var-200306-0042
Vulnerability from variot
Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code via / (slash) characters in the Type property of an Object tag in a web page. Versions of the OpenSSH server prior to 3.7.1 contain buffer management errors. While the full impact of these vulnerabilities are unclear, they may lead to memory corruption and a denial-of-service situation. A vulnerability exists in Microsoft's Remote Procedure Call (RPC) implementation. A remote attacker could exploit this vulnerability to cause a denial of service. An exploit for this vulnerability is publicly available. A Microsoft Windows DirectX library, quartz.dll, does not properly validate certain parameters in Musical Instrument Digital Interface (MIDI) files. A remotely exploitable vulnerability has been discovered in Internet Explorer. A remote attacker could execute arbitrary code with the privileges of the user running IE. When a web page containing an OBJECT tag using a parameter containing excessive data is encountered by a vulnerable client, a internal memory buffer will be overrun. Description
Microsoft Windows operating systems include multimedia technologies called DirectX and DirectShow. From Microsoft Security Bulletin MS03-030, "DirectX consists of a set of low-level Application Programming Interfaces (APIs) that are used by Windows programs for multimedia support.
Any application that uses DirectX/DirectShow to process MIDI files may be affected by this vulnerability. Of particular concern, Internet Explorer (IE) uses the Windows Media Player ActiveX control and quartz.dll to handle MIDI files embedded in HTML documents. An attacker could therefore exploit this vulnerability by convincing a victim to view an HTML document, such as a web page or an HTML email message, that contains an embedded MIDI file. Note that in addition to IE, a number of applications, including Outlook, Outlook Express, Eudora, AOL, Lotus Notes, and Adobe PhotoDeluxe, use the WebBrowser ActiveX control to interpret HTML documents.
Further technical details are available in eEye Digital Security advisory AD20030723. Common Vulnerabilities and Exposures (CVE) refers to these vulnerabilities as CAN-2003-0346.
Disable embedded MIDI files
Change the Run ActiveX controls and plug-ins security setting to Disable in the Internet zone and the zone(s) used by Outlook, Outlook Express, and any other application that uses the WebBrowser ActiveX control to render HTML. This modification will prevent MIDI files from being automatically loaded from HTML documents. This workaround is not a complete solution and will not prevent attacks that attempt to load MIDI files directly.
Instructions for modifying IE security zone settings can be found in the CERT/CC Malicious Web Scripts FAQ. References
* CERT/CC Vulnerability Note VU#561284 -
http://www.kb.cert.org/vuls/id/561284
* CERT/CC Vulnerability Note VU#265232 -
http://www.kb.cert.org/vuls/id/265232
* eEye Digital Security advisory AD20030723 -
http://www.eeye.com/html/Research/Advisories/AD20030723.html
* Microsoft Security Bulletin MS03-030 -
http://microsoft.com/technet/security/bulletin/MS03-030.asp
* Microsoft Knowledge Base article 819696 -
http://support.microsoft.com/default.aspx?scid=kb;en-us;819696
_________________________________________________________________
These vulnerabilities were researched and reported by eEye Digital Security. ___________
Feedback can be directed to the author, Art Manion. -----BEGIN PGP SIGNED MESSAGE-----
CERT Summary CS-2003-04
November 24, 2003
Each quarter, the CERT Coordination Center (CERT/CC) issues the CERT Summary to draw attention to the types of attacks reported to our incident response team, as well as other noteworthy incident and vulnerability information. The summary includes pointers to sources of information for dealing with the problems.
Past CERT summaries are available from:
CERT Summaries
http://www.cert.org/summaries/
Recent Activity
Since the last regularly scheduled CERT summary, issued in September 2003 (CS-2003-03), we have documented vulnerabilities in the Microsoft Windows Workstation Service, RPCSS Service, and Exchange.
For more current information on activity being reported to the CERT/CC, please visit the CERT/CC Current Activity page. The Current Activity page is a regularly updated summary of the most frequent, high-impact types of security incidents and vulnerabilities being reported to the CERT/CC. The information on the Current Activity page is reviewed and updated as reporting trends change.
CERT/CC Current Activity
http://www.cert.org/current/current_activity.html
1. W32/Mimail Variants
The CERT/CC has received reports of several new variants of the
'Mimail' worm. The most recent variant of the worm (W32/Mimail.J)
arrives as an email message alleging to be from the Paypal
financial service. The message requests that the recipient
'verify' their account information to prevent the suspension of
their Paypal account. Attached to the email is an executable file
which captures this information (if entered), and sends it to a
number of email addresses.
Current Activity - November 19, 2003
http://www.cert.org/current/archive/2003/11/19/archive.html#mimaili
2.
CERT Advisory CA-2003-28
Buffer Overflow in Windows Workstation Service
http://www.cert.org/advisories/CA-2003-28.html
Vulnerability Note VU#567620
Microsoft Windows Workstation service vulnerable to
buffer overflow when sent specially crafted network
message
http://www.kb.cert.org/vuls/id/567620
3.
CERT Advisory CA-2003-27
Multiple Vulnerabilities in Microsoft Windows and
Exchange
http://www.cert.org/advisories/CA-2003-27.html
Vulnerability Note VU#575892
Buffer overflow in Microsoft Windows Messenger Service
http://www.kb.cert.org/vuls/id/575892
Vulnerability Note VU#422156
Microsoft Exchange Server fails to properly handle
specially crafted SMTP extended verb requests
http://www.kb.cert.org/vuls/id/422156
Vulnerability Note VU#467036
Microsoft Windows Help and support Center contains buffer
overflow in code used to handle HCP protocol
http://www.kb.cert.org/vuls/id/467036
Vulnerability Note VU#989932
Microsoft Windows contains buffer overflow in Local
Troubleshooter ActiveX control (Tshoot.ocx)
http://www.kb.cert.org/vuls/id/989932
Vulnerability Note VU#838572
Microsoft Windows Authenticode mechanism installs ActiveX
controls without prompting user
http://www.kb.cert.org/vuls/id/838572
Vulnerability Note VU#435444
Microsoft Outlook Web Access (OWA) contains cross-site
scripting vulnerability in the "Compose New Message" form
http://www.kb.cert.org/vuls/id/435444
Vulnerability Note VU#967668
Microsoft Windows ListBox and ComboBox controls vulnerable
to buffer overflow when supplied crafted Windows message
http://www.kb.cert.org/vuls/id/967668
4. Multiple Vulnerabilities in SSL/TLS Implementations
Multiple vulnerabilities exist in the Secure Sockets Layer (SSL)
and Transport Layer Security (TLS) protocols allowing an attacker
to execute arbitrary code or cause a denial-of-service condition.
