Weekly Vulnerabilities Reports > August 8 to 14, 2005

Overview

38 new vulnerabilities reported during this period, including 2 critical vulnerabilities and 12 high severity vulnerabilities. This weekly summary report vulnerabilities in 26 products from 16 vendors including Microsoft, Ethereal Group, Flatnuke, Linux, and Gnome. Vulnerabilities are notably categorized as and "Resource Management Errors".

  • 34 reported vulnerabilities are remotely exploitables.
  • 38 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 9 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

2 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-08-10 CVE-2005-2541 GNU Unspecified vulnerability in GNU TAR 1.15.1

Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.

10.0
2005-08-10 CVE-2005-1983 Microsoft Buffer Overflow vulnerability in Microsoft Windows 2000 and Windows XP

Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob (aka Mytob) worm.

10.0

12 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-08-12 CVE-2005-2552 HP Remote Access vulnerability in HP Proliant DL585 Server Unauthorized

Unknown vulnerability in HP ProLiant DL585 servers running Integrated Lights Out (ILO) firmware before 1.81 allows attackers to access server controls when the server is "powered down."

7.5
2005-08-12 CVE-2005-2551 Novell Buffer Overflow vulnerability in Novell Edirectory 8.7.3

Buffer overflow in dhost.exe in iMonitor for Novell eDirectory 8.7.3 on Windows allows attackers to cause a denial of service (crash) and obtain access to files via unknown vectors.

7.5
2005-08-12 CVE-2005-2550 Gnome Format String vulnerability in GNOME Evolution

Format string vulnerability in Evolution 1.4 through 2.3.6.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the calendar entries such as task lists, which are not properly handled when the user selects the Calendars tab.

7.5
2005-08-12 CVE-2005-2549 Gnome Format String vulnerability in GNOME Evolution

Multiple format string vulnerabilities in Evolution 1.5 through 2.3.6.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) full vCard data, (2) contact data from remote LDAP servers, or (3) task list data from remote servers.

7.5
2005-08-12 CVE-2005-2547 Bluez Project Unspecified vulnerability in Bluez Project Bluez 2.18

security.c in hcid for BlueZ 2.16, 2.17, and 2.18 allows remote attackers to execute arbitrary commands via shell metacharacters in the Bluetooth device name when invoking the PIN helper.

7.5
2005-08-10 CVE-2005-2536 Pstotext Unspecified vulnerability in Pstotext

pstotext before 1.8g does not properly use the "-dSAFER" option when calling Ghostscript to extract plain text from PostScript and PDF files, which allows remote attackers to execute arbitrary commands via a malicious PostScript file.

7.5
2005-08-10 CVE-2005-2535 Broadcom Unspecified vulnerability in Broadcom products

Buffer overflow in the Discovery Service in BrightStor ARCserve Backup 9.0 through 11.1 allows remote attackers to execute arbitrary commands via a large packet to TCP port 41523, a different vulnerability than CVE-2005-0260.

7.5
2005-08-10 CVE-2005-2367 Ethereal Group Protocol Dissector vulnerability in Ethereal

Format string vulnerability in the proto_item_set_text function in Ethereal 0.9.4 through 0.10.11, as used in multiple dissectors, allows remote attackers to write to arbitrary memory locations and gain privileges via a crafted AFP packet.

7.5
2005-08-10 CVE-2005-1989 Microsoft Unspecified vulnerability in Microsoft IE and Internet Explorer

Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to obtain information and possibly execute code when browsing from a web site to a web folder view using WebDAV, aka "Web Folder Behaviors Cross-Domain Vulnerability".

7.5
2005-08-10 CVE-2005-1984 Microsoft Buffer Overflow vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP

Buffer overflow in the Print Spooler service (Spoolsv.exe) for Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via a malicious message.

7.5
2005-08-10 CVE-2005-0058 Microsoft Buffer Overflow vulnerability in Microsoft Windows Telephony Service

Buffer overflow in the Telephony Application Programming Interface (TAPI) for Microsoft Windows 98, Windows 98 SE, Windows ME, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to elevate privileges or execute arbitrary code via a crafted message.

7.5
2005-08-08 CVE-2005-2500 Linux Remote Denial of Service vulnerability in Linux Kernel NFSACL Protocol XDR Data

Buffer overflow in the xdr_xcode_array2 function in xdr.c in Linux kernel 2.6.12, as used in SuSE Linux Enterprise Server 9, might allow remote attackers to cause a denial of service and possibly execute arbitrary code via crafted XDR data for the nfsacl protocol.

