CVE (version 20061101)


Name: CVE-1999-0002

Description:
Buffer overflow in NFS mountd gives root access to remote attackers, mostly in Linux systems.

Status: Entry
Reference: SGI:19981006-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19981006-01-I
Reference: CERT:CA-98.12.mountd
Reference: CIAC:J-006
Reference: URL:http://www.ciac.org/ciac/bulletins/j-006.shtml
Reference: BID:121
Reference: URL:http://www.securityfocus.com/bid/121
Reference: XF:linux-mountd-bo


Name: CVE-1999-0003

Description:
Execute commands as root via buffer overflow in Tooltalk database server (rpc.ttdbserverd).

Status: Entry
Reference: NAI:NAI-29
Reference: CERT:CA-98.11.tooltalk
Reference: SGI:19981101-01-A
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19981101-01-A
Reference: SGI:19981101-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19981101-01-PX
Reference: XF:aix-ttdbserver
Reference: XF:tooltalk
Reference: BID:122
Reference: URL:http://www.securityfocus.com/bid/122


Name: CVE-1999-0005

Description:
Arbitrary command execution via IMAP buffer overflow in authenticate command.

Status: Entry
Reference: CERT:CA-98.09.imapd
Reference: SUN:00177
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/177
Reference: BID:130
Reference: URL:http://www.securityfocus.com/bid/130
Reference: XF:imap-authenticate-bo


Name: CVE-1999-0006

Description:
Buffer overflow in POP servers based on BSD/Qualcomm's qpopper allows remote attackers to gain root access using a long PASS command.

Status: Entry
Reference: CERT:CA-98.08.qpopper_vul
Reference: SGI:19980801-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980801-01-I
Reference: AUSCERT:AA-98.01
Reference: XF:qpopper-pass-overflow
Reference: BID:133
Reference: URL:http://www.securityfocus.com/bid/133


Name: CVE-1999-0007

Description:
Information from SSL-encrypted sessions via PKCS #1.

Status: Entry
Reference: CERT:CA-98.07.PKCS
Reference: MS:MS98-002
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms98-002.mspx
Reference: XF:nt-ssl-fix


Name: CVE-1999-0008

Description:
Buffer overflow in NIS+, in Sun's rpc.nisd program.

Status: Entry
Reference: CERT:CA-98.06.nisd
Reference: SUN:00170
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/170
Reference: ISS:June10,1998
Reference: XF:nisd-bo-check


Name: CVE-1999-0009

Description:
Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases.

Status: Entry
Reference: SGI:19980603-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980603-01-PX
Reference: HP:HPSBUX9808-083
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9808-083
Reference: SUN:00180
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/180
Reference: CERT:CA-98.05.bind_problems
Reference: XF:bind-bo
Reference: BID:134
Reference: URL:http://www.securityfocus.com/bid/134


Name: CVE-1999-0010

Description:
Denial of Service vulnerability in BIND 8 Releases via maliciously formatted DNS messages.

Status: Entry
Reference: CERT:CA-98.05.bind_problems
Reference: SGI:19980603-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980603-01-PX
Reference: HP:HPSBUX9808-083
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9808-083
Reference: XF:bind-dos


Name: CVE-1999-0011

Description:
Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases via CNAME record and zone transfer.

Status: Entry
Reference: CERT:CA-98.05.bind_problems
Reference: SGI:19980603-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980603-01-PX
Reference: HP:HPSBUX9808-083
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9808-083
Reference: SUN:00180
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/180
Reference: XF:bind-axfr-dos


Name: CVE-1999-0012

Description:
Some web servers under Microsoft Windows allow remote attackers to bypass access restrictions for files with long file names.

Status: Entry
Reference: CERT:CA-98.04.Win32.WebServers
Reference: XF:nt-web8.3


Name: CVE-1999-0013

Description:
Stolen credentials from SSH clients via ssh-agent program, allowing other local users to access remote accounts belonging to the ssh-agent user.

Status: Entry
Reference: CERT:CA-98.03.ssh-agent
Reference: NAI:NAI-24
Reference: XF:ssh-agent


Name: CVE-1999-0014

Description:
Unauthorized privileged access or denial of service via dtappgather program in CDE.

Status: Entry
Reference: HP:HPSBUX9801-075
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9801-075
Reference: SUN:00185
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/185
Reference: CERT:CA-98.02.CDE


Name: CVE-1999-0016

Description:
Land IP denial of service.

Status: Entry
Reference: CERT:CA-97.28.Teardrop_Land
Reference: FREEBSD:FreeBSD-SA-98:01
Reference: HP:HPSBUX9801-076
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9801-076
Reference: CISCO:http://www.cisco.com/warp/public/770/land-pub.shtml
Reference: XF:cisco-land
Reference: XF:land
Reference: XF:95-verv-tcp
Reference: XF:land-patch
Reference: XF:ver-tcpip-sys


Name: CVE-1999-0017

Description:
FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce.

Status: Entry
Reference: CERT:CA-97.27.FTP_bounce
Reference: XF:ftp-bounce
Reference: XF:ftp-privileged-port


Name: CVE-1999-0018

Description:
Buffer overflow in statd allows root privileges.

Status: Entry
Reference: CERT:CA-97.26.statd
Reference: AUSCERT:AA-97.29
Reference: XF:statd
Reference: BID:127
Reference: URL:http://www.securityfocus.com/bid/127


Name: CVE-1999-0019

Description:
Delete or create a file via rpc.statd, due to invalid information.

Status: Entry
Reference: CERT:CA-96.09.rpc.statd
Reference: XF:rpc-stat
Reference: SUN:00135
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/135


Name: CVE-1999-0021

Description:
Arbitrary command execution via buffer overflow in Count.cgi (wwwcount) cgi-bin program.

Status: Entry
Reference: BUGTRAQ:19971010 Security flaw in Count.cgi (wwwcount)
Reference: CERT:CA-97.24.Count_cgi
Reference: XF:http-cgi-count
Reference: BID:128
Reference: URL:http://www.securityfocus.com/bid/128


Name: CVE-1999-0022

Description:
Local user gains root privileges via buffer overflow in rdist, via expstr() function.

Status: Entry
Reference: CERT:CA-97.23.rdist
Reference: SUN:00179
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/179
Reference: XF:rdist-bo3
Reference: XF:rdist-sept97


Name: CVE-1999-0023

Description:
Local user gains root privileges via buffer overflow in rdist, via lookup() function.

Status: Entry
Reference: CERT:CA-96.14.rdist_vul
Reference: XF:rdist-bo
Reference: XF:rdist-bo2


Name: CVE-1999-0024

Description:
DNS cache poisoning via BIND, by predictable query IDs.

Status: Entry
Reference: CERT:CA-97.22.bind
Reference: XF:bind
Reference: NAI:NAI-11


Name: CVE-1999-0025

Description:
root privileges via buffer overflow in df command on SGI IRIX systems.

Status: Entry
Reference: CERT:CA-1997-21
Reference: URL:http://www.cert.org/advisories/CA-1997-21.html
Reference: AUSCERT:AA-97.19.IRIX.df.buffer.overflow.vul
Reference: SGI:SGI:19970505-01-A
Reference: SGI:SGI:19970505-02-PX
Reference: CERT-VN:VU#20851
Reference: URL:http://www.kb.cert.org/vuls/id/20851
Reference: BID:346
Reference: URL:http://www.securityfocus.com/bid/346
Reference: XF:df-bo(440)
Reference: URL:http://xforce.iss.net/xforce/xfdb/440


Name: CVE-1999-0026

Description:
root privileges via buffer overflow in pset command on SGI IRIX systems.

Status: Entry
Reference: CERT:CA-97.21.sgi_buffer_overflow
Reference: AUSCERT:AA-97.20.IRIX.pset.buffer.overflow.vul
Reference: XF:pset-bo


Name: CVE-1999-0027

Description:
root privileges via buffer overflow in eject command on SGI IRIX systems.

Status: Entry
Reference: CERT:CA-97.21.sgi_buffer_overflow
Reference: AUSCERT:AA-97.21.IRIX.eject.buffer.overflow.vul
Reference: XF:eject-bo


Name: CVE-1999-0028

Description:
root privileges via buffer overflow in login/scheme command on SGI IRIX systems.

Status: Entry
Reference: CERT:CA-97.21.sgi_buffer_overflow
Reference: AUSCERT:AA-97.22.IRIX.login.scheme.buffer.overflow.vul
Reference: XF:sgi-schemebo


Name: CVE-1999-0029

Description:
root privileges via buffer overflow in ordist command on SGI IRIX systems.

Status: Entry
Reference: CERT:CA-97.21.sgi_buffer_overflow
Reference: AUSCERT:AA-97.23-IRIX.ordist.buffer.overflow.vul
Reference: XF:ordist-bo


Name: CVE-1999-0031

Description:
JavaScript in Internet Explorer 3.x and 4.x, and Netscape 2.x, 3.x and 4.x, allows remote attackers to monitor a user's web activities, aka the Bell Labs vulnerability.

Status: Entry
Reference: CERT:CA-97.20.javascript
Reference: HP:HPSBUX9707-065
Reference: URL:http://www.codetalker.com/advisories/vendor/hp/hpsbux9707-065.html


Name: CVE-1999-0032

Description:
Buffer overflow in lpr, as used in BSD-based systems including Linux, allows local users to execute arbitrary code as root via a long -C (classification) command line option.

Status: Entry
Reference: BUGTRAQ:19960813 Possible bufferoverflow condition in lpr, xterm and xload
Reference: BUGTRAQ:19961025 Linux & BSD's lpr exploit
Reference: MLIST:[freebsd-security] 19961025 Vadim Kolontsov: BoS: Linux & BSD's lpr exploit
Reference: MLIST:[linux-security] 19961122 LSF Update#14: Vulnerability of the lpr program.
Reference: CERT:CA-97.19.bsdlp
Reference: AUSCERT:AA-96.12
Reference: CIAC:H-08
Reference: CIAC:I-042
Reference: URL:http://www.ciac.org/ciac/bulletins/i-042.shtml
Reference: SGI:19980402-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980402-01-PX
Reference: BID:707
Reference: URL:http://www.securityfocus.com/bid/707
Reference: XF:bsd-lprbo2
Reference: XF:bsd-lprbo
Reference: XF:lpr-bo


Name: CVE-1999-0034

Description:
Buffer overflow in suidperl (sperl), Perl 4.x and 5.x.

Status: Entry
Reference: CERT:CA-97.17.sperl
Reference: XF:perl-suid


Name: CVE-1999-0035

Description:
Race condition in signal handling routine in ftpd, allowing read/write arbitrary files.

Status: Entry
Reference: XF:ftp-ftpd
Reference: CERT:CA-97.16.ftpd
Reference: AUSCERT:AA-97.03


Name: CVE-1999-0036

Description:
IRIX login program with a nonzero LOCKOUT parameter allows creation or damage to files.

Status: Entry
Reference: CERT:CA-97.15.sgi_login
Reference: AUSCERT:AA-97.12
Reference: CIAC:H-106
Reference: URL:http://www.ciac.org/ciac/bulletins/h-106.shtml
Reference: SGI:19970508-02-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19970508-02-PX
Reference: OSVDB:990
Reference: URL:http://www.osvdb.org/990
Reference: XF:sgi-lockout(557)
Reference: URL:http://xforce.iss.net/xforce/xfdb/557


Name: CVE-1999-0037

Description:
Arbitrary command execution via metamail package using message headers, when user processes attacker's message using metamail.

Status: Entry
Reference: CERT:CA-97.14.metamail
Reference: XF:metamail-header-commands


Name: CVE-1999-0038

Description:
Buffer overflow in xlock program allows local users to execute commands as root.

Status: Entry
Reference: CERT:CA-97.13.xlock
Reference: XF:xlock-bo


Name: CVE-1999-0039

Description:
webdist CGI program (webdist.cgi) in SGI IRIX allows remote attackers to execute arbitrary commands via shell metacharacters in the distloc parameter.

Status: Entry
Reference: BUGTRAQ:19970507 Re: SGI Security Advisory 19970501-01-A - Vulnerability in
Reference: BUGTRAQ:19970507 Re: SGI Advisory: webdist.cgi
Reference: CERT:CA-1997-12
Reference: URL:http://www.cert.org/advisories/CA-1997-12.html
Reference: AUSCERT:AA-97.14
Reference: SGI:19970501-02-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19970501-02-PX
Reference: BID:374
Reference: URL:http://www.securityfocus.com/bid/374
Reference: OSVDB:235
Reference: URL:http://www.osvdb.org/235
Reference: XF:http-sgi-webdist(333)
Reference: URL:http://xforce.iss.net/xforce/xfdb/333


Name: CVE-1999-0040

Description:
Buffer overflow in Xt library of X Windowing System allows local users to execute commands with root privileges.

Status: Entry
Reference: CERT:CA-97.11.libXt
Reference: XF:libXt-bo


Name: CVE-1999-0041

Description:
Buffer overflow in NLS (Natural Language Service).

Status: Entry
Reference: CERT:CA-97.10.nls
Reference: XF:nls-bo


Name: CVE-1999-0042

Description:
Buffer overflow in University of Washington's implementation of IMAP and POP servers.

Status: Entry
Reference: NAI:NAI-21
Reference: CERT:CA-97.09.imap_pop
Reference: XF:popimap-bo


Name: CVE-1999-0043

Description:
Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others.

Status: Entry
Reference: CERT:CA-97.08.innd
Reference: XF:inn-controlmsg


Name: CVE-1999-0044

Description:
fsdump command in IRIX allows local users to obtain root access by modifying sensitive files.

Status: Entry
Reference: SGI:19970301-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19970301-01-P
Reference: XF:sgi-fsdump


Name: CVE-1999-0045

Description:
List of arbitrary files on Web host via nph-test-cgi script.

Status: Entry
Reference: CERT:CA-97.07.nph-test-cgi_script
Reference: XF:http-cgi-nph


Name: CVE-1999-0046

Description:
Buffer overflow of rlogin program using TERM environmental variable.

Status: Entry
Reference: CERT:CA-97.06.rlogin-term
Reference: XF:rlogin-termbo


Name: CVE-1999-0047

Description:
MIME conversion buffer overflow in sendmail versions 8.8.3 and 8.8.4.

Status: Entry
Reference: CERT:CA-97.05.sendmail
Reference: BID:685
Reference: URL:http://www.securityfocus.com/bid/685
Reference: XF:sendmail-mime-bo2


Name: CVE-1999-0048

Description:
Talkd, when given corrupt DNS information, can be used to execute arbitrary commands with root privileges.

Status: Entry
Reference: CERT:CA-97.04.talkd
Reference: FREEBSD:FreeBSD-SA-96:21
Reference: AUSCERT:AA-97.01
Reference: SUN:00147
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/147
Reference: XF:talkd-bo
Reference: XF:netkit-talkd


Name: CVE-1999-0049

Description:
Csetup under IRIX allows arbitrary file creation or overwriting.

Status: Entry
Reference: XF:sgi-csetup
Reference: CERT:CA-97.03.csetup


Name: CVE-1999-0050

Description:
Buffer overflow in HP-UX newgrp program.

Status: Entry
Reference: CERT:CA-97.02.hp_newgrp
Reference: AUSCERT:AA-96.16.HP-UX.newgrp.Buffer.Overrun.Vulnerability
Reference: XF:hp-newgrpbo


Name: CVE-1999-0051

Description:
Arbitrary file creation and program execution using FLEXlm LicenseManager, from versions 4.0 to 5.0, in IRIX.

Status: Entry
Reference: XF:sgi-licensemanager
Reference: CERT:CA-97.01.flex_lm
Reference: AUSCERT:AA-96.03


Name: CVE-1999-0052

Description:
IP fragmentation denial of service in FreeBSD allows a remote attacker to cause a crash.

Status: Entry
Reference: FREEBSD:FreeBSD-SA-98:08
Reference: OSVDB:908
Reference: URL:http://www.osvdb.org/908
Reference: XF:freebsd-ip-frag-dos(1389)
Reference: URL:http://xforce.iss.net/xforce/xfdb/1389


Name: CVE-1999-0053

Description:
TCP RST denial of service in FreeBSD.

Status: Entry
Reference: FREEBSD:FreeBSD-SA-98:07
Reference: OSVDB:6094
Reference: URL:http://www.osvdb.org/6094


Name: CVE-1999-0054

Description:
Sun's ftpd daemon can be subjected to a denial of service.

Status: Entry
Reference: SUN:00171
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/171
Reference: XF:sun-ftpd


Name: CVE-1999-0055

Description:
Buffer overflows in Sun libnsl allow root access.

Status: Entry
Reference: SUN:00172
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/172
Reference: AIXAPAR:IX80543
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IX80543&apar=only
Reference: RSI:RSI.0005.05-14-98.SUN.LIBNSL
Reference: XF:sun-libnsl


Name: CVE-1999-0056

Description:
Buffer overflow in Sun's ping program can give root access to local users.

Status: Entry
Reference: SUN:00174
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/174
Reference: XF:sun-ping


Name: CVE-1999-0057

Description:
Vacation program allows command execution by remote users through a sendmail command.

Status: Entry
Reference: NAI:NAI-19
Reference: XF:vacation
Reference: HP:HPSBUX9811-087
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9811-087


Name: CVE-1999-0058

Description:
Buffer overflow in PHP cgi program, php.cgi allows shell access.

Status: Entry
Reference: NAI:NAI-12
Reference: BID:712
Reference: URL:http://www.securityfocus.com/bid/712
Reference: XF:http-cgi-phpbo


Name: CVE-1999-0059

Description:
IRIX fam service allows an attacker to obtain a list of all files on the server.

Status: Entry
Reference: NAI:NAI-16
Reference: BID:353
Reference: URL:http://www.securityfocus.com/bid/353
Reference: OSVDB:164
Reference: URL:http://www.osvdb.org/164
Reference: XF:irix-fam(325)
Reference: URL:http://xforce.iss.net/xforce/xfdb/325


Name: CVE-1999-0060

Description:
Attackers can cause a denial of service in Ascend MAX and Pipeline routers with a malformed packet to the discard port, which is used by the Java Configurator tool.

Status: Entry
Reference: NAI:NAI-26
Reference: XF:ascend-config-kill
Reference: ASCEND:http://www.ascend.com/2695.html


Name: CVE-1999-0062

Description:
The chpass command in OpenBSD allows a local user to gain root access through file descriptor leakage.

Status: Entry
Reference: XF:openbsd-chpass
Reference: NAI:NAI-28
Reference: OSVDB:7559
Reference: URL:http://www.osvdb.org/7559


Name: CVE-1999-0063

Description:
Cisco IOS 12.0 and other versions can be crashed by malicious UDP packets to the syslog port.

Status: Entry
Reference: AUSCERT:ESB-98.197
Reference: CISCO:http://www.cisco.com/warp/public/770/iossyslog-pub.shtml
Reference: XF:cisco-syslog-crash


Name: CVE-1999-0064

Description:
Buffer overflow in AIX lquerylv program gives root access to local users.

Status: Entry
Reference: BUGTRAQ:May28,1997
Reference: XF:lquerylv-bo


Name: CVE-1999-0065

Description:
Multiple buffer overflows in how dtmail handles attachments allows a remote attacker to execute commands.

Status: Entry
Reference: SUN:00181
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/181
Reference: XF:hp-dtmail


Name: CVE-1999-0066

Description:
AnyForm CGI remote execution.

Status: Entry
Reference: BUGTRAQ:19950731 SECURITY HOLE: "AnyForm" CGI
Reference: BID:719
Reference: URL:http://www.securityfocus.com/bid/719
Reference: XF:http-cgi-anyform


Name: CVE-1999-0067

Description:
phf CGI program allows remote command execution through shell metacharacters.

Status: Entry
Reference: BUGTRAQ:19960923 PHF Attacks - Fun and games for the whole family
Reference: CERT:CA-1996-06
Reference: URL:http://www.cert.org/advisories/CA-1996-06.html
Reference: AUSCERT:AA-96.01
Reference: BID:629
Reference: URL:http://www.securityfocus.com/bid/629
Reference: OSVDB:136
Reference: URL:http://www.osvdb.org/136
Reference: XF:http-cgi-phf


Name: CVE-1999-0068

Description:
CGI PHP mylog script allows an attacker to read any file on the target server.

Status: Entry
Reference: BUGTRAQ:19971019 Vulnerability in PHP Example Logging Scripts
Reference: XF:http-cgi-php-mylog
Reference: BID:713
Reference: URL:http://www.securityfocus.com/bid/713
Reference: OSVDB:3396
Reference: URL:http://www.osvdb.org/3396


Name: CVE-1999-0069

Description:
Solaris ufsrestore buffer overflow.

Status: Entry
Reference: SUN:00169
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/169
Reference: XF:sun-ufsrestore
Reference: OSVDB:8158
Reference: URL:http://www.osvdb.org/8158


Name: CVE-1999-0070

Description:
test-cgi program allows an attacker to list files on the server.

Status: Entry
Reference: XF:http-cgi-test


Name: CVE-1999-0071

Description:
Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.

Status: Entry
Reference: XF:http-apache-cookie
Reference: NAI:NAI-2


Name: CVE-1999-0072

Description:
Buffer overflow in AIX xdat gives root access to local users.

Status: Entry
Reference: ERS:ERS-SVA-E01-1997:004.1
Reference: XF:ibm-xdat


Name: CVE-1999-0073

Description:
Telnet allows a remote client to specify environment variables including LD_LIBRARY_PATH, allowing an attacker to bypass the normal system libraries and gain root access.

Status: Entry
Reference: CERT:CA-95:14.Telnetd_Environment_Vulnerability
Reference: XF:linkerbug


Name: CVE-1999-0074

Description:
Listening TCP ports are sequentially allocated, allowing spoofing attacks.

Status: Entry
Reference: XF:seqport


Name: CVE-1999-0075

Description:
PASV core dump in wu-ftpd daemon when attacker uses a QUOTE PASV command after specifying a username and password.

Status: Entry
Reference: BUGTRAQ:19961016 Re: ftpd bug? Was: bin/1805: Bug in ftpd
Reference: XF:ftp-pasvcore
Reference: OSVDB:5742
Reference: URL:http://www.osvdb.org/5742


Name: CVE-1999-0077

Description:
Predictable TCP sequence numbers allow spoofing.

Status: Entry
Reference: XF:tcp-seq-predict(139)
Reference: URL:http://xforce.iss.net/static/139.php


Name: CVE-1999-0079

Description:
Remote attackers can cause a denial of service in FTP by issuing multiple PASV commands, causing the server to run out of available ports.

Status: Entry
Reference: XF:ftp-pasv-dos
Reference: XF:ftp-pasvdos


Name: CVE-1999-0080

Description:
Certain configurations of wu-ftp FTP server 2.4 use a _PATH_EXECPATH setting to a directory with dangerous commands, such as /bin, which allows remote authenticated users to gain root access via the "site exec" command.

Status: Entry
Reference: BUGTRAQ:19950531 SECURITY: problem with some wu-ftpd-2.4 binaries (fwd)
Reference: CERT:CA-95:16.wu-ftpd.vul
Reference: XF:ftp-execdotdot


Name: CVE-1999-0081

Description:
wu-ftp allows files to be overwritten via the rnfr command.

Status: Entry
Reference: XF:ftp-rnfr


Name: CVE-1999-0082

Description:
CWD ~root command in ftpd allows root access.

Status: Entry
Reference: XF:ftp-cwd
Reference: FarmerVenema:Improving the Security of Your Site by Breaking Into it
Reference: URL:http://www.alw.nih.gov/Security/Docs/admin-guide-to-cracking.101.html


Name: CVE-1999-0083

Description:
getcwd() file descriptor leak in FTP.

Status: Entry
Reference: XF:cwdleak


Name: CVE-1999-0084

Description:
Certain NFS servers allow users to use mknod to gain privileges by creating a writable kmem device and setting the UID to 0.

Status: Entry
Reference: XF:nfs-mknod(78)
Reference: URL:http://xforce.iss.net/xforce/xfdb/78


Name: CVE-1999-0085

Description:
Buffer overflow in rwhod on AIX and other operating systems allows remote attackers to execute arbitrary code via a UDP packet with a long hostname.

Status: Entry
Reference: BUGTRAQ:19960821 rwhod buffer overflow
Reference: XF:rwhod(119)
Reference: URL:http://xforce.iss.net/xforce/xfdb/119
Reference: XF:rwhod-vuln(118)
Reference: URL:http://xforce.iss.net/xforce/xfdb/118


Name: CVE-1999-0087

Description:
Denial of service in AIX telnet can freeze a system and prevent users from accessing the server.

Status: Entry
Reference: XF:ibm-telnetdos
Reference: ERS:ERS-SVA-E01-1998:003.1
Reference: OSVDB:7992
Reference: URL:http://www.osvdb.org/7992


Name: CVE-1999-0090

Description:
Buffer overflow in AIX rcp command allows local users to obtain root access.

Status: Entry
Reference: ERS:ERS-SVA-E01-1997:005.1
Reference: XF:ibm-rcp


Name: CVE-1999-0091

Description:
Buffer overflow in AIX writesrv command allows local users to obtain root access.

Status: Entry
Reference: ERS:ERS-SVA-E01-1997:005.1
Reference: XF:ibm-writesrv


Name: CVE-1999-0093

Description:
AIX nslookup command allows local users to obtain root access by not dropping privileges correctly.

Status: Entry
Reference: ERS:ERS-SVA-E01-1997:008.1
Reference: XF:ibm-nslookup


Name: CVE-1999-0094

Description:
AIX piodmgrsu command allows local users to gain additional group privileges.

Status: Entry
Reference: ERS:ERS-SVA-E01-1997:007.1
Reference: XF:ibm-piodmgrsu


Name: CVE-1999-0095

Description:
The debug command in Sendmail is enabled, allowing attackers to execute commands as root.

Status: Entry
Reference: CERT:CA-88.01
Reference: CERT:CA-93.14
Reference: BID:1
Reference: URL:http://www.securityfocus.com/bid/1
Reference: OSVDB:195
Reference: URL:http://www.osvdb.org/195
Reference: XF:smtp-debug


Name: CVE-1999-0096

Description:
Sendmail decode alias can be used to overwrite sensitive files.

Status: Entry
Reference: CERT:CA-93.16
Reference: CERT:CA-95.05
Reference: CIAC:A-13
Reference: CIAC:A-14
Reference: SUN:00122
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/122&type=0&nav=sec.sba
Reference: XF:smtp-dcod


Name: CVE-1999-0097

Description:
The AIX FTP client can be forced to execute commands from a malicious server through shell metacharacters (e.g. a pipe character).

Status: Entry
Reference: ERS:ERS-SVA-E01-1997:009.1
Reference: XF:ibm-ftp


Name: CVE-1999-0099

Description:
Buffer overflow in syslog utility allows local or remote attackers to gain root privileges.

Status: Entry
Reference: CERT:CA-95.13.syslog.vul
Reference: XF:smtp-syslog


Name: CVE-1999-0100

Description:
Remote access in AIX innd 1.5.1, using control messages.

Status: Entry
Reference: ERS:ERS-SVA-E01-1997:002.1
Reference: XF:inn-controlmsg


Name: CVE-1999-0101

Description:
Buffer overflow in AIX and Solaris "gethostbyname" library call allows root access through corrupt DNS host names.

Status: Entry
Reference: ERS:ERS-SVA-E01-1997:001.1
Reference: ERS:ERS-SVA-E01-1996:007.1
Reference: SUN:00137a
Reference: CIAC:H-13
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/h-13.shtml
Reference: NAI:NAI-1
Reference: XF:ghbn-bo


Name: CVE-1999-0102

Description:
Buffer overflow in SLmail 3.x allows attackers to execute commands using a large FROM line.

Status: Entry
Reference: XF:slmail-fromheader-overflow


Name: CVE-1999-0103

Description:
Echo and chargen, or other combinations of UDP services, can be used in tandem to flood the server, a.k.a. UDP bomb or UDP packet storm.

Status: Entry
Reference: CERT:CA-96.01.UDP_service_denial
Reference: XF:echo
Reference: XF:chargen
Reference: XF:chargen-patch


Name: CVE-1999-0108

Description:
The printers program in IRIX has a buffer overflow that gives root access to local users.

Status: Entry
Reference: BUGTRAQ:another day, another buffer overflow...
Reference: XF:printers-bo


Name: CVE-1999-0109

Description:
Buffer overflow in ffbconfig in Solaris 2.5.1.

Status: Entry
Reference: SUN:00140
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/140
Reference: AUSCERT:AA-97.06
Reference: XF:ffbconfig-bo


Name: CVE-1999-0111

Description:
RIP v1 is susceptible to spoofing.

Status: Entry
Reference: XF:rip


Name: CVE-1999-0112

Description:
Buffer overflow in AIX dtterm program for the CDE.

Status: Entry
Reference: BUGTRAQ:19970520 AIX 4.2 dtterm exploit
Reference: XF:dtterm-bo(878)
Reference: URL:http://xforce.iss.net/xforce/xfdb/878


Name: CVE-1999-0113

Description:
Some implementations of rlogin allow root access if given a -froot parameter.

Status: Entry
Reference: BUGTRAQ:19940729 -froot??? (AIX rlogin bug)
Reference: CERT:CA-94.09.bin.login.vulnerability
Reference: CIAC:E-26
Reference: BID:458
Reference: URL:http://www.securityfocus.com/bid/458
Reference: XF:rlogin-froot


Name: CVE-1999-0115

Description:
AIX bugfiler program allows local users to gain root access.

Status: Entry
Reference: BUGTRAQ:19970909 AIX bugfiler
Reference: XF:ibm-bugfiler
Reference: BID:1800
Reference: URL:http://www.securityfocus.com/bid/1800


Name: CVE-1999-0116

Description:
Denial of service when an attacker sends many SYN packets to create multiple connections without ever sending an ACK to complete the connection, aka SYN flood.

Status: Entry
Reference: CERT:CA-96.21.tcp_syn.flooding
Reference: SGI:19961202-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19961202-01-PX
Reference: SUN:00136
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/136


Name: CVE-1999-0117

Description:
AIX passwd allows local users to gain root access.

Status: Entry
Reference: XF:ibm-passwd
Reference: CERT:CA-92:07.AIX.passwd.vulnerability


Name: CVE-1999-0118

Description:
AIX infod allows local users to gain root access through an X display.

Status: Entry
Reference: BUGTRAQ:19981119 RSI.0011.11-09-98.AIX.INFOD
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91158980826979&w=2
Reference: XF:aix-infod


Name: CVE-1999-0120

Description:
Sun/Solaris utmp file allows local users to gain root access if it is writable by users other than root.

Status: Entry
Reference: SUN:00126
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/126
Reference: CERT:CA-94.06.utmp.vulnerability
Reference: XF:utmp-write


Name: CVE-1999-0122

Description:
Buffer overflow in AIX lchangelv gives root access.

Status: Entry
Reference: BUGTRAQ:Jul21,1999
Reference: XF:lchangelv-bo


Name: CVE-1999-0124

Description:
Vulnerabilities in UMN gopher and gopher+ versions 1.12 and 2.0x allow an intruder to read any files that can be accessed by the gopher daemon.

Status: Entry
Reference: CERT:CA-93:11.UMN.UNIX.gopher.vulnerability
Reference: XF:gopher-vuln


Name: CVE-1999-0125

Description:
Buffer overflow in SGI IRIX mailx program.

Status: Entry
Reference: XF:sgi-mailx-bo
Reference: SGI:19980605-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980605-01-PX


Name: CVE-1999-0126

Description:
SGI IRIX buffer overflow in xterm and Xaw allows root access.

Status: Entry
Reference: CERT:VB-98.04.xterm.Xaw
Reference: CIAC:J-010
Reference: URL:http://www.ciac.org/ciac/bulletins/j-010.shtml
Reference: XF:xfree86-xterm-xaw
Reference: XF:xfree86-xaw


Name: CVE-1999-0128

Description:
Oversized ICMP ping packets can result in a denial of service, aka Ping o' Death.

Status: Entry
Reference: XF:ping-death
Reference: CERT:CA-96.26.ping


Name: CVE-1999-0129

Description:
Sendmail allows local users to write to a file and gain group permissions via a .forward or :include: file.

Status: Entry
Reference: CERT:CA-96.25.sendmail_groups


Name: CVE-1999-0130

Description:
Local users can start Sendmail in daemon mode and gain root privileges.

