VARIoT IoT vulnerabilities database
VAR-200109-0118 | CVE-2001-0507 | Microsoft IIS Elevation of Privilege Vulnerability in In-Process Table |
CVSS V2: 7.2 CVSS V3: - Severity: HIGH |
IIS 5.0 uses relative paths to find system files that will run in-process, which allows local users to gain privileges via a Trojan horse file, aka the "System file listing privilege elevation" vulnerability. Microsoft IIS In Guest As a result, you can elevate from account privileges System With authority Web A vulnerability exists that allows arbitrary code placed in the public directory to be executed.System An arbitrary code may be executed with privileges
VAR-200108-0183 | CVE-2001-0519 | Aladdin eSafe Gateway Filter bypass vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Aladdin eSafe Gateway versions 2.x allows a remote attacker to circumvent HTML SCRIPT filtering via a special arrangement of HTML tags which includes SCRIPT tags embedded within other SCRIPT tags. Esafe Gateway is prone to a remote security vulnerability. Vulnerabilities exist in Aladdin eSafe Gateway 2.x
VAR-200108-0184 | CVE-2001-0520 | Aladdin eSafe Gateway Filter bypass vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Aladdin eSafe Gateway versions 3.0 and earlier allows a remote attacker to circumvent filtering of SCRIPT tags by embedding the scripts within certain HTML tags including (1) onload in the BODY tag, (2) href in the A tag, (3) the BUTTON tag, (4) the INPUT tag, or (5) any other tag in which scripts can be defined. Esafe Gateway is prone to a remote security vulnerability. Vulnerabilities exist in Aladdin eSafe Gateway 3.0 and earlier versions
VAR-200108-0185 | CVE-2001-0521 | Aladdin eSafe Gateway Filter bypass vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Aladdin eSafe Gateway versions 3.0 and earlier allows a remote attacker to circumvent HTML SCRIPT filtering via the UNICODE encoding of SCRIPT tags within the HTML document. Esafe Gateway is prone to a remote security vulnerability. Vulnerabilities exist in Aladdin eSafe Gateway 3.0 and earlier versions
VAR-200108-0076 | CVE-2001-0566 |
Cisco Catalyst 2900XL Switch Service Rejection Vulnerability
Related entries in the VARIoT exploits database: VAR-E-200105-0108 |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Cisco Catalyst 2900XL switch allows a remote attacker to create a denial of service via an empty UDP packet sent to port 161 (SNMP) when SNMP is disabled. Catalyst 2900 XL is prone to a denial-of-service vulnerability. Vulnerabilities exist in Cisco Catalyst 2900XL switches
VAR-200108-0041 | CVE-2001-1025 | PHP-Nuke Remotely SQL Query tampering Vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
PHP-Nuke 5.x allows remote attackers to perform arbitrary SQL operations by modifying the "prefix" variable when calling any scripts that do not already define the prefix variable (e.g., by including mainfile.php), such as article.php. PHP-Nuke reportedly contains a vulnerability introduced in a new feature which may permit remote attackers to execute almost arbitrary SQL queries.
In version 5.x of PHP-Nuke, the administrator can set an arbitrary prefix for the database table names. Because it is a prefix for PHP-Nuke tables, this variable is included in many SQL queries used by PHP-Nuke. Vulnerabilities exist in PHP-Nuke 5.x versions
VAR-200108-0036 | CVE-2001-1117 | LinkSys EtherFast BEFSR41 Cable/DSL Router View Management and User Password Vulnerabilities |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
LinkSys EtherFast BEFSR41 Cable/DSL routers running firmware before 1.39.3 Beta allows a remote attacker to view administration and user passwords by connecting to the router and viewing the HTML source for (1) index.htm and (2) Password.htm. Linksys EtherFast routers are small four port routers designed to optimize the use of DSL or Cable connections. EtherFast routers provide advanced features such as Network Address Translation, and DHCP Serving.
