Weekly Vulnerabilities Reports > August 11 to 17, 2008
Overview
5 new vulnerabilities reported during this period, including 2 critical vulnerabilities and 2 high severity vulnerabilities. This weekly summary report vulnerabilities in 9 products from 8 vendors including Debian, Linux, Redhat, Suse, and Canonical. Vulnerabilities are notably categorized as "Use of Uninitialized Resource", "Use of Hard-coded Credentials", "NULL Pointer Dereference", "SQL Injection", and "Classic Buffer Overflow".
- 4 reported vulnerabilities are remotely exploitables.
- 2 reported vulnerabilities have public exploit available.
- 1 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 4 reported vulnerabilities are exploitable by an anonymous user.
- Debian has the most reported vulnerabilities, with 1 reported vulnerabilities.
- Redhat has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
2 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2008-08-12 | CVE-2008-3604 | Zeescripts | SQL Injection vulnerability in Zeescripts Zeebuddy 2.1 SQL injection vulnerability in bannerclick.php in ZeeBuddy 2.1 allows remote attackers to execute arbitrary SQL commands via the adid parameter. | 9.8 |
| 2008-08-14 | CVE-2008-2369 | Redhat | Use of Hard-coded Credentials vulnerability in Redhat Satellite manzier.pxt in Red Hat Network Satellite Server before 5.1.1 has a hard-coded authentication key, which allows remote attackers to connect to the server and obtain sensitive information about user accounts and entitlements. | 9.1 |
2 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2008-08-14 | CVE-2008-3688 | Havp | Use of Uninitialized Resource vulnerability in Havp Http Antivirus Proxy 0.88 sockethandler.cpp in HTTP Antivirus Proxy (HAVP) 0.88 allows remote attackers to cause a denial of service (hang) by connecting to a non-responsive server, which triggers an infinite loop due to an uninitialized variable. | 7.5 |
| 2008-08-12 | CVE-2008-3597 | Skulltag | NULL Pointer Dereference vulnerability in Skulltag 0.97D2 Skulltag before 0.97d2-RC6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by sending a "command 29" packet when the player is not in the game. | 7.5 |
1 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2008-08-12 | CVE-2008-3275 | Linux Debian Canonical Suse | Classic Buffer Overflow vulnerability in multiple products The (1) real_lookup and (2) __lookup_hash functions in fs/namei.c in the vfs implementation in the Linux kernel before 2.6.25.15 do not prevent creation of a child dentry for a deleted (aka S_DEAD) directory, which allows local users to cause a denial of service ("overflow" of the UBIFS orphan area) via a series of attempted file creations within deleted directories. | 5.5 |
0 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|