Status: Entry
Reference: CERT:CA-96.24.sendmail.daemon.mode
Reference: BID:716
Reference: URL:http://www.securityfocus.com/bid/716
Reference: XF:sendmail-daemon-mode


Name: CVE-1999-0131

Description:
Buffer overflow and denial of service in Sendmail 8.7.5 and earlier through GECOS field gives root access to local users.

Status: Entry
Reference: CERT:CA-96.20.sendmail_vul
Reference: XF:smtp-875bo
Reference: BID:717
Reference: URL:http://www.securityfocus.com/bid/717


Name: CVE-1999-0132

Description:
Expreserve, as used in vi and ex, allows local users to overwrite arbitrary files and gain root access.

Status: Entry
Reference: CERT:CA-1996-19
Reference: URL:http://www.cert.org/advisories/CA-1996-19.html
Reference: OSVDB:11723
Reference: URL:http://www.osvdb.org/11723
Reference: XF:expreserve(401)
Reference: URL:http://xforce.iss.net/xforce/xfdb/401


Name: CVE-1999-0133

Description:
fm_fls license server for Adobe Framemaker allows local users to overwrite arbitrary files and gain root access.

Status: Entry
Reference: CERT:CA-96.18.fm_fls
Reference: XF:fmaker-logfile


Name: CVE-1999-0134

Description:
vold in Solaris 2.x allows local users to gain root access.

Status: Entry
Reference: XF:sol-voldtmp
Reference: CERT:CA-96.17.Solaris_vold_vul
Reference: AUSCERT:AL-96.04
Reference: OSVDB:8159
Reference: URL:http://www.osvdb.org/8159


Name: CVE-1999-0135

Description:
admintool in Solaris allows a local user to write to arbitrary files and gain root access.

Status: Entry
Reference: XF:sun-admintool
Reference: CERT:CA-96.16.Solaris_admintool_vul
Reference: AUSCERT:AL-96.03


Name: CVE-1999-0136

Description:
Kodak Color Management System (KCMS) on Solaris allows a local user to write to arbitrary files and gain root access.

Status: Entry
Reference: XF:sol-KCMSvuln
Reference: AUSCERT:AL-96.02
Reference: CERT:CA-96.15.Solaris_KCMS_vul


Name: CVE-1999-0137

Description:
The dip program on many Linux systems allows local users to gain root access via a buffer overflow.

Status: Entry
Reference: XF:linux-dipbo
Reference: CERT:CA-96.13.dip_vul
Reference: XF:dip-bo


Name: CVE-1999-0138

Description:
The suidperl and sperl program do not give up root privileges when changing UIDs back to the original users, allowing root access.

Status: Entry
Reference: CERT:CA-96.12.suidperl_vul
Reference: XF:sperl-suid


Name: CVE-1999-0139

Description:
Buffer overflow in Solaris x86 mkcookie allows local users to obtain root access.

Status: Entry
Reference: XF:sol-mkcookie
Reference: RSI:RSI.0012.12-03-98.SOLARIS.MKCOOKIE
Reference: OSVDB:8205
Reference: URL:http://www.osvdb.org/8205


Name: CVE-1999-0141

Description:
Java Bytecode Verifier allows malicious applets to execute arbitrary commands as the user of the applet.

Status: Entry
Reference: XF:http-java-applet
Reference: CERT:CA-96.07.java_bytecode_verifier
Reference: SUN:00134
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/134


Name: CVE-1999-0142

Description:
The Java Applet Security Manager implementation in Netscape Navigator 2.0 and Java Developer's Kit 1.0 allows an applet to connect to arbitrary hosts.

Status: Entry
Reference: CERT:CA-96.05.java_applet_security_mgr
Reference: XF:http-java-appletsecmgr


Name: CVE-1999-0143

Description:
Kerberos 4 key servers allow a user to masquerade as another by breaking and generating session keys.

Status: Entry
Reference: CERT:CA-96.03.kerberos_4_key_server
Reference: XF:kerberos-bf


Name: CVE-1999-0145

Description:
Sendmail WIZ command enabled, allowing root access.

Status: Entry
Reference: CERT:CA-1990-11
Reference: URL:http://www.cert.org/advisories/CA-1990-11.html
Reference: CERT:CA-1993-14
Reference: URL:http://www.cert.org/advisories/CA-1993-14.html
Reference: BUGTRAQ:19950206 sendmail wizard thing...
Reference: URL:http://www2.dataguard.no/bugtraq/1995_1/0332.html
Reference: FarmerVenema:Improving the Security of Your Site by Breaking Into it
Reference: URL:http://www.alw.nih.gov/Security/Docs/admin-guide-to-cracking.101.html


Name: CVE-1999-0146

Description:
The campas CGI program provided with some NCSA web servers allows an attacker to execute arbitrary commands via encoded carriage return characters in the query string, as demonstrated by reading the password file.

Status: Entry
Reference: BUGTRAQ:19970715 Bug CGI campas
Reference: BID:1975
Reference: URL:http://www.securityfocus.com/bid/1975
Reference: XF:http-cgi-campas(298)
Reference: URL:http://xforce.iss.net/xforce/xfdb/298


Name: CVE-1999-0147

Description:
The aglimpse CGI program of the Glimpse package allows remote execution of arbitrary commands.

Status: Entry
Reference: XF:http-cgi-glimpse
Reference: AUSCERT:AA-97.28


Name: CVE-1999-0148

Description:
The handler CGI program in IRIX allows arbitrary command execution.

Status: Entry
Reference: SGI:19970501-02-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19970501-02-PX
Reference: BID:380
Reference: URL:http://www.securityfocus.com/bid/380
Reference: XF:http-sgi-handler


Name: CVE-1999-0149

Description:
The wrap CGI program in IRIX allows remote attackers to view arbitrary directory listings via a .. (dot dot) attack.

Status: Entry
Reference: BUGTRAQ:19970420 IRIX 6.x /cgi-bin/wrap bug
Reference: SGI:19970501-02-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19970501-02-PX
Reference: BID:373
Reference: URL:http://www.securityfocus.com/bid/373
Reference: OSVDB:247
Reference: URL:http://www.osvdb.org/247
Reference: XF:http-sgi-wrap(290)
Reference: URL:http://xforce.iss.net/xforce/xfdb/290


Name: CVE-1999-0150

Description:
The Perl fingerd program allows arbitrary command execution from remote users.

Status: Entry
Reference: XF:perl-fingerd


Name: CVE-1999-0151

Description:
The SATAN session key may be disclosed if the user points the web browser to other sites, possibly allowing root access.

Status: Entry
Reference: CERT:CA-95.07a.REVISED.satan.vul
Reference: CERT:CA-95.06.satan.vul


Name: CVE-1999-0152

Description:
The DG/UX finger daemon allows remote command execution through shell metacharacters.

Status: Entry
Reference: BUGTRAQ:19970811 dgux in.fingerd vulnerability
Reference: XF:dgux-fingerd


Name: CVE-1999-0153

Description:
Windows 95/NT out of band (OOB) data denial of service through NETBIOS port, aka WinNuke.

Status: Entry
Reference: XF:win-oob
Reference: OSVDB:1666
Reference: URL:http://www.osvdb.org/1666


Name: CVE-1999-0155

Description:
The ghostscript command with the -dSAFER option allows remote attackers to execute commands.

Status: Entry
Reference: XF:gscript-dsafer
Reference: CERT:CA-95.10.ghostscript


Name: CVE-1999-0157

Description:
Cisco PIX firewall and CBAC IP fragmentation attack results in a denial of service.

Status: Entry
Reference: CISCO:http://www.cisco.com/warp/public/770/nifrag.shtml
Reference: XF:cisco-fragmented-attacks
Reference: OSVDB:1097
Reference: URL:http://www.osvdb.org/1097


Name: CVE-1999-0158

Description:
Cisco PIX firewall manager (PFM) on Windows NT allows attackers to connect to port 8080 on the PFM server and retrieve any file whose name and location is known.

Status: Entry
Reference: CISCO:20010913 Cisco PIX Firewall Manager File Exposure
Reference: URL:http://www.cisco.com/warp/public/770/pixmgrfile-pub.shtml
Reference: XF:cisco-pix-file-exposure
Reference: OSVDB:685
Reference: URL:http://www.osvdb.org/685


Name: CVE-1999-0159

Description:
Attackers can crash a Cisco IOS router or device, provided they can get to an interactive prompt (such as a login). This applies to some IOS 9.x, 10.x, and 11.x releases.

Status: Entry
Reference: CISCO:http://www.cisco.com/warp/public/770/ioslogin-pub.shtml
Reference: XF:cisco-ios-crash


Name: CVE-1999-0160

Description:
Some classic Cisco IOS devices have a vulnerability in the PPP CHAP authentication to establish unauthorized PPP connections.

Status: Entry
Reference: CISCO:19971001 Vulnerabilities in Cisco CHAP Authentication
Reference: CIAC:I-002A
Reference: OSVDB:1099
Reference: URL:http://www.osvdb.org/1099
Reference: XF:cisco-chap


Name: CVE-1999-0161

Description:
In Cisco IOS 10.3, with the tacacs-ds or tacacs keyword, an extended IP access control list could bypass filtering.

Status: Entry
Reference: CISCO:http://www.cisco.com/warp/public/707/1.html
Reference: XF:cisco-acl-tacacs
Reference: OSVDB:797
Reference: URL:http://www.osvdb.org/797


Name: CVE-1999-0162

Description:
The "established" keyword in some Cisco IOS software allowed an attacker to bypass filtering.

Status: Entry
Reference: CISCO:19950601 "Established" Keyword May Allow Packets to Bypass Filter
Reference: XF:cisco-acl-established


Name: CVE-1999-0164

Description:
A race condition in the Solaris ps command allows an attacker to overwrite critical files.

Status: Entry
Reference: XF:sol-pstmprace
Reference: AUSCERT:AA-95.07
Reference: CERT:CA-95.09.Solaris.ps.vul
Reference: OSVDB:8346
Reference: URL:http://www.osvdb.org/8346


Name: CVE-1999-0166

Description:
NFS allows users to use a "cd .." command to access other directories besides the exported file system.

Status: Entry
Reference: XF:nfs-cd


Name: CVE-1999-0167

Description:
In SunOS, NFS file handles could be guessed, giving unauthorized access to the exported file system.

Status: Entry
Reference: XF:nfs-guess
Reference: CERT:CA-91.21.SunOS.NFS.Jumbo.and.fsirand


Name: CVE-1999-0168

Description:
The portmapper may act as a proxy and redirect service requests from an attacker, making the request appear to come from the local host, possibly bypassing authentication that would otherwise have taken place. For example, NFS file systems could be mounted through the portmapper despite export restrictions.

Status: Entry
Reference: XF:nfs-portmap


Name: CVE-1999-0170

Description:
Remote attackers can mount an NFS file system in Ultrix or OSF, even if it is denied on the access list.

Status: Entry
Reference: XF:nfs-ultrix


Name: CVE-1999-0172

Description:
FormMail CGI program allows remote execution of commands.

Status: Entry
Reference: XF:http-cgi-formmail-exe
Reference: BUGTRAQ:Aug02,1995


Name: CVE-1999-0173

Description:
FormMail CGI program can be used by web servers other than the host server that the program resides on.

Status: Entry
Reference: XF:http-cgi-formmail-use


Name: CVE-1999-0174

Description:
The view-source CGI program allows remote attackers to read arbitrary files via a .. (dot dot) attack.

Status: Entry
Reference: BUGTRAQ:19970208 view-source
Reference: XF:http-cgi-viewsrc


Name: CVE-1999-0175

Description:
The convert.bas program in the Novell web server allows a remote attackers to read any file on the system that is internally accessible by the web server.

Status: Entry
Reference: XF:http-nov-convert


Name: CVE-1999-0176

Description:
The Webgais program allows a remote user to execute arbitrary commands.

Status: Entry
Reference: BUGTRAQ:Jul10,1997
Reference: XF:http-webgais-query


Name: CVE-1999-0177

Description:
The uploader program in the WebSite web server allows a remote attacker to execute arbitrary programs.

Status: Entry
Reference: NTBUGTRAQ:19970904 [Alert] Website's uploader.exe (from demo) vulnerable
Reference: NTBUGTRAQ:19970905 Re: FW: [Alert] Website's uploader.exe (from demo) vulnerable
Reference: BUGTRAQ:19970904 [Alert] Website's uploader.exe (from demo) vulnerable
Reference: XF:http-website-uploader


Name: CVE-1999-0178

Description:
Buffer overflow in the win-c-sample program (win-c-sample.exe) in the WebSite web server 1.1e allows remote attackers to execute arbitrary code via a long query string.

Status: Entry
Reference: BUGTRAQ:19970106 Re: signal handling
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/1997_1/0021.html
Reference: BID:2078
Reference: URL:http://www.securityfocus.com/bid/2078
Reference: OSVDB:8
Reference: URL:http://www.osvdb.org/8
Reference: XF:http-website-winsample(295)
Reference: URL:http://xforce.iss.net/xforce/xfdb/295


Name: CVE-1999-0179

Description:
Windows NT crashes or locks up when a Samba client executes a "cd .." command on a file share.

Status: Entry
Reference: MSKB:Q140818
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q140818
Reference: XF:nt-samba-dotdot
Reference: XF:nt-351
Reference: XF:nt-35


Name: CVE-1999-0180

Description:
in.rshd allows users to login with a NULL username and execute commands.

Status: Entry
Reference: XF:rsh-null


Name: CVE-1999-0181

Description:
The wall daemon can be used for denial of service, social engineering attacks, or to execute remote commands.

Status: Entry
Reference: XF:walld


Name: CVE-1999-0182

Description:
Samba has a buffer overflow which allows a remote attacker to obtain root access by specifying a long password.

Status: Entry
Reference: CIAC:H-110
Reference: URL:http://www.ciac.org/ciac/bulletins/h-110.shtml
Reference: CERT:VB-97.10.samba
Reference: XF:nt-samba-bo


Name: CVE-1999-0183

Description:
Linux implementations of TFTP would allow access to files outside the restricted directory.

Status: Entry
Reference: XF:linux-tftp


Name: CVE-1999-0184

Description:
When compiled with the -DALLOW_UPDATES option, bind allows dynamic updates to the DNS server, allowing for malicious modification of DNS records.

Status: Entry
Reference: XF:dns-updates


Name: CVE-1999-0185

Description:
In SunOS or Solaris, a remote user could connect from an FTP server's data port to an rlogin server on a host that trusts the FTP server, allowing remote command execution.

Status: Entry
Reference: SUN:00156
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/156
Reference: XF:sun-ftpd/logind


Name: CVE-1999-0188

Description:
The passwd command in Solaris can be subjected to a denial of service.

Status: Entry
Reference: SUN:00182
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/182
Reference: XF:sun-passwd-dos


Name: CVE-1999-0189

Description:
Solaris rpcbind listens on a high numbered UDP port, which may not be filtered since the standard port number is 111.

Status: Entry
Reference: NAI:NAI-15
Reference: SUN:00142
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/142
Reference: XF:rpc-32771


Name: CVE-1999-0190

Description:
Solaris rpcbind can be exploited to overwrite arbitrary files and gain root access.

Status: Entry
Reference: SUN:00167
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/167
Reference: XF:sun-rpcbind


Name: CVE-1999-0191

Description:
IIS newdsn.exe CGI script allows remote users to overwrite files.

Status: Entry
Reference: XF:http-cgi-newdsn
Reference: OSVDB:275
Reference: URL:http://www.osvdb.org/275


Name: CVE-1999-0192

Description:
Buffer overflow in telnet daemon tgetent routing allows remote attackers to gain root access via the TERMCAP environmental variable.

Status: Entry
Reference: SNI:SNI-20
Reference: XF:bsd-tel-tgetent


Name: CVE-1999-0194

Description:
Denial of service in in.comsat allows attackers to generate messages.

Status: Entry
Reference: XF:comsat


Name: CVE-1999-0196

Description:
websendmail in Webgais 1.0 allows a remote user to access arbitrary files and execute arbitrary code via the receiver parameter ($VAR_receiver variable).

Status: Entry
Reference: BUGTRAQ:19970704 Vulnerability in websendmail
Reference: BID:2077
Reference: URL:http://www.securityfocus.com/bid/2077
Reference: OSVDB:237
Reference: URL:http://www.osvdb.org/237
Reference: XF:http-webgais-smail


Name: CVE-1999-0201

Description:
A quote cwd command on FTP servers can reveal the full path of the home directory of the "ftp" user.

Status: Entry
Reference: XF:ftp-home


Name: CVE-1999-0202

Description:
The GNU tar command, when used in FTP sessions, may allow an attacker to execute arbitrary commands.

Status: Entry
Reference: XF:ftp-exectar


Name: CVE-1999-0203

Description:
In Sendmail, attackers can gain root privileges via SMTP by specifying an improper "mail from" address and an invalid "rcpt to" address that would cause the mail to bounce to a program.

Status: Entry
Reference: CERT:CA-95.08
Reference: CIAC:E-03
Reference: XF:smtp-sendmail-version5


Name: CVE-1999-0204

Description:
Sendmail 8.6.9 allows remote attackers to execute root commands, using ident.

Status: Entry
Reference: XF:ident-bo
Reference: CIAC:F-13


Name: CVE-1999-0206

Description:
MIME buffer overflow in Sendmail 8.8.0 and 8.8.1 gives root access.

Status: Entry
Reference: XF:sendmail-mime-bo
Reference: AUSCERT:AA-96.06a


Name: CVE-1999-0207

Description:
Remote attacker can execute commands through Majordomo using the Reply-To field and a "lists" command.

Status: Entry
Reference: XF:majordomo-exe
Reference: CERT:CA-94.11.majordomo.vulnerabilities


Name: CVE-1999-0208

Description:
rpc.ypupdated (NIS) allows remote users to execute arbitrary commands.

Status: Entry
Reference: XF:rpc-update
Reference: CERT:CA-95.17.rpc.ypupdated.vul


Name: CVE-1999-0209

Description:
The SunView (SunTools) selection_svc facility allows remote users to read files.

Status: Entry
Reference: CERT:CA-90.05.sunselection.vulnerability
Reference: BID:8
Reference: URL:http://www.securityfocus.com/bid/8
Reference: XF:selsvc


Name: CVE-1999-0210

Description:
Automount daemon automountd allows local or remote users to gain privileges via shell metacharacters.

Status: Entry
Reference: BUGTRAQ:19971126 Solaris 2.5.1 automountd exploit (fwd)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88053459921223&w=2
Reference: BUGTRAQ:19990103 SUN almost has a clue! (automountd)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91547759121289&w=2
Reference: HP:HPSBUX9910-104
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9910-104
Reference: CERT:CA-99-05
Reference: URL:http://www.cert.org/advisories/CA-99-05-statd-automountd.html
Reference: BID:235
Reference: URL:http://www.securityfocus.com/bid/235


Name: CVE-1999-0211

Description:
Extra long export lists over 256 characters in some mount daemons allows NFS directories to be mounted by anyone.

Status: Entry
Reference: CERT:CA-94.02.REVISED.SunOS.rpc.mountd.vulnerability
Reference: BID:24
Reference: URL:http://www.securityfocus.com/bid/24


Name: CVE-1999-0212

Description:
Solaris rpc.mountd generates error messages that allow a remote attacker to determine what files are on the server.

Status: Entry
Reference: SUN:00168
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/168
Reference: CIAC:I-048
Reference: URL:http://www.ciac.org/ciac/bulletins/i-048.shtml
Reference: XF:sun-mountd


Name: CVE-1999-0214

Description:
Denial of service by sending forged ICMP unreachable packets.

Status: Entry
Reference: XF:icmp-unreachable


Name: CVE-1999-0215

Description:
Routed allows attackers to append data to files.

Status: Entry
Reference: SGI:19981004-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19981004-01-PX
Reference: CIAC:J-012
Reference: URL:http://www.ciac.org/ciac/bulletins/j-012.shtml
Reference: XF:ripapp


Name: CVE-1999-0217

Description:
Malicious option settings in UDP packets could force a reboot in SunOS 4.1.3 systems.

Status: Entry
Reference: XF:udp-bomb


Name: CVE-1999-0218

Description:
Livingston portmaster machines could be rebooted via a series of commands.

Status: Entry
Reference: XF:portmaster-reboot


Name: CVE-1999-0219

Description:
Buffer overflow in FTP Serv-U 2.5 allows remote authenticated users to cause a denial of service (crash) via a long (1) CWD or (2) LS (list) command.

Status: Entry
Reference: NTBUGTRAQ:19990503 Buffer overflows in FTP Serv-U 2.5
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92574916930144&w=2
Reference: NTBUGTRAQ:19990504 Re: Buffer overflows in FTP Serv-U 2.5
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92582581330282&w=2
Reference: BUGTRAQ:19990909 Exploit: Serv-U Ver2.5 FTPd Win9x/NT
Reference: BID:269
Reference: URL:http://www.securityfocus.com/bid/269
Reference: XF:ftp-servu(205)
Reference: URL:http://xforce.iss.net/xforce/xfdb/205


Name: CVE-1999-0221

Description:
Denial of service of Ascend routers through port 150 (remote administration).

Status: Entry
Reference: XF:ascend-150-kill


Name: CVE-1999-0223

Description:
Solaris syslogd crashes when receiving a message from a host that doesn't have an inverse DNS entry.

Status: Entry
Reference: BUGTRAQ:19961109 Syslogd and Solaris 2.4
Reference: SUNBUG:1249320
Reference: CONFIRM:http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?patchid=103291&collection=fpatches
Reference: XF:sol-syslogd-crash
Reference: BID:1878
Reference: URL:http://www.securityfocus.com/bid/1878


Name: CVE-1999-0224

Description:
Denial of service in Windows NT messenger service through a long username.

Status: Entry
Reference: XF:nt-messenger


Name: CVE-1999-0225

Description:
Windows NT 4.0 allows remote attackers to cause a denial of service via a malformed SMB logon request in which the actual data size does not match the specified size.

Status: Entry
Reference: NAI:19980214 Windows NT Logon Denial of Service
Reference: URL:http://www.nai.com/nai_labs/asp_set/advisory/25_windows_nt_dos_adv.asp
Reference: MSKB:Q180963
Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=180963
Reference: XF:nt-logondos


Name: CVE-1999-0227

Description:
Access violation in LSASS.EXE (LSA/LSARPC) program in Windows NT allows a denial of service.

Status: Entry
Reference: MSKB:Q154087
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q154087
Reference: XF:nt-lsass-crash


Name: CVE-1999-0228

Description:
Denial of service in RPCSS.EXE program (RPC Locator) in Windows NT.

Status: Entry
Reference: XF:nt-rpc-ver
Reference: MSKB:Q162567
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q162567


Name: CVE-1999-0230

Description:
Buffer overflow in Cisco 7xx routers through the telnet service.

Status: Entry
Reference: CISCO:http://www.cisco.com/warp/public/770/pwbuf-pub.shtml
Reference: OSVDB:1102
Reference: URL:http://www.osvdb.org/1102


Name: CVE-1999-0233

Description:
IIS 1.0 allows users to execute arbitrary commands using .bat or .cmd files.

Status: Entry
Reference: MSKB:Q148188
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q148188
Reference: MSKB:Q155056
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q155056
Reference: XF:http-iis-cmd


Name: CVE-1999-0234

Description:
Bash treats any character with a value of 255 as a command separator.

Status: Entry
Reference: XF:bash-cmd
Reference: CERT:CA-96.22.bash_vuls


Name: CVE-1999-0236

Description:
ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.

Status: Entry
Reference: XF:http-scriptalias


Name: CVE-1999-0237

Description:
Remote execution of arbitrary commands through Guestbook CGI program.

Status: Entry
Reference: XF:http-cgi-guestbook
Reference: CERT:VB-97.02


Name: CVE-1999-0239

Description:
Netscape FastTrack Web server lists files when a lowercase "get" command is used instead of an uppercase GET.

Status: Entry
Reference: XF:fastrack-get-directory-list
Reference: OSVDB:122
Reference: URL:http://www.osvdb.org/122


Name: CVE-1999-0244

Description:
Livingston RADIUS code has a buffer overflow which can allow remote execution of commands as root.

Status: Entry
Reference: NAI:NAI-23
Reference: XF:radius-accounting-overflow


Name: CVE-1999-0245

Description:
Some configurations of NIS+ in Linux allowed attackers to log in as the user "+".

Status: Entry
Reference: BUGTRAQ:19950907 Linux NIS security problem hole and fix
Reference: XF:linux-plus


Name: CVE-1999-0247

Description:
Buffer overflow in nnrpd program in INN up to version 1.6 allows remote users to execute arbitrary commands.

Status: Entry
Reference: NAI:19970721 INN news server vulnerabilities
Reference: URL:http://www.nai.com/nai_labs/asp_set/advisory/17_inn_avd.asp
Reference: BID:1443
Reference: URL:http://www.securityfocus.com/bid/1443
Reference: XF:inn-bo


Name: CVE-1999-0248

Description:
A race condition in the authentication agent mechanism of sshd 1.2.17 allows an attacker to steal another user's credentials.

Status: Entry
Reference: MISC:http://oliver.efri.hr/~crv/security/bugs/mUNIXes/ssh2.html
Reference: CONFIRM:http://www.uni-karlsruhe.de/~ig25/ssh-faq/ssh-faq-6.html#ss6.1


Name: CVE-1999-0251

Description:
Denial of service in talk program allows remote attackers to disrupt a user's display.

Status: Entry
Reference: XF:talkd-flash


Name: CVE-1999-0252

Description:
Buffer overflow in listserv allows arbitrary command execution.

Status: Entry
Reference: XF:smtp-listserv


Name: CVE-1999-0256

Description:
Buffer overflow in War FTP allows remote execution of commands.

Status: Entry
Reference: XF:war-ftpd
Reference: OSVDB:875
Reference: URL:http://www.osvdb.org/875


Name: CVE-1999-0259

Description:
cfingerd lists all users on a system via search.**@target.

Status: Entry
Reference: BUGTRAQ:19970523 cfingerd vulnerability
Reference: XF:cfinger-user-enumeration


Name: CVE-1999-0260

Description:
The jj CGI program allows command execution via shell metacharacters.

Status: Entry
Reference: BUGTRAQ:19961224 jj cgi
Reference: XF:http-cgi-jj


Name: CVE-1999-0262

Description:
Hylafax faxsurvey CGI script on Linux allows remote attackers to execute arbitrary commands via shell metacharacters in the query string.

Status: Entry
Reference: BUGTRAQ:19980804 remote exploit in faxsurvey cgi-script
Reference: BUGTRAQ:19980804 PATCH: faxsurvey
Reference: BID:2056
Reference: URL:http://www.securityfocus.com/bid/2056
Reference: XF:http-cgi-faxsurvey(1532)
Reference: URL:http://xforce.iss.net/xforce/xfdb/1532


Name: CVE-1999-0263

Description:
Solaris SUNWadmap can be exploited to obtain root access.

Status: Entry
Reference: SUN:00173
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/173
Reference: XF:sun-sunwadmap


Name: CVE-1999-0264

Description:
htmlscript CGI program allows remote read access to files.

Status: Entry
Reference: XF:http-htmlscript-file-access
Reference: BUGTRAQ:Jan27,1998


Name: CVE-1999-0265

Description:
ICMP redirect messages may crash or lock up a host.

Status: Entry
Reference: MSKB:Q154174
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q154174
Reference: ISS:ICMP Redirects Against Embedded Controllers
Reference: XF:icmp-redirect


Name: CVE-1999-0266

Description:
The info2www CGI script allows remote file access or remote command execution.

Status: Entry
Reference: BUGTRAQ:19980303 Vulnerabilites in some versions of info2www CGI
Reference: BID:1995
Reference: URL:http://www.securityfocus.com/bid/1995
Reference: XF:http-cgi-info2www


Name: CVE-1999-0267

Description:
Buffer overflow in NCSA HTTP daemon v1.3 allows remote command execution.

Status: Entry
Reference: XF:http-port
Reference: CERT:CA-95.04.NCSA.http.daemon.for.unix.vulnerability


Name: CVE-1999-0268

Description:
MetaInfo MetaWeb web server allows users to upload, execute, and read scripts.

Status: Entry
Reference: BUGTRAQ:19980630 Security vulnerabilities in MetaInfo products
Reference: BUGTRAQ:19980703 Followup to MetaInfo vulnerabilities
Reference: OSVDB:110
Reference: URL:http://www.osvdb.org/110
Reference: OSVDB:3969
Reference: URL:http://www.osvdb.org/3969
Reference: XF:metaweb-server-dot-attack


Name: CVE-1999-0269

Description:
Netscape Enterprise servers may list files through the PageServices query.

Status: Entry
Reference: XF:netscape-server-pageservices


Name: CVE-1999-0270

Description:
Directory traversal vulnerability in pfdispaly.cgi program (sometimes referred to as "pfdisplay") for SGI's Performer API Search Tool (performer_tools) allows remote attackers to read arbitrary files.

Status: Entry
Reference: BUGTRAQ:19980317 IRIX performer_tools bug
Reference: SGI:19980401-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980401-01-P
Reference: CIAC:I-041
Reference: URL:http://www.ciac.org/ciac/bulletins/i-041.shtml
Reference: BID:64
Reference: URL:http://www.securityfocus.com/bid/64
Reference: OSVDB:134
Reference: URL:http://www.osvdb.org/134
Reference: XF:sgi-pfdispaly(810)
Reference: URL:http://xforce.iss.net/xforce/xfdb/810


Name: CVE-1999-0272

Description:
Denial of service in Slmail v2.5 through the POP3 port.

Status: Entry
Reference: XF:slmail-username-bo


Name: CVE-1999-0273

Description:
Denial of service through Solaris 2.5.1 telnet by sending ^D characters.

Status: Entry
Reference: XF:sun-telnet-kill


Name: CVE-1999-0274

Description:
Denial of service in Windows NT DNS servers through malicious packet which contains a response to a query that wasn't made.

Status: Entry
Reference: NAI:NAI-5
Reference: XF:nt-dns-dos


Name: CVE-1999-0275

Description:
Denial of service in Windows NT DNS servers by flooding port 53 with too many characters.

Status: Entry
Reference: XF:nt-dnscrash
Reference: XF:nt-dnsver
Reference: MS:Q169461


Name: CVE-1999-0276

Description:
mSQL v2.0.1 and below allows remote execution through a buffer overflow.

Status: Entry
Reference: XF:msql-debug-bo
Reference: SEKURE:sekure.01-99.msql


Name: CVE-1999-0277

Description:
The WorkMan program can be used to overwrite any file to get root access.

Status: Entry
Reference: XF:workman
Reference: CERT:CA-96.23.workman_vul


Name: CVE-1999-0278

Description:
In IIS, remote attackers can obtain source code for ASP files by appending "::$DATA" to the URL.

Status: Entry
Reference: MS:MS98-003
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms98-003.mspx
Reference: XF:iis-asp-data-check
Reference: OVAL:oval:org.mitre.oval:def:913
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:913


Name: CVE-1999-0279

Description:
Excite for Web Servers (EWS) allows remote command execution via shell metacharacters.

Status: Entry
Reference: BUGTRAQ:19971217 CGI security hole in EWS (Excite for Web Servers)
Reference: BUGTRAQ:19980115 Excite announcement
Reference: CERT:VB-98.01.excite
Reference: XF:excite-cgi-search-vuln


Name: CVE-1999-0280

Description:
Remote command execution in Microsoft Internet Explorer using .lnk and .url files.

Status: Entry
Reference: NTBUGTRAQ:19970317 Internet Explorer Bug #4
Reference: CIAC:H-38
Reference: XF:http-ie-lnkurl


Name: CVE-1999-0281

Description:
Denial of service in IIS using long URLs.

Status: Entry
Reference: XF:http-iis-longurl


Name: CVE-1999-0288

Description:
The WINS server in Microsoft Windows NT 4.0 before SP4 allows remote attackers to cause a denial of service (process termination) via invalid UDP frames to port 137 (NETBIOS Name Service), as demonstrated via a flood of random packets.