EtherFast routers store the ISP and router login passwords in HTML configuration files. Additionally, when accessed by the administrator, the information is sent over the network in plain text. This makes it possible to sniff the passwords during transit. A vulnerability exists in the LinkSys EtherFast BEFSR41 Cable/DSL router running firmware prior to 1.39.3 Beta
VAR-200107-0028 | CVE-2001-1021 | Progress Software Ipswitch WS_FTP Server Buffer error vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Buffer overflows in WS_FTP 2.02 allow remote attackers to execute arbitrary code via long arguments to (1) DELE, (2) MDTM, (3) MLST, (4) MKD, (5) RMD, (6) RNFR, (7) RNTO, (8) SIZE, (9) STAT, (10) XMKD, or (11) XRMD. WS FTP Server is prone to a remote security vulnerability. WS_FTP 2.02 has a buffer overflow vulnerability
VAR-200107-0020 | CVE-2001-1104 | SonicWALL SOHO Security hole |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
SonicWALL SOHO uses easily predictable TCP sequence numbers, which allows remote attackers to spoof or hijack sessions.
By predicting a sequence number, several attacks could be performed; an attacker could disrupt or hijack existing connections, or spoof future connections
VAR-200107-0045 | CVE-2001-0002 | OpenSSH contains buffer management errors |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Internet Explorer 5.5 and earlier allows remote attackers to obtain the physical location of cached content and open the content in the Local Computer Zone, then use compiled HTML help (.chm) files to execute arbitrary programs. Versions of the OpenSSH server prior to 3.7.1 contain buffer management errors. While the full impact of these vulnerabilities are unclear, they may lead to memory corruption and a denial-of-service situation. A vulnerability exists in Microsoft's Remote Procedure Call (RPC) implementation. A remote attacker could exploit this vulnerability to cause a denial of service. An exploit for this vulnerability is publicly available. Certain versions of Microsoft Internet Explorer (IE) that support double-byte character sets (DBCS) contain a buffer overflow vulnerability in the Type attribute of the OBJECT element. A remote attacker could execute arbitrary code with the privileges of the user running IE. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ Internet Explorer Is XML There is a problem with the style sheet processing, and even if the script is disabled in the security zone, the script will be executed. Outlook Express Including many MUA Then XML Document IE Since it is displayed using the component of, the script may be executed just by displaying the mail.Please refer to the “Overview” for the impact of this vulnerability. We are sending this message to help ensure that
administrators have not overlooked one or more of these vulnerabilities.
There have been several recent vulnerabilities affecting OpenSSH. It is unclear if these issues
are exploitable, but they are resolved in version 3.7.1. These four additional
flaws are believed to be relatively minor, and are scheduled to be
included in the next version of OpenSSH.
Exploitation of this vulnerability may lead to a remote attacker
gaining privileged access to the server, in some cases root access.
VU#209807 - Portable OpenSSH server PAM conversion stack corruption
http://www.kb.cert.org/vuls/id/209807
There is a vulnerability in portable versions of OpenSSH 3.7p1 and
3.7.1p1 that may permit an attacker to corrupt the PAM conversion
stack.
Please check the vulnerability notes for resolutions and additional
details.
Thank you.
-----BEGIN PGP SIGNED MESSAGE-----
CERT Summary CS-2003-04
November 24, 2003
Each quarter, the CERT Coordination Center (CERT/CC) issues the CERT
Summary to draw attention to the types of attacks reported to our
incident response team, as well as other noteworthy incident and
vulnerability information.
Past CERT summaries are available from:
CERT Summaries
http://www.cert.org/summaries/
______________________________________________________________________
Recent Activity
Since the last regularly scheduled CERT summary, issued in September
2003 (CS-2003-03), we have documented vulnerabilities in the Microsoft
Windows Workstation Service, RPCSS Service, and Exchange.
We have received reports of W32/Swen.A, W32/Mimail variants, and
exploitation of an Internet Explorer vulnerability reported in August
of 2003.
For more current information on activity being reported to the
CERT/CC, please visit the CERT/CC Current Activity page. The Current
Activity page is a regularly updated summary of the most frequent,
high-impact types of security incidents and vulnerabilities being
reported to the CERT/CC. The information on the Current Activity page
is reviewed and updated as reporting trends change.
CERT/CC Current Activity
http://www.cert.org/current/current_activity.html
1. W32/Mimail Variants
The CERT/CC has received reports of several new variants of the
'Mimail' worm. The most recent variant of the worm (W32/Mimail.J)
arrives as an email message alleging to be from the Paypal
financial service. The message requests that the recipient
'verify' their account information to prevent the suspension of
their Paypal account. Attached to the email is an executable file
which captures this information (if entered), and sends it to a
number of email addresses.
Current Activity - November 19, 2003
http://www.cert.org/current/archive/2003/11/19/archive.html#mimaili
2.