CERT Advisory CA-2003-26
Multiple Vulnerabilities in SSL/TLS Implementations
http://www.cert.org/advisories/CA-2003-26.html
Vulnerability Note VU#935264
OpenSSL ASN.1 parser insecure memory deallocation
http://www.kb.cert.org/vuls/id/935264
Vulnerability Note VU#255484
OpenSSL contains integer overflow handling ASN.1 tags (1)
http://www.kb.cert.org/vuls/id/255484
Vulnerability Note VU#380864
OpenSSL contains integer overflow handling ASN.1 tags (2)
http://www.kb.cert.org/vuls/id/380864
Vulnerability Note VU#686224
OpenSSL does not securely handle invalid public key when
configured to ignore errors
http://www.kb.cert.org/vuls/id/686224
Vulnerability Note VU#732952
OpenSSL accepts unsolicited client certificate messages
http://www.kb.cert.org/vuls/id/732952
Vulnerability Note VU#104280
Multiple vulnerabilities in SSL/TLS implementations
http://www.kb.cert.org/vuls/id/104280
Vulnerability Note VU#412478
OpenSSL 0.9.6k does not properly handle ASN.1 sequences
http://www.kb.cert.org/vuls/id/412478
5. These attacks include the
installation of tools for launching distributed denial-of-service
(DDoS) attacks, providing generic proxy services, reading
sensitive information from the Windows registry, and using a
victim system's modem to dial pay-per-minute services. The
vulnerability described in VU#865940 exists due to an interaction
between IE's MIME type processing and the way it handles HTML
application (HTA) files embedded in OBJECT tags. W32/Swen.A Worm
On September 19, the CERT/CC began receiving a large volume of
reports of a mass mailing worm, referred to as W32/Swen.A,
spreading on the Internet. Similar to W32/Gibe.B in function, this
worm arrives as an attachment claiming to be a Microsoft Internet
Explorer Update or a delivery failure notice from qmail. The
W32/Swen.A worm requires a user to execute the attachment either
manually or by using an email client that will open the attachment
automatically. Upon opening the attachment, the worm attempts to
mail itself to all email addresses it finds on the system. The
CERT/CC updated the current activity page to contain further
information on this worm.
Current Activity - September 19, 2003
http://www.cert.org/current/archive/2003/09/19/archive.html#swena
7. Buffer Overflow in Sendmail
Sendmail, a widely deployed mail transfer agent (MTA), contains a
vulnerability that could allow an attacker to execute arbitrary
code with the privileges of the sendmail daemon, typically root.
CERT Advisory CA-2003-25
Buffer Overflow in Sendmail
http://www.cert.org/advisories/CA-2003-25.html
Vulnerability Note VU#784980
Sendmail prescan() buffer overflow vulnerability
http://www.kb.cert.org/vuls/id/784980
8. RPCSS Vulnerabilities in Microsoft Windows
On September 10, the CERT/CC reported on three vulnerabilities
that affect numerous versions of Microsoft Windows, two of which
are remotely exploitable buffer overflows that may an allow an
attacker to execute code with system privileges.
CERT Advisory CA-2003-23
RPCSS Vulnerabilities in Microsoft Windows
http://www.cert.org/advisories/CA-2003-23.html
Vulnerability Note VU#483492
Microsoft Windows RPCSS Service contains heap overflow in
DCOM activation routines
http://www.kb.cert.org/vuls/id/483492
Vulnerability Note VU#254236
Microsoft Windows RPCSS Service contains heap overflow in
DCOM request filename handling
http://www.kb.cert.org/vuls/id/254236
Vulnerability Note VU#326746
Microsoft Windows RPC service vulnerable to
denial of service
http://www.kb.cert.org/vuls/id/326746
New CERT Coordination Center (CERT/CC) PGP Key
On October 15, the CERT/CC issued a new PGP key, which should be used when sending sensitive information to the CERT/CC.
CERT/CC PGP Public Key
https://www.cert.org/pgp/cert_pgp_key.asc
Sending Sensitive Information to the CERT/CC
https://www.cert.org/contact_cert/encryptmail.html
What's New and Updated
Since the last CERT Summary, we have published new and updated * Advisories http://www.cert.org/advisories/ * Vulnerability Notes http://www.kb.cert.org/vuls * CERT/CC Statistics http://www.cert.org/stats/cert_stats.html * Congressional Testimony http://www.cert.org/congressional_testimony * Training Schedule http://www.cert.org/training/ * CSIRT Development http://www.cert.org/csirts/
This document is available from: http://www.cert.org/summaries/CS-2003-04.html
CERT/CC Contact Information
Email: cert@cert.org Phone: +1 412-268-7090 (24-hour hotline) Fax: +1 412-268-6989 Postal address: CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh PA 15213-3890 U.S.A.
CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) / EDT(GMT-4) Monday through Friday; they are on call for emergencies during other hours, on U.S. holidays, and on weekends.
Using encryption
We strongly urge you to encrypt sensitive information sent by email. Our public PGP key is available from http://www.cert.org/CERT_PGP.key
If you prefer to use DES, please call the CERT hotline for more information.
Getting security information
CERT publications and other security information are available from our web site http://www.cert.org/
To subscribe to the CERT mailing list for advisories and bulletins, send email to majordomo@cert.org. Please include in the body of your message
subscribe cert-advisory
- "CERT" and "CERT Coordination Center" are registered in the U.S. Patent and Trademark Office.
NO WARRANTY Any material furnished by Carnegie Mellon University and the Software Engineering Institute is furnished on an "as is" basis. Carnegie Mellon University makes no warranties of any kind, either expressed or implied as to any matter including, but not limited to, warranty of fitness for a particular purpose or merchantability, exclusivity or results obtained from use of the material. Carnegie Mellon University does not make any warranty of any kind with respect to freedom from patent, trademark, or copyright infringement.
Conditions for use, disclaimers, and sponsorship information
Copyright \xa92003 Carnegie Mellon University.
