LanGuard reports



Supported OVAL Bulletins


More information on 2017 updates



ID:
CVE-2003-1398
Title:
Cisco IOS 12.0 through 12.2, when IP routing is disabled, accepts false ICMP redirect messages, which allows remote attackers to cause a denial of service (network routing modification).
Type:
Hardware
Bulletins:
CVE-2003-1398
SFBID6823
Severity:
High
Description:
Cisco IOS 12.0 through 12.2, when IP routing is disabled, accepts false ICMP redirect messages, which allows remote attackers to cause a denial of service (network routing modification).
Applies to:
Created:
2003-12-31
Updated:
2017-02-28

ID:
CVE-2003-1497
Title:
Buffer overflow in the system log viewer of Linksys BEFSX41 1.44.3 allows remote attackers to cause a denial of service via an HTTP request with a long Log_Page_Num variable.
Type:
Hardware
Bulletins:
CVE-2003-1497
SFBID8834
Severity:
Medium
Description:
Buffer overflow in the system log viewer of Linksys BEFSX41 1.44.3 allows remote attackers to cause a denial of service via an HTTP request with a long Log_Page_Num variable.
Applies to:
BEFSX41
Created:
2003-12-31
Updated:
2017-02-28

ID:
CVE-2003-1264
Title:
TFTP server in Longshine Wireless Access Point (WAP) LCS-883R-AC-B, and in D-Link DI-614+ 2.0 which is based on it, allows remote attackers to obtain the WEP secret and gain administrator privileges by downloading the configuration file (config.img)...
Type:
Hardware
Bulletins:
CVE-2003-1264
SFBID6533
Severity:
Medium
Description:
TFTP server in Longshine Wireless Access Point (WAP) LCS-883R-AC-B, and in D-Link DI-614+ 2.0 which is based on it, allows remote attackers to obtain the WEP secret and gain administrator privileges by downloading the configuration file (config.img) and other files without authentication.
Applies to:
DI-614+B
Created:
2003-12-31
Updated:
2017-02-28

ID:
CVE-2003-1490
Title:
SonicWall Pro running firmware 6.4.0.1 allows remote attackers to cause a denial of service (device reset) via a long HTTP POST to the internal interface, possibly due to a buffer overflow.
Type:
Hardware
Bulletins:
CVE-2003-1490
SFBID7435
Severity:
High
Description:
SonicWall Pro running firmware 6.4.0.1 allows remote attackers to cause a denial of service (device reset) via a long HTTP POST to the internal interface, possibly due to a buffer overflow.
Applies to:
SonicWall Firewall Pro 200
SonicWall Firewall Pro 300
SonicWall Firewall Pro 100
Created:
2003-12-31
Updated:
2017-02-28

ID:
CVE-2003-1346
Title:
D-Link wireless access point DWL-900AP+ 2.2, 2.3 and possibly 2.5 allows remote attackers to set factory default settings by upgrading the firmware using AirPlus Access Point Manager.
Type:
Hardware
Bulletins:
CVE-2003-1346
SFBID6609
Severity:
High
Description:
D-Link wireless access point DWL-900AP+ 2.2, 2.3 and possibly 2.5 allows remote attackers to set factory default settings by upgrading the firmware using AirPlus Access Point Manager.
Applies to:
DWL-900AP+B
Created:
2003-12-31
Updated:
2017-02-28

ID:
CVE-2003-1109
Title:
The Session Initiation Protocol (SIP) implementation in multiple Cisco products including IP Phone models 7940 and 7960, IOS versions in the 12.2 train, and Secure PIX 5.2.9 to 6.2.2 allows remote attackers to cause a denial of service and possibly...
Type:
Hardware
Bulletins:
CVE-2003-1109
SFBID6904
Severity:
High
Description:
The Session Initiation Protocol (SIP) implementation in multiple Cisco products including IP Phone models 7940 and 7960, IOS versions in the 12.2 train, and Secure PIX 5.2.9 to 6.2.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite.
Applies to:
Created:
2003-12-31
Updated:
2017-02-28