CERT Advisory CA-2003-28
Buffer Overflow in Windows Workstation Service
http://www.cert.org/advisories/CA-2003-28.html
Vulnerability Note VU#567620
Microsoft Windows Workstation service vulnerable to
buffer overflow when sent specially crafted network
message
http://www.kb.cert.org/vuls/id/567620
3.
CERT Advisory CA-2003-27
Multiple Vulnerabilities in Microsoft Windows and
Exchange
http://www.cert.org/advisories/CA-2003-27.html
Vulnerability Note VU#575892
Buffer overflow in Microsoft Windows Messenger Service
http://www.kb.cert.org/vuls/id/575892
Vulnerability Note VU#422156
Microsoft Exchange Server fails to properly handle
specially crafted SMTP extended verb requests
http://www.kb.cert.org/vuls/id/422156
Vulnerability Note VU#467036
Microsoft Windows Help and support Center contains buffer
overflow in code used to handle HCP protocol
http://www.kb.cert.org/vuls/id/467036
Vulnerability Note VU#989932
Microsoft Windows contains buffer overflow in Local
Troubleshooter ActiveX control (Tshoot.ocx)
http://www.kb.cert.org/vuls/id/989932
Vulnerability Note VU#838572
Microsoft Windows Authenticode mechanism installs ActiveX
controls without prompting user
http://www.kb.cert.org/vuls/id/838572
Vulnerability Note VU#435444
Microsoft Outlook Web Access (OWA) contains cross-site
scripting vulnerability in the "Compose New Message" form
http://www.kb.cert.org/vuls/id/435444
Vulnerability Note VU#967668
Microsoft Windows ListBox and ComboBox controls vulnerable
to buffer overflow when supplied crafted Windows message
http://www.kb.cert.org/vuls/id/967668
4. Multiple Vulnerabilities in SSL/TLS Implementations
Multiple vulnerabilities exist in the Secure Sockets Layer (SSL)
and Transport Layer Security (TLS) protocols allowing an attacker
to execute arbitrary code or cause a denial-of-service condition.
CERT Advisory CA-2003-26
Multiple Vulnerabilities in SSL/TLS Implementations
http://www.cert.org/advisories/CA-2003-26.html
Vulnerability Note VU#935264
OpenSSL ASN.1 parser insecure memory deallocation
http://www.kb.cert.org/vuls/id/935264
Vulnerability Note VU#255484
OpenSSL contains integer overflow handling ASN.1 tags (1)
http://www.kb.cert.org/vuls/id/255484
Vulnerability Note VU#380864
OpenSSL contains integer overflow handling ASN.1 tags (2)
http://www.kb.cert.org/vuls/id/380864
Vulnerability Note VU#686224
OpenSSL does not securely handle invalid public key when
configured to ignore errors
http://www.kb.cert.org/vuls/id/686224
Vulnerability Note VU#732952
OpenSSL accepts unsolicited client certificate messages
http://www.kb.cert.org/vuls/id/732952
Vulnerability Note VU#104280
Multiple vulnerabilities in SSL/TLS implementations
http://www.kb.cert.org/vuls/id/104280
Vulnerability Note VU#412478
OpenSSL 0.9.6k does not properly handle ASN.1 sequences
http://www.kb.cert.org/vuls/id/412478
5. Exploitation of Internet Explorer Vulnerability
The CERT/CC received a number of reports indicating that attackers
were actively exploiting the Microsoft Internet Explorer
vulnerability described in VU#865940. These attacks include the
installation of tools for launching distributed denial-of-service
(DDoS) attacks, providing generic proxy services, reading
sensitive information from the Windows registry, and using a
victim system's modem to dial pay-per-minute services. The
vulnerability described in VU#865940 exists due to an interaction
between IE's MIME type processing and the way it handles HTML
application (HTA) files embedded in OBJECT tags. W32/Swen.A Worm
On September 19, the CERT/CC began receiving a large volume of
reports of a mass mailing worm, referred to as W32/Swen.A,
spreading on the Internet. Similar to W32/Gibe.B in function, this
worm arrives as an attachment claiming to be a Microsoft Internet
Explorer Update or a delivery failure notice from qmail. The
W32/Swen.A worm requires a user to execute the attachment either
manually or by using an email client that will open the attachment
automatically. Upon opening the attachment, the worm attempts to
mail itself to all email addresses it finds on the system. The
CERT/CC updated the current activity page to contain further
information on this worm.