Status: Entry
Reference: NTBUGTRAQ:19970801 WINS flooding
Reference: BUGTRAQ:19970801 WINS flooding
Reference: BUGTRAQ:19970815 Re: WINS flooding
Reference: MISC:http://safenetworks.com/Windows/wins.html
Reference: MSKB:155701
Reference: XF:nt-winsupd-fix(1233)
Reference: URL:http://xforce.iss.net/xforce/xfdb/1233


Name: CVE-1999-0289

Description:
The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.

Status: Entry


Name: CVE-1999-0290

Description:
The WinGate telnet proxy allows remote attackers to cause a denial of service via a large number of connections to localhost.

Status: Entry
Reference: BUGTRAQ:19980221 WinGate DoS
Reference: BUGTRAQ:19980326 WinGate Intermediary Fix/Update
Reference: XF:wingate-dos


Name: CVE-1999-0291

Description:
The WinGate proxy is installed without a password, which allows remote attackers to redirect connections without authentication.

Status: Entry
Reference: XF:wingate-unpassworded


Name: CVE-1999-0292

Description:
Denial of service through Winpopup using large user names.

Status: Entry
Reference: XF:nt-winpopup


Name: CVE-1999-0293

Description:
AAA authentication on Cisco systems allows attackers to execute commands without authorization.

Status: Entry
Reference: CISCO:http://www.cisco.com/warp/public/770/aaapair-pub.shtml
Reference: XF:cisco-ios-aaa-auth


Name: CVE-1999-0294

Description:
All records in a WINS database can be deleted through SNMP for a denial of service.

Status: Entry
Reference: XF:nt-wins-snmp2


Name: CVE-1999-0295

Description:
Solaris sysdef command allows local users to read kernel memory, potentially leading to root privileges.

Status: Entry
Reference: XF:sun-sysdef
Reference: SUN:00157
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/157


Name: CVE-1999-0296

Description:
Solaris volrmmount program allows attackers to read any file.

Status: Entry
Reference: SUN:00162
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/162
Reference: XF:sun-volrmmount


Name: CVE-1999-0297

Description:
Buffer overflow in Vixie Cron library up to version 3.0 allows local users to obtain root access via a long environmental variable.

Status: Entry
Reference: NAI:NAI-3
Reference: AUSCERT:AA-96.21
Reference: CIAC:H-17
Reference: XF:vixie-cron


Name: CVE-1999-0299

Description:
Buffer overflow in FreeBSD lpd through long DNS hostnames.

Status: Entry
Reference: NAI:NAI-9
Reference: OSVDB:6093
Reference: URL:http://www.osvdb.org/6093


Name: CVE-1999-0300

Description:
nis_cachemgr for Solaris NIS+ allows attackers to add malicious NIS+ servers.

Status: Entry
Reference: SUN:00155
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/155
Reference: XF:sun-niscache


Name: CVE-1999-0301

Description:
Buffer overflow in SunOS/Solaris ps command.

Status: Entry
Reference: SUN:00149
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/149
Reference: AUSCERT:AUSCERT-97.17
Reference: XF:sun-ps2bo


Name: CVE-1999-0302

Description:
SunOS/Solaris FTP clients can be forced to execute arbitrary commands from a malicious FTP server.

Status: Entry
Reference: SUN:00176
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/176
Reference: XF:sun-ftp-server


Name: CVE-1999-0303

Description:
Buffer overflow in BNU UUCP daemon (uucpd) through long hostnames.

Status: Entry
Reference: XF:bnu-uucpd-bo
Reference: RSI:RSI.0002.05-18-98.BNU.UUCPD


Name: CVE-1999-0304

Description:
mmap function in BSD allows local attackers in the kmem group to modify memory through devices.

Status: Entry
Reference: XF:bsd-mmap
Reference: FREEBSD:FreeBSD-SA-98:02


Name: CVE-1999-0305

Description:
The system configuration control (sysctl) facility in BSD based operating systems OpenBSD 2.2 and earlier, and FreeBSD 2.2.5 and earlier, does not properly restrict source routed packets even when the (1) dosourceroute or (2) forwarding variables are set, which allows remote attackers to spoof TCP connections.

Status: Entry
Reference: OPENBSD:Feb15,1998 "IP Source Routing Problem"
Reference: MISC:http://www.openbsd.org/advisories/sourceroute.txt
Reference: OSVDB:11502
Reference: URL:http://www.osvdb.org/11502
Reference: XF:bsd-sourceroute(736)
Reference: URL:http://xforce.iss.net/xforce/xfdb/736


Name: CVE-1999-0308

Description:
HP-UX gwind program allows users to modify arbitrary files.

Status: Entry
Reference: HP:HPSBUX9410-018
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9410-018
Reference: XF:hpux-gwind-overwrite
Reference: CIAC:H-03: HP-UX suid Vulnerabilities


Name: CVE-1999-0309

Description:
HP-UX vgdisplay program gives root access to local users.

Status: Entry
Reference: HP:HPSBUX9702-056
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9702-056
Reference: XF:hpux-vgdisplay
Reference: CIAC:H-27: HP-UX vgdisplay Buffer Overrun Vulnerability


Name: CVE-1999-0310

Description:
SSH 1.2.25 on HP-UX allows access to new user accounts.

Status: Entry
Reference: XF:ssh-1225


Name: CVE-1999-0311

Description:
fpkg2swpk in HP-UX allows local users to gain root access.

Status: Entry
Reference: XF:hpux-fpkg2swpk
Reference: HP:HPSBUX9612-042
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9612-042


Name: CVE-1999-0312

Description:
HP ypbind allows attackers with root privileges to modify NIS data.

Status: Entry
Reference: XF:nis-ypbind
Reference: CERT:CA-93:01.REVISED.HP.NIS.ypbind.vulnerability


Name: CVE-1999-0313

Description:
disk_bandwidth on SGI IRIX 6.4 S2MP for Origin/Onyx2 allows local users to gain root access using relative pathnames.

Status: Entry
Reference: MISC:http://www.securityfocus.com/bid/213/exploit
Reference: SGI:19980701-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980701-01-P
Reference: BID:214
Reference: URL:http://www.securityfocus.com/bid/214
Reference: OSVDB:936
Reference: URL:http://www.osvdb.org/936
Reference: XF:sgi-disk-bandwidth(1441)
Reference: URL:http://xforce.iss.net/xforce/xfdb/1441


Name: CVE-1999-0314

Description:
ioconfig on SGI IRIX 6.4 S2MP for Origin/Onyx2 allows local users to gain root access using relative pathnames.

Status: Entry
Reference: MISC:http://www.securityfocus.com/bid/213/exploit
Reference: SGI:19980701-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980701-01-P
Reference: BID:213
Reference: URL:http://www.securityfocus.com/bid/213
Reference: OSVDB:6788
Reference: URL:http://www.osvdb.org/6788
Reference: XF:sgi-ioconfig(1199)
Reference: URL:http://xforce.iss.net/xforce/xfdb/1199


Name: CVE-1999-0315

Description:
Buffer overflow in Solaris fdformat command gives root access to local users.

Status: Entry
Reference: XF:fdformat-bo
Reference: SUN:00138
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/138


Name: CVE-1999-0316

Description:
Buffer overflow in Linux splitvt command gives root access to local users.

Status: Entry
Reference: XF:linux-splitvt
Reference: CIAC:G-08


Name: CVE-1999-0318

Description:
Buffer overflow in xmcd 2.0p12 allows local users to gain access through an environmental variable.

Status: Entry
Reference: BUGTRAQ:19961125 Security Problems in XMCD
Reference: BUGTRAQ:19961125 XMCD v2.1 released (was: Security Problems in XMCD)
Reference: XF:xmcd-envbo


Name: CVE-1999-0320

Description:
SunOS rpc.cmsd allows attackers to obtain root access by overwriting arbitrary files.

Status: Entry
Reference: SUN:00166
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/166
Reference: XF:sun-rpc.cmsd


Name: CVE-1999-0321

Description:
Buffer overflow in Solaris kcms_configure command allows local users to gain root access.

Status: Entry
Reference: XF:sun-kcms-configure-bo


Name: CVE-1999-0322

Description:
The open() function in FreeBSD allows local attackers to write to arbitrary files.

Status: Entry
Reference: FREEBSD:FreeBSD-SA-97:05
Reference: XF:freebsd-open
Reference: OSVDB:6092
Reference: URL:http://www.osvdb.org/6092


Name: CVE-1999-0323

Description:
FreeBSD mmap function allows users to modify append-only or immutable files.

Status: Entry
Reference: FREEBSD:FreeBSD-SA-98:04
Reference: NETBSD:1998-003
Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA1998-003.txt.asc
Reference: XF:bsd-mmap


Name: CVE-1999-0324

Description:
ppl program in HP-UX allows local users to create root files through symlinks.

Status: Entry
Reference: HP:HPSBUX9702-053
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9702-053
Reference: CIAC:H-31
Reference: XF:hp-ppllog


Name: CVE-1999-0325

Description:
vhe_u_mnt program in HP-UX allows local users to create root files through symlinks.

Status: Entry
Reference: XF:hp-vhe
Reference: HP:HPSBUX9406-013
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9406-013


Name: CVE-1999-0326

Description:
Vulnerability in HP-UX mediainit program.

Status: Entry
Reference: HP:HPSBUX9710-071
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9710-071
Reference: XF:hp-mediainit


Name: CVE-1999-0327

Description:
SGI syserr program allows local users to corrupt files.

Status: Entry
Reference: SGI:19971103-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19971103-01-PX
Reference: XF:sgi-syserr


Name: CVE-1999-0328

Description:
SGI permissions program allows local users to gain root privileges.

Status: Entry
Reference: SGI:19971103-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19971103-01-PX
Reference: XF:sgi-permtool


Name: CVE-1999-0329

Description:
SGI mediad program allows local users to gain root access.

Status: Entry
Reference: SGI:19980602-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980602-01-PX
Reference: XF:sgi-mediad


Name: CVE-1999-0332

Description:
Buffer overflow in NetMeeting allows denial of service and remote command execution.

Status: Entry
Reference: XF:nt-netmeeting
Reference: MSKB:Q184346
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q184346


Name: CVE-1999-0334

Description:
In Solaris 2.2 and 2.3, when fsck fails on startup, it allows a local user with physical access to obtain root access.

Status: Entry
Reference: XF:sol-startup
Reference: CERT:CA-93.19.Solaris.Startup.vulnerability


Name: CVE-1999-0335

Description:
DEPRECATED. This entry has been deprecated. It is a duplicate of CVE-1999-0032.

Status: Entry


Name: CVE-1999-0337

Description:
AIX batch queue (bsh) allows local and remote users to gain additional privileges when network printing is enabled.

Status: Entry
Reference: CERT:CA-94.10.IBM.AIX.bsh.vulnerability.html
Reference: XF:ibm-bsh


Name: CVE-1999-0338

Description:
AIX Licensed Program Product performance tools allow local users to gain root access.

Status: Entry
Reference: XF:ibm-perf-tools
Reference: CERT:CA-94.03.AIX.performance.tools


Name: CVE-1999-0339

Description:
Buffer overflow in the libauth library in Solaris allows local users to gain additional privileges, possibly root access.

Status: Entry
Reference: XF:sol-sun-libauth
Reference: RSI:RSI.0007.05-26-98


Name: CVE-1999-0340

Description:
Buffer overflow in Linux Slackware crond program allows local users to gain root access.

Status: Entry
Reference: KSRT:005
Reference: XF:linux-crond


Name: CVE-1999-0341

Description:
Buffer overflow in the Linux mail program "deliver" allows local users to gain root access.

Status: Entry
Reference: KSRT:006
Reference: XF:linux-deliver


Name: CVE-1999-0342

Description:
Linux PAM modules allow local users to gain root access using temporary files.

Status: Entry
Reference: REDHAT:http://www.redhat.com/corp/support/errata/rh42-errata-general.html#pam
Reference: XF:linux-pam-passwd-tmprace


Name: CVE-1999-0343

Description:
A malicious Palace server can force a client to execute arbitrary programs.

Status: Entry
Reference: BUGTRAQ:19981002 Announcements from The Palace (fwd)
Reference: XF:palace-malicious-servers-vuln


Name: CVE-1999-0344

Description:
NT users can gain debug-level access on a system process using the Sechole exploit.

Status: Entry
Reference: MS:MS98-009
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms98-009.mspx
Reference: MSKB:Q190288
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q190288
Reference: XF:nt-priv-fix


Name: CVE-1999-0346

Description:
CGI PHP mlog script allows an attacker to read any file on the target server.

Status: Entry
Reference: BUGTRAQ:19971019 Vulnerability in PHP Example Logging Scripts
Reference: BID:713
Reference: URL:http://www.securityfocus.com/bid/713
Reference: XF:http-cgi-php-mlog
Reference: OSVDB:3397
Reference: URL:http://www.osvdb.org/3397


Name: CVE-1999-0348

Description:
IIS ASP caching problem releases sensitive information when two virtual servers share the same physical directory.

Status: Entry
Reference: NTBUGTRAQ:Jan27,1999
Reference: MSKB:Q197003
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q197003
Reference: OSVDB:930
Reference: URL:http://www.osvdb.org/930


Name: CVE-1999-0349

Description:
A buffer overflow in the FTP list (ls) command in IIS allows remote attackers to conduct a denial of service and, in some cases, execute arbitrary commands.

Status: Entry
Reference: EEYE:IIS Remote FTP Exploit/DoS Attack
Reference: URL:http://www.eeye.com/html/Research/Advisories/IIS Remote FTP Exploit/DoS Attack.html
Reference: MS:MS99-003
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-003.mspx
Reference: MSKB:Q188348
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q188348
Reference: BUGTRAQ:Jan27,1999
Reference: XF:iis-remote-ftp


Name: CVE-1999-0350

Description:
Race condition in the db_loader program in ClearCase gives local users root access by setting SUID bits.

Status: Entry
Reference: L0PHT:Feb8,1999
Reference: XF:clearcase-temp-race


Name: CVE-1999-0351

Description:
FTP PASV "Pizza Thief" denial of service and unauthorized data access. Attackers can steal data by connecting to a port that was intended for use by a client.

Status: Entry
Reference: INFOWAR:01
Reference: MISC:http://attrition.org/security/advisory/misc/infowar/iw_sec_01.txt
Reference: XF:pasv-pizza-thief-dos(3389)
Reference: URL:http://xforce.iss.net/xforce/xfdb/3389


Name: CVE-1999-0353

Description:
rpc.pcnfsd in HP gives remote root access by changing the permissions on the main printer spool directory.

Status: Entry
Reference: HP:HPSBUX9902-091
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9902-091
Reference: CIAC:J-026
Reference: URL:http://www.ciac.org/ciac/bulletins/j-026.shtml
Reference: XF:pcnfsd-world-write


Name: CVE-1999-0355

Description:
Local or remote users can force ControlIT 4.5 to reboot or force a user to log out, resulting in a denial of service.

Status: Entry
Reference: ISS:Multiple vulnerabilities in ControlIT(tm) (formerly Remotely Possible/32) enterprise management software
Reference: XF:controlit-reboot


Name: CVE-1999-0357

Description:
Windows 98 and other operating systems allows remote attackers to cause a denial of service via crafted "oshare" packets, possibly involving invalid fragmentation offsets.

Status: Entry
Reference: BUGTRAQ:19990125 Win98 crash?
Reference: XF:win98-oshare-dos


Name: CVE-1999-0358

Description:
Digital Unix 4.0 has a buffer overflow in the inc program of the mh package.

Status: Entry
Reference: BUGTRAQ:19990125 Digital Unix 4.0 exploitable buffer overflows
Reference: URL:http://www.securityfocus.com/archive/1/12121
Reference: COMPAQ:SSRT0583U
Reference: XF:du-inc
Reference: CIAC:J-027
Reference: URL:http://www.ciac.org/ciac/bulletins/j-027.shtml


Name: CVE-1999-0362

Description:
WS_FTP server remote denial of service through cwd command.

Status: Entry
Reference: EEYE:AD02021999
Reference: URL:http://www.eeye.com/html/Research/Advisories/AD02021999.html
Reference: XF:wsftp-remote-dos
Reference: BID:217
Reference: URL:http://www.securityfocus.com/bid/217


Name: CVE-1999-0363

Description:
SuSE 5.2 PLP lpc program has a buffer overflow that leads to root compromise.

Status: Entry
Reference: BUGTRAQ:Feb02,1999
Reference: XF:plp-lpc-bo
Reference: BID:328
Reference: URL:http://www.securityfocus.com/bid/328


Name: CVE-1999-0365

Description:
The metamail package allows remote command execution using shell metacharacters that are not quoted in a mailcap entry.

Status: Entry
Reference: BUGTRAQ:Feb04,1999
Reference: XF:metamail-header-commands


Name: CVE-1999-0366

Description:
In some cases, Service Pack 4 for Windows NT 4.0 can allow access to network shares using a blank password, through a problem with a null NT hash value.

Status: Entry
Reference: MS:MS99-004
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-004.mspx
Reference: MSKB:Q214840
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q214840
Reference: XF:nt-sp4-auth-error


Name: CVE-1999-0367

Description:
NetBSD netstat command allows local users to access kernel memory.

Status: Entry
Reference: NETBSD:1999-002
Reference: OSVDB:7571
Reference: URL:http://www.osvdb.org/7571


Name: CVE-1999-0368

Description:
Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto.

Status: Entry
Reference: NETECT:palmetto.ftpd
Reference: CERT:CA-99.03
Reference: XF:palmetto-ftpd-bo


Name: CVE-1999-0369

Description:
The Sun sdtcm_convert calendar utility for OpenWindows has a buffer overflow which can gain root access.

Status: Entry
Reference: SUN:00183
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/183
Reference: XF:sun-sdtcm-convert-bo


Name: CVE-1999-0371

Description:
Lynx allows a local user to overwrite sensitive files through /tmp symlinks.

Status: Entry
Reference: BUGTRAQ:19990211 Lynx /tmp problem
Reference: CERT:VB-97.05.lynx
Reference: XF:lynx-temp-files-race


Name: CVE-1999-0372

Description:
The installer for BackOffice Server includes account names and passwords in a setup file (reboot.ini) which is not deleted.

Status: Entry
Reference: MS:MS99-005
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-005.mspx
Reference: XF:nt-backoffice-setup
Reference: MSKB:Q217004
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q217004


Name: CVE-1999-0373

Description:
Buffer overflow in the "Super" utility in Debian GNU/Linux, and other operating systems, allows local users to execute commands as root.

Status: Entry
Reference: ISS:Buffer Overflow in "Super" package in Debian Linux
Reference: XF:linux-super-bo
Reference: XF:linux-super-logging-bo


Name: CVE-1999-0374

Description:
Debian GNU/Linux cfengine package is susceptible to a symlink attack.

Status: Entry
Reference: DEBIAN:19990215
Reference: BUGTRAQ:Feb16,1999
Reference: XF:linux-cfengine-symlinks


Name: CVE-1999-0375

Description:
Buffer overflow in webd in Network Flight Recorder (NFR) 2.0.2-Research allows remote attackers to execute commands.

Status: Entry
Reference: NAI:February 16, 1999
Reference: BUGTRAQ:Feb16,1999
Reference: XF:nfr-webd-overflow


Name: CVE-1999-0376

Description:
Local users in Windows NT can obtain administrator privileges by changing the KnownDLLs list to reference malicious programs.

Status: Entry
Reference: MS:MS99-006
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-006.mspx
Reference: BUGTRAQ:Feb20,1999
Reference: L0PHT:Feb18,1999
Reference: XF:nt-knowndlls-list


Name: CVE-1999-0377

Description:
Process table attack in Unix systems allows a remote attacker to perform a denial of service by filling a machine's process tables through multiple connections to network services.

Status: Entry
Reference: BUGTRAQ:Feb22,1999


Name: CVE-1999-0378

Description:
InterScan VirusWall for Solaris doesn't scan files for viruses when a single HTTP request includes two GET commands.

Status: Entry
Reference: BUGTRAQ:19990222 BlackHats Advisory -- InterScan VirusWall
Reference: BUGTRAQ:19990225 Patch for InterScan VirusWall for Unix now available
Reference: XF:viruswall-http-request
Reference: OSVDB:6167
Reference: URL:http://www.osvdb.org/6167


Name: CVE-1999-0379

Description:
Microsoft Taskpads allows remote web sites to execute commands on the visiting user's machine via certain methods that are marked as Safe for Scripting.

Status: Entry
Reference: MS:MS99-007
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-007.mspx
Reference: BUGTRAQ:19990223 Microsoft Security Bulletin (MS99-007)
Reference: BID:498
Reference: URL:http://www.securityfocus.com/bid/498
Reference: OSVDB:1019
Reference: URL:http://www.osvdb.org/1019
Reference: XF:win-resourcekit-taskpads


Name: CVE-1999-0380

Description:
SLMail 3.1 and 3.2 allows local users to access any file in the NTFS file system when the Remote Administration Service (RAS) is enabled by setting a user's Finger File to point to the target file, then running finger on the user.

Status: Entry
Reference: NTBUGTRAQ:199902225 ALERT: SLMail 3.2 (and 3.1) with the Remote Administration Service
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=91999015212415&w=2
Reference: BUGTRAQ:19990225 ALERT: SLMail 3.2 (and 3.1) with the Remote Administration Service
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91996412724720&w=2
Reference: NTBUGTRAQ:SLmail 3.2 Build 3113 (Web Administration Security Fix)
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92110501504997&w=2
Reference: BID:497
Reference: URL:http://www.securityfocus.com/bid/497
Reference: XF:slmail-ras-ntfs-bypass(5392)
Reference: URL:http://xforce.iss.net/static/5392.php


Name: CVE-1999-0382

Description:
The screen saver in Windows NT does not verify that its security context has been changed properly, allowing attackers to run programs with elevated privileges.

Status: Entry
Reference: MS:MS99-008
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-008.mspx
Reference: XF:nt-screen-saver


Name: CVE-1999-0383

Description:
ACC Tigris allows public access without a login.

Status: Entry
Reference: BUGTRAQ:19990103 Tigris vulnerability
Reference: BID:183
Reference: URL:http://www.securityfocus.com/bid/183
Reference: OSVDB:267
Reference: URL:http://www.osvdb.org/267
Reference: XF:acc-tigris-login


Name: CVE-1999-0384

Description:
The Forms 2.0 ActiveX control (included with Visual Basic for Applications 5.0) can be used to read text from a user's clipboard when the user accesses documents with ActiveX content.

Status: Entry
Reference: XF:forms-vuln-patch
Reference: MS:MS99-001
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-001.mspx


Name: CVE-1999-0385

Description:
The LDAP bind function in Exchange 5.5 has a buffer overflow that allows a remote attacker to conduct a denial of service or execute commands.

Status: Entry
Reference: MS:MS99-009
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-009.mspx
Reference: ISS:LDAP Buffer overflow against Microsoft Directory Services
Reference: XF:ldap-exchange-overflow
Reference: XF:ldap-mds-dos


Name: CVE-1999-0386

Description:
Microsoft Personal Web Server and FrontPage Personal Web Server in some Windows systems allows a remote attacker to read files on the server by using a nonstandard URL.

Status: Entry
Reference: MS:MS99-010
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-010.mspx
Reference: XF:pws-file-access
Reference: OSVDB:111
Reference: URL:http://www.osvdb.org/111


Name: CVE-1999-0387

Description:
A legacy credential caching mechanism used in Windows 95 and Windows 98 systems allows attackers to read plaintext network passwords.

Status: Entry
Reference: MS:MS99-052
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-052.asp
Reference: MSKB:Q168115
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q168115
Reference: BID:829
Reference: URL:http://www.securityfocus.com/bid/829
Reference: XF:9x-plaintext-pwd


Name: CVE-1999-0388

Description:
DataLynx suGuard trusts the PATH environment variable to execute the ps command, allowing local users to execute commands as root.

Status: Entry
Reference: XF:datalynx-suguard-relative-paths
Reference: L0PHT:Jan3,1999
Reference: OSVDB:3186
Reference: URL:http://www.osvdb.org/3186


Name: CVE-1999-0390

Description:
Buffer overflow in Dosemu Slang library in Linux.

Status: Entry
Reference: BUGTRAQ:19990104 Dosemu/S-Lang Overflow + sploit
Reference: CALDERA:CSSA-1999-006.1
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-1999-006.1.txt
Reference: BID:187
Reference: URL:http://www.securityfocus.com/bid/187


Name: CVE-1999-0391

Description:
The cryptographic challenge of SMB authentication in Windows 95 and Windows 98 can be reused, allowing an attacker to replay the response and impersonate a user.

Status: Entry
Reference: L0PHT:Jan. 5, 1999


Name: CVE-1999-0392

Description:
Buffer overflow in Thomas Boutell's cgic library version up to 1.05.

Status: Entry
Reference: BUGTRAQ:Jan10,1999
Reference: XF:http-cgic-library-bo


Name: CVE-1999-0393

Description:
Remote attackers can cause a denial of service in Sendmail 8.8.x and 8.9.2 by sending messages with a large number of headers.

Status: Entry
Reference: BUGTRAQ:19981212 ** Sendmail 8.9.2 DoS - exploit ** get what you want!
Reference: BUGTRAQ:19990121 Sendmail 8.8.x/8.9.x bugware
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91694391227372&w=2
Reference: XF:sendmail-parsing-redirection


Name: CVE-1999-0395

Description:
A race condition in the BackWeb Polite Agent Protocol allows an attacker to spoof a BackWeb server.

Status: Entry
Reference: ISS:19990118 Vulnerability in the BackWeb Polite Agent Protocol
Reference: URL:http://xforce.iss.net/alerts/advise17.php
Reference: XF:backweb-polite-agent-protocol


Name: CVE-1999-0396

Description:
A race condition between the select() and accept() calls in NetBSD TCP servers allows remote attackers to cause a denial of service.

Status: Entry
Reference: NETBSD:1999-001
Reference: OPENBSD:Feb17,1999
Reference: XF:netbsd-tcp-race


Name: CVE-1999-0402

Description:
wget 1.5.3 follows symlinks to change permissions of the target file instead of the symlink itself.

Status: Entry
Reference: BUGTRAQ:Feb2,1999
Reference: XF:wget-permissions
Reference: DEBIAN:19990220


Name: CVE-1999-0403

Description:
A bug in Cyrix CPUs on Linux allows local users to perform a denial of service.

Status: Entry
Reference: BUGTRAQ:19990204 Cyrix bug: freeze in hell, badboy
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91821080015725&w=2
Reference: XF:cyrix-hang


Name: CVE-1999-0404

Description:
Buffer overflow in the Mail-Max SMTP server for Windows systems allows remote command execution.

Status: Entry
Reference: BUGTRAQ:Feb14,1999
Reference: XF:mailmax-bo


Name: CVE-1999-0405

Description:
A buffer overflow in lsof allows local users to obtain root privilege.

Status: Entry
Reference: HERT:002
Reference: BUGTRAQ:Feb18,1999
Reference: DEBIAN:19990220a
Reference: XF:lsof-bo
Reference: OSVDB:3163
Reference: URL:http://www.osvdb.org/3163


Name: CVE-1999-0407

Description:
By default, IIS 4.0 has a virtual directory /IISADMPWD which contains files that can be used as proxies for brute force password attacks, or to identify valid users on the system.

Status: Entry
Reference: BUGTRAQ:19990209 ALERT: IIS4 allows proxied password attacks over NetBIOS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91983486431506&w=2
Reference: BUGTRAQ:19990209 Re: IIS4 allows proxied password attacks over NetBIOS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92000623021036&w=2
Reference: XF:iis-iisadmpwd


Name: CVE-1999-0408

Description:
Files created from interactive shell sessions in Cobalt RaQ microservers (e.g. .bash_history) are world readable, and thus are accessible from the web server.

Status: Entry
Reference: BUGTRAQ:19990225 Cobalt root exploit
Reference: XF:cobalt-raq-history-exposure
Reference: BID:337
Reference: URL:http://www.securityfocus.com/bid/337


Name: CVE-1999-0409

Description:
Buffer overflow in gnuplot in Linux version 3.5 allows local users to obtain root access.

Status: Entry
Reference: BUGTRAQ:19990304 Linux /usr/bin/gnuplot overflow
Reference: XF:gnuplot-home-overflow
Reference: BID:319
Reference: URL:http://www.securityfocus.com/bid/319


Name: CVE-1999-0410

Description:
The cancel command in Solaris 2.6 (i386) has a buffer overflow that allows local users to obtain root access.

Status: Entry
Reference: BUGTRAQ:Mar5,1999
Reference: XF:sol-cancel
Reference: BID:293
Reference: URL:http://www.securityfocus.com/bid/293


Name: CVE-1999-0412

Description:
In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension.

Status: Entry
Reference: BUGTRAQ:Feb19,1999
Reference: XF:iis-isapi-execute
Reference: BID:501
Reference: URL:http://www.securityfocus.com/bid/501


Name: CVE-1999-0413

Description:
A buffer overflow in the SGI X server allows local users to gain root access through the X server font path.

Status: Entry
Reference: SGI:19990301-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19990301-01-PX
Reference: XF:irix-font-path-overflow


Name: CVE-1999-0414

Description:
In Linux before version 2.0.36, remote attackers can spoof a TCP connection and pass data to the application layer before fully establishing the connection.

Status: Entry
Reference: NAI:Linux Blind TCP Spoofing
Reference: XF:linux-blind-spoof


Name: CVE-1999-0415

Description:
The HTTP server in Cisco 7xx series routers 3.2 through 4.2 is enabled by default, which allows remote attackers to change the router's configuration.

Status: Entry
Reference: ISS:19990311 Remote Reconfiguration and Denial of Service Vulnerabilities in Cisco 700 ISDN Routers
Reference: CISCO:19990311 Cisco 7xx TCP and HTTP Vulnerabilities
Reference: URL:http://www.cisco.com/warp/public/770/7xxconn-pub.shtml
Reference: CIAC:J-034
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/j-034.shtml
Reference: XF:cisco-router-commands
Reference: XF:cisco-web-config


Name: CVE-1999-0416

Description:
Vulnerability in Cisco 7xx series routers allows a remote attacker to cause a system reload via a TCP connection to the router's TELNET port.

Status: Entry
Reference: ISS:19990311 Remote Reconfiguration and Denial of Service Vulnerabilities in Cisco 700 ISDN Routers
Reference: CISCO:19990311 Cisco 7xx TCP and HTTP Vulnerabilities
Reference: URL:http://www.cisco.com/warp/public/770/7xxconn-pub.shtml
Reference: CIAC:J-034
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/j-034.shtml
Reference: XF:cisco-web-crash


Name: CVE-1999-0417

Description:
64 bit Solaris 7 procfs allows local users to perform a denial of service.

Status: Entry
Reference: BUGTRAQ:Mar9,1999
Reference: XF:solaris-psinfo-crash
Reference: BID:448
Reference: URL:http://www.securityfocus.com/bid/448
Reference: OSVDB:1001
Reference: URL:http://www.osvdb.org/1001


Name: CVE-1999-0420

Description:
umapfs allows local users to gain root privileges by changing their uid through a malicious mount_umap program.

Status: Entry
Reference: NETBSD:1999-006


Name: CVE-1999-0421

Description:
During a reboot after an installation of Linux Slackware 3.6, a remote attacker can obtain root access by logging in to the root account without a password.

Status: Entry
Reference: ISS:Short-Term High-Risk Vulnerability During Slackware 3.6 Network Installations
Reference: XF:linux-slackware-install
Reference: BID:338
Reference: URL:http://www.securityfocus.com/bid/338
Reference: OSVDB:981
Reference: URL:http://www.osvdb.org/981


Name: CVE-1999-0422

Description:
In some cases, NetBSD 1.3.3 mount allows local users to execute programs in some file systems that have the "noexec" flag set.

Status: Entry
Reference: NETBSD:1999-007


Name: CVE-1999-0423

Description:
Vulnerability in hpterm on HP-UX 10.20 allows local users to gain additional privileges.

Status: Entry
Reference: HP:HPSBUX9903-093
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9903-093
Reference: XF:hp-hpterm-files


Name: CVE-1999-0424

Description:
talkback in Netscape 4.5 allows a local user to overwrite arbitrary files of another user whose Netscape crashes.

Status: Entry
Reference: SUSE:Mar18,1999
Reference: XF:netscape-talkback-overwrite


Name: CVE-1999-0425

Description:
talkback in Netscape 4.5 allows a local user to kill an arbitrary process of another user whose Netscape crashes.