-----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8
iQCVAwUBP8JVOZZ2NNT/dVAVAQGL9wP+I18NJBUBuv7b0pam5La7E7qOQFMn5n78 7i0gBX/dKgaY5siM6jBYYwCbbA7Y0/Jwtby2zHp1s8RHZY5/3JEzElfv4TLlR8rT rb8gJDbpan2JWA6xH9IzqZaSrxrXpNypwU2wWxR2osmbYl8FdV0rD3ZYXJjyi+nU UENALuNdthA= =DD60 -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE-----
CERT Advisory CA-2003-19 Exploitation of Vulnerabilities in Microsoft RPC Interface
Original issue date: July 31, 2003 Last revised: - Source: CERT/CC
A complete revision history is at the end of this file.
I. Known exploits target TCP port 135 and create a privileged backdoor command shell on successfully compromised hosts. Some versions of the exploit use TCP port 4444 for the backdoor, and other versions use a TCP port number specified by the intruder at run-time. We have also received reports of scanning activity for common backdoor ports such as 4444/TCP. In some cases, due to the RPC service terminating, a compromised system may reboot after the backdoor is accessed by an intruder. Based on current information, we believe this vulnerability is separate and independent from the RPC vulnerability addressed in MS03-026. The CERT/CC is tracking this additional vulnerability as VU#326746 and is continuing to work to understand the issue and mitigation strategies.
In both of the attacks described above, a TCP session to port 135 is used to execute the attack. However, access to TCP ports 139 and 445 may also provide attack vectors and should be considered when applying mitigation strategies.
II.
III. Solutions
Apply patches
All users are encouraged to apply the patches referred to in Microsoft Security Bulletin MS03-026 as soon as possible in order to mitigate the vulnerability described in VU#568148. These patches are also available via Microsoft's Windows Update service.
Systems running Windows 2000 may still be vulnerable to at least a denial of service attack via VU#326746 if their DCOM RPC service is available via the network. Therefore, sites are encouraged to use the packet filtering tips below in addition to applying the patches supplied in MS03-026.
Filter network traffic
Sites are encouraged to block network access to the RPC service at network borders. This can minimize the potential of denial-of-service attacks originating from outside the perimeter. The specific services that should be blocked include * 135/TCP * 135/UDP * 139/TCP * 139/UDP * 445/TCP * 445/UDP
If access cannot be blocked for all external hosts, the CERT/CC recommends limiting access to only those hosts that require it for normal operation. As a general rule, the CERT/CC recommends filtering all types of network traffic that are not required for normal operation.
Because current exploits for VU#568148 create a backdoor, which is in some cases 4444/TCP, blocking inbound TCP sessions to ports on which no legitimate services are provided may limit intruder access to compromised hosts.
Recovering from a system compromise
If you believe a system under your administrative control has been compromised, please follow the steps outlined in
Steps for Recovering from a UNIX or NT System Compromise
Reporting
The CERT/CC is tracking activity related to exploitation of the first vulnerability (VU#568148) as CERT#27479 and the second vulnerability (VU#326746) as CERT#24523. Relevant artifacts or activity can be sent to cert@cert.org with the appropriate CERT# in the subject line.
Appendix A. Vendor Information
This appendix contains information provided by vendors. If a vendor is not listed below, we have not received their comments.
Microsoft
Please see Microsoft Security Bulletin MS03-026.
Appendix B
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200306-0042",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 4.0,
"vendor": "microsoft",
"version": null
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "5.5"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 1.8,
"vendor": "microsoft",
"version": "5.01"
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "mandriva",
"version": null
},
{
"model": "ie",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "6.0"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 1.3,
"vendor": "microsoft",
"version": "6.0"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "appgate network security ab",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple computer",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cray",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cyclades",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "debian linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "f secure",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "foundry",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "freebsd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "guardian digital",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ibm eserver",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ingrian",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "juniper",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mirapoint",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "netbsd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "network appliance",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nokia",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "openpkg",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "openssh",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "openwall gnu linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "riverstone",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "suse linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "slackware",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "tfs",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "trustix secure linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "vmware",
"version": null
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "6"
},
{
"model": "windows server 2003",
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": "ie",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "5.5"
},
{
"model": "ie",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "5.01"
},
{
"model": "internet explorer sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "5.0.1"
},
{
"model": "internet explorer sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "5.0.1"
},
{
"model": "internet explorer sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "5.0.1"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "5.0.1"
},
{
"model": "internet explorer sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "6.0"
},
{
"model": "internet explorer sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "5.5"