Current Activity - September 19, 2003
http://www.cert.org/current/archive/2003/09/19/archive.html#swena
7. Buffer Overflow in Sendmail
Sendmail, a widely deployed mail transfer agent (MTA), contains a
vulnerability that could allow an attacker to execute arbitrary
code with the privileges of the sendmail daemon, typically root.
CERT Advisory CA-2003-25
Buffer Overflow in Sendmail
http://www.cert.org/advisories/CA-2003-25.html
Vulnerability Note VU#784980
Sendmail prescan() buffer overflow vulnerability
http://www.kb.cert.org/vuls/id/784980
8.
CERT Advisory CA-2003-23
RPCSS Vulnerabilities in Microsoft Windows
http://www.cert.org/advisories/CA-2003-23.html
Vulnerability Note VU#483492
Microsoft Windows RPCSS Service contains heap overflow in
DCOM activation routines
http://www.kb.cert.org/vuls/id/483492
Vulnerability Note VU#254236
Microsoft Windows RPCSS Service contains heap overflow in
DCOM request filename handling
http://www.kb.cert.org/vuls/id/254236
Vulnerability Note VU#326746
Microsoft Windows RPC service vulnerable to
denial of service
http://www.kb.cert.org/vuls/id/326746
______________________________________________________________________
New CERT Coordination Center (CERT/CC) PGP Key
On October 15, the CERT/CC issued a new PGP key, which should be used
when sending sensitive information to the CERT/CC.
CERT/CC PGP Public Key
https://www.cert.org/pgp/cert_pgp_key.asc
Sending Sensitive Information to the CERT/CC
https://www.cert.org/contact_cert/encryptmail.html
______________________________________________________________________
What's New and Updated
Since the last CERT Summary, we have published new and updated
* Advisories
http://www.cert.org/advisories/
* Vulnerability Notes
http://www.kb.cert.org/vuls
* CERT/CC Statistics
http://www.cert.org/stats/cert_stats.html
* Congressional Testimony
http://www.cert.org/congressional_testimony
* Training Schedule
http://www.cert.org/training/
* CSIRT Development
http://www.cert.org/csirts/
______________________________________________________________________
This document is available from:
http://www.cert.org/summaries/CS-2003-04.html
______________________________________________________________________
CERT/CC Contact Information
Email: cert@cert.org
Phone: +1 412-268-7090 (24-hour hotline)
Fax: +1 412-268-6989
Postal address:
CERT Coordination Center
Software Engineering Institute
Carnegie Mellon University
Pittsburgh PA 15213-3890
U.S.A.
CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) /
EDT(GMT-4) Monday through Friday; they are on call for emergencies
during other hours, on U.S. holidays, and on weekends.
Using encryption
We strongly urge you to encrypt sensitive information sent by email.
Our public PGP key is available from
http://www.cert.org/CERT_PGP.key
If you prefer to use DES, please call the CERT hotline for more
information.
Getting security information
CERT publications and other security information are available from
our web site
http://www.cert.org/
To subscribe to the CERT mailing list for advisories and bulletins,
send email to majordomo@cert.org. Please include in the body of your
message
subscribe cert-advisory
* "CERT" and "CERT Coordination Center" are registered in the U.S.
Patent and Trademark Office.
______________________________________________________________________
NO WARRANTY
Any material furnished by Carnegie Mellon University and the Software
Engineering Institute is furnished on an "as is" basis. Carnegie
Mellon University makes no warranties of any kind, either expressed or
implied as to any matter including, but not limited to, warranty of
fitness for a particular purpose or merchantability, exclusivity or
results obtained from use of the material. Carnegie Mellon University
does not make any warranty of any kind with respect to freedom from
patent, trademark, or copyright infringement.
______________________________________________________________________
Conditions for use, disclaimers, and sponsorship information
Copyright \xa92003 Carnegie Mellon University.