ID:
CVE-2003-1132
Title:
The DNS server for Cisco Content Service Switch (CSS) 11000 and 11500, when prompted for a nonexistent AAAA record, responds with response code 3 (NXDOMAIN or "Name Error") instead of response code 0 ("No Error"), which allows remote attackers to...
Type:
Hardware
Bulletins:
CVE-2003-1132
Severity:
Medium
Description:
The DNS server for Cisco Content Service Switch (CSS) 11000 and 11500, when prompted for a nonexistent AAAA record, responds with response code 3 (NXDOMAIN or "Name Error") instead of response code 0 ("No Error"), which allows remote attackers to cause a denial of service (inaccessible domain) by forcing other DNS servers to send and cache a request for a AAAA record to the vulnerable server.
Applies to:
Cisco CSS 11100 Content Services Switch Series
Content Services Switch 11500
Created:
2003-12-31
Updated:
2017-02-28

ID:
CVE-2003-0851
Title:
OpenSSL ASN.1 Large Recursion DoS
Type:
Hardware
Bulletins:
CVE-2003-0851
SFBID8970
Severity:
Medium
Description:
OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences.
Applies to:
Created:
2003-12-01
Updated:
2017-02-28

ID:
CVE-2003-0795
Title:
zebra/Quagga versions older than 0.96.4
Type:
Services
Bulletins:
CVE-2003-0795
SFBID9029
Severity:
Medium
Description:
zebra/Quagga versions older than 0.96.4 are vulnerable to a denial of service.
Applies to:
Created:
2003-11-12
Updated:
2010-08-21

ID:
CVE-2003-0511
Title:
Cisco Aironet HTTP GET DoS
Type:
Hardware
Bulletins:
CVE-2003-0511
Severity:
Medium
Description:
The web server for Cisco Aironet AP1x00 Series Wireless devices running certain versions of IOS 12.2 allow remote attackers to cause a denial of service (reload) via a malformed URL.
Applies to:
Created:
2003-08-27
Updated:
2017-02-28

ID:
CVE-2003-0512
Title:
Cisco IOS Valid Username Enumeration
Type:
Hardware
Bulletins:
CVE-2003-0512
Severity:
Medium
Description:
Cisco IOS 12.2 and earlier generates a "% Login invalid" message instead of prompting for a password when an invalid username is provided, which allows remote attackers to identify valid usernames on the system and conduct brute force password guessing, as reported for the Aironet Bridge.
Applies to:
Created:
2003-08-27
Updated:
2017-02-28

ID:
CVE-2003-0647
Title:
Cisco IOS Long HTTP GET Request Overflow
Type:
Hardware
Bulletins:
CVE-2003-0647
Severity:
High
Description:
Buffer overflow in the HTTP server for Cisco IOS 12.2 and earlier allows remote attackers to execute arbitrary code via an extremely long (2GB) HTTP GET request.
Applies to:
Created:
2003-08-27
Updated:
2017-02-28

ID:
CVE-2003-0567
Title:
Cisco IOS Malformed IPv4 Packet Remote DoS
Type:
Hardware
Bulletins:
CVE-2003-0567
Severity:
High
Description:
Cisco IOS 11.x and 12.0 through 12.2 allows remote attackers to cause a denial of service (traffic block) by sending a particular sequence of IPv4 packets to an interface on the device, causing the input queue on that interface to be marked as full.
Applies to:
Cisco ONS 15454 Multiservice Transport Platform
Created:
2003-08-18
Updated:
2017-02-28

ID:
OVAL141
Title:
Microsoft Internet Explorer MIME Hack
Type:
Web
Bulletins:
OVAL141
CVE-2001-0154
Severity:
Low
Description:
HTML e-mail feature in Internet Explorer 5.5 and earlier allows attackers to execute attachments by setting an unusual MIME type for the attachment, which Internet Explorer does not process correctly.
Applies to:
Microsoft Internet Explorer
Created:
2003-07-18
Updated:
2016-02-19