},
{
"model": "internet explorer sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "5.5"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#333628"
},
{
"db": "CERT/CC",
"id": "VU#813208"
},
{
"db": "CERT/CC",
"id": "VU#326746"
},
{
"db": "CERT/CC",
"id": "VU#561284"
},
{
"db": "CERT/CC",
"id": "VU#679556"
},
{
"db": "CERT/CC",
"id": "VU#334928"
},
{
"db": "BID",
"id": "7806"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000168"
},
{
"db": "CNNVD",
"id": "CNNVD-200306-069"
},
{
"db": "NVD",
"id": "CVE-2003-0344"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:ie:6.0:*:windows_server_2003:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0344"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Derek Soeder\u203b dsoeder@eeye.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200306-069"
}
],
"trust": 0.6
},
"cve": "CVE-2003-0344",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/severity#"
},
"@id": "https://www.variotdbs.pl/ref/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2003-0344",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 1.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2003-0344",
"trust": 1.8,
"value": "High"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#333628",
"trust": 0.8,
"value": "28.98"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#813208",
"trust": 0.8,
"value": "3.65"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#326746",
"trust": 0.8,
"value": "27.00"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#561284",
"trust": 0.8,
"value": "29.84"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#679556",
"trust": 0.8,
"value": "17.47"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#334928",
"trust": 0.8,
"value": "7.09"
},
{
"author": "CNNVD",
"id": "CNNVD-200306-069",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#333628"
},
{
"db": "CERT/CC",
"id": "VU#813208"
},
{
"db": "CERT/CC",
"id": "VU#326746"
},
{
"db": "CERT/CC",
"id": "VU#561284"
},
{
"db": "CERT/CC",
"id": "VU#679556"
},
{
"db": "CERT/CC",
"id": "VU#334928"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000168"
},
{
"db": "CNNVD",
"id": "CNNVD-200306-069"
},
{
"db": "NVD",
"id": "CVE-2003-0344"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code via / (slash) characters in the Type property of an Object tag in a web page. Versions of the OpenSSH server prior to 3.7.1 contain buffer management errors. While the full impact of these vulnerabilities are unclear, they may lead to memory corruption and a denial-of-service situation. A vulnerability exists in Microsoft\u0027s Remote Procedure Call (RPC) implementation. A remote attacker could exploit this vulnerability to cause a denial of service. An exploit for this vulnerability is publicly available. A Microsoft Windows DirectX library, quartz.dll, does not properly validate certain parameters in Musical Instrument Digital Interface (MIDI) files. A remotely exploitable vulnerability has been discovered in Internet Explorer. A remote attacker could execute arbitrary code with the privileges of the user running IE. When a web page containing an OBJECT tag using a parameter containing excessive data is encountered by a vulnerable client, a internal memory buffer will be overrun. Description\n\n Microsoft Windows operating systems include multimedia technologies\n called DirectX and DirectShow. From Microsoft Security Bulletin\n MS03-030, \"DirectX consists of a set of low-level Application\n Programming Interfaces (APIs) that are used by Windows programs for\n multimedia support. \n\n Any application that uses DirectX/DirectShow to process MIDI files may\n be affected by this vulnerability. Of particular concern, Internet\n Explorer (IE) uses the Windows Media Player ActiveX control and\n quartz.dll to handle MIDI files embedded in HTML documents. An\n attacker could therefore exploit this vulnerability by convincing a\n victim to view an HTML document, such as a web page or an HTML email\n message, that contains an embedded MIDI file. Note that in addition to\n IE, a number of applications, including Outlook, Outlook Express,\n Eudora, AOL, Lotus Notes, and Adobe PhotoDeluxe, use the WebBrowser\n ActiveX control to interpret HTML documents. \n\n Further technical details are available in eEye Digital Security\n advisory AD20030723. Common Vulnerabilities and Exposures (CVE) refers\n to these vulnerabilities as CAN-2003-0346. \n\nDisable embedded MIDI files\n\n Change the Run ActiveX controls and plug-ins security setting to\n Disable in the Internet zone and the zone(s) used by Outlook, Outlook\n Express, and any other application that uses the WebBrowser ActiveX\n control to render HTML. This modification will prevent MIDI files from\n being automatically loaded from HTML documents. This workaround is not\n a complete solution and will not prevent attacks that attempt to load\n MIDI files directly. \n\n Instructions for modifying IE security zone settings can be found in\n the CERT/CC Malicious Web Scripts FAQ. References\n\n * CERT/CC Vulnerability Note VU#561284 -\n http://www.kb.cert.org/vuls/id/561284\n * CERT/CC Vulnerability Note VU#265232 -\n http://www.kb.cert.org/vuls/id/265232\n * eEye Digital Security advisory AD20030723 -\n http://www.eeye.com/html/Research/Advisories/AD20030723.html\n * Microsoft Security Bulletin MS03-030 -\n http://microsoft.com/technet/security/bulletin/MS03-030.asp\n * Microsoft Knowledge Base article 819696 -\n http://support.microsoft.com/default.aspx?scid=kb;en-us;819696\n _________________________________________________________________\n\n These vulnerabilities were researched and reported by eEye Digital\n Security. \n _________________________________________________________________\n\n Feedback can be directed to the author, Art Manion. \n-----BEGIN PGP SIGNED MESSAGE-----\n\nCERT Summary CS-2003-04\n\n November 24, 2003\n\n Each quarter, the CERT Coordination Center (CERT/CC) issues the CERT\n Summary to draw attention to the types of attacks reported to our\n incident response team, as well as other noteworthy incident and\n vulnerability information. The summary includes pointers to sources of\n information for dealing with the problems. \n\n Past CERT summaries are available from:\n\n CERT Summaries\n http://www.cert.org/summaries/\n ______________________________________________________________________\n\nRecent Activity\n\n Since the last regularly scheduled CERT summary, issued in September\n 2003 (CS-2003-03), we have documented vulnerabilities in the Microsoft\n Windows Workstation Service, RPCSS Service, and Exchange. \n\n For more current information on activity being reported to the\n