Status: Entry
Reference: SUSE:Mar18,1999
Reference: XF:netscape-talkback-kill


Name: CVE-1999-0428

Description:
OpenSSL and SSLeay allow remote attackers to reuse SSL sessions and bypass access controls.

Status: Entry
Reference: BUGTRAQ:19990322 OpenSSL/SSLeay Security Alert
Reference: XF:ssl-session-reuse
Reference: OSVDB:3936
Reference: URL:http://www.osvdb.org/3936


Name: CVE-1999-0429

Description:
The Lotus Notes 4.5 client may send a copy of encrypted mail in the clear across the network if the user does not set the "Encrypt Saved Mail" preference.

Status: Entry
Reference: BUGTRAQ:19990323
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92221437025743&w=2
Reference: BUGTRAQ:19990324 Re: LNotes encryption
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92241547418689&w=2
Reference: BUGTRAQ:19990326 Lotus Notes Encryption Bug
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92246997917866&w=2
Reference: BUGTRAQ:19990326 Re: Lotus Notes security advisory
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92249282302994&w=2
Reference: XF:lotus-client-encryption


Name: CVE-1999-0430

Description:
Cisco Catalyst LAN switches running Catalyst 5000 supervisor software allows remote attackers to perform a denial of service by forcing the supervisor module to reload.

Status: Entry
Reference: ISS:Remote Denial of Service Vulnerability in Cisco Catalyst Series Ethernet Switches
Reference: CISCO:Cisco Catalyst Supervisor Remote Reload
Reference: XF:cisco-catalyst-crash
Reference: OSVDB:1103
Reference: URL:http://www.osvdb.org/1103


Name: CVE-1999-0432

Description:
ftp on HP-UX 11.00 allows local users to gain privileges.

Status: Entry
Reference: HP:HPSBUX9903-094
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9903-094
Reference: XF:hp-ftp


Name: CVE-1999-0433

Description:
XFree86 startx command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service.

Status: Entry
Reference: SUSE:Mar28,1999
Reference: BUGTRAQ:19990321 X11R6 NetBSD Security Problem
Reference: XF:xfree86-temp-directories


Name: CVE-1999-0436

Description:
Domain Enterprise Server Management System (DESMS) in HP-UX allows local users to gain privileges.

Status: Entry
Reference: HP:HPSBUX9903-095
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9903-095
Reference: XF:hp-desms-servers


Name: CVE-1999-0437

Description:
Remote attackers can perform a denial of service in WebRamp systems by sending a malicious string to the HTTP port.

Status: Entry
Reference: ISS:WebRamp Denial of Service Attacks
Reference: XF:webramp-device-crash


Name: CVE-1999-0438

Description:
Remote attackers can perform a denial of service in WebRamp systems by sending a malicious UDP packet to port 5353, changing its IP address.

Status: Entry
Reference: ISS:WebRamp Denial of Service Attacks
Reference: XF:webramp-ipchange


Name: CVE-1999-0439

Description:
Buffer overflow in procmail before version 3.12 allows remote or local attackers to execute commands via expansions in the procmailrc configuration file.

Status: Entry
Reference: BUGTRAQ:19990405 Re: [SECURITY] new version of procmail with security fixes
Reference: DEBIAN:19990422
Reference: CALDERA:CSSA-1999:007
Reference: XF:procmail-overflow


Name: CVE-1999-0440

Description:
The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages.

Status: Entry
Reference: BUGTRAQ:19990405 Security Hole in Java 2 (and JDK 1.1.x)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92333596624452&w=2
Reference: CONFIRM:http://java.sun.com/pr/1999/03/pr990329-01.html
Reference: BID:1939
Reference: URL:http://www.securityfocus.com/bid/1939
Reference: XF:java-unverified-code


Name: CVE-1999-0441

Description:
Remote attackers can perform a denial of service in WinGate machines using a buffer overflow in the Winsock Redirector Service.

Status: Entry
Reference: EEYE:AD02221999
Reference: URL:http://www.eeye.com/html/Research/Advisories/AD02221999.html
Reference: XF:wingate-redirector-dos
Reference: BID:509
Reference: URL:http://www.securityfocus.com/bid/509


Name: CVE-1999-0442

Description:
Solaris ff.core allows local users to modify files.

Status: Entry
Reference: BUGTRAQ:19990107 really silly ff.core exploit for Solaris
Reference: BUGTRAQ:19990108 ff.core exploit on Solaris (2.)7
Reference: BUGTRAQ:19990408 Solaris7 and ff.core
Reference: BID:327
Reference: URL:http://www.securityfocus.com/bid/327


Name: CVE-1999-0445

Description:
In Cisco routers under some versions of IOS 12.0 running NAT, some packets may not be filtered by input access list filters.

Status: Entry
Reference: CISCO:Cisco IOS(R) Software Input Access List Leakage with NAT
Reference: XF:cisco-natacl-leakage
Reference: OSVDB:1104
Reference: URL:http://www.osvdb.org/1104


Name: CVE-1999-0446

Description:
Local users can perform a denial of service in NetBSD 1.3.3 and earlier versions by creating an unusual symbolic link with the ln command, triggering a bug in VFS.

Status: Entry
Reference: NETBSD:1999-008
Reference: XF:netbsd-vfslocking-panic
Reference: OSVDB:7051
Reference: URL:http://www.osvdb.org/7051


Name: CVE-1999-0447

Description:
Local users can gain privileges using the debug utility in the MPE/iX operating system.

Status: Entry
Reference: HP:HPSBMP9904-006
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBMP9904-006
Reference: XF:mpeix-debug


Name: CVE-1999-0448

Description:
IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.

Status: Entry
Reference: BUGTRAQ:19990121 IIS 4 Request Logging Security Advisory
Reference: XF:iis-http-request-logging


Name: CVE-1999-0449

Description:
The ExAir sample site in IIS 4 allows remote attackers to cause a denial of service (CPU consumption) via a direct request to the (1) advsearch.asp, (2) query.asp, or (3) search.asp scripts.

Status: Entry
Reference: BUGTRAQ:19990126 IIS 4 Advisory - ExAir sample site DoS
Reference: NTBUGTRAQ:19990126 IIS 4 Advisory - ExAir sample site DoS
Reference: BUGTRAQ:19990125 Re: [NTSEC] IIS 4 Advisory - ExAir sample site DoS
Reference: BID:193
Reference: URL:http://www.securityfocus.com/bid/193
Reference: OSVDB:2
Reference: URL:http://www.osvdb.org/2
Reference: OSVDB:3
Reference: URL:http://www.osvdb.org/3
Reference: OSVDB:4
Reference: URL:http://www.osvdb.org/4
Reference: XF:iis-exair-dos


Name: CVE-1999-0457

Description:
Linux ftpwatch program allows local users to gain root privileges.

Status: Entry
Reference: BUGTRAQ:Jan17,1999
Reference: DEBIAN:19990117
Reference: XF:ftpwatch-vuln
Reference: BID:317
Reference: URL:http://www.securityfocus.com/bid/317


Name: CVE-1999-0458

Description:
L0phtcrack 2.5 used temporary files in the system TEMP directory which could contain password information.

Status: Entry
Reference: BUGTRAQ:Jan6,1999
Reference: XF:l0phtcrack-temp-files
Reference: OSVDB:915
Reference: URL:http://www.osvdb.org/915


Name: CVE-1999-0463

Description:
Remote attackers can perform a denial of service using IRIX fcagent.

Status: Entry
Reference: SGI:19981201-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19981201-01-PX
Reference: XF:sgi-fcagent-dos


Name: CVE-1999-0464

Description:
Local users can perform a denial of service in Tripwire 1.2 and earlier using long filenames.

Status: Entry
Reference: BUGTRAQ:19990104 Tripwire mess..
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91553066310826&w=2
Reference: CONFIRM:http://marc.theaimsgroup.com/?l=bugtraq&m=91592136122066&w=2
Reference: OSVDB:6609
Reference: URL:http://www.osvdb.org/6609


Name: CVE-1999-0466

Description:
The SVR4 /dev/wabi special device file in NetBSD 1.3.3 and earlier allows a local user to read or write arbitrary files on the disk associated with that device.

Status: Entry
Reference: NETBSD:1999-009
Reference: OSVDB:905
Reference: URL:http://www.osvdb.org/905


Name: CVE-1999-0468

Description:
Internet Explorer 5.0 allows a remote server to read arbitrary files on the client's file system using the Microsoft Scriptlet Component.

Status: Entry
Reference: MS:MS99-012
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-012.asp
Reference: XF:ie-scriplet-fileread
Reference: BUGTRAQ:Apr9,1999


Name: CVE-1999-0470

Description:
A weak encryption algorithm is used for passwords in Novell Remote.NLM, allowing them to be easily decrypted.

Status: Entry
Reference: BUGTRAQ:19990409 New Novell Remote.NLM Password Decryption Algorithm with Exploit
Reference: BID:482
Reference: URL:http://www.securityfocus.com/bid/482
Reference: XF:netware-remotenlm-passwords


Name: CVE-1999-0471

Description:
The remote proxy server in Winroute allows a remote attacker to reconfigure the proxy without authentication through the "cancel" button.

Status: Entry
Reference: XF:winroute-config
Reference: BUGTRAQ:Apr9,1999


Name: CVE-1999-0472

Description:
The SNMP default community name "public" is not properly removed in NetApps C630 Netcache, even if the administrator tries to disable it.

Status: Entry
Reference: XF:netcache-snmp
Reference: BUGTRAQ:Apr7,1999


Name: CVE-1999-0473

Description:
The rsync command before rsync 2.3.1 may inadvertently change the permissions of the client's working directory to the permissions of the directory being transferred.

Status: Entry
Reference: BUGTRAQ:19990407 rsync 2.3.1 release - security fix
Reference: CALDERA:CSSA-1999:010.0
Reference: DEBIAN:19990823
Reference: BID:145
Reference: URL:http://www.securityfocus.com/bid/145
Reference: XF:rsync-permissions


Name: CVE-1999-0474

Description:
The ICQ Webserver allows remote attackers to use .. to access arbitrary files outside of the user's personal directory.

Status: Entry
Reference: XF:icq-webserver-read
Reference: BUGTRAQ:Apr5,1999


Name: CVE-1999-0475

Description:
A race condition in how procmail handles .procmailrc files allows a local user to read arbitrary files available to the user who is running procmail.

Status: Entry
Reference: XF:procmail-race
Reference: BUGTRAQ:Apr5,1999


Name: CVE-1999-0478

Description:
Denial of service in HP-UX sendmail 8.8.6 related to accepting connections.

Status: Entry
Reference: HP:HPSBUX9904-097
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9904-097
Reference: XF:sendmail-headers-dos


Name: CVE-1999-0479

Description:
Denial of service Netscape Enterprise Server with VirtualVault on HP-UX VVOS systems.

Status: Entry
Reference: HP:HPSBUX9903-092
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9903-092
Reference: XF:netscape-server-dos


Name: CVE-1999-0481

Description:
Denial of service in "poll" in OpenBSD.

Status: Entry
Reference: OPENBSD:Mar22,1999
Reference: OSVDB:7556
Reference: URL:http://www.osvdb.org/7556


Name: CVE-1999-0482

Description:
OpenBSD kernel crash through TSS handling, as caused by the crashme program.

Status: Entry
Reference: OPENBSD:Mar21,1999
Reference: OSVDB:7557
Reference: URL:http://www.osvdb.org/7557


Name: CVE-1999-0483

Description:
OpenBSD crash using nlink value in FFS and EXT2FS filesystems.

Status: Entry
Reference: OPENBSD:Feb25,1999
Reference: OSVDB:6129
Reference: URL:http://www.osvdb.org/6129


Name: CVE-1999-0484

Description:
Buffer overflow in OpenBSD ping.

Status: Entry
Reference: OPENBSD:Feb23,1999
Reference: OSVDB:6130
Reference: URL:http://www.osvdb.org/6130


Name: CVE-1999-0485

Description:
Remote attackers can cause a system crash through ipintr() in ipq in OpenBSD.

Status: Entry
Reference: OPENBSD:Feb19,1999
Reference: XF:openbsd-ipintr-race
Reference: OSVDB:7558
Reference: URL:http://www.osvdb.org/7558


Name: CVE-1999-0487

Description:
The DHTML Edit ActiveX control in Internet Explorer allows remote attackers to read arbitrary files.

Status: Entry
Reference: MS:MS99-011
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-011.mspx
Reference: XF:ie-dhtml-control


Name: CVE-1999-0491

Description:
The prompt parsing in bash allows a local user to execute commands as another user by creating a directory with the name of the command to execute.

Status: Entry
Reference: BUGTRAQ:19990420 Bash Bug
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.9904202114070.6623-100000@smooth.Operator.org
Reference: CALDERA:CSSA-1999-008.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-008.0.txt
Reference: BID:119
Reference: URL:http://www.securityfocus.com/bid/119


Name: CVE-1999-0493

Description:
rpc.statd allows remote attackers to forward RPC calls to the local operating system via the SM_MON and SM_NOTIFY commands, which in turn could be used to remotely exploit other bugs such as in automountd.

Status: Entry
Reference: CERT:CA-99-05
Reference: URL:http://www.cert.org/advisories/CA-99-05-statd-automountd.html
Reference: SUN:00186
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/186&type=0&nav=sec.sba
Reference: CIAC:J-045
Reference: URL:http://www.ciac.org/ciac/bulletins/j-045.shtml
Reference: BUGTRAQ:19990103 SUN almost has a clue! (automountd)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91547759121289&w=2
Reference: BID:450
Reference: URL:http://www.securityfocus.com/bid/450


Name: CVE-1999-0494

Description:
Denial of service in WinGate proxy through a buffer overflow in POP3.

Status: Entry
Reference: XF:wingate-pop3-user-bo


Name: CVE-1999-0496

Description:
A Windows NT 4.0 user can gain administrative rights by forcing NtOpenProcessToken to succeed regardless of the user's permissions, aka GetAdmin.

Status: Entry
Reference: MSKB:Q146965
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q146965
Reference: XF:nt-getadmin
Reference: XF:nt-getadmin-present


Name: CVE-1999-0513

Description:
ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack that can cause a denial of service.

Status: Entry
Reference: CERT:CA-98.01.smurf
Reference: FREEBSD:FreeBSD-SA-98:06
Reference: XF:smurf


Name: CVE-1999-0514

Description:
UDP messages to broadcast addresses are allowed, allowing for a Fraggle attack that can cause a denial of service by flooding the target.

Status: Entry
Reference: XF:fraggle


Name: CVE-1999-0526

Description:
An X server's access control is disabled (e.g. through an "xhost +" command) and allows anyone to connect to the server.

Status: Entry
Reference: XF:xcheck-keystroke
Reference: CERT-VN:VU#704969
Reference: URL:http://www.kb.cert.org/vuls/id/704969


Name: CVE-1999-0551

Description:
HP OpenMail can be misconfigured to allow users to run arbitrary commands using malicious print requests.

Status: Entry
Reference: HP:HPSBUX9804-078
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9804-078
Reference: XF:hp-openmail


Name: CVE-1999-0566

Description:
An attacker can write to syslog files from any location, causing a denial of service by filling up the logs, and hiding activities.

Status: Entry
Reference: XF:ibm-syslogd
Reference: XF:syslog-flood


Name: CVE-1999-0608

Description:
An incorrect configuration of the PDG Shopping Cart CGI program "shopper.cgi" could disclose private information.

Status: Entry
Reference: BUGTRAQ:19990420 Shopping Carts exposing CC data
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92462991805485&w=2
Reference: CONFIRM:http://www.pdgsoft.com/Security/security.html.
Reference: XF:pdgsoftcart-misconfig(3857)
Reference: URL:http://xforce.iss.net/xforce/xfdb/3857


Name: CVE-1999-0612

Description:
A version of finger is running that exposes valid user information to any entity on the network.

Status: Entry
Reference: XF:finger-out
Reference: XF:finger-running


Name: CVE-1999-0626

Description:
A version of rusers is running that exposes valid user information to any entity on the network.

Status: Entry
Reference: XF:rusersd
Reference: XF:ruser


Name: CVE-1999-0627

Description:
The rexd service is running, which uses weak authentication that can allow an attacker to execute commands.

Status: Entry
Reference: XF:rexd


Name: CVE-1999-0628

Description:
The rwho/rwhod service is running, which exposes machine status and user information.

Status: Entry
Reference: XF:rwhod


Name: CVE-1999-0668

Description:
The scriptlet.typelib ActiveX control is marked as "safe for scripting" for Internet Explorer, which allows a remote attacker to execute arbitrary commands as demonstrated by Bubbleboy.

Status: Entry
Reference: BUGTRAQ:19990821 IE 5.0 allows executing programs
Reference: MS:MS99-032
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-032.asp
Reference: CIAC:J-064
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/j-064.shtml
Reference: BID:598
Reference: URL:http://www.securityfocus.com/bid/598
Reference: XF:ms-scriptlet-eyedog-unsafe
Reference: MSKB:Q240308
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q240308


Name: CVE-1999-0671

Description:
Buffer overflow in ToxSoft NextFTP client through CWD command.

Status: Entry
Reference: BID:572
Reference: URL:http://www.securityfocus.com/bid/572
Reference: XF:toxsoft-nextftp-cwd-bo


Name: CVE-1999-0672

Description:
Buffer overflow in Fujitsu Chocoa IRC client via IRC channel topics.

Status: Entry
Reference: XF:fujitsu-topic-bo
Reference: BID:573
Reference: URL:http://www.securityfocus.com/bid/573


Name: CVE-1999-0674

Description:
The BSD profil system call allows a local user to modify the internal data space of a program via profiling and execve.

Status: Entry
Reference: NETBSD:1999-011
Reference: OPENBSD:Aug 9,1999
Reference: FREEBSD:FreeBSD-SA-99:02
Reference: BUGTRAQ:19990809 profil(2) bug, a simple test program
Reference: BID:570
Reference: URL:http://www.securityfocus.com/bid/570
Reference: CIAC:J-067
Reference: URL:http://www.ciac.org/ciac/bulletins/j-067.shtml
Reference: XF:netbsd-profil


Name: CVE-1999-0675

Description:
Check Point FireWall-1 can be subjected to a denial of service via UDP packets that are sent through VPN-1 to port 0 of a host.

Status: Entry
Reference: BUGTRAQ:19990809 FW1 UDP Port 0 DoS
Reference: URL:http://www.securityfocus.com/archive/1/23615
Reference: BID:576
Reference: URL:http://www.securityfocus.com/bid/576
Reference: XF:checkpoint-port
Reference: OSVDB:1038
Reference: URL:http://www.osvdb.org/1038


Name: CVE-1999-0676

Description:
sdtcm_convert in Solaris 2.6 allows a local user to overwrite sensitive files via a symlink attack.

Status: Entry
Reference: BUGTRAQ:19990808 sdtcm_convert
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=19990809134220.A1191@hades.chaoz.org
Reference: XF:sun-sdtcm-convert
Reference: BID:575
Reference: URL:http://www.securityfocus.com/bid/575


Name: CVE-1999-0678

Description:
A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.

Status: Entry
Reference: XF:apache-debian-usrdoc
Reference: BUGTRAQ:19990405 An issue with Apache on Debian
Reference: BID:318
Reference: URL:http://www.securityfocus.com/bid/318


Name: CVE-1999-0679

Description:
Buffer overflow in hybrid-6 IRC server commonly used on EFnet allows remote attackers to execute commands via m_invite invite option.

Status: Entry
Reference: BUGTRAQ:19990813 w00w00's efnet ircd advisory (exploit included)
Reference: CONFIRM:http://www.efnet.org/archive/servers/hybrid/ChangeLog
Reference: BID:581
Reference: URL:http://www.securityfocus.com/bid/581
Reference: XF:hybrid-ircd-minvite-bo


Name: CVE-1999-0680

Description:
Windows NT Terminal Server performs extra work when a client opens a new connection but before it is authenticated, allowing for a denial of service.

Status: Entry
Reference: MS:MS99-028
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-028.mspx
Reference: MSKB:Q238600
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q238600
Reference: CIAC:J-057
Reference: URL:http://www.ciac.org/ciac/bulletins/j-057.shtml
Reference: BID:571
Reference: URL:http://www.securityfocus.com/bid/571
Reference: XF:nt-terminal-dos


Name: CVE-1999-0681

Description:
Buffer overflow in Microsoft FrontPage Server Extensions (PWS) 3.0.2.926 on Windows 95, and possibly other versions, allows remote attackers to cause a denial of service via a long URL.

Status: Entry
Reference: BUGTRAQ:19990807 Crash FrontPage Remotely...
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/1999-q3/0381.html
Reference: XF:frontpage-pws-dos
Reference: URL:http://xforce.iss.net/static/3117.php
Reference: BID:568
Reference: URL:http://www.securityfocus.com/bid/568


Name: CVE-1999-0682

Description:
Microsoft Exchange 5.5 allows a remote attacker to relay email (i.e. spam) using encapsulated SMTP addresses, even if the anti-relaying features are enabled.

Status: Entry
Reference: MS:MS99-027
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-027.mspx
Reference: MSKB:Q237927
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q237927
Reference: BID:567
Reference: URL:http://www.securityfocus.com/bid/567
Reference: CIAC:J-056
Reference: URL:http://www.ciac.org/ciac/bulletins/j-056.shtml
Reference: XF:exchange-relay


Name: CVE-1999-0683

Description:
Denial of service in Gauntlet Firewall via a malformed ICMP packet.

Status: Entry
Reference: XF:gauntlet-dos
Reference: BUGTRAQ:19990729 Remotely Lock Up Gauntlet 5.0
Reference: BID:556
Reference: URL:http://www.securityfocus.com/bid/556
Reference: OSVDB:1029
Reference: URL:http://www.osvdb.org/1029


Name: CVE-1999-0685

Description:
Buffer overflow in Netscape Communicator via EMBED tags in the pluginspage option.

Status: Entry
Reference: BUGTRAQ:19991209 Netscape communicator 4.06J, 4.5J-4.6J, 4.61e Buffer Overflow
Reference: BID:618
Reference: URL:http://www.securityfocus.com/bid/618


Name: CVE-1999-0686

Description:
Denial of service in Netscape Enterprise Server (NES) in HP Virtual Vault (VVOS) via a long URL.

Status: Entry
Reference: BUGTRAQ:19990514 TGAD DoS
Reference: BUGTRAQ:19990610 Re: VVOS/Netscape Bug
Reference: HP:HPSBUX9906-098
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9906-098
Reference: CIAC:J-046
Reference: URL:http://www.ciac.org/ciac/bulletins/j-046.shtml
Reference: XF:hp-tgad-dos


Name: CVE-1999-0687

Description:
The ToolTalk ttsession daemon uses weak RPC authentication, which allows a remote attacker to execute commands.

Status: Entry
Reference: BUGTRAQ:19990913 Vulnerability in ttsession
Reference: SUN:00192
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/192
Reference: HP:HPSBUX9909-103
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9909-103
Reference: COMPAQ:SSRT0617U_TTSESSION
Reference: CIAC:K-001
Reference: URL:http://www.ciac.org/ciac/bulletins/k-001.shtml
Reference: CERT:CA-99-11
Reference: BID:637
Reference: URL:http://www.securityfocus.com/bid/637
Reference: XF:cde-ttsession-rpc-auth


Name: CVE-1999-0688

Description:
Buffer overflows in HP Software Distributor (SD) for HPUX 10.x and 11.x.

Status: Entry
Reference: HP:HPSBUX9907-101
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9907-101
Reference: BID:545
Reference: URL:http://www.securityfocus.com/bid/545
Reference: XF:hp-sd-bo


Name: CVE-1999-0689

Description:
The CDE dtspcd daemon allows local users to execute arbitrary commands via a symlink attack.

Status: Entry
Reference: BUGTRAQ:19990913 Vulnerability in dtspcd
Reference: SUN:00192
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/192
Reference: HP:HPSBUX9909-103
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9909-103
Reference: CERT:CA-99-11
Reference: OVAL:oval:org.mitre.oval:def:1880
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1880
Reference: XF:cde-dtspcd-file-auth
Reference: BID:636
Reference: URL:http://www.securityfocus.com/bid/636


Name: CVE-1999-0690

Description:
HP CDE program includes the current directory in root's PATH variable.

Status: Entry
Reference: HP:HPSBUX9907-100
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9907-100
Reference: CIAC:J-053
Reference: URL:http://www.ciac.org/ciac/bulletins/j-053.shtml
Reference: XF:hp-cde-directory


Name: CVE-1999-0691

Description:
Buffer overflow in the AddSuLog function of the CDE dtaction utility allows local users to gain root privileges via a long user name.

Status: Entry
Reference: BUGTRAQ:19990913 Vulnerability in dtaction
Reference: SUN:00192
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/192
Reference: HP:HPSBUX9909-103
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9909-103
Reference: COMPAQ:SSRTO615U_DTACTION
Reference: CERT:CA-99-11
Reference: BID:635
Reference: URL:http://www.securityfocus.com/bid/635
Reference: OVAL:oval:org.mitre.oval:def:3078
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:3078
Reference: XF:cde-dtaction-username-bo


Name: CVE-1999-0692

Description:
The default configuration of the Array Services daemon (arrayd) disables authentication, allowing remote users to gain root privileges.

Status: Entry
Reference: CERT:CA-99-09
Reference: CIAC:J-052
Reference: URL:http://www.ciac.org/ciac/bulletins/j-052.shtml
Reference: SGI:19990701-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19990701-01-P
Reference: XF:sgi-arrayd


Name: CVE-1999-0693

Description:
Buffer overflow in TT_SESSION environment variable in ToolTalk shared library allows local users to gain root privileges.

Status: Entry
Reference: CERT:CA-99-11
Reference: SUN:00192
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/192
Reference: HP:HPSBUX9909-103
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9909-103
Reference: BID:641
Reference: URL:http://www.securityfocus.com/bid/641
Reference: OVAL:oval:org.mitre.oval:def:4374
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4374
Reference: XF:cde-dtsession-env-bo


Name: CVE-1999-0694

Description:
Denial of service in AIX ptrace system call allows local users to crash the system.

Status: Entry
Reference: CIAC:J-055
Reference: URL:http://www.ciac.org/ciac/bulletins/j-055.shtml
Reference: IBM:ERS-SVA-E01-1999:002.1
Reference: XF:aix-ptrace-halt


Name: CVE-1999-0695

Description:
The Sybase PowerDynamo personal web server allows attackers to read arbitrary files through a .. (dot dot) attack.

Status: Entry
Reference: BUGTRAQ:19990904 [Sybase] software vendors do not think about old bugs
Reference: XF:http-powerdynamo-dotdotslash
Reference: BID:620
Reference: URL:http://www.securityfocus.com/bid/620
Reference: OSVDB:1064
Reference: URL:http://www.osvdb.org/1064


Name: CVE-1999-0696

Description:
Buffer overflow in CDE Calendar Manager Service Daemon (rpc.cmsd).

Status: Entry
Reference: BUGTRAQ:19990709 Exploit of rpc.cmsd
Reference: SCO:SB-99.12
Reference: SUN:00188
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/188
Reference: SUNBUG:4230754
Reference: HP:HPSBUX9908-102
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9908-102
Reference: COMPAQ:SSRT0614U_RPC_CMSD
Reference: CERT:CA-99-08
Reference: CIAC:J-051
Reference: URL:http://www.ciac.org/ciac/bulletins/j-051.shtml
Reference: XF:sun-cmsd-bo


Name: CVE-1999-0697

Description:
SCO Doctor allows local users to gain root privileges through a Tools option.

Status: Entry
Reference: BUGTRAQ:19990908 SCO 5.0.5 /bin/doctor nightmare
Reference: BID:621
Reference: URL:http://www.securityfocus.com/bid/621
Reference: XF:sco-doctor-execute


Name: CVE-1999-0699

Description:
The Bluestone Sapphire web server allows session hijacking via easily guessable session IDs.

Status: Entry
Reference: BUGTRAQ:19990908 [Security] Spoofed Id in Bluestone Sapphire/Web
Reference: BID:623
Reference: URL:http://www.securityfocus.com/bid/623


Name: CVE-1999-0700

Description:
Buffer overflow in Microsoft Phone Dialer (dialer.exe), via a malformed dialer entry in the dialer.ini file.

Status: Entry
Reference: MSKB:Q237185
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q237185
Reference: MS:MS99-026
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-026.mspx
Reference: XF:nt-malformed-dialer


Name: CVE-1999-0701

Description:
After an unattended installation of Windows NT 4.0, an installation file could include sensitive information such as the local Administrator password.

Status: Entry
Reference: MS:MS99-036
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-036.mspx
Reference: MSKB:Q173039
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q173039
Reference: BID:626
Reference: URL:http://www.securityfocus.com/bid/626
Reference: XF:nt-install-unattend-file


Name: CVE-1999-0702

Description:
Internet Explorer 5.0 and 5.01 allows remote attackers to modify or execute files via the Import/Export Favorites feature, aka the "ImportExportFavorites" vulnerability.

Status: Entry
Reference: BUGTRAQ:19990909 IE 5.0 security vulnerabilities - ImportExportFavorites - at least creating and overwriting files, probably executing programs
Reference: MS:MS99-037
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-037.mspx
Reference: MSKB:Q241361
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q241361
Reference: XF:ie5-import-export-favorites
Reference: BID:627
Reference: URL:http://www.securityfocus.com/bid/627


Name: CVE-1999-0703

Description:
OpenBSD, BSDI, and other Unix operating systems allow users to set chflags and fchflags on character and block devices.

Status: Entry
Reference: BUGTRAQ:19990805 4.4 BSD issue -- chflags
Reference: OPENBSD:Jul30,1999
Reference: FREEBSD:FreeBSD-SA-99:01
Reference: CIAC:J-066
Reference: URL:http://www.ciac.org/ciac/bulletins/j-066.shtml
Reference: XF:openbsd-chflags-fchflags-permitted


Name: CVE-1999-0704

Description:
Buffer overflow in Berkeley automounter daemon (amd) logging facility provided in the Linux am-utils package and others.

Status: Entry
Reference: REDHAT:RHSA-1999:032-01
Reference: CALDERA:CSSA-1999:024.0
Reference: FREEBSD:SA-99:06
Reference: DEBIAN:19991018
Reference: BID:614
Reference: URL:http://www.securityfocus.com/bid/614
Reference: CERT:CA-99-12
Reference: XF:amd-bo


Name: CVE-1999-0705

Description:
Buffer overflow in INN inews program.

Status: Entry
Reference: XF:inn-inews-bo
Reference: REDHAT:RHSA1999033_01
Reference: CALDERA:CSSA-1999-026
Reference: SUSE:19990831 Security hole in INN
Reference: DEBIAN:19990907
Reference: BID:616
Reference: URL:http://www.securityfocus.com/bid/616


Name: CVE-1999-0706

Description:
Linux xmonisdn package allows local users to gain root privileges by modifying the IFS or PATH environmental variables.

Status: Entry
Reference: DEBIAN:19990807
Reference: SUSE:19990817 Security hole in i4l (xmonisdn)
Reference: BID:583
Reference: URL:http://www.securityfocus.com/bid/583


Name: CVE-1999-0707

Description:
The default FTP configuration in HP Visualize Conference allows conference users to send a file to other participants without authorization.

Status: Entry
Reference: HP:HPSBUX9906-099
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9906-099
Reference: CIAC:J-050
Reference: URL:http://www.ciac.org/ciac/bulletins/j-050.shtml
Reference: BID:493
Reference: URL:http://www.securityfocus.com/bid/493
Reference: XF:hp-visualize-conference-ftp


Name: CVE-1999-0708

Description:
Buffer overflow in cfingerd allows local users to gain root privileges via a long GECOS field.

Status: Entry
Reference: BUGTRAQ:19990921 BP9909-00: cfingerd local buffer overflow
Reference: BID:651
Reference: URL:http://www.securityfocus.com/bid/651


Name: CVE-1999-0710

Description:
The Squid package in Red Hat Linux 5.2 and 6.0, and other distributions, installs cachemgr.cgi in a public web directory, which allows remote attackers to use it as an intermediary to connect to other systems.