7.5

20 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-08-10 CVE-2005-1990 Microsoft Unspecified vulnerability in Microsoft IE and Internet Explorer

Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, including (1) devenum.dll, (2) diactfrm.dll, (3) wmm2filt.dll, (4) fsusd.dll, (5) dmdskmgr.dll, (6) browsewm.dll, (7) browseui.dll, (8) shell32.dll, (9) mshtml.dll, (10) inetcfg.dll, (11) infosoft.dll, (12) query.dll, (13) syncui.dll, (14) clbcatex.dll, (15) clbcatq.dll, (16) comsvcs.dll, and (17) msconf.dll, which causes memory corruption, aka "COM Object Instantiation Memory Corruption Vulnerability," a different vulnerability than CVE-2005-2087.

5.1
2005-08-10 CVE-2005-1988 Microsoft Unspecified vulnerability in Microsoft IE and Internet Explorer

Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to execute arbitrary code via a web site or an HTML e-mail containing a crafted JPEG image that causes memory corruption, aka "JPEG Image Rendering Memory Corruption Vulnerability".

5.1
2005-08-12 CVE-2005-2548 Linux Resource Management Errors vulnerability in Linux Kernel 2.6.8

vlan_dev.c in the VLAN code for Linux kernel 2.6.8 allows remote attackers to cause a denial of service (kernel oops from null dereference) via certain UDP packets that lead to a function call with the wrong argument, as demonstrated using snmpwalk on snmpd.

5.0
2005-08-10 CVE-2005-2546 Arab Portal Information Disclosure vulnerability in Arab Portal Arab Portal 2.0

Arab Portal 2.0 allows remote attackers to obtain sensitive information via a long (1) username or (2) password, which reveals the path in an error message when the undefined "errmsg" function is called.

5.0
2005-08-10 CVE-2005-2544 Comdev Remote File Include vulnerability in Comdev Ecommerce 3.0

PHP remote file inclusion vulnerability in config.php in Comdev eCommerce 3.0 allows remote attackers to execute arbitrary PHP code via the path[docroot] parameter.

5.0
2005-08-10 CVE-2005-2543 Comdev Directory Traversal vulnerability in Comdev Ecommerce 3.0

Directory traversal vulnerability in wce.download.php in Comdev eCommerce 3.0 allows remote attackers to download arbitrary files via a ..

5.0
2005-08-10 CVE-2005-2542 Invision Power Services Cross-Site Scripting vulnerability in Invision Power Board Attached File

Invision Power Board (IPB) 1.0.3 allows remote attackers to inject arbitrary web script or HTML via an attachment, which is automatically downloaded and processed as HTML.

5.0
2005-08-10 CVE-2005-2540 Flatnuke Unspecified vulnerability in Flatnuke 2.5.5

CRLF injection vulnerability in FlatNuke 2.5.5 and possibly earlier versions allows remote attackers to execute arbitrary PHP commands via an ASCII char 13 (carriage return) in the signature field, which is injected into a PHP script without a preceding comment character, which can then be executed by a direct request.

5.0
2005-08-10 CVE-2005-2538 Flatnuke Denial-Of-Service vulnerability in Flatnuke 2.5.5

FlatNuke 2.5.5 and possibly earlier versions allows remote attackers to obtain sensitive information via (1) a null byte or (2) an MS-DOS device name such as AUX, CON, PRN, COM1, or LPT1 in the mod parameter.

5.0
2005-08-10 CVE-2005-2537 Flatnuke Information Disclosure vulnerability in Flatnuke 2.5.5

FlatNuke 2.5.5 and possibly earlier versions allows remote attackers to obtain sensitive information via a direct request to structure.php.

5.0
2005-08-10 CVE-2005-2366 Ethereal Group Protocol Dissector vulnerability in Ethereal Group Ethereal 0.10.11

Unknown vulnerability in the BER dissector in Ethereal 0.10.11 allows remote attackers to cause a denial of service (abort or infinite loop) via unknown attack vectors.

5.0
2005-08-10 CVE-2005-2365 Ethereal Group Protocol Dissector vulnerability in Ethereal

Unknown vulnerability in the SMB dissector in Ethereal 0.9.0 through 0.10.11 allows remote attackers to cause a buffer overflow or a denial of service (memory consumption) via unknown attack vectors.

