Weekly Vulnerabilities Reports > November 29 to December 5, 2004
Overview
10 new vulnerabilities reported during this period, including 1 critical vulnerabilities and 3 high severity vulnerabilities. This weekly summary report vulnerabilities in 6 products from 3 vendors including Apple, Oracle, and Open Group. Vulnerabilities are notably categorized as and "Improper Handling of Case Sensitivity".
- 6 reported vulnerabilities are remotely exploitables.
- 10 reported vulnerabilities are exploitable by an anonymous user.
- Apple has the most reported vulnerabilities, with 8 reported vulnerabilities.
- Oracle has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
1 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2004-12-03 | CVE-2003-1208 | Oracle | Buffer Overflow vulnerability in Multiple Oracle Database Parameter/Statement Multiple buffer overflows in Oracle 9i 9 before 9.2.0.3 allow local users to execute arbitrary code by (1) setting the TIME_ZONE session parameter to a long value, or providing long parameters to the (2) NUMTOYMINTERVAL, (3) NUMTODSINTERVAL or (4) FROM_TZ functions. | 10.0 |
3 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2004-12-03 | CVE-2004-1083 | Apple | Improper Handling of Case Sensitivity vulnerability in Apple products Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization. | 7.5 |
2004-12-02 | CVE-2004-1088 | Apple | Remote And Local vulnerability in Apple Mac OS X Postfix server for Apple Mac OS X 10.3.6, when using CRAM-MD5, allows remote attackers to send mail without authentication by replaying authentication information. | 7.5 |
2004-12-02 | CVE-2004-1086 | Apple | Remote And Local vulnerability in Apple Mac OS X Buffer overflow in PSNormalizer for Apple Mac OS X 10.3.6 allows remote attackers to execute arbitrary code via a crafted PostScript input file. | 7.5 |
3 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2004-12-02 | CVE-2004-1084 | Apple | Remote And Local vulnerability in Apple Mac OS X Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles. | 5.0 |
2004-11-30 | CVE-2004-1771 | Open Group | Remote Security vulnerability in Open Group Scalable OGO 1.0 Scalable OGo (SOGo) 1.0 allows remote authenticated users to bypass intended permissions and view private appointments of other users. | 5.0 |
2004-12-02 | CVE-2004-1089 | Apple | Remote And Local vulnerability in Apple Mac OS X Unknown vulnerability in Apple Mac OS X 10.3.6 server, when using Kerberos authentication and Cyrus IMAP allows local users to access mailboxes of other users. | 4.6 |
3 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2004-12-02 | CVE-2004-1087 | Apple | Remote And Local vulnerability in Apple Mac OS X Terminal for Apple Mac OS X 10.3.6 may indicate that "Secure Keyboard Entry" is enabled even when it is not, which could result in a false sense of security for the user. | 2.1 |
2004-12-02 | CVE-2004-1085 | Apple | Remote And Local vulnerability in Apple Mac OS X Human Interface Toolbox (HIToolBox) for Apple Mac 0S X 10.3.6 allows local users to exit applications via the force-quit key combination, even when the system is running in kiosk mode. | 2.1 |
2004-12-02 | CVE-2004-1081 | Apple | Remote And Local vulnerability in Apple Mac OS X The Application Framework (AppKit) for Apple Mac OS X 10.2.8 and 10.3.6 does not properly restrict access to a secure text input field, which allows local users to read keyboard input from other applications within the same window session. | 2.1 |