ID:
SFBID8062
Title:
Abyss Web server Bufferoverflow
Type:
Miscellaneous
Bulletins:
SFBID8062
Severity:
High
Description:
A security vulnerability exists in Abyss Web Server. A heap overrun takes place due to insufficient bounds checking of data supplied via client HTTP GET requests. In such case random code can be executed with the privileges of the web server. This vulnerability affects Abyss Web Server version 1.1.2. Later versions may also be affected. Abyss Web Server version 1.1.6 does is not prone to such a vulnerability thus users are advised to upgrade to such a version.
Applies to:
Abyss Web Server
Created:
2003-06-30
Updated:
2010-08-21

ID:
CVE-2003-0305
Title:
Cisco IOS SAA Malformed RTR Packet DoS
Type:
Hardware
Bulletins:
CVE-2003-0305
Severity:
Medium
Description:
The Service Assurance Agent (SAA) in Cisco IOS 12.0 through 12.2, aka Response Time Reporter (RTR), allows remote attackers to cause a denial of service (crash) via malformed RTR packets to port 1967.
Applies to:
Created:
2003-06-09
Updated:
2017-02-28

ID:
CVE-2003-0258
Title:
Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 3.5.x through 4.0.REL, when enabling IPSec over TCP for a port on the concentrator, allow remote attackers to reach the private network without authentication.
Type:
Hardware
Bulletins:
CVE-2003-0258
Severity:
High
Description:
Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 3.5.x through 4.0.REL, when enabling IPSec over TCP for a port on the concentrator, allow remote attackers to reach the private network without authentication.
Applies to:
Cisco Vpn 3005 Concentrator
Cisco VPN 3015 Concentrator
Cisco VPN 3030 Concentrator
Cisco VPN 3060 Concentrator
Cisco VPN 3080 Concentrator
Created:
2003-05-27
Updated:
2017-02-28

ID:
CVE-2003-0259
Title:
Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 2.x.x through 3.6.7 allows remote attackers to cause a denial of service (reload) via a malformed SSH initialization packet.
Type:
Hardware
Bulletins:
CVE-2003-0259
Severity:
Medium
Description:
Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 2.x.x through 3.6.7 allows remote attackers to cause a denial of service (reload) via a malformed SSH initialization packet.
Applies to:
Cisco Vpn 3005 Concentrator
Cisco VPN 3030 Concentrator
Cisco VPN 3060 Concentrator
Cisco VPN 3015 Concentrator
Cisco VPN 3080 Concentrator
Created:
2003-05-27
Updated:
2017-02-28

ID:
CVE-2003-0260
Title:
Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 2.x.x through 3.6.7A allow remote attackers to cause a denial of service (slowdown and possibly reload) via a flood of malformed ICMP packets.
Type:
Hardware
Bulletins:
CVE-2003-0260
Severity:
Medium
Description:
Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 2.x.x through 3.6.7A allow remote attackers to cause a denial of service (slowdown and possibly reload) via a flood of malformed ICMP packets.
Applies to:
Cisco Vpn 3005 Concentrator
Cisco VPN 3030 Concentrator
Cisco VPN 3060 Concentrator
Cisco VPN 3015 Concentrator
Cisco VPN 3080 Concentrator
Created:
2003-05-27
Updated:
2017-02-28

ID:
CVE-2003-0216
Title:
Cisco Catalyst Enable Access Authentication Bypass
Type:
Hardware
Bulletins:
CVE-2003-0216
Severity:
High
Description:
Unknown vulnerability in Cisco Catalyst 7.5(1) allows local users to bypass authentication and gain access to the enable mode without a password.
Applies to:
Created:
2003-05-12
Updated:
2017-02-28