Status: Entry
Reference: BUGTRAQ:19990725 Redhat 6.0 cachemgr.cgi lameness
Reference: CONFIRM:http://www.redhat.com/support/errata/archives/rh52-errata-general.html#squid
Reference: DEBIAN:DSA-576
Reference: URL:http://www.debian.org/security/2004/dsa-576
Reference: FEDORA:FEDORA-2005-373
Reference: URL:http://www.redhat.com/archives/fedora-announce-list/2005-May/msg00025.html
Reference: FEDORA:FLSA-2006:152809
Reference: URL:http://fedoranews.org/updates/FEDORA--.shtml
Reference: REDHAT:RHSA-1999:025
Reference: URL:http://www.redhat.com/support/errata/RHSA-1999-025.html
Reference: REDHAT:RHSA-2005:489
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-489.html
Reference: BID:2059
Reference: URL:http://www.securityfocus.com/bid/2059
Reference: XF:http-cgi-cachemgr(2385)
Reference: URL:http://xforce.iss.net/xforce/xfdb/2385


Name: CVE-1999-0711

Description:
The oratclsh interpreter in Oracle 8.x Intelligent Agent for Unix allows local users to execute Tcl commands as root.

Status: Entry
Reference: BUGTRAQ:19990430 *Huge* security hole in Oracle 8.0.5 with Intellegent agent installed
Reference: URL:http://marc.theaimsgroup.com/?t=92550157100002&w=2&r=1
Reference: BUGTRAQ:19990506 Oracle Security Followup, patch and FAQ: setuid on oratclsh
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92609807906778&w=2
Reference: XF:oracle-oratclsh


Name: CVE-1999-0713

Description:
The dtlogin program in Compaq Tru64 UNIX allows local users to gain root privileges.

Status: Entry
Reference: BUGTRAQ:19990404 Digital Unix 4.0E /var permission
Reference: CIAC:J-044
Reference: URL:http://www.ciac.org/ciac/bulletins/j-044.shtml
Reference: XF:cde-dtlogin
Reference: COMPAQ:SSRT0600U


Name: CVE-1999-0714

Description:
Vulnerability in Compaq Tru64 UNIX edauth command.

Status: Entry
Reference: COMPAQ:SSRT0588U
Reference: XF:du-edauth


Name: CVE-1999-0715

Description:
Buffer overflow in Remote Access Service (RAS) client allows an attacker to execute commands or cause a denial of service via a malformed phonebook entry.

Status: Entry
Reference: BUGTRAQ:19990519 Buffer Overruns in RAS allows execution of arbitary code as system
Reference: MS:MS99-016
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-016.mspx
Reference: MSKB:Q230677
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q230677
Reference: XF:nt-ras-bo


Name: CVE-1999-0716

Description:
Buffer overflow in Windows NT 4.0 help file utility via a malformed help file.

Status: Entry
Reference: XF:nt-helpfile-bo
Reference: MSKB:Q231605
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q231605
Reference: MS:MS99-015
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-015.asp


Name: CVE-1999-0717

Description:
A remote attacker can disable the virus warning mechanism in Microsoft Excel 97.

Status: Entry
Reference: MS:MS99-014
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-014.mspx
Reference: MSKB:Q231304
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q231304
Reference: XF:excel-virus-warning


Name: CVE-1999-0718

Description:
IBM GINA, when used for OS/2 domain authentication of Windows NT users, allows local users to gain administrator privileges by changing the GroupMapping registry key.

Status: Entry
Reference: NTBUGTRAQ:19990823 IBM Gina security warning
Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind9908&L=ntbugtraq&F=&S=&P=5534
Reference: BID:608
Reference: URL:http://www.securityfocus.com/bid/608
Reference: XF:ibm-gina-group-add
Reference: URL:http://xforce.iss.net/static/3166.php


Name: CVE-1999-0719

Description:
The Guile plugin for the Gnumeric spreadsheet package allows attackers to execute arbitrary code.

Status: Entry
Reference: BUGTRAQ:19990802 Gnumeric potential security hole.
Reference: REDHAT:RHSA-1999:023-01
Reference: XF:gnu-guile-plugin-export
Reference: BID:563
Reference: URL:http://www.securityfocus.com/bid/563


Name: CVE-1999-0720

Description:
The pt_chown command in Linux allows local users to modify TTY terminal devices that belong to other users.

Status: Entry
Reference: BUGTRAQ:19990823 [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=lcamtuf.4.05.9907041223290.355-300000@nimue.ids.pl
Reference: BID:597
Reference: URL:http://www.securityfocus.com/bid/597
Reference: XF:linux-pt-chown


Name: CVE-1999-0721

Description:
Denial of service in Windows NT Local Security Authority (LSA) through a malformed LSA request.

Status: Entry
Reference: BINDVIEW:Phantom Technical Advisory
Reference: MSKB:Q231457
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q231457
Reference: MS:MS99-020
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-020.mspx
Reference: CIAC:J-049
Reference: URL:http://www.ciac.org/ciac/bulletins/j-049.shtml
Reference: XF:msrpc-lsa-lookupnames-dos


Name: CVE-1999-0722

Description:
The default configuration of Cobalt RaQ2 servers allows remote users to install arbitrary software packages.

Status: Entry
Reference: CERT:CA-99-10
Reference: BID:558
Reference: URL:http://www.securityfocus.com/bid/558
Reference: XF:cobalt-raq2-default-config


Name: CVE-1999-0723

Description:
The Windows NT Client Server Runtime Subsystem (CSRSS) can be subjected to a denial of service when all worker threads are waiting for user input.

Status: Entry
Reference: NTBUGTRAQ:19990411 Death by MessageBox
Reference: MS:MS99-021
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-021.mspx
Reference: MSKB:Q233323
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q233323
Reference: CIAC:J-049
Reference: URL:http://www.ciac.org/ciac/bulletins/j-049.shtml
Reference: BID:478
Reference: URL:http://www.securityfocus.com/bid/478
Reference: XF:nt-csrss-dos


Name: CVE-1999-0724

Description:
Buffer overflow in OpenBSD procfs and fdescfs file systems via uio_offset in the readdir() function.

Status: Entry
Reference: OPENBSD:Aug12,1999
Reference: XF:openbsd-uio_offset-bo
Reference: OSVDB:6128
Reference: URL:http://www.osvdb.org/6128


Name: CVE-1999-0725

Description:
When IIS is run with a default language of Chinese, Korean, or Japanese, it allows a remote attacker to view the source code of certain files, a.k.a. "Double Byte Code Page".

Status: Entry
Reference: MSKB:Q233335
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q233335
Reference: MS:MS99-022
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-022.mspx
Reference: BID:477
Reference: URL:http://www.securityfocus.com/bid/477
Reference: XF:iis-double-byte-code-page(2302)
Reference: URL:http://xforce.iss.net/xforce/xfdb/2302


Name: CVE-1999-0726

Description:
An attacker can conduct a denial of service in Windows NT by executing a program with a malformed file image header.

Status: Entry
Reference: MS:MS99-023
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-023.mspx
Reference: MSKB:Q234557
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q234557
Reference: BID:499
Reference: URL:http://www.securityfocus.com/bid/499
Reference: XF:nt-malformed-image-header


Name: CVE-1999-0727

Description:
A kernel leak in the OpenBSD kernel allows IPsec packets to be sent unencrypted.

Status: Entry
Reference: OPENBSD:19990608 Packets that should have been handled by IPsec may be transmitted as cleartext
Reference: XF:openbsd-ipsec-cleartext
Reference: OSVDB:6127
Reference: URL:http://www.osvdb.org/6127


Name: CVE-1999-0728

Description:
A Windows NT user can disable the keyboard or mouse by directly calling the IOCTLs which control them.

Status: Entry
Reference: MS:MS99-024
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-024.mspx
Reference: MSKB:Q236359
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q236359
Reference: XF:nt-ioctl-dos


Name: CVE-1999-0729

Description:
Buffer overflow in Lotus Notes LDAP (NLDAP) allows an attacker to conduct a denial of service through the ldap_search request.

Status: Entry
Reference: ISS:19990823 Denial of Service Attack against Lotus Notes Domino Server 4.6
Reference: URL:http://xforce.iss.net/alerts/advise34.php
Reference: CIAC:J-061
Reference: URL:http://www.ciac.org/ciac/bulletins/j-061.shtml
Reference: BID:601
Reference: URL:http://www.securityfocus.com/bid/601
Reference: XF:lotus-ldap-bo
Reference: OSVDB:1057
Reference: URL:http://www.osvdb.org/1057


Name: CVE-1999-0730

Description:
The zsoelim program in the Debian man-db package allows local users to overwrite files via a symlink attack.

Status: Entry
Reference: DEBIAN:19990612


Name: CVE-1999-0731

Description:
The KDE klock program allows local users to unlock a session using malformed input.

Status: Entry
Reference: BUGTRAQ:19990623 Security flaw in klock
Reference: CALDERA:CSSA-1999:017
Reference: SUSE:19990629 Security hole in Klock
Reference: BID:489
Reference: URL:http://www.securityfocus.com/bid/489


Name: CVE-1999-0732

Description:
The logging facilitity of the Debian smtp-refuser package allows local users to delete arbitrary files using symbolic links.

Status: Entry
Reference: DEBIAN:19990823b
Reference: XF:smtp-refuser-tmp


Name: CVE-1999-0733

Description:
Buffer overflow in VMWare 1.0.1 for Linux via a long HOME environmental variable.

Status: Entry
Reference: BUGTRAQ:19990626 VMWare Advisory - buffer overflows
Reference: BUGTRAQ:19990626 VMware Security Alert
Reference: BUGTRAQ:19990705 Re: VMWare Advisory.. - exploit
Reference: BID:490
Reference: URL:http://www.securityfocus.com/bid/490
Reference: XF:vmware-bo


Name: CVE-1999-0734

Description:
A default configuration of CiscoSecure Access Control Server (ACS) allows remote users to modify the server database without authentication.

Status: Entry
Reference: CISCO: CiscoSecure Access Control Server for UNIX Remote Administration Vulnerability
Reference: XF:ciscosecure-read-write


Name: CVE-1999-0735

Description:
KDE K-Mail allows local users to gain privileges via a symlink attack in temporary user directories.

Status: Entry
Reference: ISS:KDE K-Mail File Creation Vulnerability
Reference: CALDERA:CSSA-1999:016
Reference: REDHAT:RHSA-1999:015-01
Reference: URL:http://www.redhat.com/support/errata/RHSA1999015_01.html
Reference: BID:300
Reference: URL:http://www.securityfocus.com/bid/300


Name: CVE-1999-0740

Description:
Remote attackers can cause a denial of service on Linux in.telnetd telnet daemon through a malformed TERM environmental variable.

Status: Entry
Reference: BID:594
Reference: URL:http://www.securityfocus.com/bid/594
Reference: XF:linux-telnetd-term
Reference: CALDERA:CSSA-1999:022
Reference: REDHAT:RHSA1999029_01


Name: CVE-1999-0742

Description:
The Debian mailman package uses weak authentication, which allows attackers to gain privileges.

Status: Entry
Reference: DEBIAN:19990623
Reference: BID:480
Reference: URL:http://www.securityfocus.com/bid/480


Name: CVE-1999-0743

Description:
Trn allows local users to overwrite other users' files via symlinks.

Status: Entry
Reference: BUGTRAQ:19990819 Insecure use of file in /tmp by trn
Reference: DEBIAN:19990823c
Reference: SUSE:19990824 Security hole in trn
Reference: XF:trn-symlinks(3144)
Reference: URL:http://xforce.iss.net/xforce/xfdb/3144


Name: CVE-1999-0744

Description:
Buffer overflow in Netscape Enterprise Server and FastTrask Server allows remote attackers to gain privileges via a long HTTP GET request.

Status: Entry
Reference: ISS:Buffer Overflow in Netscape Enterprise and FastTrack Web Servers
Reference: BID:603
Reference: URL:http://www.securityfocus.com/bid/603


Name: CVE-1999-0745

Description:
Buffer overflow in Source Code Browser Program Database Name Server Daemon (pdnsd) for the IBM AIX C Set ++ compiler.

Status: Entry
Reference: IBM:ERS-SVA-E01-1999:003.1
Reference: CIAC:J-059
Reference: URL:http://www.ciac.org/ciac/bulletins/j-059.shtml
Reference: BID:590
Reference: URL:http://www.securityfocus.com/bid/590
Reference: XF:aix-pdnsd-bo


Name: CVE-1999-0746

Description:
A default configuration of in.identd in SuSE Linux waits 120 seconds between requests, allowing a remote attacker to conduct a denial of service.

Status: Entry
Reference: BUGTRAQ:19990814 DOS against SuSE's identd
Reference: SUSE:19990824 Security hole in netcfg
Reference: BID:587
Reference: URL:http://www.securityfocus.com/bid/587
Reference: XF:suse-identd-dos


Name: CVE-1999-0747

Description:
Denial of service in BSDi Symmetric Multiprocessing (SMP) when an fstat call is made when the system has a high CPU load.

Status: Entry
Reference: BUGTRAQ:19990816 Symmetric Multiprocessing (SMP) Vulnerbility in BSDi 4.0.1
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.BSI.4.10.9908170253560.19291-100000@saturn.psn.net
Reference: BID:589
Reference: URL:http://www.securityfocus.com/bid/589
Reference: XF:bsdi-smp-dos


Name: CVE-1999-0749

Description:
Buffer overflow in Microsoft Telnet client in Windows 95 and Windows 98 via a malformed Telnet argument.

Status: Entry
Reference: BUGTRAQ:19990815 telnet.exe heap overflow - remotely exploitable
Reference: MS:MS99-033
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-033.mspx
Reference: XF:win-ie5-telnet-heap-overflow
Reference: BID:586
Reference: URL:http://www.securityfocus.com/bid/586


Name: CVE-1999-0751

Description:
Buffer overflow in Accept command in Netscape Enterprise Server 3.6 with the SSL Handshake Patch.

Status: Entry
Reference: BUGTRAQ:19990913 Accept overflow on Netscape Enterprise Server 3.6 SP2
Reference: BID:631
Reference: URL:http://www.securityfocus.com/bid/631
Reference: XF:netscape-accept-bo(3256)
Reference: URL:http://xforce.iss.net/xforce/xfdb/3256


Name: CVE-1999-0752

Description:
Denial of service in Netscape Enterprise Server via a buffer overflow in the SSL handshake.

Status: Entry
Reference: BUGTRAQ:19990706 Netscape Enterprise Server SSL Handshake Bug


Name: CVE-1999-0753

Description:
The w3-msql CGI script provided with Mini SQL allows remote attackers to view restricted directories.

Status: Entry
Reference: BUGTRAQ:19990817 Stupid bug in W3-msql
Reference: XF:mini-sql-w3-msql-cgi
Reference: BID:591
Reference: URL:http://www.securityfocus.com/bid/591


Name: CVE-1999-0754

Description:
The INN inndstart program allows local users to gain privileges by specifying an alternate configuration file using the INNCONF environmental variable.

Status: Entry
Reference: BUGTRAQ:19990511 INN 2.0 and higher. Root compromise potential
Reference: CALDERA:CSSA-1999-011.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-1999-011.0.txt
Reference: SUSE:19990518 Security hole in INN
Reference: MISC:http://www.redhat.com/corp/support/errata/inn99_05_22.html
Reference: BID:255
Reference: URL:http://www.securityfocus.com/bid/255
Reference: XF:inn-innconf-env


Name: CVE-1999-0755

Description:
Windows NT RRAS and RAS clients cache a user's password even if the user has not selected the "Save password" option.

Status: Entry
Reference: XF:nt-ras-pwcache
Reference: MSKB:Q230681
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q230681
Reference: MS:MS99-017
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-017.mspx


Name: CVE-1999-0756

Description:
ColdFusion Administrator with Advanced Security enabled allows remote users to stop the ColdFusion server via the Start/Stop utility.

Status: Entry
Reference: ALLAIRE:ASB99-07
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=10968&Method=Full
Reference: XF:coldfusion-admin-dos(2207)
Reference: URL:http://xforce.iss.net/static/2207.php


Name: CVE-1999-0758

Description:
Netscape Enterprise 3.5.1 and FastTrack 3.01 servers allow a remote attacker to view source code to scripts by appending a %20 to the script's URL.

Status: Entry
Reference: ALLAIRE:ASB99-06
Reference: XF:netscape-space-view


Name: CVE-1999-0759

Description:
Buffer overflow in FuseMAIL POP service via long USER and PASS commands.

Status: Entry
Reference: BUGTRAQ:19990913 Many kind of POP3/SMTP server softwares for Windows have buffer overflow bug
Reference: CONFIRM:http://www.crosswinds.net/~fuseware/faq.html#8
Reference: BID:634
Reference: URL:http://www.securityfocus.com/bid/634
Reference: XF:fuseware-popmail-bo


Name: CVE-1999-0760

Description:
Undocumented ColdFusion Markup Language (CFML) tags and functions in the ColdFusion Administrator allow users to gain additional privileges.

Status: Entry
Reference: ALLAIRE:ASB99-10
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=11714&Method=Full
Reference: BID:550
Reference: URL:http://www.securityfocus.com/bid/550
Reference: XF:coldfusion-server-cfml-tags
Reference: URL:http://xforce.iss.net/static/3288.php


Name: CVE-1999-0761

Description:
Buffer overflow in FreeBSD fts library routines allows local user to modify arbitrary files via the periodic program.

Status: Entry
Reference: FREEBSD:FreeBSD-SA-99:05
Reference: XF:freebsd-fts-lib-bo
Reference: BID:644
Reference: URL:http://www.securityfocus.com/bid/644
Reference: OSVDB:1074
Reference: URL:http://www.osvdb.org/1074


Name: CVE-1999-0762

Description:
When Javascript is embedded within the TITLE tag, Netscape Communicator allows a remote attacker to use the "about" protocol to gain access to browser information.

Status: Entry
Reference: XF:netscape-title
Reference: BUGTRAQ:19990524 Netscape Communicator JavaScript in <TITLE> security vulnerability


Name: CVE-1999-0763

Description:
NetBSD on a multi-homed host allows ARP packets on one network to modify ARP entries on another connected network.

Status: Entry
Reference: NETBSD:1999-010
Reference: XF:netbsd-arp
Reference: OSVDB:6540
Reference: URL:http://www.osvdb.org/6540


Name: CVE-1999-0764

Description:
NetBSD allows ARP packets to overwrite static ARP entries.

Status: Entry
Reference: NETBSD:1999-010
Reference: XF:netbsd-arp
Reference: OSVDB:6539
Reference: URL:http://www.osvdb.org/6539


Name: CVE-1999-0765

Description:
SGI IRIX midikeys program allows local users to modify arbitrary files via a text editor.

Status: Entry
Reference: BUGTRAQ:19990619 IRIX midikeys root exploit.
Reference: SGI:19990501-01-A
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19990501-01-A
Reference: BID:262
Reference: URL:http://www.securityfocus.com/bid/262
Reference: XF:irix-midikeys


Name: CVE-1999-0766

Description:
The Microsoft Java Virtual Machine allows a malicious Java applet to execute arbitrary commands outside of the sandbox environment.

Status: Entry
Reference: MS:MS99-031
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-031.mspx
Reference: MSKB:Q240346
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q240346
Reference: BID:600
Reference: URL:http://www.securityfocus.com/bid/600
Reference: XF:msvm-verifier-java


Name: CVE-1999-0768

Description:
Buffer overflow in Vixie Cron on Red Hat systems via the MAILTO environmental variable.

Status: Entry
Reference: BID:602
Reference: URL:http://www.securityfocus.com/bid/602
Reference: REDHAT:RHSA-1999:030-02
Reference: SUSE:19990829 Security hole in cron


Name: CVE-1999-0769

Description:
Vixie Cron on Linux systems allows local users to set parameters of sendmail commands via the MAILTO environmental variable.

Status: Entry
Reference: REDHAT:RHSA-1999:030-02
Reference: CALDERA:CSSA-1999:023.0
Reference: SUSE:19990829 Security hole in cron
Reference: DEBIAN:19990830 cron
Reference: BID:611
Reference: URL:http://www.securityfocus.com/bid/611


Name: CVE-1999-0770

Description:
Firewall-1 sets a long timeout for connections that begin with ACK or other packets except SYN, allowing an attacker to conduct a denial of service via a large number of connection attempts to unresponsive systems.

Status: Entry
Reference: BUGTRAQ:19990729 Simple DOS attack on FW-1
Reference: BID:549
Reference: URL:http://www.securityfocus.com/bid/549
Reference: CHECKPOINT:ACK DOS ATTACK
Reference: OSVDB:1027
Reference: URL:http://www.osvdb.org/1027


Name: CVE-1999-0771

Description:
The web components of Compaq Management Agents and the Compaq Survey Utility allow a remote attacker to read arbitrary files via a .. (dot dot) attack.

Status: Entry
Reference: BUGTRAQ:19990526 Infosec.19990526.compaq-im.a
Reference: COMPAQ:SSRT0612U
Reference: XF:management-agent-file-read


Name: CVE-1999-0772

Description:
Denial of service in Compaq Management Agents and the Compaq Survey Utility via a long string sent to port 2301.

Status: Entry
Reference: BUGTRAQ:19990527 Re: Infosec.19990526.compaq-im.a (New DoS and correction to my previous post)
Reference: COMPAQ:SSRT0612U
Reference: XF:management-agent-dos


Name: CVE-1999-0773

Description:
Buffer overflow in Solaris lpset program allows local users to gain root access.

Status: Entry
Reference: BUGTRAQ:19990511 Solaris2.6 and 2.7 lpset overflow
Reference: URL:http://www.netspace.org/cgi-bin/wa?A2=ind9905B&L=bugtraq&P=R2017
Reference: XF:sol-lpset-bo


Name: CVE-1999-0774

Description:
Buffer overflows in Mars NetWare Emulation (NWE, mars_nwe) package via long directory names.

Status: Entry
Reference: BUGTRAQ:19990830 Babcia Padlina Ltd. security advisory: mars_nwe buffer overf
Reference: REDHAT:RHSA1999037_01
Reference: SUSE:19990916 Security hole in mars nwe
Reference: BID:617
Reference: URL:http://www.securityfocus.com/bid/617


Name: CVE-1999-0775

Description:
Cisco Gigabit Switch routers running IOS allow remote attackers to forward unauthorized packets due to improper handling of the "established" keyword in an access list.

Status: Entry
Reference: CISCO:19990610 Cisco IOS Software established Access List Keyword Error
Reference: XF:cisco-gigaswitch


Name: CVE-1999-0777

Description:
IIS FTP servers may allow a remote attacker to read or delete files on the server, even if they have "No Access" permissions.

Status: Entry
Reference: MS:MS99-039
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-039.asp
Reference: MSKB:Q241407
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q241407
Reference: MSKB:Q242559
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q242559
Reference: XF:iis-ftp-no-access-files
Reference: BID:658
Reference: URL:http://www.securityfocus.com/bid/658


Name: CVE-1999-0778

Description:
Buffer overflow in Xi Graphics Accelerated-X server allows local users to gain root access via a long display or query parameter.

Status: Entry
Reference: BUGTRAQ:19990626 KSR[T] #011: Accelerated-X
Reference: KSRT:011
Reference: BID:488
Reference: URL:http://www.securityfocus.com/bid/488
Reference: XF:accelx-display-bo


Name: CVE-1999-0779

Description:
Denial of service in HP-UX SharedX recserv program.

Status: Entry
Reference: HP:HPSBUX9810-086
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9810-086
Reference: XF:hp-sharedx


Name: CVE-1999-0780

Description:
KDE klock allows local users to kill arbitrary processes by specifying an arbitrary PID in the .kss.pid file.

Status: Entry
Reference: BUGTRAQ:19981118 Multiple KDE security vulnerabilities (root compromise)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91141486301691&w=2
Reference: XF:kde-klock-process-kill


Name: CVE-1999-0781

Description:
KDE allows local users to execute arbitrary commands by setting the KDEDIR environmental variable to modify the search path that KDE uses to locate its executables.

Status: Entry
Reference: BUGTRAQ:19981118 Multiple KDE security vulnerabilities (root compromise)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91141486301691&w=2
Reference: XF:kde-klock-bindir-trojans


Name: CVE-1999-0782

Description:
KDE kppp allows local users to create a directory in an arbitrary location via the HOME environmental variable.

Status: Entry
Reference: BUGTRAQ:19981118 Multiple KDE security vulnerabilities (root compromise)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91141486301691&w=2
Reference: XF:kde-kppp-directory-create


Name: CVE-1999-0783

Description:
FreeBSD allows local users to conduct a denial of service by creating a hard link from a device special file to a file on an NFS file system.

Status: Entry
Reference: FREEBSD:FreeBSD-SA-98:05
Reference: CIAC:I-057
Reference: URL:http://www.ciac.org/ciac/bulletins/i-057.shtml
Reference: XF:freebsd-nfs-link-dos
Reference: OSVDB:6090
Reference: URL:http://www.osvdb.org/6090


Name: CVE-1999-0785

Description:
The INN inndstart program allows local users to gain root privileges via the "pathrun" parameter in the inn.conf file.

Status: Entry
Reference: BUGTRAQ:19990511 INN 2.0 and higher. Root compromise potential
Reference: SUSE:19990518 Security hole in INN
Reference: XF:inn-pathrun
Reference: BID:254
Reference: URL:http://www.securityfocus.com/bid/254


Name: CVE-1999-0786

Description:
The dynamic linker in Solaris allows a local user to create arbitrary files via the LD_PROFILE environmental variable and a symlink attack.

Status: Entry
Reference: BUGTRAQ:19990922 LD_PROFILE local root exploit for solaris 2.6
Reference: BID:659
Reference: URL:http://www.securityfocus.com/bid/659


Name: CVE-1999-0787

Description:
The SSH authentication agent follows symlinks via a UNIX domain socket.

Status: Entry
Reference: BUGTRAQ:19990917 A few bugs...
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93760201002154&w=2
Reference: BUGTRAQ:19990924 [Fwd: Truth about ssh 1.2.27 vulnerability]
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93832856804415&w=2
Reference: XF:ssh-socket-auth-symlink-dos
Reference: BID:660
Reference: URL:http://www.securityfocus.com/bid/660


Name: CVE-1999-0788

Description:
Arkiea nlservd allows remote attackers to conduct a denial of service.

Status: Entry
Reference: BUGTRAQ:19990924 Multiple vendor Knox Arkiea local root/remote DoS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93837184228248&w=2
Reference: BID:662
Reference: URL:http://www.securityfocus.com/bid/662
Reference: XF:arkiea-backup-nlserverd-remote-dos


Name: CVE-1999-0789

Description:
Buffer overflow in AIX ftpd in the libc library.

Status: Entry
Reference: BUGTRAQ:19990928 Remote bufferoverflow exploit for ftpd from AIX 4.3.2 running on an RS6000
Reference: IBM:ERS-SVA-E01-1999:004.1
Reference: CIAC:J-072
Reference: URL:http://www.ciac.org/ciac/bulletins/j-072.shtml
Reference: XF:aix-ftpd-bo
Reference: BID:679
Reference: URL:http://www.securityfocus.com/bid/679


Name: CVE-1999-0790

Description:
A remote attacker can read information from a Netscape user's cache via JavaScript.

Status: Entry
Reference: MISC:http://home.netscape.com/security/notes/jscachebrowsing.html
Reference: XF:netscape-javascript


Name: CVE-1999-0791

Description:
Hybrid Network cable modems do not include an authentication mechanism for administration, allowing remote attackers to compromise the system through the HSMP protocol.

Status: Entry
Reference: BUGTRAQ:19991006 KSR[T] Advisories #012: Hybrid Network's Cable Modems
Reference: KSRT:012
Reference: BID:695
Reference: URL:http://www.securityfocus.com/bid/695
Reference: XF:hybrid-anon-cable-modem-reconfig


Name: CVE-1999-0793

Description:
Internet Explorer allows remote attackers to read files by redirecting data to a Javascript applet.

Status: Entry
Reference: MS:MS99-043
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-043.mspx
Reference: XF:ie-java-redirect


Name: CVE-1999-0794

Description:
Microsoft Excel does not warn a user when a macro is present in a Symbolic Link (SYLK) format file.

Status: Entry
Reference: MS:MS99-044
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-044.mspx
Reference: XF:excel-sylk
Reference: MSKB:Q241900
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q241900
Reference: MSKB:Q241901
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q241901
Reference: MSKB:Q241902
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q241902


Name: CVE-1999-0796

Description:
FreeBSD T/TCP Extensions for Transactions can be subjected to spoofing attacks.

Status: Entry
Reference: FREEBSD:SA-98.03
Reference: XF:freebsd-ttcp-spoof
Reference: OSVDB:6089
Reference: URL:http://www.osvdb.org/6089


Name: CVE-1999-0797

Description:
NIS finger allows an attacker to conduct a denial of service via a large number of finger requests, resulting in a large number of NIS queries.

Status: Entry
Reference: ISS:19980629 Distributed DoS attack against NIS/NIS+ based networks.
Reference: CIAC:I-070
Reference: URL:http://www.ciac.org/ciac/bulletins/i-070.shtml
Reference: XF:sun-nis-nisplus


Name: CVE-1999-0799

Description:
Buffer overflow in bootpd 2.4.3 and earlier via a long boot file location.

Status: Entry
Reference: BUGTRAQ:19970725 Exploitable buffer overflow in bootpd (most unices)
Reference: XF:bootpd-bo


Name: CVE-1999-0800

Description:
The GetFile.cfm file in Allaire Forums allows remote attackers to read files through a parameter to GetFile.cfm.

Status: Entry
Reference: ALLAIRE:ASB99-05
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=9602&Method=Full
Reference: NTBUGTRAQ:19990211 ACFUG List: Alert: Allaire Forums GetFile bug
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/1998-1999/msg00332.html
Reference: XF:allaire-forums-file-read(1748)
Reference: URL:http://xforce.iss.net/xforce/xfdb/1748
Reference: OSVDB:944
Reference: URL:http://www.osvdb.org/944


Name: CVE-1999-0801

Description:
BMC Patrol allows remote attackers to gain access to an agent by spoofing frames.

Status: Entry
Reference: BUGTRAQ:19990409 Patrol security bugs
Reference: URL:http://www.securityfocus.com/archive/1/13204
Reference: XF:bmc-patrol-frames(2075)
Reference: URL:http://www.iss.net/security_center/static/2075.php


Name: CVE-1999-0802

Description:
Buffer overflow in Internet Explorer 5 allows remote attackers to execute commands via a malformed Favorites icon.

Status: Entry
Reference: BUGTRAQ:19990503 MSIE 5 FAVICON BUG
Reference: MS:MS99-018
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-018.mspx
Reference: MSKB:Q231450
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q231450
Reference: XF:ie-favicon


Name: CVE-1999-0803

Description:
The fwluser script in AIX eNetwork Firewall allows local users to write to arbitrary files via a symlink attack.

Status: Entry
Reference: BUGTRAQ:19990525 IBM eNetwork Firewall for AIX
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92765973207648&w=2
Reference: XF:ibm-enfirewall-tmpfiles
Reference: OSVDB:962
Reference: URL:http://www.osvdb.org/962


Name: CVE-1999-0804

Description:
Denial of service in Linux 2.2.x kernels via malformed ICMP packets containing unusual types, codes, and IP header lengths.

Status: Entry
Reference: BUGTRAQ:19990601 Linux kernel 2.2.x vulnerability/exploit
Reference: DEBIAN:19990607
Reference: CALDERA:CSSA-1999:013
Reference: SUSE:19990602 Denial of Service on the 2.2 kernel
Reference: REDHAT:19990603 Kernel Update
Reference: BID:302
Reference: URL:http://www.securityfocus.com/bid/302


Name: CVE-1999-0806

Description:
Buffer overflow in Solaris dtprintinfo program.

Status: Entry
Reference: BUGTRAQ:19990510 Solaris2.6,2.7 dtprintinfo exploits
Reference: XF:cde-dtprintinfo
Reference: OSVDB:6552
Reference: URL:http://www.osvdb.org/6552


Name: CVE-1999-0807

Description:
The Netscape Directory Server installation procedure leaves sensitive information in a file that is accessible to local users.

Status: Entry
Reference: XF:netscape-dirsvc-password


Name: CVE-1999-0809

Description:
Netscape Communicator 4.x with Javascript enabled does not warn a user of cookie settings, even if they have selected the option to "Only accept cookies originating from the same server as the page being viewed".

