Summary of Security Items from February 18 through March 2, 2004

Released
Mar 02, 2004
Document ID
SB04-063

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 



Publications by US-CERT |
href="#vendors">Publications by Vendors
|
href="#others">Publications by Third Parties


Publications by US-CERT

VU#116182: WinZip vulnerable to buffer overflow in handling of MIME archive
parameters

A buffer overflow vulnerability in the WinZip program could allow a remote attacker to execute arbitrary code on a vulnerable system.

VU#150326: Internet Security Systems' BlackICE and RealSecure contain a
heap overflow in the processing of SMB packets

Internet Security Systems' BlackICE and RealSecure intrusion detection products contain a remotely exploitable vulnerability. Exploitation of this vulnerability could lead to the compromise of the system with privileges of the vulnerable process, typically the "SYSTEM" user.

VU#194238: Apple Mac OS X Safari fails to properly display URLs in the
status bar

Apple Mac OS X Safari fails to properly display URLs in the status bar.

VU#240174: Oracle9i Database contains buffer overflow in TIME_ZONE session parameter
Oracle9i Database contains a buffer overflow in the TIME_ZONE session parameter which could allow anyone who can query the server to execute arbitrary code or access data with the privileges of the vulnerable process.

VU#399806: Oracle9i Database contains buffer overflow in FROM_TZ() function
Oracle9i Database contains a buffer overflow in the FROM_TZ() function which could allow anyone who can query the server to execute arbitrary code or access data with the privileges of the vulnerable process.

VU#445214: Microsoft Windows Internet Naming Service (WINS) fails to
properly validate the length of specially crafted packets

Microsoft Windows Internet Naming Service (WINS) fails to properly validate the length of specially crafted packets which could allow an unauthenticated, remote attacker to cause a denial-of-service condition.

VU#460350: Apple Quicktime/Darwin Streaming Server fails to properly parse
DESCRIBE requests

Apple Quicktime/Darwin Streaming Server fails to properly parse DESCRIBE
requests containing overly large User-Agent fields. This could allow an
unauthenticated, remote attacker to cause a denial-of-service condition.

VU#513062: metamail contains multiple buffer overflow vulnerabilities

Multiple buffer overflows in the metamail package could allow a remote
attacker
to execute arbitrary code on a vulnerable system. An attacker may be able
to
exploit these vulnerabilities via a specially-crafted email message.

VU#518518: metamail contains multiple format string vulnerabilities

Multiple format string vulnerabilities in the metamail package could allow a remote attacker to execute arbitrary code on the vulnerable system. An attacker may be able to exploit these vulnerabilities via a specially-crafted email message.

VU#578886: Apple Mac OS X contains a vulnerability in DiskArbitration when
initializing writable removable media

Apple Mac OS X contains a vulnerability in DiskArbitration when initializing
writable removable media.

VU#619982: Zone Labs desktop security products fail to properly validate
RCPT TO command argument

Zone Labs desktop security products contains a buffer overflow in the code
that
processes the RCPT TO command argument. This could allow an attacker to
execute
arbitrary code with SYSTEM privileges.

VU#819126: Oracle9i Database contains buffer overflow in NUMTOYMINTERVAL()
function

Oracle9i Database contains a buffer overflow in the NUMTOYMINTERVAL() function which could allow anyone who can query the server to execute arbitrary code or access data with the privileges of the vulnerable process.

VU#841742: Apple Mac OS X Point-to-Point Protocol daemon (pppd) contains
format string vulnerability

Apple Mac OS X Point-to-Point Protocol daemon contains a format string
vulnerability in the handling of invalid command line arguments.

VU#846582: Oracle9i Database contains buffer overflow in NUMTODSINTERVAL()
function

Oracle9i Database contains a buffer overflow in the NUMTODSINTERVAL() function which could allow anyone who can query the server to execute arbitrary code or access data with the privileges of the vulnerable process.

VU#972334: IMail Server LDAP daemon buffer overflow

A buffer overflow in the LDAP server component supplied with some versions of the Ipswitch IMail Server could allow a remote attacker to execute arbitrary code on the vulnerable system.

VU#987118: Microsoft Virtual PC for Mac fails to properly validate
temporary file

Microsoft Virtual PC for Mac fails to properly validate a temporary file
which
could allow an attacker to execute arbitrary code with system privileges.

Back to top


Publications by Vendors

Apple

Cisco

Conectiva

Debian

Fedora

FreeBSD

Hewlett Packard

Mandrake

Microsoft

Novell

Oracle

Red Hat

SGI

Slackware

Sun Microsystems

SuSE Linux

TurboLinux

Trustix

Back to top


Publications by Third Parties

AusCERT

F-Secure

ISS

Network Associates

SANS

Sophos

Symantec

Trend Micro

UNIRAS



Copyright 2004 Carnegie Mellon University. Terms of use
Last
updated

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.