ID:
CVE-2002-1426
Title:
HP ProCurve Switch 4000M C.07.23 allows remote attackers to cause a denial of service (crash) via an SNMP write request containing 85 characters, possibly triggering a buffer overflow.
Type:
Hardware
Bulletins:
CVE-2002-1426
SFBID5336
Severity:
High
Description:
HP ProCurve Switch 4000M C.07.23 allows remote attackers to cause a denial of service (crash) via an SNMP write request containing 85 characters, possibly triggering a buffer overflow.
Applies to:
Procurve Switch 4000m
Created:
2003-04-11
Updated:
2017-02-28

ID:
CVE-2002-1547
Title:
Netscreen running ScreenOS 4.0.0r6 and earlier allows remote attackers to cause a denial of service via a malformed SSH packet to the Secure Command Shell (SCS) management interface, as demonstrated via certain CRC32 exploits, a different...
Type:
Hardware
Bulletins:
CVE-2002-1547
Severity:
Medium
Description:
Netscreen running ScreenOS 4.0.0r6 and earlier allows remote attackers to cause a denial of service via a malformed SSH packet to the Secure Command Shell (SCS) management interface, as demonstrated via certain CRC32 exploits, a different vulnerability than CVE-2001-0144.
Applies to:
Created:
2003-03-31
Updated:
2017-02-28

ID:
CVE-2002-1553
Title:
Cisco ONS15454 and ONS15327 running ONS before 3.4 allows remote attackers to modify the system configuration and delete files by establishing an FTP connection to the TCC, TCC+ or XTC using a username and password that does not exist.
Type:
Hardware
Bulletins:
CVE-2002-1553
SFBID6076
Severity:
High
Description:
Cisco ONS15454 and ONS15327 running ONS before 3.4 allows remote attackers to modify the system configuration and delete files by establishing an FTP connection to the TCC, TCC+ or XTC using a username and password that does not exist.
Applies to:
Cisco ONS 15327 SONET Multiservice Platform
Cisco ONS 15454 Multiservice Transport Platform
Created:
2003-03-31
Updated:
2017-02-28

ID:
CVE-2002-1554
Title:
Cisco ONS15454 and ONS15327 running ONS before 3.4 stores usernames and passwords in cleartext in the image database for the TCC, TCC+ or XTC, which could allow attackers to gain privileges by obtaining the passwords from the image database or a backup.
Type:
Hardware
Bulletins:
CVE-2002-1554
SFBID6078
Severity:
Medium
Description:
Cisco ONS15454 and ONS15327 running ONS before 3.4 stores usernames and passwords in cleartext in the image database for the TCC, TCC+ or XTC, which could allow attackers to gain privileges by obtaining the passwords from the image database or a backup.
Applies to:
Cisco ONS 15327 SONET Multiservice Platform
Cisco ONS 15454 Multiservice Transport Platform
Created:
2003-03-31
Updated:
2017-02-28

ID:
CVE-2002-1555
Title:
Cisco ONS15454 and ONS15327 running ONS before 3.4 uses a "public" SNMP community string that cannot be changed, which allows remote attackers to obtain sensitive information.
Type:
Hardware
Bulletins:
CVE-2002-1555
SFBID6081
Severity:
Medium
Description:
Cisco ONS15454 and ONS15327 running ONS before 3.4 uses a "public" SNMP community string that cannot be changed, which allows remote attackers to obtain sensitive information.
Applies to:
Cisco ONS 15327 SONET Multiservice Platform
Cisco ONS 15454 Multiservice Transport Platform
Created:
2003-03-31
Updated:
2017-02-28

ID:
CVE-2002-1556
Title:
Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to cause a denial of service (reset) via an HTTP request to the TCC, TCC+ or XTC, in which the request contains an invalid CORBA Interoperable Object Reference (IOR).
Type:
Hardware
Bulletins:
CVE-2002-1556
SFBID6084
Severity:
Medium
Description:
Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to cause a denial of service (reset) via an HTTP request to the TCC, TCC+ or XTC, in which the request contains an invalid CORBA Interoperable Object Reference (IOR).
Applies to:
Cisco ONS 15327 SONET Multiservice Platform
Cisco ONS 15454 Multiservice Transport Platform
Created:
2003-03-31
Updated:
2017-02-28