Status: Entry
Reference: BUGTRAQ:19990709 Communicator 4.[56]x, JavaScript used to bypass cookie settings


Name: CVE-1999-0810

Description:
Denial of service in Samba NETBIOS name service daemon (nmbd).

Status: Entry
Reference: BUGTRAQ:19990721 Samba 2.0.5 security fixes
Reference: CALDERA:CSSA-1999:018.0
Reference: DEBIAN:19990731
Reference: DEBIAN:19990804
Reference: REDHAT:RHSA-1999:022-02
Reference: SUSE:19990816 Security hole in Samba


Name: CVE-1999-0811

Description:
Buffer overflow in Samba smbd program via a malformed message command.

Status: Entry
Reference: BUGTRAQ:19990721 Samba 2.0.5 security fixes
Reference: REDHAT:RHSA-1999:022-02
Reference: CALDERA:CSSA-1999:018.0
Reference: SUSE:19990816 Security hole in Samba
Reference: DEBIAN:19990731 Samba
Reference: XF:samba-message-bo
Reference: BID:536
Reference: URL:http://www.securityfocus.com/bid/536


Name: CVE-1999-0812

Description:
Race condition in Samba smbmnt allows local users to mount file systems in arbitrary locations.

Status: Entry
Reference: BUGTRAQ:19990721 Samba 2.0.5 security fixes
Reference: DEBIAN:19990731
Reference: DEBIAN:19990804
Reference: CALDERA:CSSA-1999:018.0
Reference: REDHAT:RHSA-1999:022-02
Reference: SUSE:19990816 Security hole in Samba


Name: CVE-1999-0813

Description:
Cfingerd with ALLOW_EXECUTION enabled does not properly drop privileges when it executes a program on behalf of the user, allowing local users to gain root privileges.

Status: Entry
Reference: BUGTRAQ:19990810 Severe bug in cfingerd before 1.4.0
Reference: BUGTRAQ:19980724 CFINGERD root security hole
Reference: DEBIAN:19990814
Reference: XF:cfingerd-privileges


Name: CVE-1999-0814

Description:
Red Hat pump DHCP client allows remote attackers to gain root access in some configurations.

Status: Entry
Reference: REDHAT:RHSA-1999:027
Reference: URL:http://www.redhat.com/support/errata/RHSA-1999-027.html


Name: CVE-1999-0815

Description:
Memory leak in SNMP agent in Windows NT 4.0 before SP5 allows remote attackers to conduct a denial of service (memory exhaustion) via a large number of queries.

Status: Entry
Reference: MSKB:Q196270
Reference: URL:http://support.microsoft.com/support/kb/articles/q196/2/70.asp
Reference: XF:nt-snmpagent-leak(1974)
Reference: URL:http://xforce.iss.net/static/1974.php
Reference: OVAL:oval:org.mitre.oval:def:952
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:952


Name: CVE-1999-0817

Description:
Lynx WWW client allows a remote attacker to specify command-line parameters which Lynx uses when calling external programs to handle certain protocols, e.g. telnet.

Status: Entry
Reference: SUSE:19990915 Security hole in lynx


Name: CVE-1999-0819

Description:
NTMail does not disable the VRFY command, even if the administrator has explicitly disabled it.

Status: Entry
Reference: NTBUGTRAQ:19991130 NTmail and VRFY
Reference: BUGTRAQ:19991130 NTmail and VRFY
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94398141118586&w=2
Reference: XF:nt-mail-vrfy


Name: CVE-1999-0820

Description:
FreeBSD seyon allows users to gain privileges via a modified PATH variable for finding the xterm and seyon-emu commands.

Status: Entry
Reference: BUGTRAQ:19991130 Several FreeBSD-3.3 vulnerabilities
Reference: BID:838
Reference: URL:http://www.securityfocus.com/bid/838
Reference: XF:freebsd-seyon-dir-add
Reference: OSVDB:5996
Reference: URL:http://www.osvdb.org/5996


Name: CVE-1999-0823

Description:
Buffer overflow in FreeBSD xmindpath allows local users to gain privileges via -f argument.

Status: Entry
Reference: BUGTRAQ:19991130 Several FreeBSD-3.3 vulnerabilities
Reference: BID:839
Reference: URL:http://www.securityfocus.com/bid/839
Reference: XF:freebsd-xmindpath
Reference: OSVDB:1150
Reference: URL:http://www.osvdb.org/1150


Name: CVE-1999-0824

Description:
A Windows NT user can use SUBST to map a drive letter to a folder, which is not unmapped after the user logs off, potentially allowing that user to modify the location of folders accessed by later users.

Status: Entry
Reference: BID:833
Reference: URL:http://www.securityfocus.com/bid/833
Reference: NTBUGTRAQ:19991130 SUBST problem
Reference: BUGTRAQ:19991130 Subst.exe carelessness (fwd)


Name: CVE-1999-0826

Description:
Buffer overflow in FreeBSD angband allows local users to gain privileges.

Status: Entry
Reference: BUGTRAQ:19991130 Several FreeBSD-3.3 vulnerabilities
Reference: BID:840
Reference: URL:http://www.securityfocus.com/bid/840
Reference: XF:angband-bo
Reference: OSVDB:1151
Reference: URL:http://www.osvdb.org/1151


Name: CVE-1999-0831

Description:
Denial of service in Linux syslogd via a large number of connections.

Status: Entry
Reference: CALDERA:CSSA-1999-035.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-1999-035.0.txt
Reference: REDHAT:RHSA1999055-01
Reference: SUSE:19991118 syslogd-1.3.33 (a1)
Reference: BUGTRAQ:19991130 [david@slackware.com: New Patches for Slackware 4.0 Available]
Reference: BID:809
Reference: URL:http://www.securityfocus.com/bid/809
Reference: XF:slackware-syslogd-dos


Name: CVE-1999-0832

Description:
Buffer overflow in NFS server on Linux allows attackers to execute commands via a long pathname.

Status: Entry
Reference: BUGTRAQ:19991109 undocumented bugs - nfsd
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.20.9911091058140.12964-100000@mail.zigzag.pl
Reference: DEBIAN:19991111 buffer overflow in nfs server
Reference: URL:http://www.debian.org/security/1999/19991111
Reference: SUSE:19991110 Security hole in nfs-server < 2.2beta47 within nkita
Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_29.html
Reference: CALDERA:CSSA-1999-033.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-033.0.txt
Reference: REDHAT:RHSA-1999:053-01
Reference: URL:http://www.redhat.com/support/errata/rh42-errata-general.html#NFS
Reference: BUGTRAQ:19991130 [david@slackware.com: New Patches for Slackware 4.0 Available]
Reference: XF:linux-nfs-maxpath-bo
Reference: BID:782
Reference: URL:http://www.securityfocus.com/bid/782


Name: CVE-1999-0833

Description:
Buffer overflow in BIND 8.2 via NXT records.

Status: Entry
Reference: SUSE:19991111 Security hole in bind8 < 8.2.2p2 and bind4 < 4.9.7-REL
Reference: DEBIAN:19991116 Denial of service vulnerabilities in bind
Reference: CALDERA:CSSA-1999-034.1
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-1999-034.1.txt
Reference: REDHAT:RHSA-1999:054-01
Reference: CERT:CA-99-14
Reference: BID:788
Reference: URL:http://www.securityfocus.com/bid/788
Reference: XF:bind-nxt-bo


Name: CVE-1999-0834

Description:
Buffer overflow in RSAREF2 via the encryption and decryption functions in the RSAREF library.

Status: Entry
Reference: BUGTRAQ:19991201 Security Advisory: Buffer overflow in RSAREF2
Reference: BUGTRAQ:19991202 OpenBSD sslUSA26 advisory (Re: CORE-SDI: Buffer overflow in RSAREF2)
Reference: CERT:CA-99-15
Reference: BID:843
Reference: URL:http://www.securityfocus.com/bid/843
Reference: XF:rsaref-bo


Name: CVE-1999-0835

Description:
Denial of service in BIND named via malformed SIG records.

Status: Entry
Reference: SUSE:19991111 Security hole in bind8 < 8.2.2p2 and bind4 < 4.9.7-REL
Reference: DEBIAN:19991116 Denial of service vulnerabilities in bind
Reference: CALDERA:CSSA-1999-034.1
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-1999-034.1.txt
Reference: REDHAT:RHSA-1999:054-01
Reference: CERT:CA-99-14
Reference: XF:bind-sigrecord-dos
Reference: BID:788
Reference: URL:http://www.securityfocus.com/bid/788


Name: CVE-1999-0836

Description:
UnixWare uidadmin allows local users to modify arbitrary files via a symlink attack.

Status: Entry
Reference: BUGTRAQ:19991202 UnixWare 7 uidadmin exploit + discussion
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=19991202160111.20553.qmail@nwcst282.netaddress.usa.net
Reference: SCO:SB-99.22a
Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-99.22a
Reference: BID:842
Reference: URL:http://www.securityfocus.com/bid/842
Reference: XF:unixware-uid-admin


Name: CVE-1999-0837

Description:
Denial of service in BIND by improperly closing TCP sessions via so_linger.

Status: Entry
Reference: SUSE:19991111 Security hole in bind8 < 8.2.2p2 and bind4 < 4.9.7-REL
Reference: DEBIAN:19991116 Denial of service vulnerabilities in bind
Reference: CALDERA:CSSA-1999-034.1
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-1999-034.1.txt
Reference: REDHAT:RHSA-1999:054-01
Reference: SUN:00194
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/194
Reference: CERT:CA-99-14
Reference: XF:bind-solinger-dos
Reference: BID:788
Reference: URL:http://www.securityfocus.com/bid/788


Name: CVE-1999-0838

Description:
Buffer overflow in Serv-U FTP 2.5 allows remote users to conduct a denial of service via the SITE command.

Status: Entry
Reference: BUGTRAQ:19991202 Remote DoS Attack in Serv-U FTP-Server v2.5a Vulnerability
Reference: BID:859
Reference: URL:http://www.securityfocus.com/bid/859
Reference: XF:servu-ftp-site-bo


Name: CVE-1999-0839

Description:
Windows NT Task Scheduler installed with Internet Explorer 5 allows a user to gain privileges by modifying the job after it has been scheduled.

Status: Entry
Reference: NTBUGTRAQ:19991130 Windows NT Task Scheduler vulnerability allows user to administrator elevation
Reference: MS:MS99-051
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-051.mspx
Reference: MSKB:Q246972
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q246972
Reference: XF:ie-task-scheduler-privs
Reference: BID:828
Reference: URL:http://www.securityfocus.com/bid/828


Name: CVE-1999-0842

Description:
Symantec Mail-Gear 1.0 web interface server allows remote users to read arbitrary files via a .. (dot dot) attack.

Status: Entry
Reference: NTBUGTRAQ:19991129 Symantec Mail-Gear 1.0 Web interface Server Directory Traversal Vulnerability
Reference: BUGTRAQ:19991129 Symantec Mail-Gear 1.0 Web interface Server Directory Traversal Vulnerability
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NCBBKFKDOLAGKIAPMILPCEAFCBAA.labs@ussrback.com
Reference: BID:827
Reference: URL:http://www.securityfocus.com/bid/827
Reference: XF:symantec-mail-dir-traversal
Reference: OSVDB:1144
Reference: URL:http://www.osvdb.org/1144


Name: CVE-1999-0847

Description:
Buffer overflow in free internet chess server (FICS) program, xboard.

Status: Entry
Reference: BUGTRAQ:19991129 FICS buffer overflow
Reference: XF:fics-board-bo


Name: CVE-1999-0848

Description:
Denial of service in BIND named via consuming more than "fdmax" file descriptors.

Status: Entry
Reference: SUSE:19991111 Security hole in bind8 < 8.2.2p2 and bind4 < 4.9.7-REL
Reference: DEBIAN:19991116 Denial of service vulnerabilities in bind
Reference: CALDERA:CSSA-1999-034.1
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-1999-034.1.txt
Reference: REDHAT:RHSA-1999:054-01
Reference: SUN:00194
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/194
Reference: CERT:CA-99-14
Reference: BID:788
Reference: URL:http://www.securityfocus.com/bid/788
Reference: XF:bind-fdmax-dos


Name: CVE-1999-0849

Description:
Denial of service in BIND named via maxdname.

Status: Entry
Reference: SUSE:19991111 Security hole in bind8 < 8.2.2p2 and bind4 < 4.9.7-REL
Reference: DEBIAN:19991116 Denial of service vulnerabilities in bind
Reference: CALDERA:CSSA-1999-034.1
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-1999-034.1.txt
Reference: REDHAT:RHSA-1999:054-01
Reference: SUN:00194
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/194
Reference: CERT:CA-99-14
Reference: BID:788
Reference: URL:http://www.securityfocus.com/bid/788
Reference: XF:bind-maxdname-bo


Name: CVE-1999-0851

Description:
Denial of service in BIND named via naptr.

Status: Entry
Reference: SUSE:19991111 Security hole in bind8 < 8.2.2p2 and bind4 < 4.9.7-REL
Reference: DEBIAN:19991116 Denial of service vulnerabilities in bind
Reference: CALDERA:CSSA-1999-034.1
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-1999-034.1.txt
Reference: REDHAT:RHSA-1999:054-01
Reference: SUN:00194
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/194
Reference: CERT:CA-99-14
Reference: BID:788
Reference: URL:http://www.securityfocus.com/bid/788
Reference: XF:bind-naptr-dos


Name: CVE-1999-0853

Description:
Buffer overflow in Netscape Enterprise Server and Netscape FastTrack Server allows remote attackers to gain privileges via the HTTP Basic Authentication procedure.

Status: Entry
Reference: BID:847
Reference: URL:http://www.securityfocus.com/bid/847
Reference: ISS:19991201 Buffer Overflow in Netscape Enterprise and FastTrack Authentication Procedure
Reference: XF:netscape-fasttrack-auth-bo


Name: CVE-1999-0854

Description:
Ultimate Bulletin Board stores data files in the cgi-bin directory, allowing remote attackers to view the data if an error occurs when the HTTP server attempts to execute the file.

Status: Entry
Reference: BUGTRAQ:19991130 Ultimate Bulletin Board v5.3x? Bug
Reference: BUGTRAQ:20000225 FW: Important UBB News For Licensed Users
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-22&msg=NDBBLKOPOLNKELHPDEFKIEPGCAAA.renzo.toma@veronica.nl
Reference: CONFIRM:http://www.ultimatebb.com/home/versions.shtml
Reference: XF:http-ultimate-bbs


Name: CVE-1999-0856

Description:
login in Slackware 7.0 allows remote attackers to identify valid users on the system by reporting an encryption error when an account is locked or does not exist.

Status: Entry
Reference: BUGTRAQ:19991202 Slackware 7.0 - login bug
Reference: XF:slackware-remote-login


Name: CVE-1999-0858

Description:
Internet Explorer 5 allows a remote attacker to modify the IE client's proxy configuration via a malicious Web Proxy Auto-Discovery (WPAD) server.

Status: Entry
Reference: MS:MS99-054
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-054.mspx
Reference: MSKB:Q247333
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q247333
Reference: BID:846
Reference: URL:http://www.securityfocus.com/bid/846
Reference: XF:ie-wpad-proxy-settings


Name: CVE-1999-0859

Description:
Solaris arp allows local users to read files via the -f parameter, which lists lines in the file that do not parse properly.

Status: Entry
Reference: BUGTRAQ:19991130 Solaris 2.x chkperm/arp vulnerabilities
Reference: SUNBUG:4296166
Reference: BID:837
Reference: URL:http://www.securityfocus.com/bid/837
Reference: XF:sol-arp-parse
Reference: OSVDB:6994
Reference: URL:http://www.osvdb.org/6994


Name: CVE-1999-0861

Description:
Race condition in the SSL ISAPI filter in IIS and other servers may leak information in plaintext.

Status: Entry
Reference: MS:MS99-053
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-053.mspx
Reference: MSKB:Q244613
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q244613
Reference: XF:iis-ssl-isapi-filter


Name: CVE-1999-0864

Description:
UnixWare programs that dump core allow a local user to modify files via a symlink attack on the ./core.pid file.

Status: Entry
Reference: BUGTRAQ:19991202 UnixWare coredumps follow symlinks
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=19991203020720.13115.qmail@nwcst289.netaddress.usa.net
Reference: BUGTRAQ:19991215 Recent postings about SCO UnixWare 7
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94530783815434&w=2
Reference: BUGTRAQ:19991223 FYI, SCO Security patches available.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94606167110764&w=2
Reference: BUGTRAQ:19991220 SCO OpenServer Security Status
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94581379905584&w=2
Reference: XF:sco-coredump-symlink
Reference: BID:851
Reference: URL:http://www.securityfocus.com/bid/851


Name: CVE-1999-0865

Description:
Buffer overflow in CommuniGatePro via a long string to the HTTP configuration port.

Status: Entry
Reference: BUGTRAQ:19991203 CommuniGatePro 3.1 for NT DoS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94426440413027&w=2
Reference: NTBUGTRAQ:19991203 CommuniGatePro 3.1 for NT Buffer Overflow
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=94454565726775&w=2
Reference: BID:860
Reference: URL:http://www.securityfocus.com/bid/860
Reference: XF:communigate-pro-bo


Name: CVE-1999-0866

Description:
Buffer overflow in UnixWare xauto program allows local users to gain root privilege.

Status: Entry
Reference: BUGTRAQ:19991203 UnixWare gain root with non-su/gid binaries
Reference: BUGTRAQ:19991215 Recent postings about SCO UnixWare 7
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94530783815434&w=2
Reference: BUGTRAQ:19991223 FYI, SCO Security patches available.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94606167110764&w=2
Reference: BUGTRAQ:19991220 SCO OpenServer Security Status
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94581379905584&w=2
Reference: SCO:SB-99.24a
Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-99.24a
Reference: XF:sco-xauto-bo
Reference: BID:848
Reference: URL:http://www.securityfocus.com/bid/848


Name: CVE-1999-0867

Description:
Denial of service in IIS 4.0 via a flood of HTTP requests with malformed headers.

Status: Entry
Reference: MS:MS99-029
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-029.mspx
Reference: MSKB:Q238349
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q238349
Reference: CIAC:J-058
Reference: URL:http://www.ciac.org/ciac/bulletins/j-058.shtml
Reference: XF:http-iis-malformed-header
Reference: BID:579
Reference: URL:http://www.securityfocus.com/bid/579


Name: CVE-1999-0868

Description:
ucbmail allows remote attackers to execute commands via shell metacharacters that are passed to it from INN.

Status: Entry
Reference: CERT:CA-97.08
Reference: XF:inn-ucbmail-shell-meta


Name: CVE-1999-0869

Description:
Internet Explorer 3.x to 4.01 allows a remote attacker to insert malicious content into a frame of another web site, aka frame spoofing.

Status: Entry
Reference: MS:MS98-020
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms98-020.mspx
Reference: MSKB:167614
Reference: XF:http-frame-spoof


Name: CVE-1999-0870

Description:
Internet Explorer 4.01 allows remote attackers to read arbitrary files by pasting a file name into the file upload control, aka untrusted scripted paste.

Status: Entry
Reference: MS:MS98-015
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms98-015.mspx
Reference: MSKB:169245
Reference: XF:ie-usp-cuartango


Name: CVE-1999-0871

Description:
Internet Explorer 4.0 and 4.01 allow a remote attacker to read files via IE's cross frame security, aka the "Cross Frame Navigate" vulnerability.

Status: Entry
Reference: MS:MS98-013
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms98-013.mspx
Reference: OSVDB:7837
Reference: URL:http://www.osvdb.org/7837
Reference: XF:ie-crossframe-file-read(3668)
Reference: URL:http://xforce.iss.net/xforce/xfdb/3668


Name: CVE-1999-0873

Description:
Buffer overflow in Skyfull mail server via MAIL FROM command.

Status: Entry
Reference: BID:759
Reference: URL:http://www.securityfocus.com/bid/759
Reference: XF:skyfull-mail-from-bo


Name: CVE-1999-0874

Description:
Buffer overflow in IIS 4.0 allows remote attackers to cause a denial of service via a malformed request for files with .HTR, .IDC, or .STM extensions.

Status: Entry
Reference: MS:MS99-019
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-019.asp
Reference: MSKB:Q234905
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q234905
Reference: EEYE:AD06081999
Reference: URL:http://www.eeye.com/html/Research/Advisories/AD06081999.html
Reference: CERT:CA-99-07
Reference: CIAC:J-048
Reference: URL:http://www.ciac.org/ciac/bulletins/j-048.shtml
Reference: XF:iis-htr-overflow
Reference: OVAL:oval:org.mitre.oval:def:915
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:915


Name: CVE-1999-0875

Description:
DHCP clients with ICMP Router Discovery Protocol (IRDP) enabled allow remote attackers to modify their default routes.

Status: Entry
Reference: L0PHT:19990811
Reference: MSKB:Q216141
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q216141
Reference: BID:578
Reference: URL:http://www.securityfocus.com/bid/578
Reference: XF:irdp-gateway-spoof


Name: CVE-1999-0876

Description:
Buffer overflow in Internet Explorer 4.0 via EMBED tag.

Status: Entry
Reference: MSKB:Q185959
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q185959
Reference: MSKB:Q176697
Reference: URL:http://support.microsoft.com/support/kb/articles/q176/6/97.asp


Name: CVE-1999-0877

Description:
Internet Explorer 5 allows remote attackers to read files via an ExecCommand method called on an IFRAME.

Status: Entry
Reference: MSKB:Q243638
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q243638
Reference: MS:MS99-042
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-042.mspx
Reference: XF:ie-iframe-exec


Name: CVE-1999-0878

Description:
Buffer overflow in WU-FTPD and related FTP servers allows remote attackers to gain root privileges via MAPPING_CHDIR.

Status: Entry
Reference: COMPAQ:SSRT0622
Reference: REDHAT:RHSA1999031_01
Reference: AUSCERT:AA-1999.01
Reference: CERT:CA-99-13
Reference: BID:599
Reference: URL:http://www.securityfocus.com/bid/599
Reference: XF:wu-ftpd-dir-name


Name: CVE-1999-0879

Description:
Buffer overflow in WU-FTPD and related FTP servers allows remote attackers to gain root privileges via macro variables in a message file.

Status: Entry
Reference: CERT:CA-99-13
Reference: XF:wuftp-message-file-root


Name: CVE-1999-0880

Description:
Denial of service in WU-FTPD via the SITE NEWER command, which does not free memory properly.

Status: Entry
Reference: CERT:CA-99-13
Reference: XF:wuftp-site-newer-dos


Name: CVE-1999-0881

Description:
Falcon web server allows remote attackers to read arbitrary files via a .. (dot dot) attack.

Status: Entry
Reference: BUGTRAQ:19991025 Falcon Web Server
Reference: BINDVIEW:Falcon Web Server
Reference: BID:743
Reference: URL:http://www.securityfocus.com/bid/743
Reference: XF:falcon-path-parsing
Reference: OSVDB:1127
Reference: URL:http://www.osvdb.org/1127


Name: CVE-1999-0883

Description:
Zeus web server allows remote attackers to read arbitrary files by specifying the file name in an option to the search engine.

Status: Entry
Reference: BUGTRAQ:19991024 RFP9905: Zeus webserver remote root compromise
Reference: BID:742
Reference: URL:http://www.securityfocus.com/bid/742
Reference: OSVDB:1126
Reference: URL:http://www.osvdb.org/1126
Reference: XF:zeus-remote-root(3380)
Reference: URL:http://xforce.iss.net/xforce/xfdb/3380


Name: CVE-1999-0884

Description:
The Zeus web server administrative interface uses weak encryption for its passwords.

Status: Entry
Reference: BUGTRAQ:19991024 RFP9905: Zeus webserver remote root compromise
Reference: BID:742
Reference: URL:http://www.securityfocus.com/bid/742
Reference: OSVDB:8186
Reference: URL:http://www.osvdb.org/8186
Reference: XF:zeus-weak-password(3833)
Reference: URL:http://xforce.iss.net/xforce/xfdb/3833


Name: CVE-1999-0886

Description:
The security descriptor for RASMAN allows users to point to an alternate location via the Windows NT Service Control Manager.

Status: Entry
Reference: MSKB:Q242294
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q242294
Reference: MS:MS99-041
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-041.mspx
Reference: BID:645
Reference: URL:http://www.securityfocus.com/bid/645
Reference: XF:nt-rasman-pathname


Name: CVE-1999-0887

Description:
FTGate web interface server allows remote attackers to read files via a .. (dot dot) attack.

Status: Entry
Reference: BUGTRAQ:19991104 FTGate Version 2.1 Web interface Server Directory Traversal Vulnerability
Reference: EEYE:AD05261999
Reference: URL:http://www.eeye.com/html/Research/Advisories/AD05261999.html
Reference: OSVDB:1137
Reference: URL:http://www.osvdb.org/1137


Name: CVE-1999-0888

Description:
dbsnmp in Oracle Intelligent Agent allows local users to gain privileges by setting the ORACLE_HOME environmental variable, which dbsnmp uses to find the nmiconf.tcl script.

Status: Entry
Reference: BUGTRAQ:19990817 Security Bug in Oracle
Reference: XF:oracle-dbsnmp
Reference: BID:585
Reference: URL:http://www.securityfocus.com/bid/585


Name: CVE-1999-0889

Description:
Cisco 675 routers running CBOS allow remote attackers to establish telnet sessions if an exec or superuser password has not been set.

Status: Entry
Reference: BUGTRAQ:19990810 Cisco 675 password nonsense
Reference: XF:cisco-cbos-telnet
Reference: OSVDB:39
Reference: URL:http://www.osvdb.org/39


Name: CVE-1999-0890

Description:
iHTML Merchant allows remote attackers to obtain sensitive information or execute commands via a code parsing error.

Status: Entry
Reference: BUGTRAQ:19990928 Team Asylum: iHTML Merchant Vulnerabilities
Reference: CONFIRM:http://www.ihtmlmerchant.com/support_patches_feedback.htm
Reference: BID:694
Reference: URL:http://www.securityfocus.com/bid/694
Reference: XF:ihtml-merchant-file-access


Name: CVE-1999-0891

Description:
The "download behavior" in Internet Explorer 5 allows remote attackers to read arbitrary files via a server-side redirect.

Status: Entry
Reference: MS:MS99-040
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-040.mspx
Reference: MSKB:Q242542
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q242542
Reference: CERT-VN:VU#37828
Reference: URL:http://www.kb.cert.org/vuls/id/37828
Reference: CIAC:K-002
Reference: URL:http://www.ciac.org/ciac/bulletins/k-002.shtml
Reference: BID:674
Reference: URL:http://www.securityfocus.com/bid/674
Reference: OSVDB:11274
Reference: URL:http://www.osvdb.org/11274
Reference: XF:ie-download-behavior


Name: CVE-1999-0892

Description:
Buffer overflow in Netscape Communicator before 4.7 via a dynamic font whose length field is less than the size of the font.

Status: Entry
Reference: BUGTRAQ:19991018 Netscape 4.x buffer overflow


Name: CVE-1999-0893

Description:
userOsa in SCO OpenServer allows local users to corrupt files via a symlink attack.

Status: Entry
Reference: BUGTRAQ:19991011 SCO OpenServer 5.0.5 overwrite /etc/shadow
Reference: XF:sco-openserver-userosa-script


Name: CVE-1999-0894

Description:
Red Hat Linux screen program does not use Unix98 ptys, allowing local users to write to other terminals.

Status: Entry
Reference: REDHAT:RHSA1999042-01


Name: CVE-1999-0895

Description:
Firewall-1 does not properly restrict access to LDAP attributes.

Status: Entry
Reference: BUGTRAQ:19991020 Checkpoint FireWall-1 V4.0: possible bug in LDAP authentication
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=19991020150002.21047.qmail@tarjan.mediaways.net
Reference: BID:725
Reference: URL:http://www.securityfocus.com/bid/725
Reference: XF:checkpoint-ldap-auth
Reference: OSVDB:1117
Reference: URL:http://www.osvdb.org/1117


Name: CVE-1999-0896

Description:
Buffer overflow in RealNetworks RealServer administration utility allows remote attackers to execute arbitrary commands via a long username and password.

Status: Entry
Reference: BUGTRAQ:19991109 RealNetworks RealServer G2 buffer overflow.
Reference: MISC:http://service.real.com/help/faq/servg260.html
Reference: XF:realserver-g2-pw-bo
Reference: BID:767
Reference: URL:http://www.securityfocus.com/bid/767


Name: CVE-1999-0897

Description:
iChat ROOMS Webserver allows remote attackers to read arbitrary files via a .. (dot dot) attack.

Status: Entry
Reference: BUGTRAQ:19980908 bug in iChat 3.0 (maybe others)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90538488231977&w=2
Reference: XF:ichat-file-read-vuln


Name: CVE-1999-0898

Description:
Buffer overflows in Windows NT 4.0 print spooler allow remote attackers to gain privileges or cause a denial of service via a malformed spooler request.

Status: Entry
Reference: MS:MS99-047
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-047.mspx
Reference: MSKB:Q243649
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q243649
Reference: XF:nt-printer-spooler-bo
Reference: BID:768
Reference: URL:http://www.securityfocus.com/bid/768


Name: CVE-1999-0899

Description:
The Windows NT 4.0 print spooler allows a local user to execute arbitrary commands due to inappropriate permissions that allow the user to specify an alternate print provider.

Status: Entry
Reference: MS:MS99-047
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-047.mspx
Reference: MSKB:Q243649
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q243649
Reference: BID:769
Reference: URL:http://www.securityfocus.com/bid/769
Reference: XF:nt-printer-spooler-bo


Name: CVE-1999-0900

Description:
Buffer overflow in rpc.yppasswdd allows a local user to gain privileges via MD5 hash generation.

Status: Entry
Reference: REDHAT:RHSA1999046-01
Reference: SUSE:19991023 Security hole in ypserv < 1.3.9
Reference: DEBIAN:19991027 nis


Name: CVE-1999-0901

Description:
ypserv allows a local user to modify the GECOS and login shells of other users.

Status: Entry
Reference: REDHAT:RHSA1999046-01
Reference: SUSE:19991023 Security hole in ypserv < 1.3.9
Reference: DEBIAN:19991027 nis


Name: CVE-1999-0902

Description:
ypserv allows local administrators to modify password tables.

Status: Entry
Reference: REDHAT:RHSA1999046-01
Reference: SUSE:19991023 Security hole in ypserv < 1.3.9
Reference: DEBIAN:19991027 nis


Name: CVE-1999-0903

Description:
genfilt in the AIX Packet Filtering Module does not properly filter traffic to destination ports greater than 32767.

Status: Entry
Reference: BUGTRAQ:19991025 IBM AIX Packet Filter module
Reference: BUGTRAQ:19991027 Re: IBM AIX Packet Filter module (followup)
Reference: XF:aix-genfilt-filtering


Name: CVE-1999-0904

Description:
Buffer overflow in BFTelnet allows remote attackers to cause a denial of service via a long username.

Status: Entry
Reference: BUGTRAQ:19991103 Remote DoS Attack in BFTelnet Server v1.1 for Windows NT
Reference: XF:bftelnet-username-dos
Reference: BID:771
Reference: URL:http://www.securityfocus.com/bid/771


Name: CVE-1999-0905

Description:
Denial of service in Axent Raptor firewall via malformed zero-length IP options.

Status: Entry
Reference: BUGTRAQ:19991020 Remote DoS in Axent's Raptor 6.0
Reference: BID:736
Reference: URL:http://www.securityfocus.com/bid/736
Reference: XF:raptor-ipoptions-dos
Reference: OSVDB:1121
Reference: URL:http://www.osvdb.org/1121


Name: CVE-1999-0906

Description:
Buffer overflow in sccw allows local users to gain root access via the HOME environmental variable.

Status: Entry
Reference: BUGTRAQ:19990923 SuSE 6.2 sccw overflow exploit
Reference: SUSE:19990926 Security hole in sccw (Part II)
Reference: BID:656
Reference: URL:http://www.securityfocus.com/bid/656
Reference: XF:linux-sccw-bo


Name: CVE-1999-0907

Description:
sccw allows local users to read arbitrary files.

