
SARA Home
SARA Search
Data Management
Target selection
Data Analysis
Configuration Mgt
Documents/CVE
Troubleshooting

|
SARA Tests by CVE (version )
SARA vulnerability tests address the vast majority of the
Common Vulnerabilities and
Exposures that (a) can be tested remotely and (b) do
not cause a denial of service. Below is the current list:
CVE No. |
Description |
SARA Test |
CVE-2002-1056 |
Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used while editing email messages in HTML or Rich Text Format (RTF), which could allow remote attackers to execute arbitrary scripts via an email that the user forwards or replies to. |
Registry Check |
CVE-2002-1117 |
Veritas Backup Exec 8.5 and earlier requires that the RestrictAnonymous registry key for Microsoft Exchange 2000 must be set to 0, which enables anonymous listing of the SAM database and shares. |
Null session test |
CVE-2002-1123 |
Buffer overflow in the authentication function for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows remote attackers to execute arbitrary code via a long request to TCP port 1433, aka the Hello overflow. |
MS SQL test |
CVE-2002-1142 |
Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub. |
overflow test |
CVE-2002-1146 |
The BIND 4 and BIND 8.2.x stub resolver libraries, and other libraries such as glibc 2.2.5 and earlier, libc, and libresolv, use the maximum buffer size instead of the actual size when processing a DNS response, which causes the stub resolvers to read past the actual boundary (read buffer overflow), allowing remote attackers to cause a denial of service (crash). |
dns version check |
CVE-2002-1219 |
Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 versions 8.3.3 and earlier, allows remote attackers to execute arbitrary code via a certain DNS server response containing SIG resource records (RR). |
dns version check |
CVE References
CVE No. |
References |
CVE-2002-1056 | BUGTRAQ:20020331 More Office XP Problems BUGTRAQ:20020403 More Office XP problems (Version 2.0) MS:MS02-021 BID:4397 XF:outlook-object-execute-script(8708) |
CVE-2002-1123 | BUGTRAQ:20020806 SPIKE 2.5 and associated vulns BUGTRAQ:20020807 MS SQL Server Hello Overflow NASL script MS:MS02-056 BID:5411 XF:mssql-preauth-bo(9788) |
CVE-2002-1142 | MS:MS02-065 VULNWATCH:20021120 Foundstone Advisory MISC:http://www.foundstone.com/knowledge/randd-advisories-display.html?id=337 CERT:CA-2002-33 CERT-VN:VU#542081 XF:mdac-rds-server-bo(10659) BID:6214 |
CVE-2002-1146 | FREEBSD:FreeBSD-SA-02:42 MANDRAKE:MDKSA-2004:009 NETBSD:NetBSD-SA2002-015 REDHAT:RHSA-2002:197 REDHAT:RHSA-2002:258 REDHAT:RHSA-2003:022 REDHAT:RHSA-2003:212 CERT-VN:VU#738331 XF:dns-resolver-lib-read-bo(10295) CONECTIVA:CLA-2002:535 |
|