CERT/CC, please visit the CERT/CC Current Activity page. The Current\n Activity page is a regularly updated summary of the most frequent,\n high-impact types of security incidents and vulnerabilities being\n reported to the CERT/CC. The information on the Current Activity page\n is reviewed and updated as reporting trends change. \n\n CERT/CC Current Activity\n http://www.cert.org/current/current_activity.html\n\n\n 1. W32/Mimail Variants\n\n The CERT/CC has received reports of several new variants of the\n \u0027Mimail\u0027 worm. The most recent variant of the worm (W32/Mimail.J)\n arrives as an email message alleging to be from the Paypal\n financial service. The message requests that the recipient\n \u0027verify\u0027 their account information to prevent the suspension of\n their Paypal account. Attached to the email is an executable file\n which captures this information (if entered), and sends it to a\n number of email addresses. \n\n Current Activity - November 19, 2003\n http://www.cert.org/current/archive/2003/11/19/archive.html#mimaili\n\n\n 2. \n\n CERT Advisory CA-2003-28\n\t\tBuffer Overflow in Windows Workstation Service\n http://www.cert.org/advisories/CA-2003-28.html\n\n Vulnerability Note VU#567620\n\t\tMicrosoft Windows Workstation service vulnerable to \n\t\tbuffer overflow when sent specially crafted network\n\t\tmessage\n http://www.kb.cert.org/vuls/id/567620\n\n\n 3. \n\n CERT Advisory CA-2003-27\n\t\tMultiple Vulnerabilities in Microsoft Windows and \n\t\tExchange\n http://www.cert.org/advisories/CA-2003-27.html\n\n Vulnerability Note VU#575892\n\t\tBuffer overflow in Microsoft Windows Messenger Service\n http://www.kb.cert.org/vuls/id/575892\n\n Vulnerability Note VU#422156\n\t\tMicrosoft Exchange Server fails to properly handle\n\t\tspecially crafted SMTP extended verb requests\n http://www.kb.cert.org/vuls/id/422156\n\n Vulnerability Note VU#467036\n\t\tMicrosoft Windows Help and support Center contains buffer\n\t\toverflow in code used to handle HCP protocol\n http://www.kb.cert.org/vuls/id/467036\n\n Vulnerability Note VU#989932\n\t\tMicrosoft Windows contains buffer overflow in Local \n\t\tTroubleshooter ActiveX control (Tshoot.ocx)\n http://www.kb.cert.org/vuls/id/989932\n\n Vulnerability Note VU#838572\n\t\tMicrosoft Windows Authenticode mechanism installs ActiveX\n\t\tcontrols without prompting user\n http://www.kb.cert.org/vuls/id/838572\n\n Vulnerability Note VU#435444\n\t\tMicrosoft Outlook Web Access (OWA) contains cross-site\n\t\tscripting vulnerability in the \"Compose New Message\" form\n http://www.kb.cert.org/vuls/id/435444\n\n Vulnerability Note VU#967668\n\t\tMicrosoft Windows ListBox and ComboBox controls vulnerable\n\t\tto buffer overflow when supplied crafted Windows message\n http://www.kb.cert.org/vuls/id/967668\n\n\n 4. Multiple Vulnerabilities in SSL/TLS Implementations\n\n Multiple vulnerabilities exist in the Secure Sockets Layer (SSL)\n and Transport Layer Security (TLS) protocols allowing an attacker\n to execute arbitrary code or cause a denial-of-service condition. \n\n CERT Advisory CA-2003-26\n\t\tMultiple Vulnerabilities in SSL/TLS Implementations\n http://www.cert.org/advisories/CA-2003-26.html\n\n Vulnerability Note VU#935264\n\t\tOpenSSL ASN.1 parser insecure memory deallocation\n http://www.kb.cert.org/vuls/id/935264\n\n Vulnerability Note VU#255484\n\t\tOpenSSL contains integer overflow handling ASN.1 tags (1)\n http://www.kb.cert.org/vuls/id/255484\n\n Vulnerability Note VU#380864\n\t\tOpenSSL contains integer overflow handling ASN.1 tags (2)\n http://www.kb.cert.org/vuls/id/380864\n\n Vulnerability Note VU#686224\n\t\tOpenSSL does not securely handle invalid public key when\n\t\tconfigured to ignore errors\n http://www.kb.cert.org/vuls/id/686224\n\n Vulnerability Note VU#732952\n\t\tOpenSSL accepts unsolicited client certificate messages\n http://www.kb.cert.org/vuls/id/732952\n\n Vulnerability Note VU#104280\n\t\tMultiple vulnerabilities in SSL/TLS implementations\n http://www.kb.cert.org/vuls/id/104280\n\n Vulnerability Note VU#412478\n\t\tOpenSSL 0.9.6k does not properly handle ASN.1 sequences\n http://www.kb.cert.org/vuls/id/412478\n\n\n 5. These attacks include the\n installation of tools for launching distributed denial-of-service\n (DDoS) attacks, providing generic proxy services, reading\n sensitive information from the Windows registry, and using a\n victim system\u0027s modem to dial pay-per-minute services. The\n vulnerability described in VU#865940 exists due to an interaction\n between IE\u0027s MIME type processing and the way it handles HTML\n application (HTA) files embedded in OBJECT tags. W32/Swen.A Worm\n\n On September 19, the CERT/CC began receiving a large volume of\n reports of a mass mailing worm, referred to as W32/Swen.A,\n spreading on the Internet. Similar to W32/Gibe.B in function, this\n worm arrives as an attachment claiming to be a Microsoft Internet\n Explorer Update or a delivery failure notice from qmail. The\n W32/Swen.A worm requires a user to execute the attachment either\n manually or by using an email client that will open the attachment\n automatically. Upon opening the attachment, the worm attempts to\n mail itself to all email addresses it finds on the system. The\n CERT/CC updated the current activity page to contain further\n information on this worm. \n\n Current Activity - September 19, 2003\n http://www.cert.org/current/archive/2003/09/19/archive.html#swena\n\n\n 7. Buffer Overflow in Sendmail\n\n Sendmail, a widely deployed mail transfer agent (MTA), contains a\n vulnerability that could allow an attacker to execute arbitrary\n code with the privileges of the sendmail daemon, typically root. \n\n CERT Advisory CA-2003-25\n\t\tBuffer Overflow in Sendmail\n http://www.cert.org/advisories/CA-2003-25.html\n\n Vulnerability Note VU#784980\n\t\tSendmail prescan() buffer overflow vulnerability\n http://www.kb.cert.org/vuls/id/784980\n\n\n 8. RPCSS Vulnerabilities in Microsoft Windows\n\n On September 10, the CERT/CC reported on three vulnerabilities\n that affect numerous versions of Microsoft Windows, two of which\n are remotely exploitable buffer overflows that may an allow an\n attacker to execute code with system privileges. \n\n CERT Advisory CA-2003-23\n\t\tRPCSS Vulnerabilities in Microsoft Windows\n http://www.cert.org/advisories/CA-2003-23.html\n\n Vulnerability Note VU#483492\n\t\tMicrosoft Windows RPCSS Service contains heap overflow in\n\t\tDCOM activation routines\n http://www.kb.cert.org/vuls/id/483492\n\n Vulnerability Note VU#254236\n\t\tMicrosoft Windows RPCSS Service contains heap overflow in\n\t\tDCOM request filename handling\n