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8
iQCVAwUBP8JVOZZ2NNT/dVAVAQGL9wP+I18NJBUBuv7b0pam5La7E7qOQFMn5n78
7i0gBX/dKgaY5siM6jBYYwCbbA7Y0/Jwtby2zHp1s8RHZY5/3JEzElfv4TLlR8rT
rb8gJDbpan2JWA6xH9IzqZaSrxrXpNypwU2wWxR2osmbYl8FdV0rD3ZYXJjyi+nU
UENALuNdthA=
=DD60
-----END PGP SIGNATURE-----
VAR-200107-0032 | CVE-2001-1030 | Squid HTTP Accelerator mode illegal activity vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning
VAR-200107-0090 | CVE-2001-1303 | Check Point Firewall-1 SecureRemote Network Information Disclosure Vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The default configuration of SecuRemote for Check Point Firewall-1 allows remote attackers to obtain sensitive configuration information for the protected network without authentication. SecureRemote is the proprietary VPN infrastructure designed by Check Point Software, and included with some versions of Firewall-1
VAR-200108-0064 | CVE-2001-0554 |
Multiple vendor telnet daemons vulnerable to buffer overflow via crafted protocol options
Related entries in the VARIoT exploits database: VAR-E-200107-0050 |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function. The telnetd program is a server for the telnet remote virtual terminal protocol. There is a remotely exploitable buffer overflow in telnet daemons derived from BSD source code. This vulnerability can crash the server, or be leveraged to gain root access. The function responsible for processing the options prepares a response within a fixed sized buffer, without performing any bounds checking.
This vulnerability is now being actively exploited. A worm is known to be circulating around the Internet.
Exposure:
Remote root compromise through buffer handling flaws
Confirmed vulnerable:
Up-to-date Debian 3.0 woody (issue is Debian-specific)
Debian netkit-telnet-ssl-0.17.24+0.1 package
Debian netkit-telnet-ssl-0.17.17+0.1 package
Mitigating factors:
Telnet service must be running and accessible to the attacker.
Nowadays, telnet service presence on newly deployed Linux hosts is
relatively low. The service is still used for LAN access from other unix
platforms, and to host various non-shell services (such as MUDs).
Problem description:
Netkit telnetd implementation shipped with Debian Linux appears to be
lacking the AYT vulnerability patch. This patch was devised by Red Hat
(?) and incorporated into Debian packages, but later dropped.
This exposes the platform to a remote root problem discovered by scut of
TESO back in 2001 (CVE-2001-0554), as well as to other currently
unpublished flaws associated with the old buffer handling code, and
elliminated by the Red Hat's overhaul of buffer handling routines.
Based on a review of package changelogs, my best guess is that the patch
was accidentally dropped by Christoph Martin in December 2001, but I
have not researched the matter any further.
Vendor response:
I have contacted Debian security staff on August 29, and received a
confirmation of the problem from Matt Zimmerman shortly thereafter.
Since this is not a new flaw, I did not plan to release my own advisory,
hoping they will release a DSA bulletin and fix the problem. Three weeks
have passed, however, and Debian did not indicate any clear intent to
release the information any time soon. They did release nine other
advisories in the meantime, some of which were of lesser importance.
As such, I believe it is a good idea to bring the problem to public
attention, particularly since those running telnetd were and are,
unbeknownst to them, vulnerable to existing exploits.
Workaround:
Disable telnet service if not needed; manually apply Red Hat
netkit patches, or compile the daemon from Red Hat sources.
Note that netkit as such is no longer maintained by the author, and
hence obtaining the most recent source tarball (0.17) is NOT
sufficient. You may also examine other less popular telnetd
implementations, but be advised that almost all are heavily based on the
original code, and not always up-to-date with security fixes for that
codebase.
