Weekly Vulnerabilities Reports > September 13 to 19, 2004

Overview

26 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 7 high severity vulnerabilities. This weekly summary report vulnerabilities in 45 products from 32 vendors including Suse, Conectiva, Microsoft, Mozilla, and Redhat. Vulnerabilities are notably categorized as and "Incorrect Resource Transfer Between Spheres".

21 reported vulnerabilities are remotely exploitables.
26 reported vulnerabilities are exploitable by an anonymous user.
Suse has the most reported vulnerabilities, with 4 reported vulnerabilities.

TOTAL
VULNERABILITIES

CRITICAL RISK
VULNERABILITIES

HIGH RISK
VULNERABILITIES

MEDIUM RISK
VULNERABILITIES

LOW RISK
VULNERABILITIES

REMOTELY
EXPLOITABLE

LOCALLY
EXPLOITABLE

EXPLOIT
AVAILABLE

EXPLOITABLE
ANONYMOUSLY

AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

0 Critical Vulnerabilities

DATE	CVE	VENDOR	VULNERABILITY	CVSS

Expand/Hide

7 High Vulnerabilities

DATE	CVE	VENDOR	VULNERABILITY	CVSS
2004-09-18	CVE-2004-1693	Mambo	Input Validation vulnerability in Mambo 4.51.0.9 PHP remote file inclusion vulnerability in Function.php in Mambo 4.5 (1.0.9) allows remote attackers to execute arbitrary PHP code by modifying the mosConfig_absolute_path parameter to reference a URL on a remote web server that contains the code.	7.5
2004-09-16	CVE-2004-1379	Xine	Heap Overflow vulnerability in Xine-lib DVD Subpicture Decoder Heap-based buffer overflow in the DVD subpicture decoder in xine xine-lib 1-rc5 and earlier allows remote attackers to execute arbitrary code via a (1) DVD or (2) MPEG subpicture header where the second field reuses RLE data from the end of the first field.	7.5
2004-09-16	CVE-2004-0866	KDE Mozilla Microsoft Suse	Internet Explorer 6.0 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session.	7.5
2004-09-16	CVE-2004-0827	Enlightenment Imagemagick SUN Conectiva Mandrakesoft Redhat Suse Turbolinux Ubuntu	Multiple buffer overflows in the ImageMagick graphics library 5.x before 5.4.4, and 6.x before 6.0.6.2, allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via malformed (1) AVI, (2) BMP, or (3) DIB files.	7.5
2004-09-16	CVE-2004-0801	Linuxprinting ORG SUN Conectiva Trustix	Unknown vulnerability in foomatic-rip in Foomatic before 3.0.2 allows local users or remote attackers with access to CUPS to execute arbitrary commands.	7.5
2004-09-15	CVE-2004-1685	SMC Networks	Authentication Bypass vulnerability in SMC Networks Smc7004Vwbr and Smc7008Abr SMC routers SMC7004VWBR running firmware 1.00.014 and SMC7008ABR EU running firmware 1.42.003 allow remote attackers to bypass authentication by connecting to it from the same IP address as the administrator who is logged in, then accessing the setup_status.htm or status.HTM pages.	7.5
2004-09-14	CVE-2004-0831	Mcafee	Local Security vulnerability in Virusscan 4.5/4.5.1 McAfee VirusScan 4.5.1 does not drop SYSTEM privileges before allowing users to browse for files via the "System Scan" properties of the System Tray applet, which could allow local users to gain privileges.	7.2

