Weekly Vulnerabilities Reports > October 18 to 24, 2004
Overview
56 new vulnerabilities reported during this period, including 2 critical vulnerabilities and 27 high severity vulnerabilities. This weekly summary report vulnerabilities in 58 products from 47 vendors including F Secure, Clearswift, Paul L Daniels, Saleslogix Corporation, and Best Software. Vulnerabilities are notably categorized as "Use of Externally-Controlled Format String", "Permissions, Privileges, and Access Controls", "Incorrect Calculation of Buffer Size", "Link Following", and "Improper Input Validation".
- 47 reported vulnerabilities are remotely exploitables.
- 53 reported vulnerabilities are exploitable by an anonymous user.
- F Secure has the most reported vulnerabilities, with 8 reported vulnerabilities.
- Debian has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
2 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2004-10-20 | CVE-2004-0772 | MIT Openpkg Debian | Double Free vulnerability in multiple products Double free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 (krb5) 1.2.8 and earlier may allow remote attackers to execute arbitrary code. | 9.8 |
2004-10-23 | CVE-2004-1628 | Pizzashack | USE of Externally-Controlled Format String vulnerability in Pizzashack Rssh Format string vulnerability in log.c in rssh before 2.2.2 allows remote authenticated users to execute arbitrary code. | 9.0 |
27 High Vulnerabilities
22 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2004-10-20 | CVE-2004-0792 | Andrew Tridgell | Unspecified vulnerability in Andrew Tridgell Rsync Directory traversal vulnerability in the sanitize_path function in util.c for rsync 2.6.2 and earlier, when chroot is disabled, allows attackers to read or write certain files. | 6.4 |
2004-10-18 | CVE-2004-1606 | Best Software Saleslogix Corporation | Remote vulnerability in Best Software SalesLogix slxweb.dll in SalesLogix 6.1 allows remote attackers to cause a denial service (application crash) via an invalid HTTP request, which might also leak sensitive information in the ErrorLogMsg cookie. | 6.4 |
2004-10-18 | CVE-2004-1603 | Cpanel | Link Following vulnerability in Cpanel 9.4.1 cPanel 9.4.1-RELEASE-64 follows hard links, which allows local users to (1) read arbitrary files via the backup feature or (2) chown arbitrary files via the .htaccess file when Front Page extensions are enabled or disabled. | 5.5 |
2004-10-20 | CVE-2004-0794 | Luke Mewburn | Unspecified vulnerability in Luke Mewburn Lukemftp and Tnftpd Multiple signal handler race conditions in lukemftpd (aka tnftpd before 20040810) allow remote authenticated attackers to cause a denial of service or execute arbitrary code. | 5.1 |
2004-10-18 | CVE-2004-1611 | Best Software Saleslogix Corporation | Remote vulnerability in Best Software SalesLogix SalesLogix 6.1 does not verify if a user is authenticated before performing sensitive operations, which could allow remote attackers to (1) execute arbitrary SLX commands on the server or spoof the server via a man-in-the-middle (MITM) attack, or (2) obtain the database password via a GetConnection request to TCP port 1707. | 5.1 |
2004-10-24 | CVE-2004-1635 | Mozilla | Authentication Bypass and Information Disclosure vulnerability in Mozilla Bugzilla Bugzilla 2.17.1 through 2.18rc2 and 2.19 from cvs, when using the insidergroup feature, does not sufficiently protect private attachments when there are changes to the metadata, such as filename, description, MIME type, or review flags, which allows remote authenticated users to obtain sensitive information when (1) viewing the bug activity log or (2) receiving bug change notification mails. | 5.0 |
2004-10-22 | CVE-2004-1626 | Code Crafters | Remote Buffer Overflow vulnerability in Code-Crafters Ability Server 2.2.5/2.3.2/2.3.4 Buffer overflow in Ability Server 2.34, and possibly other versions, allows remote attackers to execute arbitrary code via a long STOR command. | 5.0 |
2004-10-22 | CVE-2004-1623 | Microsoft | Denial Of Service vulnerability in Microsoft Windows XP WAV File Handler The WAV file property handler in Windows XP SP1 allows remote attackers to cause a denial of service (infinite loop in Explorer) via a WAV file with an invalid file header whose fmt chunk length is set to 0xFFFFFFFF. | 5.0 |
2004-10-21 | CVE-2004-1620 | S9Y | Unspecified vulnerability in S9Y Serendipity CRLF injection vulnerability in Serendipity before 0.7rc1 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the url parameter in (1) index.php and (2) exit.php, or (3) the HTTP Referer field in comment.php. | 5.0 |
2004-10-20 | CVE-2004-1381 | Mozilla | Remote Security vulnerability in Browser Firefox before 1.0 and Mozilla before 1.7.5 allow inactive (background) tabs to focus on input being entered in the active tab, as originally reported using form fields, which allows remote attackers to steal sensitive data that is intended for other sites, which could facilitate phishing attacks. | 5.0 |
