U.S. Flag Official website of the Department of Homeland Security

Note: This page is part of the us-cert.gov archive.This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact info@us-cert.gov if you have any questions about the US-CERT website archive.

TLP:WHITE

Bulletin (SB04-063)

Summary of Security Items from February 18 through March 2, 2004

Original release date: March 02, 2004

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

Publications by US-CERT | Publications by Vendors | Publications by Third Parties


Publications by US-CERT

VU#116182: WinZip vulnerable to buffer overflow in handling of MIME archive parameters
A buffer overflow vulnerability in the WinZip program could allow a remote attacker to execute arbitrary code on a vulnerable system.

VU#150326: Internet Security Systems' BlackICE and RealSecure contain a heap overflow in the processing of SMB packets
Internet Security Systems' BlackICE and RealSecure intrusion detection products contain a remotely exploitable vulnerability. Exploitation of this vulnerability could lead to the compromise of the system with privileges of the vulnerable process, typically the "SYSTEM" user.

VU#194238: Apple Mac OS X Safari fails to properly display URLs in the status bar
Apple Mac OS X Safari fails to properly display URLs in the status bar.

VU#240174: Oracle9i Database contains buffer overflow in TIME_ZONE session parameter
Oracle9i Database contains a buffer overflow in the TIME_ZONE session parameter which could allow anyone who can query the server to execute arbitrary code or access data with the privileges of the vulnerable process.

VU#399806: Oracle9i Database contains buffer overflow in FROM_TZ() function
Oracle9i Database contains a buffer overflow in the FROM_TZ() function which could allow anyone who can query the server to execute arbitrary code or access data with the privileges of the vulnerable process.

VU#445214: Microsoft Windows Internet Naming Service (WINS) fails to properly validate the length of specially crafted packets
Microsoft Windows Internet Naming Service (WINS) fails to properly validate the length of specially crafted packets which could allow an unauthenticated, remote attacker to cause a denial-of-service condition.

VU#460350: Apple Quicktime/Darwin Streaming Server fails to properly parse DESCRIBE requests
Apple Quicktime/Darwin Streaming Server fails to properly parse DESCRIBE requests containing overly large User-Agent fields. This could allow an unauthenticated, remote attacker to cause a denial-of-service condition.

VU#513062: metamail contains multiple buffer overflow vulnerabilities
Multiple buffer overflows in the metamail package could allow a remote attacker to execute arbitrary code on a vulnerable system. An attacker may be able to exploit these vulnerabilities via a specially-crafted email message.

VU#518518: metamail contains multiple format string vulnerabilities
Multiple format string vulnerabilities in the metamail package could allow a remote attacker to execute arbitrary code on the vulnerable system. An attacker may be able to exploit these vulnerabilities via a specially-crafted email message.

VU#578886: Apple Mac OS X contains a vulnerability in DiskArbitration when initializing writable removable media
Apple Mac OS X contains a vulnerability in DiskArbitration when initializing writable removable media.

VU#619982: Zone Labs desktop security products fail to properly validate RCPT TO command argument
Zone Labs desktop security products contains a buffer overflow in the code that processes the RCPT TO command argument. This could allow an attacker to execute arbitrary code with SYSTEM privileges.

VU#819126: Oracle9i Database contains buffer overflow in NUMTOYMINTERVAL() function
Oracle9i Database contains a buffer overflow in the NUMTOYMINTERVAL() function which could allow anyone who can query the server to execute arbitrary code or access data with the privileges of the vulnerable process.

VU#841742: Apple Mac OS X Point-to-Point Protocol daemon (pppd) contains format string vulnerability
Apple Mac OS X Point-to-Point Protocol daemon contains a format string vulnerability in the handling of invalid command line arguments.

VU#846582: Oracle9i Database contains buffer overflow in NUMTODSINTERVAL() function
Oracle9i Database contains a buffer overflow in the NUMTODSINTERVAL() function which could allow anyone who can query the server to execute arbitrary code or access data with the privileges of the vulnerable process.

VU#972334: IMail Server LDAP daemon buffer overflow
A buffer overflow in the LDAP server component supplied with some versions of the Ipswitch IMail Server could allow a remote attacker to execute arbitrary code on the vulnerable system.

VU#987118: Microsoft Virtual PC for Mac fails to properly validate temporary file
Microsoft Virtual PC for Mac fails to properly validate a temporary file which could allow an attacker to execute arbitrary code with system privileges.