ID:
CVE-2002-1557
Title:
Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to cause a denial of service (reset to TCC, TCC+, TCCi or XTC) via a malformed HTTP request that does not contain a leading / (slash) character.
Type:
Hardware
Bulletins:
CVE-2002-1557
SFBID6082
Severity:
Medium
Description:
Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to cause a denial of service (reset to TCC, TCC+, TCCi or XTC) via a malformed HTTP request that does not contain a leading / (slash) character.
Applies to:
Cisco ONS 15327 SONET Multiservice Platform
Cisco ONS 15454 Multiservice Transport Platform
Created:
2003-03-31
Updated:
2017-02-28

ID:
CVE-2002-1558
Title:
Cisco ONS15454 and ONS15327 running ONS before 3.4 have an account for the VxWorks Operating System in the TCC, TCC+ and XTC that cannot be changed or disabled, which allows remote attackers to gain privileges by connecting to the account via Telnet.
Type:
Hardware
Bulletins:
CVE-2002-1558
SFBID6083
Severity:
High
Description:
Cisco ONS15454 and ONS15327 running ONS before 3.4 have an account for the VxWorks Operating System in the TCC, TCC+ and XTC that cannot be changed or disabled, which allows remote attackers to gain privileges by connecting to the account via Telnet.
Applies to:
Cisco ONS 15327 SONET Multiservice Platform
Cisco ONS 15454 Multiservice Transport Platform
Created:
2003-03-31
Updated:
2017-02-28

ID:
CVE-2003-0161
Title:
Sendmail is older than 8.12.9
Type:
Mail
Bulletins:
CVE-2003-0161
Severity:
High
Description:
Sendmail is a Mail Transport Agent included in all the Red Hat Linux distributions. A security flaw was discovered in the handling of DNS maps in Sendmail 8.12 versions before 8.12.9. A remote attacker will be able to crash the instance of Sendmail dealing with the request.In case version 8.12.9 is not available, a patch should be installed. The patch and PGP signature can be downloaded from a link given in: http://www.sendmail.org/patchps.html. Check the PGP signature using either: gpg -verify prescan.tar.gz.uu.asc prescan.tar.gz.uuorpgp prescan.tar.gz.uu.asc prescan.tar.gz.uuThen unpack the patches using the following command:uudecode -p < prescan.tar.gz.uu | gunzip -c | tar -xf -Then apply the appropriate patch to your version of the Sendmail source code:cd sendmail-8.12.8/sendmailpatch < prescan.VERSION.patchIf version older than 8.12.8 was installed, make sure you install the previous patches. Recompile sendmail and install the new binary.
Applies to:
Sendmail
Created:
2003-03-29
Updated:
2010-08-21

ID:
CVE-2003-0100
Title:
Cisco IOS OSPF Neighbor Announcement Remote Overflow
Type:
Hardware
Bulletins:
CVE-2003-0100
SFBID6895
Severity:
High
Description:
Buffer overflow in Cisco IOS 11.2.x to 12.0.x allows remote attackers to cause a denial of service and possibly execute commands via a large number of OSPF neighbor announcements.
Applies to:
Created:
2003-03-03
Updated:
2017-02-28

ID:
CVE-2002-1337
Title:
Remote Buffer Overflow in Sendmail
Type:
Mail
Bulletins:
CVE-2002-1337
SFBID6991
Severity:
High
Description:
Sendmail version 5.79 to 8.12.7 are vulnerable to a buffer overflow, allowing attackers to execute their own code on the target via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function, which is found in headers.c. A newer version of Sendmail 8.12.8 exists, which contains a fix for this critical security problem.
Applies to:
Sendmail
Created:
2003-03-02
Updated:
2010-08-21