PS. Express your outrage: http://eprovisia.coredump.cx
VAR-200310-0057 | CVE-2003-0757 | Check Point Firewall-1 SecuRemote Internal Interface Address Information Disclosure Vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Check Point FireWall-1 4.0 and 4.1 before SP5 allows remote attackers to obtain the IP addresses of internal interfaces via certain SecuRemote requests to TCP ports 256 or 264, which leaks the IP addresses in a reply packet. An information leakage issue has been discovered in Check Point Firewall-1. Because of this, an attacker may gain sensitive information about network resources. Check Point FireWall-1 4.0 and 4.1 (prior to SP5) include SecuRemote which allows mobile users to connect to the internal network using encrypted and authenticated sessions. Connect to TCP port 256 of Firewall-1 version 4.0 and 4.1 via telnet, and enter the following characters: aa<CR> aa<CR> The IP address of the firewall will be returned in binary form. In addition, when using SecuRemote to connect to the TCP port 264 of the firewall, if you use a packet sniffer to intercept the data transmission, you can see the IP address information similar to the following: 15:45:44.029883 192.168.1.1.264 > 10.0.0.1.1038: P 5: 21(16) ack 17 win 8744 (DF) 0x0000 4500 0038 a250 4000 6e06 5b5a ca4d b102 E..8.P@.n.[ZM. 0x0010 5102 42c3 0108 040e 1769 fb25 cdc0....8a .i.\\%...6 0x0020 5018 2228 fa32 0000 0000 000c c0a8 0101 P.\"(.2.......M.. 0x0030 c0a8 0a01 c0a8 0e01 ........ c0a8 0101 = 192.168.1.1 c0a8 0a01 = 192.168.10.1 c0a8 0e01 = 192.168.14.1
VAR-200107-0035 | CVE-2001-0977 | Multiple versions of OpenLDAP are vulnerable to denial-of-service attacks |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
slapd in OpenLDAP 1.x before 1.2.12, and 2.x before 2.0.8, allows remote attackers to cause a denial of service (crash) via an invalid Basic Encoding Rules (BER) length field. Multiple versions of OpenLDAP contain vulnerabilities that may allow denial-of-service attacks. These vulnerabilities were revealed using the PROTOS LDAPv3 test suite and are documented in CERT Advisory CA-2001-18. If your site uses this product, the CERT/CC encourages you to follow the advice provided below. Vulnerabilities exist in slapd in OpenLDAP 1.x versions prior to 1.2.12 and 2.x versions prior to 2.0.8
VAR-200107-0085 | CVE-2001-1183 | Cisco IOS vulnerable to DoS via crafted PPTP packet sent to port 1723/tcp |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
PPTP implementation in Cisco IOS 12.1 and 12.2 allows remote attackers to cause a denial of service (crash) via a malformed packet. IOS functions on numerous Cisco devices, including routers and switches. The problem occurs when a malformed PPTP packet is sent to port 1723 on the router. If this occurs, the router must be reset to regain normal functionality. The PPTP implementation in Cisco IOS Releases 12.1 and 12.2 is vulnerable
VAR-200107-0078 | CVE-2001-1176 | Check Point Firewall-1 of Management Station Vulnerable to arbitrary code execution |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Format string vulnerability in Check Point VPN-1/FireWall-1 4.1 allows a remote authenticated firewall administrator to execute arbitrary code via format strings in the control connection. Check Point Firewall-1 Then malicious Management Module The control station is activated when an administrator sends a management packet with malicious content to the target control station. OS A vulnerability exists that destroys the stack at the intended location.Managed Check Point Firewall-1 You may be attacked without depending on the access control status set in. Firewall-1/VPN-1 management station contains a format string vulnerability.
The vulnerability is the result of passing client-supplied data to a printf* function as the format string argument.
This vulnerability can only be exploited by a client that is authenticated as an administrator and connected from an authorized IP address.
Administrators with limited privileges (such as read-only) may be able to exploit this vulnerability to gain control over the management station
VAR-200107-0009 | CVE-2001-1038 | Cisco SN 5420 Storage Router Denial of Service Vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Cisco SN 5420 Storage Router 1.1(3) and earlier allows remote attackers to cause a denial of service (reboot) via a series of connections to TCP port 8023. The Cisco SN 5420 Storage Router is a device that provides universal data storage functionality over an IP network. The problem occurs when multiple connections are rapidly established to TCP port 8023
VAR-200107-0079 | CVE-2001-1177 | Samsung ML-85G GDI printer driver Override any code vulnerability |
CVSS V2: 6.2 CVSS V3: - Severity: MEDIUM |
ml85p in Samsung ML-85G GDI printer driver before 0.2.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files. ml85p is a Linux driver for Samsung ML-85G series printers. It may be bundled with distributions of Ghostscript.
ml85p does not check for symbolic links when creating image output files.
These files are created in /tmp with a guessable naming format, making it trivial for attackers to exploit this vulnerability.
Since user-supplied data is written to the target file, attackers may be able to elevate privileges
VAR-200110-0052 | CVE-2001-0773 | Cayman gateways are vulnerable to a denial of service via a portscan |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Cayman 3220-H DSL Router 1.0 allows remote attacker to cause a denial of service (crash) via a series of SYN or TCP connect requests. Cayman gateways are vulnerable to a denial of service