http://www.kb.cert.org/vuls/id/254236\n\n Vulnerability Note VU#326746\n\t\tMicrosoft Windows RPC service vulnerable to \n\t\tdenial of service\n http://www.kb.cert.org/vuls/id/326746\n ______________________________________________________________________\n\nNew CERT Coordination Center (CERT/CC) PGP Key\n\n On October 15, the CERT/CC issued a new PGP key, which should be used\n when sending sensitive information to the CERT/CC. \n\n CERT/CC PGP Public Key\n https://www.cert.org/pgp/cert_pgp_key.asc\n\n Sending Sensitive Information to the CERT/CC\n https://www.cert.org/contact_cert/encryptmail.html\n ______________________________________________________________________\n\nWhat\u0027s New and Updated\n\n Since the last CERT Summary, we have published new and updated\n * Advisories\n http://www.cert.org/advisories/\n * Vulnerability Notes\n http://www.kb.cert.org/vuls\n * CERT/CC Statistics\n http://www.cert.org/stats/cert_stats.html\n * Congressional Testimony\n http://www.cert.org/congressional_testimony\n * Training Schedule\n http://www.cert.org/training/\n * CSIRT Development\n http://www.cert.org/csirts/\n ______________________________________________________________________\n\n This document is available from:\n http://www.cert.org/summaries/CS-2003-04.html\n ______________________________________________________________________\n\nCERT/CC Contact Information\n\n Email: cert@cert.org\n Phone: +1 412-268-7090 (24-hour hotline)\n Fax: +1 412-268-6989\n Postal address:\n CERT Coordination Center\n Software Engineering Institute\n Carnegie Mellon University\n Pittsburgh PA 15213-3890\n U.S.A. \n\n CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) /\n EDT(GMT-4) Monday through Friday; they are on call for emergencies\n during other hours, on U.S. holidays, and on weekends. \n\nUsing encryption\n\n We strongly urge you to encrypt sensitive information sent by email. \n Our public PGP key is available from\n http://www.cert.org/CERT_PGP.key\n\n If you prefer to use DES, please call the CERT hotline for more\n information. \n\nGetting security information\n\n CERT publications and other security information are available from\n our web site\n http://www.cert.org/\n\n To subscribe to the CERT mailing list for advisories and bulletins,\n send email to majordomo@cert.org. Please include in the body of your\n message\n\n subscribe cert-advisory\n\n * \"CERT\" and \"CERT Coordination Center\" are registered in the U.S. \n Patent and Trademark Office. \n ______________________________________________________________________\n\n NO WARRANTY\n Any material furnished by Carnegie Mellon University and the Software\n Engineering Institute is furnished on an \"as is\" basis. Carnegie\n Mellon University makes no warranties of any kind, either expressed or\n implied as to any matter including, but not limited to, warranty of\n fitness for a particular purpose or merchantability, exclusivity or\n results obtained from use of the material. Carnegie Mellon University\n does not make any warranty of any kind with respect to freedom from\n patent, trademark, or copyright infringement. \n ______________________________________________________________________\n\n Conditions for use, disclaimers, and sponsorship information\n\n Copyright \\xa92003 Carnegie Mellon University. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: PGP 6.5.8\n\niQCVAwUBP8JVOZZ2NNT/dVAVAQGL9wP+I18NJBUBuv7b0pam5La7E7qOQFMn5n78\n7i0gBX/dKgaY5siM6jBYYwCbbA7Y0/Jwtby2zHp1s8RHZY5/3JEzElfv4TLlR8rT\nrb8gJDbpan2JWA6xH9IzqZaSrxrXpNypwU2wWxR2osmbYl8FdV0rD3ZYXJjyi+nU\nUENALuNdthA=\n=DD60\n-----END PGP SIGNATURE-----\n. \n-----BEGIN PGP SIGNED MESSAGE-----\n\nCERT Advisory CA-2003-19 Exploitation of Vulnerabilities in Microsoft RPC\nInterface\n\n Original issue date: July 31, 2003\n Last revised: -\n Source: CERT/CC\n\n A complete revision history is at the end of this file. \n\nI. Known exploits target TCP port 135 and create a\n privileged backdoor command shell on successfully compromised hosts. \n Some versions of the exploit use TCP port 4444 for the backdoor, and\n other versions use a TCP port number specified by the intruder at\n run-time. We have also received reports of scanning activity for\n common backdoor ports such as 4444/TCP. In some cases, due to the RPC\n service terminating, a compromised system may reboot after the\n backdoor is accessed by an intruder. Based on\n current information, we believe this vulnerability is separate and\n independent from the RPC vulnerability addressed in MS03-026. The\n CERT/CC is tracking this additional vulnerability as VU#326746 and is\n continuing to work to understand the issue and mitigation strategies. \n\n In both of the attacks described above, a TCP session to port 135 is\n used to execute the attack. However, access to TCP ports 139 and 445\n may also provide attack vectors and should be considered when applying\n mitigation strategies. \n\nII. \n\nIII. Solutions\n\nApply patches\n\n All users are encouraged to apply the patches referred to in Microsoft\n Security Bulletin MS03-026 as soon as possible in order to mitigate\n the vulnerability described in VU#568148. These patches are also\n available via Microsoft\u0027s Windows Update service. \n\n Systems running Windows 2000 may still be vulnerable to at least a\n denial of service attack via VU#326746 if their DCOM RPC service is\n available via the network. Therefore, sites are encouraged to use the\n packet filtering tips below in addition to applying the patches\n supplied in MS03-026. \n\nFilter network traffic\n\n Sites are encouraged to block network access to the RPC service at\n network borders. This can minimize the potential of denial-of-service\n attacks originating from outside the perimeter. The specific services\n that should be blocked include\n * 135/TCP\n * 135/UDP\n * 139/TCP\n * 139/UDP\n * 445/TCP\n * 445/UDP\n\n If access cannot be blocked for all external hosts, the CERT/CC\n recommends limiting access to only those hosts that require it for\n normal operation. As a general rule, the CERT/CC recommends filtering\n all types of network traffic that are not required for normal\n operation. \n\n Because current exploits for VU#568148 create a backdoor, which is in\n some cases 4444/TCP, blocking inbound TCP sessions to ports on which\n no legitimate services are provided may limit intruder access to\n compromised hosts. \n\nRecovering from a system compromise\n\n If you believe a system under your administrative control has been\n compromised, please follow the steps outlined in\n\n Steps for Recovering from a UNIX or NT System Compromise\n\nReporting\n\n The CERT/CC is tracking activity related to exploitation of the first\n vulnerability (VU#568148) as CERT#27479 and the second vulnerability\n (VU#326746) as CERT#24523. Relevant artifacts or activity can be sent\n to cert@cert.org with the appropriate CERT# in the subject line. \n\nAppendix A. Vendor Information\n\n This appendix contains information provided by vendors. If a vendor is not listed below, we\n have not received their comments. \n\nMicrosoft\n\n Please see Microsoft Security Bulletin MS03-026. \n\nAppendix B",