Back to top



Publications by Vendors

Apple

Cisco

Conectiva

Debian

Fedora

FreeBSD

Hewlett Packard

Mandrake

Microsoft

Novell

Oracle

Red Hat

SGI

Slackware

Sun Microsystems

SuSE Linux

TurboLinux

Trustix

Back to top



Publications by Third Parties

AusCERT

F-Secure

ISS

Network Associates

SANS

Sophos

Symantec

Trend Micro

UNIRAS


Copyright 2004 Carnegie Mellon University. Terms of use
Last updated
Publications by US-CERT | Publications by Vendors | Publications by Third Parties


Publications by US-CERT

VU#116182: WinZip vulnerable to buffer overflow in handling of MIME archive parameters
A buffer overflow vulnerability in the WinZip program could allow a remote attacker to execute arbitrary code on a vulnerable system.

VU#150326: Internet Security Systems' BlackICE and RealSecure contain a heap overflow in the processing of SMB packets
Internet Security Systems' BlackICE and RealSecure intrusion detection products contain a remotely exploitable vulnerability. Exploitation of this vulnerability could lead to the compromise of the system with privileges of the vulnerable process, typically the "SYSTEM" user.

VU#194238: Apple Mac OS X Safari fails to properly display URLs in the status bar
Apple Mac OS X Safari fails to properly display URLs in the status bar.

VU#240174: Oracle9i Database contains buffer overflow in TIME_ZONE session parameter
Oracle9i Database contains a buffer overflow in the TIME_ZONE session parameter which could allow anyone who can query the server to execute arbitrary code or access data with the privileges of the vulnerable process.

VU#399806: Oracle9i Database contains buffer overflow in FROM_TZ() function
Oracle9i Database contains a buffer overflow in the FROM_TZ() function which could allow anyone who can query the server to execute arbitrary code or access data with the privileges of the vulnerable process.

VU#445214: Microsoft Windows Internet Naming Service (WINS) fails to properly validate the length of specially crafted packets
Microsoft Windows Internet Naming Service (WINS) fails to properly validate the length of specially crafted packets which could allow an unauthenticated, remote attacker to cause a denial-of-service condition.

VU#460350: Apple Quicktime/Darwin Streaming Server fails to properly parse DESCRIBE requests
Apple Quicktime/Darwin Streaming Server fails to properly parse DESCRIBE requests containing overly large User-Agent fields. This could allow an unauthenticated, remote attacker to cause a denial-of-service condition.

VU#513062: metamail contains multiple buffer overflow vulnerabilities
Multiple buffer overflows in the metamail package could allow a remote attacker to execute arbitrary code on a vulnerable system. An attacker may be able to exploit these vulnerabilities via a specially-crafted email message.

VU#518518: metamail contains multiple format string vulnerabilities
Multiple format string vulnerabilities in the metamail package could allow a remote attacker to execute arbitrary code on the vulnerable system. An attacker may be able to exploit these vulnerabilities via a specially-crafted email message.

VU#578886: Apple Mac OS X contains a vulnerability in DiskArbitration when initializing writable removable media
Apple Mac OS X contains a vulnerability in DiskArbitration when initializing writable removable media.

VU#619982: Zone Labs desktop security products fail to properly validate RCPT TO command argument
Zone Labs desktop security products contains a buffer overflow in the code that processes the RCPT TO command argument. This could allow an attacker to execute arbitrary code with SYSTEM privileges.

VU#819126: Oracle9i Database contains buffer overflow in NUMTOYMINTERVAL() function
Oracle9i Database contains a buffer overflow in the NUMTOYMINTERVAL() function which could allow anyone who can query the server to execute arbitrary code or access data with the privileges of the vulnerable process.

VU#841742: Apple Mac OS X Point-to-Point Protocol daemon (pppd) contains format string vulnerability
Apple Mac OS X Point-to-Point Protocol daemon contains a format string vulnerability in the handling of invalid command line arguments.

VU#846582: Oracle9i Database contains buffer overflow in NUMTODSINTERVAL() function
Oracle9i Database contains a buffer overflow in the NUMTODSINTERVAL() function which could allow anyone who can query the server to execute arbitrary code or access data with the privileges of the vulnerable process.

VU#972334: IMail Server LDAP daemon buffer overflow
A buffer overflow in the LDAP server component supplied with some versions of the Ipswitch IMail Server could allow a remote attacker to execute arbitrary code on the vulnerable system.

VU#987118: Microsoft Virtual PC for Mac fails to properly validate temporary file
Microsoft Virtual PC for Mac fails to properly validate a temporary file which could allow an attacker to execute arbitrary code with system privileges.

Back to top



Publications by Vendors

Apple

Cisco

Conectiva

Debian

Fedora

FreeBSD

Hewlett Packard

Mandrake

Microsoft

Novell

Oracle

Red Hat

SGI

Slackware

Sun Microsystems

SuSE Linux

TurboLinux

Trustix

Back to top



Publications by Third Parties

AusCERT

F-Secure

ISS

Network Associates

SANS

Sophos

Symantec

Trend Micro

UNIRAS


Copyright 2004 Carnegie Mellon University. Terms of use
Last updated

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top