Expand/Hide

16 Medium Vulnerabilities

DATE	CVE	VENDOR	VULNERABILITY	CVSS
2004-09-18	CVE-2004-1691	Rhinosoft	Denial Of Service And Cross-Site Scripting vulnerability in Rhinosoft Dns4Me 3.0.0.4 The Web Server in DNS4Me 3.0.0.4 allows remote attackers to cause a denial of service (CPU consumption and crash) via a large amount of data.	5.0
2004-09-16	CVE-2004-1688	Tech Noel	Remote Denial Of Service vulnerability in Tech-Noel Pigeon Server 3.02.0143 Pigeon Server 3.02.0143 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a long login name sent to port 3103.	5.0
2004-09-16	CVE-2004-1687	Snitz Communications	Unspecified vulnerability in Snitz Communications Snitz Forums 2000 CRLF injection vulnerability in down.asp for Snitz Forums 2000 3.4.04 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the location parameter.	5.0
2004-09-16	CVE-2004-0872	Opera	Incorrect Resource Transfer Between Spheres vulnerability in Opera Browser 7.51 Opera does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection."	5.0
2004-09-16	CVE-2004-0871	Mozilla	Remote Security vulnerability in Mozilla 0.9.2 Mozilla does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection."	5.0
2004-09-16	CVE-2004-0870	KDE	Remote Security vulnerability in Konqueror KDE Konqueror does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection."	5.0
2004-09-16	CVE-2004-0869	Microsoft	Remote Security vulnerability in Microsoft IE 6 Internet Explorer does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection."	5.0
2004-09-15	CVE-2004-1686	Microsoft	Unspecified vulnerability in Microsoft IE 6.0 Internet Explorer 6.0 in Windows XP SP2 allows remote attackers to bypass the Information Bar prompt for ActiveX and Javascript via an XHTML page that contains an Internet Explorer formatted comment between the DOCTYPE tag and the HTML tag, as demonstrated using the DesignScience MathPlayer ActiveX plugin.	5.0
2004-09-13	CVE-2004-1684	Zyxel	Information Disclosure vulnerability in Zyxel Prestige and Zynos Zyxel P681 running ZyNOS Vt020225a contains portions of memory in an ARP request, which allows remote attackers to obtain sensitive information by sniffing the network.	5.0
2004-09-13	CVE-2004-1680	Pingtel	Remote Denial Of Service vulnerability in Pingtel Xpressa Handset application.cgi in the Pingtel Xpressa handset running firmware 2.1.11.24 allows remote authenticated users to cause a denial of service (VxWorks OS crash) via a long HTTP GET request, possibly triggering a buffer overflow.	5.0
2004-09-13	CVE-2004-1678	Logicnow	Unspecified vulnerability in Logicnow Perldesk Directory traversal vulnerability in pdesk.cgi in PerlDesk allows remote attackers to read portions of arbitrary files and possibly execute arbitrary Perl modules via ".." sequences terminated by a %00 (null) character in the lang parameter, which can leak portions of the requested files if a compilation error message occurs.	5.0
2004-09-13	CVE-2004-0807	Samba SGI Conectiva Mandrakesoft Suse	Samba 3.0.6 and earlier allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via certain malformed requests that cause new processes to be spawned and enter an infinite loop.	5.0
2004-09-14	CVE-2004-0905	Mozilla Netscape Conectiva Redhat Suse	Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain.	4.6
2004-09-18	CVE-2004-1692	Mambo	Input Validation vulnerability in Mambo Open Source 4.51.0.9 Cross-site scripting (XSS) vulnerability in index.php in Mambo 4.5 (1.0.9) allows remote attackers to inject arbitrary web script or HTML via the (1) Itemid, (2) mosmsg, or (3) limit parameters.	4.3
2004-09-18	CVE-2004-1690	Rhinosoft	Denial Of Service And Cross-Site Scripting vulnerability in Rhinosoft Dns4Me 3.0.0.4 Cross-site scripting (XSS) vulnerability in the Web Server in DNS4Me 3.0.0.4 allows remote attackers to execute arbitrary web script or HTML via the URL.	4.3
2004-09-17	CVE-2004-0534	Businessobjects	Remote File Name HTML Injection vulnerability in Businessobjects Infoview and Webintelligence Cross-site scripting (XSS) vulnerability in Business Objects InfoView 5.1.4 through 5.1.8 for WebIntelligence 2.7.0 through 2.7.4 allows remote attackers to inject arbitrary web script or HTML via document names when uploading a document.	4.3

Expand/Hide

3 Low Vulnerabilities

DATE	CVE	VENDOR	VULNERABILITY	CVSS
2004-09-13	CVE-2004-1683	QNX	Local Command Execution vulnerability in QNX CRTTrap Path Environment Variable A race condition in crrtrap for QNX RTP 6.1 allows local users to gain privileges by modifying the PATH environment variable to reference a malicious io-graphics program before is executed by crrtrap.	3.7
2004-09-16	CVE-2004-1689	Todd Miller	Information Disclosure vulnerability in Todd Miller Sudo 1.6.8 sudoedit (aka sudo -e) in sudo 1.6.8 opens a temporary file with root privileges, which allows local users to read arbitrary files via a symlink attack on the temporary file before quitting sudoedit.	2.1
2004-09-13	CVE-2004-0838	Lexar	Unspecified vulnerability in Lexar Jumpdrive Secure Lexar Safe Guard for JumpDrive Secure 1.0 stores the password insecurely in memory using XOR encryption, which allows local users to read the password directly from the device and access the password protected part of the drive.	2.1