2004-10-20 | CVE-2004-1380 | Mozilla | Unspecified vulnerability in Mozilla Firefox and Mozilla Firefox before 1.0 and Mozilla before 1.7.5 allows inactive (background) tabs to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows and facilitate phishing attacks, aka the "Dialog Box Spoofing Vulnerability." | 5.0 |
2004-10-20 | CVE-2004-0796 | Spamassassin | Remote Denial Of Service vulnerability in SpamAssassin Malformed Email SpamAssassin 2.5x, and 2.6x before 2.64, allows remote attackers to cause a denial of service via certain malformed messages. | 5.0 |
2004-10-19 | CVE-2004-1618 | Vypress | Remote Denial Of Service vulnerability in Vypress Tonecast Vypress Tonecast 1.3 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed mp2 stream. | 5.0 |
2004-10-18 | CVE-2004-1617 | University OF Kansas | Improper Input Validation vulnerability in University of Kansas Lynx Lynx, lynx-ssl, and lynx-cur before 2.8.6dev.8 allow remote attackers to cause a denial of service (infinite loop) via a web page or HTML email that contains invalid HTML including (1) a TEXTAREA tag with a large COLS value and (2) a large tag name in an element that is not terminated, as demonstrated by mangleme. | 5.0 |
2004-10-18 | CVE-2004-1616 | Links | Denial Of Service vulnerability in Links Malformed Table Links allows remote attackers to cause a denial of service (memory consumption) via a web page or HTML email that contains a table with a td element and a large rowspan value,as demonstrated by mangleme. | 5.0 |
2004-10-18 | CVE-2004-1614 | Mozilla | Unspecified vulnerability in Mozilla Mozilla allows remote attackers to cause a denial of service (application crash from invalid memory access) via an "unusual combination of visual elements," including several large MARQUEE tags with large height parameters, as demonstrated by mangleme. | 5.0 |
2004-10-18 | CVE-2004-1613 | Mozilla SGI Redhat | Memory Corruption vulnerability in Mozilla Mozilla allows remote attackers to cause a denial of service (application crash from null dereference or infinite loop) via a web page that contains a (1) TEXTAREA, (2) INPUT, (3) FRAMESET or (4) IMG tag followed by a null character and some trailing characters, as demonstrated by mangleme. | 5.0 |
2004-10-18 | CVE-2004-1612 | Saleslogix Corporation | Remote vulnerability in Saleslogix Corporation Saleslogix 2000.0 Directory traversal vulnerability in SalesLogix 6.1 allows remote attackers to upload arbitrary files via a .. | 5.0 |
2004-10-18 | CVE-2004-1609 | Best Software Saleslogix Corporation | Remote vulnerability in Best Software SalesLogix SalesLogix 6.1 includes usernames, passwords, and other sensitive information in the headers of an HTTP response, which could allow remote attackers to gain access. | 5.0 |
2004-10-18 | CVE-2004-1607 | Best Software Saleslogix Corporation | Remote vulnerability in Best Software SalesLogix slxweb.dll in SalesLogix 6.1 allows remote attackers to obtain sensitive information via a (1) Library or (2) Attachment request with an invalid file parameter, which reveals the path in an error message. | 5.0 |
2004-10-20 | CVE-2004-0787 | Openca | HTML Injection vulnerability in OpenCA Cross-site scripting (XSS) vulnerability in the web frontend in OpenCA 0.9.1-8 and earlier, and 0.9.2 RC6 and earlier, allows remote attackers to inject arbitrary web script or HTML via the form input fields. | 4.3 |
2004-10-20 | CVE-2004-0781 | Icecast | Cross-Site Scripting vulnerability in Icecast Server Status Display Cross-site scripting (XSS) vulnerability in list.cgi in the Icecast internal web server (icecast-server) 1.3.12 and earlier allows remote attackers to inject arbitrary web script via the UserAgent parameter. | 4.3 |
5 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2004-10-18 | CVE-2004-1615 | Opera | Unspecified vulnerability in Opera Browser Opera allows remote attackers to cause a denial of service (invalid memory reference and application crash) via a web page or HTML email that contains a TBODY tag with a large COL SPAN value, as demonstrated by mangleme. | 2.6 |
2004-10-20 | CVE-2004-0797 | Zlib | Unspecified vulnerability in Zlib 1.2.1 The error handling in the (1) inflate and (2) inflateBack functions in ZLib compression library 1.2.x allows local users to cause a denial of service (application crash). | 2.1 |
2004-10-20 | CVE-2004-0755 | Yukihiro Matsumoto | Unspecified vulnerability in Yukihiro Matsumoto Ruby 1.6/1.8 The FileStore capability in CGI::Session for Ruby before 1.8.1, and possibly PStore, creates files with insecure permissions, which can allow local users to steal session information and hijack sessions. | 2.1 |
2004-10-20 | CVE-2004-0752 | Openoffice | Local File Disclosure vulnerability in Openoffice 1.1.2 OpenOffice (OOo) 1.1.2 creates predictable directory names with insecure permissions during startup, which may allow local users to read or list files of other users. | 2.1 |
2004-10-20 | CVE-2004-0559 | Usermin Webmin Mandrakesoft | The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on the /tmp/.usermin directory. | 2.1 |