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0344"
},
{
"db": "CERT/CC",
"id": "VU#333628"
},
{
"db": "CERT/CC",
"id": "VU#813208"
},
{
"db": "CERT/CC",
"id": "VU#326746"
},
{
"db": "CERT/CC",
"id": "VU#561284"
},
{
"db": "CERT/CC",
"id": "VU#679556"
},
{
"db": "CERT/CC",
"id": "VU#334928"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000168"
},
{
"db": "BID",
"id": "7806"
},
{
"db": "PACKETSTORM",
"id": "31444"
},
{
"db": "PACKETSTORM",
"id": "32268"
},
{
"db": "PACKETSTORM",
"id": "31490"
}
],
"trust": 6.48
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#679556",
"trust": 3.2
},
{
"db": "NVD",
"id": "CVE-2003-0344",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "8943",
"trust": 2.4
},
{
"db": "BID",
"id": "7806",
"trust": 1.9
},
{
"db": "CERT/CC",
"id": "VU#813208",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#334928",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#326746",
"trust": 1.0
},
{
"db": "CERT/CC",
"id": "VU#561284",
"trust": 1.0
},
{
"db": "CERT/CC",
"id": "VU#333628",
"trust": 0.9
},
{
"db": "SECUNIA",
"id": "10156",
"trust": 0.8
},
{
"db": "XF",
"id": "12970",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000168",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200306-069",
"trust": 0.6
},
{
"db": "CERT/CC",
"id": "VU#265232",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "31444",
"trust": 0.1
},
{
"db": "CERT/CC",
"id": "VU#784980",
"trust": 0.1
},
{
"db": "CERT/CC",
"id": "VU#575892",
"trust": 0.1
},
{
"db": "CERT/CC",
"id": "VU#254236",
"trust": 0.1
},
{
"db": "CERT/CC",
"id": "VU#255484",
"trust": 0.1
},
{
"db": "CERT/CC",
"id": "VU#865940",
"trust": 0.1
},
{
"db": "CERT/CC",
"id": "VU#467036",
"trust": 0.1
},
{
"db": "CERT/CC",
"id": "VU#380864",
"trust": 0.1
},
{
"db": "CERT/CC",
"id": "VU#838572",
"trust": 0.1
},
{
"db": "CERT/CC",
"id": "VU#422156",
"trust": 0.1
},
{
"db": "CERT/CC",
"id": "VU#412478",
"trust": 0.1
},
{
"db": "CERT/CC",
"id": "VU#935264",
"trust": 0.1
},
{
"db": "CERT/CC",
"id": "VU#686224",
"trust": 0.1
},
{
"db": "CERT/CC",
"id": "VU#483492",
"trust": 0.1
},
{
"db": "CERT/CC",
"id": "VU#104280",
"trust": 0.1
},
{
"db": "CERT/CC",
"id": "VU#567620",
"trust": 0.1
},
{
"db": "CERT/CC",
"id": "VU#989932",
"trust": 0.1
},
{
"db": "CERT/CC",
"id": "VU#967668",
"trust": 0.1
},
{
"db": "CERT/CC",
"id": "VU#435444",
"trust": 0.1
},
{
"db": "CERT/CC",
"id": "VU#732952",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "32268",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "31490",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#333628"
},
{
"db": "CERT/CC",
"id": "VU#813208"
},
{
"db": "CERT/CC",
"id": "VU#326746"
},
{
"db": "CERT/CC",
"id": "VU#561284"
},
{
"db": "CERT/CC",
"id": "VU#679556"
},
{
"db": "CERT/CC",
"id": "VU#334928"
},
{
"db": "BID",
"id": "7806"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000168"
},
{
"db": "PACKETSTORM",
"id": "31444"
},
{
"db": "PACKETSTORM",
"id": "32268"
},
{
"db": "PACKETSTORM",
"id": "31490"
},
{
"db": "CNNVD",
"id": "CNNVD-200306-069"
},
{
"db": "NVD",
"id": "CVE-2003-0344"
}
]
},
"id": "VAR-200306-0042",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2022-05-08T07:26:52.746000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MS03-032",
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/bulletin/ms03-032.asp"
},
{
"title": "MS03-020",
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/bulletin/ms03-020.asp"
},
{
"title": "MS03-032",
"trust": 0.8,
"url": "http://www.microsoft.com/japan/technet/security/bulletin/ms03-032.mspx"
},
{
"title": "MS03-020",
"trust": 0.8,
"url": "http://www.microsoft.com/japan/technet/security/bulletin/ms03-020.mspx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2003-000168"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0344"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.eeye.com/html/research/advisories/ad20030604.html"
},
{
"trust": 2.4,
"url": "http://www.kb.cert.org/vuls/id/679556"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/7806"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/8943"
},
{
"trust": 1.6,
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-020"
},
{
"trust": 1.6,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a922"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=105476381609135\u0026w=2"
},
{
"trust": 1.6,
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-july/006401.html"
},
{
"trust": 0.9,
"url": "http://www.eeye.com/html/research/advisories/ad20030723.html"
},
{
"trust": 0.9,
"url": "http://support.microsoft.com/default.aspx?scid=kb;en-us;819696"
},
{
"trust": 0.8,
"url": "http://www.openssh.com/txt/buffer.adv"
},
{
"trust": 0.8,
"url": "http://www.mindrot.org/pipermail/openssh-unix-announce/2003-september/000062.html"
},
{
"trust": 0.8,
"url": "http://www.freebsd.org/cgi/cvsweb.cgi/ports/security/openssh/files/patch-buffer.c"
},
{
"trust": 0.8,
"url": "http://www.secunia.com/advisories/10156/"
},
{
"trust": 0.8,
"url": "about vulnerability notes"
},
{
"trust": 0.8,
"url": "contact us about this vulnerability"
},
{
"trust": 0.8,
"url": "provide a vendor statement"
},
{
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/bulletin/ms03-039.asp"
},
{
"trust": 0.8,
"url": "http://www.xfocus.org/advisories/200307/4.html"
},
{
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/bulletin/ms03-030.asp"
},
{
"trust": 0.8,
"url": "http://www.microsoft.com/windows/ie/downloads/critical/818529/default.asp"
},
{
"trust": 0.8,
"url": "http://www.microsoft.com/security/security_bulletins/ms03-020.asp"
},
{
"trust": 0.8,
"url": "http://www.secunia.com/advisories/8943/"
},
{
"trust": 0.8,
"url": "http://www.lac.co.jp/security/english/snsadv_e/68_e.html"
},
{
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/bulletin/ms03-032.asp"
},
{
"trust": 0.8,
"url": "http://msdn.microsoft.com/workshop/author/dhtml/reference/objects/object.asp"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/xforce/xfdb/12970"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2003-0344"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2003-0344"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms03-020.asp"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms03-032.asp"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/334928"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/813208"