5.0
2005-08-10 CVE-2005-2364 Ethereal Group Protocol Dissector vulnerability in Ethereal

Unknown vulnerability in the (1) GIOP dissector, (2) WBXML, or (3) CAMEL dissector in Ethereal 0.8.20 through 0.10.11 allows remote attackers to cause a denial of service (application crash) via certain packets that cause a null pointer dereference.

5.0
2005-08-10 CVE-2005-2363 Ethereal Group Protocol Dissector vulnerability in Ethereal

Unknown vulnerability in the (1) SMPP dissector, (2) 802.3 dissector, (3) DHCP, (4) MEGACO dissector, or (5) H1 dissector in Ethereal 0.8.15 through 0.10.11 allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors.

5.0
2005-08-10 CVE-2005-2362 Ethereal Group Protocol Dissector vulnerability in Ethereal

Unknown vulnerability several dissectors in Ethereal 0.9.0 through 0.10.11 allows remote attackers to cause a denial of service (application crash) by reassembling certain packets.

5.0
2005-08-10 CVE-2005-2361 Ethereal Group Protocol Dissector vulnerability in Ethereal

Unknown vulnerability in the (1) AgentX dissector, (2) PER dissector, (3) DOCSIS dissector, (4) SCTP graphs, (5) HTTP dissector, (6) DCERPC, (7) DHCP, (8) RADIUS dissector, (9) Telnet dissector, (10) IS-IS LSP dissector, or (11) NCP dissector in Ethereal 0.8.19 through 0.10.11 allows remote attackers to cause a denial of service (application crash or abort) via unknown attack vectors.

5.0
2005-08-10 CVE-2005-2360 Ethereal Group Protocol Dissector vulnerability in Ethereal

Unknown vulnerability in the LDAP dissector in Ethereal 0.8.5 through 0.10.11 allows remote attackers to cause a denial of service (free static memory and application crash) via unknown attack vectors.

5.0
2005-08-10 CVE-2005-1218 Microsoft Remote Desktop Protocol Denial Of Service vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP

The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 allows remote attackers to cause a denial of service (crash) via crafted Remote Desktop Protocol (RDP) requests.

5.0
2005-08-10 CVE-2005-2545 Phpopenchat HTML Injection vulnerability in PHPopenchat 3.0.2

Multiple cross-site scripting (XSS) vulnerabilities in PHPOpenChat 3.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) content parameter to profile.php and profile_misc.php, (3) the profile fields in userpage.php, (4) subject or (5) body in mail.php, or (8) disinvited_chatter or (7) invited_chatter parameter to invite.php.

4.3
2005-08-10 CVE-2005-2539 Flatnuke Cross-Site Scripting vulnerability in Flatnuke 2.5.5

Multiple cross-site scripting (XSS) vulnerabilities in FlatNuke 2.5.5 and possibly earlier versions allow remote attackers to inject arbitrary web script or HTML via the (1) bodycolor, (2) backimage, (3) theme, or (4) logo parameter to structure.php, (5) admin, (6) admin_mail, or (7) back parameter to footer.php, or (8) the message body in a news post.

4.3

4 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-08-10 CVE-2005-1982 Microsoft Man In The Middle vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP

Unknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle (MITM) attack between a client and a domain controller when PKINIT smart card authentication is being used.

3.6
2005-08-12 CVE-2005-2554 Network Associates Local Information Disclosure vulnerability in Network Associates Epolicy Orchestrator Agent 3.5.0(Patch3)

The web server for Network Associates ePolicy Orchestrator Agent 3.5.0 (patch 3) uses insecure permissions for the "Common Framework\Db" folder, which allows local users to read arbitrary files by creating a subfolder in the EPO agent web root directory.

2.1
2005-08-12 CVE-2005-2553 Linux Local Denial Of Service vulnerability in Linux Kernel Find_Target

The find_target function in ptrace32.c in the Linux kernel 2.4.x before 2.4.29 does not properly handle a NULL return value from another function, which allows local users to cause a denial of service (kernel crash/oops) by running a 32-bit ltrace program with the -i option on a 64-bit executable program.

2.1
2005-08-10 CVE-2005-1981 Microsoft Unspecified vulnerability in Microsoft Windows 2000 and Windows 2003 Server

Unknown vulnerability in Microsoft Windows 2000 Server and Windows Server 2003 domain controllers allows remote authenticated users to cause a denial of service (system crash) via a crafted Kerberos message.

2.1