Status: Entry
Reference: BUGTRAQ:19990916 SuSE 6.2 /usr/bin/sccw read any file
Reference: SUSE:19990921 Security Hole in sccw-1.1 and earlier


Name: CVE-1999-0908

Description:
Denial of service in Solaris TCP streams driver via a malicious connection that causes the server to panic as a result of recursive calls to mutex_enter.

Status: Entry
Reference: BUGTRAQ:19990921 solaris DoS
Reference: BID:655
Reference: URL:http://www.securityfocus.com/bid/655
Reference: XF:sun-tcp-mutex-enter-dos


Name: CVE-1999-0909

Description:
Multihomed Windows systems allow a remote attacker to bypass IP source routing restrictions via a malformed packet with IP options, aka the "Spoofed Route Pointer" vulnerability.

Status: Entry
Reference: NAI:Windows IP Source Routing Vulnerability
Reference: MS:MS99-038
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-038.mspx
Reference: MSKB:Q238453
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q238453
Reference: BID:646
Reference: URL:http://www.securityfocus.com/bid/646
Reference: XF:nt-ip-source-route


Name: CVE-1999-0912

Description:
FreeBSD VFS cache (vfs_cache) allows local users to cause a denial of service by opening a large number of files.

Status: Entry
Reference: BUGTRAQ:19990921 FreeBSD-specific denial of service
Reference: BID:653
Reference: URL:http://www.securityfocus.com/bid/653
Reference: XF:freebsd-vfscache-dos
Reference: OSVDB:1079
Reference: URL:http://www.osvdb.org/1079


Name: CVE-1999-0914

Description:
Buffer overflow in the FTP client in the Debian GNU/Linux netstd package.

Status: Entry
Reference: DEBIAN:19990104
Reference: BUGTRAQ:19990103 [SECURITY] New versions of netstd fixes buffer overflows
Reference: BID:324
Reference: URL:http://www.securityfocus.com/bid/324


Name: CVE-1999-0915

Description:
URL Live! web server allows remote attackers to read arbitrary files via a .. (dot dot) attack.

Status: Entry
Reference: BUGTRAQ:19991028 URL Live! 1.0 WebServer
Reference: BID:746
Reference: URL:http://www.securityfocus.com/bid/746
Reference: OSVDB:1129
Reference: URL:http://www.osvdb.org/1129


Name: CVE-1999-0916

Description:
WebTrends software stores account names and passwords in a file which does not have restricted access permissions.

Status: Entry
Reference: ISS:19990629 Bad Permissions on Passwords Stored by WebTrends Software


Name: CVE-1999-0917

Description:
The Preloader ActiveX control used by Internet Explorer allows remote attackers to read arbitrary files.

Status: Entry
Reference: MS:MS99-018
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-018.mspx
Reference: MSKB:Q231452
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q231452
Reference: XF:legacy-activex-local-drive


Name: CVE-1999-0918

Description:
Denial of service in various Windows systems via malformed, fragmented IGMP packets.

Status: Entry
Reference: BUGTRAQ:19990703 IGMP fragmentation bug in Windows 98/2000
Reference: MSKB:Q238329
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q238329
Reference: MS:MS99-034
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-034.mspx
Reference: XF:igmp-dos
Reference: BID:514
Reference: URL:http://www.securityfocus.com/bid/514


Name: CVE-1999-0920

Description:
Buffer overflow in the pop-2d POP daemon in the IMAP package allows remote attackers to gain privileges via the FOLD command.

Status: Entry
Reference: BUGTRAQ:19990526 Remote vulnerability in pop2d
Reference: DEBIAN:19990607a
Reference: BID:283
Reference: URL:http://www.securityfocus.com/bid/283
Reference: XF:pop2-fold-bo


Name: CVE-1999-0921

Description:
BMC Patrol allows any remote attacker to flood its UDP port, causing a denial of service.

Status: Entry
Reference: BUGTRAQ:19990409 Patrol security bugs
Reference: URL:http://www.securityfocus.com/archive/1/13204
Reference: XF:bmc-patrol-udp-dos(4291)
Reference: URL:http://www.iss.net/security_center/static/4291.php
Reference: BID:1879
Reference: URL:http://www.securityfocus.com/bid/1879


Name: CVE-1999-0922

Description:
An example application in ColdFusion Server 4.0 allows remote attackers to view source code via the sourcewindow.cfm file.

Status: Entry
Reference: ALLAIRE:ASB99-02
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=8739&Method=Full
Reference: XF:coldfusion-sourcewindow


Name: CVE-1999-0924

Description:
The Syntax Checker in ColdFusion Server 4.0 allows remote attackers to conduct a denial of service.

Status: Entry
Reference: ALLAIRE:ASB99-02
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=8739&Method=Full
Reference: XF:coldfusion-syntax-checker(1742)
Reference: URL:http://xforce.iss.net/xforce/xfdb/1742
Reference: OSVDB:3236
Reference: URL:http://www.osvdb.org/3236


Name: CVE-1999-0927

Description:
NTMail allows remote attackers to read arbitrary files via a .. (dot dot) attack.

Status: Entry
Reference: EEYE:AD05261999
Reference: URL:http://www.eeye.com/html/Research/Advisories/AD05261999.html
Reference: BID:279
Reference: URL:http://www.securityfocus.com/bid/279
Reference: XF:ntmail-fileread


Name: CVE-1999-0928

Description:
Buffer overflow in SmartDesk WebSuite allows remote attackers to cause a denial of service via a long URL.

Status: Entry
Reference: BUGTRAQ:19990525 Buffer overflow in SmartDesk WebSuite v2.1
Reference: XF:websuite-dos
Reference: BID:278
Reference: URL:http://www.securityfocus.com/bid/278


Name: CVE-1999-0930

Description:
wwwboard allows a remote attacker to delete message board articles via a malformed argument.

Status: Entry
Reference: BUGTRAQ:19980903 wwwboard.pl vulnerability
Reference: CONFIRM:http://www.worldwidemart.com/scripts/faq/wwwboard/q5.shtml
Reference: XF:http-cgi-wwwboard(2344)
Reference: URL:http://xforce.iss.net/static/2344.php
Reference: BID:1795
Reference: URL:http://www.securityfocus.com/bid/1795


Name: CVE-1999-0931

Description:
Buffer overflow in Mediahouse Statistics Server allows remote attackers to execute commands.

Status: Entry
Reference: BUGTRAQ:19990930 Security flaw in Mediahouse Statistics Server v4.28 & 5.01
Reference: BID:734
Reference: URL:http://www.securityfocus.com/bid/734
Reference: XF:mediahouse-stats-login-bo


Name: CVE-1999-0932

Description:
Mediahouse Statistics Server allows remote attackers to read the administrator password, which is stored in cleartext in the ss.cfg file.

Status: Entry
Reference: BUGTRAQ:19990930 Security flaw in Mediahouse Statistics Server v4.28 & 5.01
Reference: BID:735
Reference: URL:http://www.securityfocus.com/bid/735
Reference: XF:mediahouse-stats-adminpw-cleartext


Name: CVE-1999-0933

Description:
TeamTrack web server allows remote attackers to read arbitrary files via a .. (dot dot) attack.

Status: Entry
Reference: BUGTRAQ:19991001 RFP9904: TeamTrack webserver vulnerability
Reference: BID:689
Reference: URL:http://www.securityfocus.com/bid/689
Reference: OSVDB:1096
Reference: URL:http://www.osvdb.org/1096


Name: CVE-1999-0934

Description:
classifieds.cgi allows remote attackers to read arbitrary files via shell metacharacters.

Status: Entry
Reference: EL8:19991215 Classifieds (classifieds.cgi)
Reference: BID:2020
Reference: URL:http://www.securityfocus.com/bid/2020
Reference: XF:http-cgi-classifieds-read(3102)
Reference: URL:http://xforce.iss.net/xforce/xfdb/3102


Name: CVE-1999-0935

Description:
classifieds.cgi allows remote attackers to execute arbitrary commands by specifying them in a hidden variable in a CGI form.

Status: Entry
Reference: EL8:19991215 Classifieds (classifieds.cgi)


Name: CVE-1999-0936

Description:
BNBSurvey survey.cgi program allows remote attackers to execute commands via shell metacharacters.

Status: Entry
Reference: EL8:19981203 BNBSurvey (survey.cgi)


Name: CVE-1999-0937

Description:
BNBForm allows remote attackers to read arbitrary files via the automessage hidden form variable.

Status: Entry
Reference: EL8:19981203 BNBForm (bnbform.cgi)


Name: CVE-1999-0938

Description:
MBone SDR Package allows remote attackers to execute commands via shell metacharacters in Sesion Initiation Protocol (SIP) messages.

Status: Entry
Reference: CERT:VN-99-03
Reference: XF:sdr-execute


Name: CVE-1999-0939

Description:
Denial of service in Debian IRC Epic/epic4 client via a long string.

Status: Entry
Reference: BUGTRAQ:19990826 [SECURITY] New versions of epic4 fixes possible DoS vulnerability
Reference: DEBIAN:19990826
Reference: BID:605
Reference: URL:http://www.securityfocus.com/bid/605


Name: CVE-1999-0940

Description:
Buffer overflow in mutt mail client allows remote attackers to execute commands via malformed MIME messages.

Status: Entry
Reference: CALDERA:CSSA-1999-031
Reference: SUSE:19990927 Security hole in mutt


Name: CVE-1999-0942

Description:
UnixWare dos7utils allows a local user to gain root privileges by using the STATICMERGE environmental variable to find a script which it executes.

Status: Entry
Reference: BUGTRAQ:19991005 SCO UnixWare 7.1 local root exploit
Reference: XF:sco-unixware-dos7utils-root-privs


Name: CVE-1999-0943

Description:
Buffer overflow in OpenLink 3.2 allows remote attackers to gain privileges via a long GET request to the web configurator.

Status: Entry
Reference: BUGTRAQ:19991015 OpenLink 3.2 Advisory
Reference: BID:720
Reference: URL:http://www.securityfocus.com/bid/720


Name: CVE-1999-0945

Description:
Buffer overflow in Internet Mail Service (IMS) for Microsoft Exchange 5.5 and 5.0 allows remote attackers to conduct a denial of service via AUTH or AUTHINFO commands.

Status: Entry
Reference: ISS:19980724 Denial of Service attacks against Microsoft Exchange 5.0 to 5.5
Reference: URL:http://xforce.iss.net/alerts/advise4.php
Reference: CIAC:I-080
Reference: URL:http://www.ciac.org/ciac/bulletins/i-080.shtml
Reference: MSKB:Q169174
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q169174
Reference: XF:exchange-dos(1223)
Reference: URL:http://xforce.iss.net/xforce/xfdb/1223


Name: CVE-1999-0946

Description:
Buffer overflow in Yamaha MidiPlug via a Text variable in an EMBED tag.

Status: Entry
Reference: BUGTRAQ:19991102 Some holes for Win/UNIX softwares
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94157187815629&w=2
Reference: XF:yamaha-midiplug-embed
Reference: BID:760
Reference: URL:http://www.securityfocus.com/bid/760


Name: CVE-1999-0947

Description:
AN-HTTPd provides example CGI scripts test.bat, input.bat, input2.bat, and envout.bat, which allow remote attackers to execute commands via shell metacharacters.

Status: Entry
Reference: BUGTRAQ:19991102 Some holes for Win/UNIX softwares
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94157187815629&w=2
Reference: BID:762
Reference: URL:http://www.securityfocus.com/bid/762


Name: CVE-1999-0950

Description:
Buffer overflow in WFTPD FTP server allows remote attackers to gain root access via a series of MKD and CWD commands that create nested directories.

Status: Entry
Reference: BUGTRAQ:19991027 WFTPD v2.40 FTPServer remotely exploitable buffer overflow vulnerability
Reference: BID:747
Reference: URL:http://www.securityfocus.com/bid/747
Reference: XF:wftpd-mkd-bo


Name: CVE-1999-0951

Description:
Buffer overflow in OmniHTTPd CGI program imagemap.exe allows remote attackers to execute commands.

Status: Entry
Reference: BUGTRAQ:19991022 Imagemap CGI overflow exploit
Reference: BID:739
Reference: URL:http://www.securityfocus.com/bid/739
Reference: XF:http-cgi-imagemap-bo
Reference: OSVDB:3380
Reference: URL:http://www.osvdb.org/3380


Name: CVE-1999-0953

Description:
WWWBoard stores encrypted passwords in a password file that is under the web root and thus accessible by remote attackers.

Status: Entry
Reference: BUGTRAQ:19980903 wwwboard.pl vulnerability
Reference: BUGTRAQ:19990916 More fun with WWWBoard


Name: CVE-1999-0954

Description:
WWWBoard has a default username and default password.

Status: Entry
Reference: BUGTRAQ:19990916 More fun with WWWBoard
Reference: BID:649
Reference: URL:http://www.securityfocus.com/bid/649


Name: CVE-1999-0955

Description:
Race condition in wu-ftpd and BSDI ftpd allows remote attackers gain root access via the SITE EXEC command.

Status: Entry
Reference: CERT:CA-94.08
Reference: CIAC:E-17
Reference: XF:ftp-exec


Name: CVE-1999-0956

Description:
The NeXT NetInfo _writers property allows local users to gain root privileges or conduct a denial of service.

Status: Entry
Reference: CERT:CA-93.02a
Reference: XF:next-netinfo


Name: CVE-1999-0957

Description:
MajorCool mj_key_cache program allows local users to modify files via a symlink attack.

Status: Entry
Reference: BUGTRAQ:19970618 Security hole in MajorCool 1.0.3
Reference: XF:majorcool-file-overwrite-vuln


Name: CVE-1999-0958

Description:
sudo 1.5.x allows local users to execute arbitrary commands via a .. (dot dot) attack.

Status: Entry
Reference: BUGTRAQ:19980112 Re: hole in sudo for MP-RAS.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88465708614896&w=2
Reference: XF:sudo-dot-dot-attack


Name: CVE-1999-0959

Description:
IRIX startmidi program allows local users to modify arbitrary files via a symlink attack.

Status: Entry
Reference: BUGTRAQ:19970209 IRIX: Bug in startmidi
Reference: AUSCERT:AA-97-05
Reference: SGI:19980301-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980301-01-PX
Reference: BID:469
Reference: URL:http://www.securityfocus.com/bid/469
Reference: OSVDB:8447
Reference: URL:http://www.osvdb.org/8447
Reference: XF:irix-startmidi-file-creation((1634)


Name: CVE-1999-0960

Description:
IRIX cdplayer allows local users to create directories in arbitrary locations via a command line option.

Status: Entry
Reference: AUSCERT:AA-96.11
Reference: SGI:19980301-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980301-01-PX
Reference: XF:irix-cdplayer-directory-create


Name: CVE-1999-0961

Description:
HPUX sysdiag allows local users to gain root privileges via a symlink attack during log file creation.

Status: Entry
Reference: BUGTRAQ:19960921 Vunerability in HP sysdiag ?
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167419906&w=2
Reference: CIAC:H-03
Reference: XF:hp-sysdiag-symlink


Name: CVE-1999-0962

Description:
Buffer overflow in HPUX passwd command allows local users to gain root privileges via a command line option.

Status: Entry
Reference: AUSCERT:AA-96.13
Reference: HP:HPSBUX9701-045
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9701-045
Reference: XF:hp-password-cmd-bo
Reference: OSVDB:6415
Reference: URL:http://www.osvdb.org/6415


Name: CVE-1999-0963

Description:
FreeBSD mount_union command allows local users to gain root privileges via a symlink attack.

Status: Entry
Reference: BUGTRAQ:19960517 BoS: SECURITY BUG in FreeBSD
Reference: CERT:VB-96.06
Reference: XF:freebsd-mount-union-root
Reference: OSVDB:6088
Reference: URL:http://www.osvdb.org/6088


Name: CVE-1999-0964

Description:
Buffer overflow in FreeBSD setlocale in the libc module allows attackers to execute arbitrary code via a long PATH_LOCALE environment variable.

Status: Entry
Reference: FREEBSD:FreeBSD-SA-97:01
Reference: XF:freebsd-setlocale-bo
Reference: OSVDB:6086
Reference: URL:http://www.osvdb.org/6086


Name: CVE-1999-0965

Description:
Race condition in xterm allows local users to modify arbitrary files via the logging option.

Status: Entry
Reference: CERT:CA-93.17
Reference: XF:xterm


Name: CVE-1999-0966

Description:
Buffer overflow in Solaris getopt in libc allows local users to gain root privileges via a long argv[0].

Status: Entry
Reference: L0PHT:19970127 Solaris libc - getopt(3)


Name: CVE-1999-0967

Description:
Buffer overflow in the HTML library used by Internet Explorer, Outlook Express, and Windows Explorer via the res: local resource protocol.

Status: Entry
Reference: L0PHT:19971101 Microsoft Internet Explorer 4.0 Suite


Name: CVE-1999-0968

Description:
Buffer overflow in BNC IRC proxy allows remote attackers to gain privileges.

Status: Entry
Reference: BUGTRAQ:19981226 bnc exploit
Reference: URL:http://www.securityfocus.com/archive/1/11711
Reference: XF:bnc-proxy-bo(1546)
Reference: URL:http://xforce.iss.net/static/1546.php
Reference: BID:1927
Reference: URL:http://www.securityfocus.com/bid/1927


Name: CVE-1999-0969

Description:
The Windows NT RPC service allows remote attackers to conduct a denial of service using spoofed malformed RPC packets which generate an error message that is sent to the spoofed host, potentially setting up a loop, aka Snork.

Status: Entry
Reference: ISS:19980929 "Snork" Denial of Service Attack Against Windows NT RPC Service
Reference: NTBUGTRAQ:19980929 ISS Security Advisory: Snork
Reference: MS:MS98-014
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms98-014.mspx
Reference: MSKB:Q193233
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q193233
Reference: XF:snork-dos


Name: CVE-1999-0971

Description:
Buffer overflow in Exim allows local users to gain root privileges via a long :include: option in a .forward file.

Status: Entry
Reference: BUGTRAQ:19970722 Security hole in exim 1.62: local root exploit
Reference: URL:http://www.securityfocus.com/archive/1/7301
Reference: XF:exim-include-overflow


Name: CVE-1999-0972

Description:
Buffer overflow in Xshipwars xsw program.

Status: Entry
Reference: BUGTRAQ:19991209 xsw 1.24 remote buffer overflow
Reference: BID:863
Reference: URL:http://www.securityfocus.com/bid/863


Name: CVE-1999-0973

Description:
Buffer overflow in Solaris snoop program allows remote attackers to gain root privileges via a long domain name when snoop is running in verbose mode.

Status: Entry
Reference: BUGTRAQ:19991206 [w00giving #8] Solaris 2.7's snoop
Reference: BUGTRAQ:19991209 Clarification needed on the snoop vuln(s) (fwd)
Reference: BID:858
Reference: URL:http://www.securityfocus.com/bid/858


Name: CVE-1999-0974

Description:
Buffer overflow in Solaris snoop allows remote attackers to gain root privileges via GETQUOTA requests to the rpc.rquotad service.

Status: Entry
Reference: ISS:19991209 Buffer Overflow in Solaris Snoop
Reference: SUN:00190
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/190
Reference: BUGTRAQ:19991209 Clarification needed on the snoop vuln(s) (fwd)
Reference: BID:864
Reference: URL:http://www.securityfocus.com/bid/864


Name: CVE-1999-0975

Description:
The Windows help system can allow a local user to execute commands as another user by editing a table of contents metafile with a .CNT extension and modifying the topic action to include the commands to be executed when the .hlp file is accessed.

Status: Entry
Reference: BUGTRAQ:19991207 Local user can fool another to run executable. .CNT/.GID/.HLP M$WINNT
Reference: BID:868
Reference: URL:http://www.securityfocus.com/bid/868


Name: CVE-1999-0976

Description:
Sendmail allows local users to reinitialize the aliases database via the newaliases command, then cause a denial of service by interrupting Sendmail.

Status: Entry
Reference: OPENBSD:19991204
Reference: BUGTRAQ:19991207 [Debian] New version of sendmail released
Reference: XF:sendmail-bi-alias
Reference: BID:857
Reference: URL:http://www.securityfocus.com/bid/857


Name: CVE-1999-0977

Description:
Buffer overflow in Solaris sadmind allows remote attackers to gain root privileges using a NETMGT_PROC_SERVICE request.

Status: Entry
Reference: SF-INCIDENTS:19991209 sadmind
Reference: BUGTRAQ:19991210 Solaris sadmind Buffer Overflow Vulnerability
Reference: BUGTRAQ:19991210 Re: Solaris sadmind Buffer Overflow Vulnerability
Reference: CERT:CA-99-16
Reference: SUN:00191
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/191
Reference: BID:866
Reference: URL:http://www.securityfocus.com/bid/866
Reference: BID:2354
Reference: URL:http://www.securityfocus.com/bid/2354
Reference: XF:sol-sadmind-amslverify-bo
Reference: OSVDB:2558
Reference: URL:http://www.osvdb.org/2558


Name: CVE-1999-0978

Description:
htdig allows remote attackers to execute commands via filenames with shell metacharacters.

Status: Entry
Reference: DEBIAN:19991209
Reference: BID:867
Reference: URL:http://www.securityfocus.com/bid/867


Name: CVE-1999-0979

Description:
The SCO UnixWare privileged process system allows local users to gain root privileges by using a debugger such as gdb to insert traps into _init before the privileged process is executed.

Status: Entry
Reference: BUGTRAQ:19991209 Fundamental flaw in UnixWare 7 security
Reference: BUGTRAQ:19991215 Recent postings about SCO UnixWare 7
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94530783815434&w=2
Reference: BID:869
Reference: URL:http://www.securityfocus.com/bid/869


Name: CVE-1999-0980

Description:
Windows NT Service Control Manager (SCM) allows remote attackers to cause a denial of service via a malformed argument in a resource enumeration request.

Status: Entry
Reference: MS:MS99-055
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-055.mspx
Reference: MSKB:Q246045
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q246045


Name: CVE-1999-0981

Description:
Internet Explorer 5.01 and earlier allows a remote attacker to create a reference to a client window and use a server-side redirect to access local files via that window, aka "Server-side Page Reference Redirect."

Status: Entry
Reference: MS:MS99-050
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-050.mspx
Reference: MSKB:Q246094
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q246094


Name: CVE-1999-0982

Description:
The Sun Web-Based Enterprise Management (WBEM) installation script stores a password in plaintext in a world readable file.

Status: Entry
Reference: BUGTRAQ:19991206 Solaris WBEM 1.0: plaintext password stored in world readable file


Name: CVE-1999-0986

Description:
The ping command in Linux 2.0.3x allows local users to cause a denial of service by sending large packets with the -R (record route) option.

Status: Entry
Reference: BUGTRAQ:19991209 Big problem on 2.0.x?
Reference: BID:870
Reference: URL:http://www.securityfocus.com/bid/870


Name: CVE-1999-0987

Description:
Windows NT does not properly download a system policy if the domain user logs into the domain with a space at the end of the domain name.

Status: Entry
Reference: NTBUGTRAQ:19991118 NT System Policy for Win95 Not downloaded when adding a space after domain name
Reference: MSKB:Q237923
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q237923


Name: CVE-1999-0989

Description:
Buffer overflow in Internet Explorer 5 directshow filter (MSDXM.OCX) allows remote attackers to execute commands via the vnd.ms.radio protocol.

Status: Entry
Reference: NTBUGTRAQ:19991205 new IE5 remote exploit
Reference: BUGTRAQ:19991205 new IE5 remote exploit
Reference: BID:861
Reference: URL:http://www.securityfocus.com/bid/861


Name: CVE-1999-0991

Description:
Buffer overflow in GoodTech Telnet Server NT allows remote users to cause a denial of service via a long login name.

Status: Entry
Reference: NTBUGTRAQ:19991206 Remote DoS Attack in GoodTech Telnet Server NT v2.2.1 Vulnerability
Reference: BUGTRAQ:19991206 Remote DoS Attack in GoodTech Telnet Server NT v2.2.1 Vulnerability
Reference: BID:862
Reference: URL:http://www.securityfocus.com/bid/862


Name: CVE-1999-0992

Description:
HP VirtualVault with the PHSS_17692 patch allows unprivileged processes to bypass access restrictions via the Trusted Gateway Proxy (TGP).

Status: Entry
Reference: HP:HPSBUX9912-107
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9912-107


Name: CVE-1999-0994

Description:
Windows NT with SYSKEY reuses the keystream that is used for encrypting SAM password hashes, allowing an attacker to crack passwords.

Status: Entry
Reference: BINDVIEW:19991216 Windows NT's SYSKEY feature
Reference: MS:MS99-056
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-056.mspx
Reference: MSKB:Q248183
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q248183
Reference: BID:873
Reference: URL:http://www.securityfocus.com/bid/873


Name: CVE-1999-0995

Description:
Windows NT Local Security Authority (LSA) allows remote attackers to cause a denial of service via malformed arguments to the LsaLookupSids function which looks up the SID, aka "Malformed Security Identifier Request."

Status: Entry
Reference: NAI:19991216 Windows NT LSA Remote Denial of Service
Reference: MS:MS99-057
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-057.mspx
Reference: MSKB:Q248185
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q248185
Reference: BID:875
Reference: URL:http://www.securityfocus.com/bid/875


Name: CVE-1999-0996

Description:
Buffer overflow in Infoseek Ultraseek search engine allows remote attackers to execute commands via a long GET request.

Status: Entry
Reference: EEYE:AD19991215
Reference: URL:http://www.eeye.com/html/Research/Advisories/AD19991215.html
Reference: BUGTRAQ:19991216 Infoseek Ultraseek Remote Buffer Overflow
Reference: NTBUGTRAQ:19991216 Infoseek Ultraseek Remote Buffer Overflow
Reference: XF:infoseek-ultraseek-bo
Reference: OSVDB:6490
Reference: URL:http://www.osvdb.org/6490


Name: CVE-1999-0997

Description:
wu-ftp with FTP conversion enabled allows an attacker to execute commands via a malformed file name that is interpreted as an argument to the program that does the conversion, e.g. tar or uncompress.

Status: Entry
Reference: BUGTRAQ:19991220 Security vulnerability in certain wu-ftpd (and derivitives) configurations (fwd)
Reference: DEBIAN:DSA-377
Reference: URL:http://www.debian.org/security/2003/dsa-377
Reference: XF:wuftp-ftp-conversion


Name: CVE-1999-0998

Description:
Cisco Cache Engine allows an attacker to replace content in the cache.

Status: Entry
Reference: CISCO:19991216 Cisco Cache Engine Authentication Vulnerabilities
Reference: BUGTRAQ:19991216 Cisco Security Advisory: Cisco Cache Engine Authentication Vulnerabilities
Reference: XF:cisco-cache-engine-replace


Name: CVE-1999-0999

Description:
Microsoft SQL 7.0 server allows a remote attacker to cause a denial of service via a malformed TDS packet.

Status: Entry
Reference: MS:MS99-059
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-059.mspx
Reference: MSKB:Q248749
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q248749
Reference: BID:817
Reference: URL:http://www.securityfocus.com/bid/817


Name: CVE-1999-1000

Description:
The web administration interface for Cisco Cache Engine allows remote attackers to view performance statistics.

Status: Entry
Reference: CISCO:19991216 Cisco Cache Engine Authentication Vulnerabilities
Reference: BUGTRAQ:19991216 Cisco Security Advisory: Cisco Cache Engine Authentication Vulnerabilities
Reference: XF:cisco-cache-engine-performance


Name: CVE-1999-1001

Description:
Cisco Cache Engine allows a remote attacker to gain access via a null username and password.

Status: Entry
Reference: CISCO:19991216 Cisco Cache Engine Authentication Vulnerabilities
Reference: BUGTRAQ:19991216 Cisco Security Advisory: Cisco Cache Engine Authentication Vulnerabilities


Name: CVE-1999-1004

Description:
Buffer overflow in the POP server POProxy for the Norton Anti-Virus protection NAV2000 program via a large USER command.

Status: Entry
Reference: BUGTRAQ:19991217 NAV2000 Email Protection DoS
Reference: URL:http://www.securityfocus.com/archive/1/38970
Reference: BUGTRAQ:19991220 Norton Email Protection Remote Overflow (Addendum)
Reference: URL:http://www.securityfocus.com/archive/1/39194
Reference: CONFIRM:http://service1.symantec.com/SUPPORT/nav.nsf/df0a595864594c86852567ac0063608c/6206f660a1f2516a882568660082c930?OpenDocument&Highlight=0,poproxy
Reference: OSVDB:6267
Reference: URL:http://www.osvdb.org/6267


Name: CVE-1999-1005

Description:
Groupwise web server GWWEB.EXE allows remote attackers to read arbitrary files with .htm extensions via a .. (dot dot) attack using the HELP parameter.

Status: Entry
Reference: BUGTRAQ:19991219 Groupewise Web Interface
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94571433731824&w=2
Reference: XF:groupwise-web-read-files
Reference: BID:879
Reference: URL:http://www.securityfocus.com/bid/879
Reference: OSVDB:3413
Reference: URL:http://www.osvdb.org/3413


Name: CVE-1999-1007

Description:
Buffer overflow in VDO Live Player allows remote attackers to execute commands on the VDO client via a malformed .vdo file.

Status: Entry
Reference: BUGTRAQ:19991213 VDO Live Player 3.02 Buffer Overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94512259331599&w=2
Reference: XF:vdolive-bo-execute
Reference: BID:872
Reference: URL:http://www.securityfocus.com/bid/872


Name: CVE-1999-1008

Description:
xsoldier program allows local users to gain root access via a long argument.

Status: Entry
Reference: BUGTRAQ:19991215 FreeBSD 3.3 xsoldier root exploit
Reference: MISC:http://marc.theaimsgroup.com/?l=freebsd-security&m=94531826621620&w=2
Reference: BID:871
Reference: URL:http://www.securityfocus.com/bid/871
Reference: XF:unix-xsoldier-overflow


Name: CVE-1999-1010

Description:
An SSH 1.2.27 server allows a client to use the "none" cipher, even if it is not allowed by the server policy.

Status: Entry
Reference: BUGTRAQ:19991214 sshd1 allows unencrypted sessions regardless of server policy
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94519142415338&w=2
Reference: XF:ssh-policy-bypass


Name: CVE-1999-1011

Description:
The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands.

Status: Entry
Reference: MS:MS98-004
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms98-004.asp
Reference: MS:MS99-025
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-025.asp
Reference: CIAC:J-054
Reference: URL:http://www.ciac.org/ciac/bulletins/j-054.shtml
Reference: ISS:19990809 Vulnerabilities in Microsoft Remote Data Service
Reference: BID:529
Reference: URL:http://www.ciac.org/ciac/bulletins/j-054.shtml
Reference: XF:nt-iis-rds
Reference: OSVDB:272
Reference: URL:http://www.osvdb.org/272


Name: CVE-1999-1014

Description:
Buffer overflow in mail command in Solaris 2.7 and 2.7 allows local users to gain privileges via a long -m argument.

Status: Entry
Reference: BUGTRAQ:19990913 Solaris 2.7 /usr/bin/mail
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93727925026476&w=2
Reference: BUGTRAQ:19990927 Working Solaris x86 /usr/bin/mail exploit
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93846422810162&w=2
Reference: SUNBUG:4276509
Reference: XF:sun-usrbinmail-local-bo(3297)
Reference: URL:http://xforce.iss.net/static/3297.php
Reference: BID:672
Reference: URL:http://www.securityfocus.com/bid/672


Name: CVE-1999-1019

Description:
SpectroSERVER in Cabletron Spectrum Enterprise Manager 5.0 installs a directory tree with insecure permissions, which allows local users to replace a privileged executable (processd) with a Trojan horse, facilitating a root or Administrator compromise.

Status: Entry
Reference: BUGTRAQ:19990623 Cabletron Spectrum security vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93024398713491&w=2
Reference: BUGTRAQ:19990624 Re: Cabletron Spectrum security vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93024398513475&w=2
Reference: BID:495
Reference: URL:http://www.securityfocus.com/bid/495


Name: CVE-1999-1021

Description:
NFS on SunOS 4.1 through 4.1.2 ignores the high order 16 bits in a 32 bit UID, which allows a local user to gain root access if the lower 16 bits are set to 0, as fixed by the NFS jumbo patch upgrade.