},
{
"trust": 0.3,
"url": "/archive/1/324265"
},
{
"trust": 0.3,
"url": "/archive/1/323895"
},
{
"trust": 0.3,
"url": "http://www.cert.org/"
},
{
"trust": 0.3,
"url": "http://www.cert.org/cert_pgp.key"
},
{
"trust": 0.2,
"url": "http://www.kb.cert.org/vuls/id/561284"
},
{
"trust": 0.2,
"url": "http://www.kb.cert.org/vuls/id/326746"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/265232"
},
{
"trust": 0.1,
"url": "http://microsoft.com/technet/security/bulletin/ms03-030.asp"
},
{
"trust": 0.1,
"url": "http://www.cert.org/advisories/ca-2003-18.html"
},
{
"trust": 0.1,
"url": "http://www.cert.org/summaries/cs-2003-04.html"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/412478"
},
{
"trust": 0.1,
"url": "http://www.cert.org/advisories/"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/333628"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/567620"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/104280"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/686224"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/575892"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/732952"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/989932"
},
{
"trust": 0.1,
"url": "http://www.cert.org/current/archive/2003/09/19/archive.html#swena"
},
{
"trust": 0.1,
"url": "http://www.cert.org/summaries/"
},
{
"trust": 0.1,
"url": "http://www.cert.org/stats/cert_stats.html"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/784980"
},
{
"trust": 0.1,
"url": "http://www.cert.org/training/"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/838572"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/967668"
},
{
"trust": 0.1,
"url": "http://www.cert.org/current/current_activity.html"
},
{
"trust": 0.1,
"url": "http://www.cert.org/advisories/ca-2003-28.html"
},
{
"trust": 0.1,
"url": "http://www.cert.org/advisories/ca-2003-27.html"
},
{
"trust": 0.1,
"url": "https://www.cert.org/contact_cert/encryptmail.html"
},
{
"trust": 0.1,
"url": "http://www.cert.org/incident_notes/in-2003-04.html"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/435444"
},
{
"trust": 0.1,
"url": "http://www.cert.org/advisories/ca-2003-26.html"
},
{
"trust": 0.1,
"url": "http://www.cert.org/advisories/ca-2003-24.html"
},
{
"trust": 0.1,
"url": "http://www.cert.org/advisories/ca-2003-25.html"
},
{
"trust": 0.1,
"url": "http://www.cert.org/advisories/ca-2003-23.html"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/935264"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/467036"
},
{
"trust": 0.1,
"url": "https://www.cert.org/pgp/cert_pgp_key.asc"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/255484"
},
{
"trust": 0.1,
"url": "http://www.cert.org/current/archive/2003/11/19/archive.html#mimaili"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/865940"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/380864"
},
{
"trust": 0.1,
"url": "http://www.cert.org/congressional_testimony"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/422156"
},
{
"trust": 0.1,
"url": "http://www.cert.org/csirts/"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/254236"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/483492"
},
{
"trust": 0.1,
"url": "http://www.cert.org/advisories/ca-2003-19.html"
},
{
"trust": 0.1,
"url": "http://microsoft.com/technet/security/bulletin/ms03-026.asp"
},
{
"trust": 0.1,
"url": "http://support.microsoft.com?kbid=823980"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#333628"
},
{
"db": "CERT/CC",
"id": "VU#813208"
},
{
"db": "CERT/CC",
"id": "VU#326746"
},
{
"db": "CERT/CC",
"id": "VU#561284"
},
{
"db": "CERT/CC",
"id": "VU#679556"
},
{
"db": "CERT/CC",
"id": "VU#334928"
},
{
"db": "BID",
"id": "7806"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000168"
},
{
"db": "PACKETSTORM",
"id": "31444"
},
{
"db": "PACKETSTORM",
"id": "32268"
},
{
"db": "PACKETSTORM",
"id": "31490"
},
{
"db": "CNNVD",
"id": "CNNVD-200306-069"
},
{
"db": "NVD",
"id": "CVE-2003-0344"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#333628"
},
{
"db": "CERT/CC",
"id": "VU#813208"
},
{
"db": "CERT/CC",
"id": "VU#326746"
},
{
"db": "CERT/CC",
"id": "VU#561284"
},
{
"db": "CERT/CC",
"id": "VU#679556"
},
{
"db": "CERT/CC",
"id": "VU#334928"
},
{
"db": "BID",
"id": "7806"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000168"
},
{
"db": "PACKETSTORM",
"id": "31444"
},
{
"db": "PACKETSTORM",
"id": "32268"
},
{
"db": "PACKETSTORM",
"id": "31490"
},
{
"db": "CNNVD",
"id": "CNNVD-200306-069"
},
{
"db": "NVD",
"id": "CVE-2003-0344"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-09-16T00:00:00",
"db": "CERT/CC",
"id": "VU#333628"
},
{
"date": "2003-08-26T00:00:00",
"db": "CERT/CC",
"id": "VU#813208"
},
{
"date": "2003-07-31T00:00:00",
"db": "CERT/CC",
"id": "VU#326746"
},
{
"date": "2003-07-24T00:00:00",
"db": "CERT/CC",
"id": "VU#561284"
},
{
"date": "2003-06-04T00:00:00",
"db": "CERT/CC",
"id": "VU#679556"
},
{
"date": "2003-08-26T00:00:00",
"db": "CERT/CC",
"id": "VU#334928"
},
{
"date": "2003-06-04T00:00:00",
"db": "BID",
"id": "7806"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2003-000168"
},
{
"date": "2003-07-28T00:43:46",
"db": "PACKETSTORM",
"id": "31444"
},
{
"date": "2003-11-25T05:25:51",
"db": "PACKETSTORM",
"id": "32268"
},
{
"date": "2003-08-05T18:53:20",
"db": "PACKETSTORM",
"id": "31490"
},
{
"date": "2003-06-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200306-069"
},
{
"date": "2003-06-16T04:00:00",
"db": "NVD",
"id": "CVE-2003-0344"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-08-12T00:00:00",
"db": "CERT/CC",
"id": "VU#333628"
},
{
"date": "2003-09-03T00:00:00",
"db": "CERT/CC",
"id": "VU#813208"
},
{
"date": "2003-09-10T00:00:00",
"db": "CERT/CC",
"id": "VU#326746"
},
{
"date": "2003-07-30T00:00:00",
"db": "CERT/CC",
"id": "VU#561284"
},
{
"date": "2003-06-04T00:00:00",
"db": "CERT/CC",
"id": "VU#679556"
},
{
"date": "2005-08-11T00:00:00",
"db": "CERT/CC",
"id": "VU#334928"
},
{
"date": "2009-07-11T22:06:00",
"db": "BID",
"id": "7806"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2003-000168"
},
{
"date": "2021-07-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200306-069"
},
{
"date": "2021-07-23T12:55:00",
"db": "NVD",
"id": "CVE-2003-0344"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200306-069"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenSSH contains buffer management errors",
"sources": [
{
"db": "CERT/CC",
"id": "VU#333628"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200306-069"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.