (XSS) vulnerability in Business Objects InfoView 5.1.4 through 5.1.8 for WebIntelligence 2.7.0 through 2.7.4 allows remote attackers to inject arbitrary web script or HTML via document names when uploading a document.

4.3

3 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2004-09-13 CVE-2004-1683 QNX Local Command Execution vulnerability in QNX CRTTrap Path Environment Variable

A race condition in crrtrap for QNX RTP 6.1 allows local users to gain privileges by modifying the PATH environment variable to reference a malicious io-graphics program before is executed by crrtrap.

3.7
2004-09-16 CVE-2004-1689 Todd Miller Information Disclosure vulnerability in Todd Miller Sudo 1.6.8

sudoedit (aka sudo -e) in sudo 1.6.8 opens a temporary file with root privileges, which allows local users to read arbitrary files via a symlink attack on the temporary file before quitting sudoedit.

2.1
2004-09-13 CVE-2004-0838 Lexar Unspecified vulnerability in Lexar Jumpdrive Secure

Lexar Safe Guard for JumpDrive Secure 1.0 stores the password insecurely in memory using XOR encryption, which allows local users to read the password directly from the device and access the password protected part of the drive.

2.1