Status: Entry
Reference: CERT:CA-1992-15
Reference: URL:http://www.cert.org/advisories/CA-1992-15.html
Reference: SUN:00117
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/117&type=0&nav=sec.sba
Reference: BID:47
Reference: URL:http://www.securityfocus.com/bid/47
Reference: XF:nfs-uid(82)
Reference: URL:http://xforce.iss.net/static/82.php


Name: CVE-1999-1027

Description:
Solaris 2.6 HW3/98 installs admintool with world-writable permissions, which allows local users to gain privileges by replacing it with a Trojan horse program.

Status: Entry
Reference: BUGTRAQ:19980507 admintool mode 0777 in Solaris 2.6 HW3/98
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221101925880&w=2
Reference: SUNBUG:4178998
Reference: XF:solaris-admintool-world-writable(7296)
Reference: URL:http://xforce.iss.net/static/7296.php
Reference: BID:290
Reference: URL:http://www.securityfocus.com/bid/290


Name: CVE-1999-1028

Description:
Symantec pcAnywhere 8.0 allows remote attackers to cause a denial of service (CPU utilization) via a large amount of data to port 5631.

Status: Entry
Reference: NTBUGTRAQ:19990528 DoS against PC Anywhere
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92807524225090&w=2
Reference: BID:288
Reference: URL:http://www.securityfocus.com/bid/288
Reference: XF:pcanywhere-dos(2256)
Reference: URL:http://www.iss.net/security_center/static/2256.php


Name: CVE-1999-1032

Description:
Vulnerability in LAT/Telnet Gateway (lattelnet) on Ultrix 4.1 and 4.2 allows attackers to gain root privileges.

Status: Entry
Reference: CERT:CA-1991-11
Reference: URL:http://www.cert.org/advisories/CA-1991-11.html
Reference: CIAC:B-36
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/b-36.shtml
Reference: BID:26
Reference: URL:http://www.securityfocus.com/bid/26
Reference: XF:ultrix-telnet(584)
Reference: URL:http://xforce.iss.net/static/584.php


Name: CVE-1999-1034

Description:
Vulnerability in login in AT&T System V Release 4 allows local users to gain privileges.

Status: Entry
Reference: CERT:CA-1991-08
Reference: URL:http://www.cert.org/advisories/CA-1991-08.html
Reference: CIAC:B-28
Reference: URL:http://www.ciac.org/ciac/bulletins/b-28.shtml
Reference: BID:23
Reference: URL:http://www.securityfocus.com/bid/23
Reference: XF:sysv-login(583)
Reference: URL:http://xforce.iss.net/static/583.php


Name: CVE-1999-1035

Description:
IIS 3.0 and 4.0 on x86 and Alpha allows remote attackers to cause a denial of service (hang) via a malformed GET request, aka the IIS "GET" vulnerability.

Status: Entry
Reference: MS:MS98-019
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms98-019.asp
Reference: MSKB:Q192296
Reference: URL:http://support.microsoft.com/support/kb/articles/q192/2/96.asp
Reference: XF:iis-get-dos(1823)
Reference: URL:http://xforce.iss.net/static/1823.php


Name: CVE-1999-1037

Description:
rex.satan in SATAN 1.1.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/rex.$$ file.

Status: Entry
Reference: BUGTRAQ:19980626 vulnerability in satan, cops & tiger
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221103125976&w=2
Reference: BUGTRAQ:19980627 Re: vulnerability in satan, cops & tiger
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221103125986&w=2
Reference: XF:satan-rexsatan-symlink(7167)
Reference: URL:http://www.iss.net/security_center/static/7167.php
Reference: OSVDB:3147
Reference: URL:http://www.osvdb.org/3147


Name: CVE-1999-1044

Description:
Vulnerability in Advanced File System Utility (advfs) in Digital UNIX 4.0 through 4.0d allows local users to gain privileges.

Status: Entry
Reference: COMPAQ:SSRT0495U
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/i-050.shtml
Reference: CIAC:I-050
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/i-050.shtml
Reference: XF:dgux-advfs-softlinks(7431)
Reference: URL:http://www.iss.net/security_center/static/7431.php


Name: CVE-1999-1045

Description:
pnserver in RealServer 5.0 and earlier allows remote attackers to cause a denial of service by sending a short, malformed request.

Status: Entry
Reference: BUGTRAQ:19980115 pnserver exploit..
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88492978527261&w=2
Reference: BUGTRAQ:19980115 [rootshell] Security Bulletin #7
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88490880523890&w=2
Reference: BUGTRAQ:19980817 Re: Real Audio Server Version 5 bug?
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90338245305236&w=2
Reference: MISC:http://service.real.com/help/faq/serv501.html
Reference: XF:realserver-pnserver-remote-dos(7297)
Reference: URL:http://www.iss.net/security_center/static/7297.php
Reference: OSVDB:6979
Reference: URL:http://www.osvdb.org/6979


Name: CVE-1999-1047

Description:
When BSDI patches for Gauntlet 5.0 BSDI are installed in a particular order, Gauntlet allows remote attackers to bypass firewall access restrictions, and does not log the activities.

Status: Entry
Reference: BUGTRAQ:19991018 Gauntlet 5.0 BSDI warning
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94026690521279&w=2
Reference: BUGTRAQ:19991019 Re: Gauntlet 5.0 BSDI warning
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94036662326185&w=2
Reference: XF:gauntlet-bsdi-bypass(3397)
Reference: URL:http://www.iss.net/security_center/static/3397.php


Name: CVE-1999-1048

Description:
Buffer overflow in bash 2.0.0, 1.4.17, and other versions allows local attackers to gain privileges by creating an extremely large directory name, which is inserted into the password prompt via the \w option in the PS1 environmental variable when another user changes into that directory.

Status: Entry
Reference: BUGTRAQ:19980905 BASH buffer overflow, LiNUX x86 exploit
Reference: URL:http://www.securityfocus.com/archive/1/10542
Reference: BUGTRAQ:19970821 Buffer overflow in /bin/bash
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602746719555&w=2
Reference: DEBIAN:19980909 problem with very long pathnames
Reference: URL:http://www.debian.org/security/1998/19980909
Reference: XF:linux-bash-bo(3414)
Reference: URL:http://xforce.iss.net/static/3414.php
Reference: OSVDB:8345
Reference: URL:http://www.osvdb.org/8345


Name: CVE-1999-1055

Description:
Microsoft Excel 97 does not warn the user before executing worksheet functions, which could allow attackers to execute arbitrary commands by using the CALL function to execute a malicious DLL, aka the Excel "CALL Vulnerability."

Status: Entry
Reference: MS:MS98-018
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms98-018.asp
Reference: BID:179
Reference: URL:http://www.securityfocus.com/bid/179
Reference: XF:excel-call(1737)
Reference: URL:http://xforce.iss.net/static/1737.php


Name: CVE-1999-1057

Description:
VMS 4.0 through 5.3 allows local users to gain privileges via the ANALYZE/PROCESS_DUMP dcl command.

Status: Entry
Reference: CERT:CA-1990-07
Reference: URL:http://www.cert.org/advisories/CA-1990-07.html
Reference: CIAC:B-04
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/b-04.shtml
Reference: BID:12
Reference: URL:http://www.securityfocus.com/bid/12
Reference: XF:vms-analyze-processdump-privileges(7137)
Reference: URL:http://www.iss.net/security_center/static/7137.php


Name: CVE-1999-1059

Description:
Vulnerability in rexec daemon (rexecd) in AT&T TCP/IP 4.0 for various SVR4 systems allows remote attackers to execute arbitrary commands.

Status: Entry
Reference: CERT:CA-1992-04
Reference: URL:http://www.cert.org/advisories/CA-1992-04.html
Reference: BID:36
Reference: URL:http://www.securityfocus.com/bid/36
Reference: XF:att-rexecd(3159)
Reference: URL:http://www.iss.net/security_center/static/3159.php


Name: CVE-1999-1074

Description:
Webmin before 0.5 does not restrict the number of invalid passwords that are entered for a valid username, which could allow remote attackers to gain privileges via brute force password cracking.

Status: Entry
Reference: BUGTRAQ:19980501 Warning! Webmin Security Advisory
Reference: URL:http://www.securityfocus.com/archive/1/9138
Reference: CONFIRM:http://www.webmin.com/webmin/changes.html
Reference: BID:98
Reference: URL:http://www.securityfocus.com/bid/98


Name: CVE-1999-1080

Description:
rmmount in SunOS 5.7 may mount file systems without the nosuid flag set, contrary to the documentation and its use in previous versions of SunOS, which could allow local users with physical access to gain root privileges by mounting a floppy or CD-ROM that contains a setuid program and running volcheck, when the file systems do not have the nosuid option specified in rmmount.conf.

Status: Entry
Reference: BUGTRAQ:19990510 SunOS 5.7 rmmount, no nosuid.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92633694100270&w=2
Reference: BUGTRAQ:19991011
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93971288323395&w=2
Reference: BID:250
Reference: URL:http://www.securityfocus.com/bid/250
Reference: SUNBUG:4205437
Reference: XF:solaris-rmmount-gain-root(8350)
Reference: URL:http://xforce.iss.net/xforce/xfdb/8350


Name: CVE-1999-1085

Description:
SSH 1.2.25, 1.2.23, and other versions, when used in in CBC (Cipher Block Chaining) or CFB (Cipher Feedback 64 bits) modes, allows remote attackers to insert arbitrary data into an existing stream between an SSH client and server by using a known plaintext attack and computing a valid CRC-32 checksum for the packet, aka the "SSH insertion attack."

Status: Entry
Reference: BUGTRAQ:19980612 CORE-SDI-04: SSH insertion attack
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221103125884&w=2
Reference: BUGTRAQ:19980703 UPDATE: SSH insertion attack
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104525878&w=2
Reference: CISCO:20010627 Multiple SSH Vulnerabilities
Reference: CERT-VN:VU#13877
Reference: URL:http://www.kb.cert.org/vuls/id/13877
Reference: XF:ssh-insert(1126)
Reference: URL:http://www.iss.net/security_center/static/1126.php


Name: CVE-1999-1087

Description:
Internet Explorer 4 treats a 32-bit number ("dotless IP address") in the a URL as the hostname instead of an IP address, which causes IE to apply Local Intranet Zone settings to the resulting web page, allowing remote malicious web servers to conduct unauthorized activities by using URLs that contain the dotless IP address for their server.

Status: Entry
Reference: MS:MS98-016
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS98-016.asp
Reference: MSKB:Q168617
Reference: URL:http://support.microsoft.com/support/kb/articles/q168/6/17.asp
Reference: CONFIRM:http://www.microsoft.com/Windows/Ie/security/dotless.asp
Reference: OSVDB:7828
Reference: URL:http://www.osvdb.org/7828
Reference: XF:ie-dotless(2209)
Reference: URL:http://xforce.iss.net/static/2209.php


Name: CVE-1999-1090

Description:
The default configuration of NCSA Telnet package for Macintosh and PC enables FTP, even though it does not include an "ftp=yes" line, which allows remote attackers to read and modify arbitrary files.

Status: Entry
Reference: CERT:CA-1991-15
Reference: URL:http://www.cert.org/advisories/CA-1991-15.html
Reference: XF:ftp-ncsa(1844)
Reference: URL:http://xforce.iss.net/static/1844.php


Name: CVE-1999-1093

Description:
Buffer overflow in the Window.External function in the JScript Scripting Engine in Internet Explorer 4.01 SP1 and earlier allows remote attackers to execute arbitrary commands via a malicious web page.

Status: Entry
Reference: MS:MS98-011
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS98-011.asp
Reference: MSKB:Q191200
Reference: URL:http://support.microsoft.com/support/kb/articles/q191/2/00.asp
Reference: XF:java-script-patch(1276)
Reference: URL:http://www.iss.net/security_center/static/1276.php


Name: CVE-1999-1094

Description:
Buffer overflow in Internet Explorer 4.01 and earlier allows remote attackers to execute arbitrary commands via a long URL with the "mk:" protocol, aka the "MK Overrun security issue."

Status: Entry
Reference: MSKB:Q176697
Reference: URL:http://support.microsoft.com/support/kb/articles/q176/6/97.asp
Reference: BUGTRAQ:19980114 L0pht Advisory MSIE4.0(1)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88480839506155&w=2
Reference: XF:iemk-bug(917)
Reference: URL:http://xforce.iss.net/static/917.php


Name: CVE-1999-1098

Description:
Vulnerability in BSD Telnet client with encryption and Kerberos 4 authentication allows remote attackers to decrypt the session via sniffing.

Status: Entry
Reference: CERT:CA-1995-03
Reference: URL:http://www.cert.org/advisories/CA-1995-03.html
Reference: CIAC:F-12
Reference: URL:http://www.ciac.org/ciac/bulletins/f-12.shtml
Reference: XF:bsd-telnet(516)
Reference: URL:http://www.iss.net/security_center/static/516.php
Reference: OSVDB:4881
Reference: URL:http://www.osvdb.org/4881


Name: CVE-1999-1099

Description:
Kerberos 4 allows remote attackers to obtain sensitive information via a malformed UDP packet that generates an error string that inadvertently includes the realm name and the last user.

Status: Entry
Reference: BUGTRAQ:19961122 L0pht Kerberos Advisory
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420184&w=2
Reference: XF:kerberos-user-grab(65)
Reference: URL:http://xforce.iss.net/static/65.php


Name: CVE-1999-1100

Description:
Cisco PIX Private Link 4.1.6 and earlier does not properly process certain commands in the configuration file, which reduces the effective key length of the DES key to 48 bits instead of 56 bits, which makes it easier for an attacker to find the proper key via a brute force attack.

Status: Entry
Reference: CISCO:19980616 PIX Private Link Key Processing and Cryptography Issues
Reference: URL:http://www.cisco.com/warp/public/770/pixkey-pub.shtml
Reference: CIAC:I-056
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/i-056.shtml
Reference: XF:cisco-pix-parse-error(1579)
Reference: URL:http://xforce.iss.net/static/1579.php


Name: CVE-1999-1102

Description:
lpr on SunOS 4.1.1, BSD 4.3, A/UX 2.0.1, and other BSD-based operating systems allows local users to create or overwrite arbitrary files via a symlink attack that is triggered after invoking lpr 1000 times.

Status: Entry
Reference: MISC:http://www.phreak.org/archives/security/8lgm/8lgm.lpr
Reference: BUGTRAQ:19940307 8lgm Advisory Releases
Reference: URL:http://www.aenigma.net/resources/maillist/bugtraq/1994/0091.htm
Reference: CIAC:E-25a
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/e-25.shtml


Name: CVE-1999-1103

Description:
dxconsole in DEC OSF/1 3.2C and earlier allows local users to read arbitrary files by specifying the file with the -file parameter.

Status: Entry
Reference: CERT:VB-96.05
Reference: URL:http://www.cert.org/vendor_bulletins/VB-96.05.dec
Reference: CIAC:G-18
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/g-18.shtml
Reference: MISC:http://www.tao.ca/fire/bos/0209.html
Reference: XF:osf-dxconsole-gain-privileges(7138)
Reference: URL:http://www.iss.net/security_center/static/7138.php


Name: CVE-1999-1104

Description:
Windows 95 uses weak encryption for the password list (.pwl) file used when password caching is enabled, which allows local users to gain privileges by decrypting the passwords.

Status: Entry
Reference: BUGTRAQ:19951205 Cracked: WINDOWS.PWL
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167418931&w=2
Reference: NTBUGTRAQ:19980121 How to recover private keys for various Microsoft products
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=88540877601866&w=2
Reference: BUGTRAQ:19980120 How to recover private keys for various Microsoft products
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88536273725787&w=2
Reference: MSKB:Q140557
Reference: URL:http://support.microsoft.com/support/kb/articles/q140/5/57.asp
Reference: XF:win95-nbsmbpwl(71)
Reference: URL:http://www.iss.net/security_center/static/71.php


Name: CVE-1999-1105

Description:
Windows 95, when Remote Administration and File Sharing for NetWare Networks is enabled, creates a share (C$) when an administrator logs in remotely, which allows remote attackers to read arbitrary files by mapping the network drive.

Status: Entry
Reference: CONFIRM:http://www.zdnet.com/eweek/reviews/1016/tr42bug.html
Reference: MISC:http://www.net-security.sk/bugs/NT/netware1.html
Reference: XF:win95-netware-hidden-share(7231)
Reference: URL:http://www.iss.net/security_center/static/7231.php


Name: CVE-1999-1109

Description:
Sendmail before 8.10.0 allows remote attackers to cause a denial of service by sending a series of ETRN commands then disconnecting from the server, while Sendmail continues to process the commands after the connection has been terminated.

Status: Entry
Reference: BUGTRAQ:19991222 Re: procmail / Sendmail - five bugs
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94632241202626&w=2
Reference: BUGTRAQ:20000113 Re: procmail / Sendmail - five bugs
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94780566911948&w=2
Reference: BID:904
Reference: URL:http://www.securityfocus.com/bid/904
Reference: XF:sendmail-etrn-dos(7760)
Reference: URL:http://www.iss.net/security_center/static/7760.php


Name: CVE-1999-1111

Description:
Vulnerability in StackGuard before 1.21 allows remote attackers to bypass the Random and Terminator Canary security mechanisms by using a non-linear attack which directly modifies a pointer to a return address instead of using a buffer overflow to reach the return address entry itself.

Status: Entry
Reference: BUGTRAQ:19911109 ImmuniX OS Security Alert: StackGuard 1.21 Released
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94218618329838&w=2
Reference: BID:786
Reference: URL:http://www.securityfocus.com/bid/786
Reference: XF:immunix-stackguard-bo(3524)
Reference: URL:http://xforce.iss.net/static/3524.php


Name: CVE-1999-1114

Description:
Buffer overflow in Korn Shell (ksh) suid_exec program on IRIX 6.x and earlier, and possibly other operating systems, allows local users to gain root privileges.

Status: Entry
Reference: CIAC:H-15A
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/h-15a.shtml
Reference: AUSCERT:AA-96.17
Reference: URL:ftp://ftp.auscert.org.au/pub/auscert/advisory/AA-96.17.suid_exec.vul
Reference: SGI:19980405-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980405-01-I
Reference: XF:ksh-suid_exec(2100)
Reference: URL:http://xforce.iss.net/static/2100.php
Reference: BID:467
Reference: URL:http://www.securityfocus.com/bid/467


Name: CVE-1999-1115

Description:
Vulnerability in the /etc/suid_exec program in HP Apollo Domain/OS sr10.2 and sr10.3 beta, related to the Korn Shell (ksh).

Status: Entry
Reference: CERT:CA-1990-04
Reference: URL:http://www.cert.org/advisories/CA-1990-04.html
Reference: CIAC:A-30
Reference: URL:http://www.ciac.org/ciac/bulletins/a-30.shtml
Reference: BID:7
Reference: URL:http://www.securityfocus.com/bid/7
Reference: XF:apollo-suidexec-unauthorized-access(6721)
Reference: URL:http://www.iss.net/security_center/static/6721.php


Name: CVE-1999-1116

Description:
Vulnerability in runpriv in Indigo Magic System Administration subsystem of SGI IRIX 6.3 and 6.4 allows local users to gain root privileges.

Status: Entry
Reference: SGI:19970503-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19970503-01-PX
Reference: BID:462
Reference: URL:http://www.securityfocus.com/bid/462
Reference: OSVDB:1009
Reference: URL:http://www.osvdb.org/1009
Reference: XF:sgi-runpriv(2108)
Reference: URL:http://xforce.iss.net/static/2108.php


Name: CVE-1999-1117

Description:
lquerypv in AIX 4.1 and 4.2 allows local users to read arbitrary files by specifying the file in the -h command line parameter.

Status: Entry
Reference: BUGTRAQ:19961124
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&w=2&r=1&s=lquerypv&q=b
Reference: BUGTRAQ:19961125 lquerypv fix
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420195&w=2
Reference: BUGTRAQ:19961125 AIX lquerypv
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420196&w=2
Reference: CIAC:H-13
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/h-13.shtml
Reference: BID:455
Reference: URL:http://www.securityfocus.com/bid/455
Reference: XF:ibm-lquerypv(1752)
Reference: URL:http://xforce.iss.net/static/1752.php


Name: CVE-1999-1118

Description:
ndd in Solaris 2.6 allows local users to cause a denial of service by modifying certain TCP/IP parameters.

Status: Entry
Reference: SUN:00165
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/165&type=0&nav=sec.sba
Reference: BID:433
Reference: URL:http://www.securityfocus.com/bid/433
Reference: XF:sun-ndd(817)
Reference: URL:http://xforce.iss.net/static/817.php


Name: CVE-1999-1119

Description:
FTP installation script anon.ftp in AIX insecurely configures anonymous FTP, which allows remote attackers to execute arbitrary commands.

Status: Entry
Reference: CERT:CA-1992-09
Reference: URL:http://www.cert.org/advisories/CA-1992-09.html
Reference: BID:41
Reference: URL:http://www.securityfocus.com/bid/41
Reference: XF:aix-anon-ftp(3154)
Reference: URL:http://xforce.iss.net/static/3154.php


Name: CVE-1999-1120

Description:
netprint in SGI IRIX 6.4 and earlier trusts the PATH environmental variable for finding and executing the disable program, which allows local users to gain privileges.

Status: Entry
Reference: BUGTRAQ:19970104 Irix: netprint story
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420403&w=2
Reference: SGI:19961203-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19961203-01-PX
Reference: SGI:19961203-02-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19961203-02-PX
Reference: BID:395
Reference: URL:http://www.securityfocus.com/bid/395
Reference: OSVDB:993
Reference: URL:http://www.osvdb.org/993
Reference: XF:sgi-netprint(2107)
Reference: URL:http://xforce.iss.net/static/2107.php


Name: CVE-1999-1121

Description:
The default configuration for UUCP in AIX before 3.2 allows local users to gain root privileges.

Status: Entry
Reference: CERT:CA-1992-06
Reference: URL:http://www.cert.org/advisories/CA-1992-06.html
Reference: BID:38
Reference: URL:http://www.securityfocus.com/bid/38
Reference: XF:ibm-uucp(554)
Reference: URL:http://xforce.iss.net/static/554.php
Reference: OSVDB:891
Reference: URL:http://www.osvdb.org/891


Name: CVE-1999-1122

Description:
Vulnerability in restore in SunOS 4.0.3 and earlier allows local users to gain privileges.

Status: Entry
Reference: CERT:CA-1989-02
Reference: URL:http://www.cert.org/advisories/CA-1989-02.html
Reference: CIAC:CIAC-08
Reference: URL:http://www.ciac.org/ciac/bulletins/ciac-08.shtml
Reference: SUNBUG:1019265
Reference: BID:3
Reference: URL:http://www.securityfocus.com/bid/3
Reference: XF:sun-restore-gain-privileges(6695)
Reference: URL:http://xforce.iss.net/xforce/xfdb/6695


Name: CVE-1999-1127

Description:
Windows NT 4.0 does not properly shut down invalid named pipe RPC connections, which allows remote attackers to cause a denial of service (resource exhaustion) via a series of connections containing malformed data, aka the "Named Pipes Over RPC" vulnerability.

Status: Entry
Reference: MS:MS98-017
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms98-017.asp
Reference: MSKB:Q195733
Reference: URL:http://support.microsoft.com/support/kb/articles/Q195/7/33.asp
Reference: XF:nt-spoolss(523)
Reference: URL:http://www.iss.net/security_center/static/523.php


Name: CVE-1999-1131

Description:
Buffer overflow in OSF Distributed Computing Environment (DCE) security demon (secd) in IRIX 6.4 and earlier allows attackers to cause a denial of service via a long principal, group, or organization.

Status: Entry
Reference: CERT:VB-97.12
Reference: URL:http://www.cert.org/vendor_bulletins/VB-97.12.opengroup
Reference: CIAC:I-060
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/i-060.shtml
Reference: SGI:19980601-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980601-01-PX
Reference: XF:sgi-osf-dce-dos(1123)
Reference: URL:http://xforce.iss.net/static/1123.php


Name: CVE-1999-1132

Description:
Windows NT 4.0 allows remote attackers to cause a denial of service (crash) via extra source routing data such as (1) a Routing Information Field (RIF) field with a hop count greater than 7, or (2) a list containing duplicate Token Ring IDs.

Status: Entry
Reference: BUGTRAQ:19981005 NMRC Advisory - Lame NT Token Ring DoS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90763508011966&w=2
Reference: NTBUGTRAQ:19981002 NMRC Advisory - Lame NT Token Ring DoS
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=90760603030452&w=2
Reference: MSKB:Q179157
Reference: URL:http://support.microsoft.com/support/kb/articles/Q179/1/57.asp
Reference: XF:token-ring-dos(1399)
Reference: URL:http://www.iss.net/security_center/static/1399.php


Name: CVE-1999-1136

Description:
Vulnerability in Predictive on HP-UX 11.0 and earlier, and MPE/iX 5.5 and earlier, allows attackers to compromise data transfer for Predictive messages (using e-mail or modem) between customer and Response Center Predictive systems.

Status: Entry
Reference: HP:HPSBUX9807-081
Reference: URL:http://www.codetalker.com/advisories/vendor/hp/hpsbux9807-081.html
Reference: HP:HPSBMP9807-005
Reference: URL:http://cert.ip-plus.net/bulletin-archive/msg00040.html
Reference: BUGTRAQ:19980729 HP-UX Predictive & Netscape SSL Vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104526177&w=2
Reference: CIAC:I-081
Reference: URL:http://www.ciac.org/ciac/bulletins/i-081.shtml
Reference: XF:mpeix-predictive(1413)
Reference: URL:http://xforce.iss.net/static/1413.php


Name: CVE-1999-1137

Description:
The permissions for the /dev/audio device on Solaris 2.2 and earlier, and SunOS 4.1.x, allow any local user to read from the device, which could be used by an attacker to monitor conversations happening near a machine that has a microphone.

Status: Entry
Reference: CIAC:E-01
Reference: URL:http://www.ciac.org/ciac/bulletins/e-01.shtml
Reference: SUN:00122
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/122&type=0&nav=sec.sba
Reference: XF:sun-audio(549)
Reference: URL:http://xforce.iss.net/static/549.php
Reference: OSVDB:6436
Reference: URL:http://www.osvdb.org/6436


Name: CVE-1999-1138

Description:
SCO UNIX System V/386 Release 3.2, and other SCO products, installs the home directories (1) /tmp for the dos user, and (2) /usr/tmp for the asg user, which allows other users to gain access to those accounts since /tmp and /usr/tmp are world-writable.

Status: Entry
Reference: CERT:CA-1993-13
Reference: URL:http://www.cert.org/advisories/CA-1993-13.html
Reference: XF:sco-homedir(546)
Reference: URL:http://xforce.iss.net/static/546.php


Name: CVE-1999-1139

Description:
Character-Terminal User Environment (CUE) in HP-UX 11.0 and earlier allows local users to overwrite arbitrary files and gain root privileges via a symlink attack on the IOERROR.mytty file.

Status: Entry
Reference: BUGTRAQ:19980121 HP-UX CUE, CUD and LAND vulnerabilities
Reference: URL:http://security-archive.merton.ox.ac.uk/bugtraq-199801/0122.html
Reference: BUGTRAQ:19970901 HP UX Bug :)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602880019745&w=2
Reference: HP:HPSBUX9801-074
Reference: URL:http://www.codetalker.com/advisories/vendor/hp/hpsbux9801-074.html
Reference: CIAC:I-027B
Reference: URL:http://www.ciac.org/ciac/bulletins/i-027b.shtml
Reference: XF:hp-cue(2007)
Reference: URL:http://www.iss.net/security_center/static/2007.php


Name: CVE-1999-1140

Description:
Buffer overflow in CrackLib 2.5 may allow local users to gain root privileges via a long GECOS field.

Status: Entry
Reference: BUGTRAQ:19971214 buffer overflows in cracklib?!
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88209041500913&w=2
Reference: CERT:VB-97.16
Reference: URL:http://www.cert.org/vendor_bulletins/VB-97.16.CrackLib
Reference: XF:cracklib-bo(1539)
Reference: URL:http://xforce.iss.net/static/1539.php


Name: CVE-1999-1142

Description:
SunOS 4.1.2 and earlier allows local users to gain privileges via "LD_*" environmental variables to certain dynamically linked setuid or setgid programs such as (1) login, (2) su, or (3) sendmail, that change the real and effective user ids to the same user.

Status: Entry
Reference: CERT:CA-1992-11
Reference: URL:http://www.cert.org/advisories/CA-1992-11.html
Reference: SUN:00116
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/116
Reference: XF:sun-env(3152)
Reference: URL:http://xforce.iss.net/static/3152.php


Name: CVE-1999-1143

Description:
Vulnerability in runtime linker program rld in SGI IRIX 6.x and earlier allows local users to gain privileges via setuid and setgid programs.

Status: Entry
Reference: CIAC:H-065
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/h-65.shtml
Reference: SGI:19970504-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19970504-01-PX
Reference: XF:sgi-rld(2109)
Reference: URL:http://xforce.iss.net/static/2109.php


Name: CVE-1999-1144

Description:
Certain files in MPower in HP-UX 10.x are installed with insecure permissions, which allows local users to gain privileges.

Status: Entry
Reference: HP:HPSBUX9701-051
Reference: URL:http://www.codetalker.com/advisories/vendor/hp/hpsbux9701-051.html
Reference: XF:hp-mpower(2056)
Reference: URL:http://xforce.iss.net/static/2056.php


Name: CVE-1999-1145

Description:
Vulnerability in Glance programs in GlancePlus for HP-UX 10.20 and earlier allows local users to access arbitrary files and gain privileges.

Status: Entry
Reference: HP:HPSBUX9701-044
Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=1514
Reference: CIAC:H-21
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/h-21.shtml
Reference: XF:hp-glanceplus(2059)
Reference: URL:http://xforce.iss.net/static/2059.php


Name: CVE-1999-1146

Description:
Vulnerability in Glance and gpm programs in GlancePlus for HP-UX 9.x and earlier allows local users to access arbitrary files and gain privileges.

Status: Entry
Reference: HP:HPSBUX9405-011
Reference: URL:http://www.securityfocus.com/advisories/1555
Reference: XF:hp-glanceplus-gpm(2060)
Reference: URL:http://xforce.iss.net/static/2060.php


Name: CVE-1999-1147

Description:
Buffer overflow in Platinum Policy Compliance Manager (PCM) 7.0 allows remote attackers to execute arbitrary commands via a long string to the Agent port (1827), which is handled by smaxagent.exe.

Status: Entry
Reference: BUGTRAQ:19981204 [SAFER-981204.DOS.1.3] Buffer Overflow in Platinum PCM 7.0
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91273739726314&w=2
Reference: BUGTRAQ:19981207 Re: [SAFER-981204.DOS.1.3] Buffer Overflow in Platinum PCM 7.0
Reference: XF:pcm-dos-execute(1430)
Reference: URL:http://xforce.iss.net/static/1430.php
Reference: OSVDB:3164
Reference: URL:http://www.osvdb.org/3164


Name: CVE-1999-1148

Description:
FTP service in IIS 4.0 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via many passive (PASV) connections at the same time.

Status: Entry
Reference: MS:MS98-006
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms98-006.asp
Reference: MSKB:Q189262
Reference: URL:http://support.microsoft.com/support/kb/articles/Q189/2/62.ASP
Reference: XF:iis-passive-ftp(1215)
Reference: URL:http://xforce.iss.net/static/1215.php


Name: CVE-1999-1156

Description:
BisonWare FTP Server 4.1 and earlier allows remote attackers to cause a denial of service via a malformed PORT command that contains a non-numeric character and a large number of carriage returns.

Status: Entry
Reference: NTBUGTRAQ:19990517 Vulnerabilities in BisonWare FTP Server 3.5
Reference: XF:bisonware-port-crash(2254)
Reference: URL:http://xforce.iss.net/static/2254.php


Name: CVE-1999-1157

Description:
Tcpip.sys in Windows NT 4.0 before SP4 allows remote attackers to cause a denial of service via an ICMP Subnet Mask Address Request packet, when certain multiple IP addresses are bound to the same network interface.

Status: Entry
Reference: MSKB:Q192774
Reference: URL:http://support.microsoft.com/support/kb/articles/Q192/7/74.ASP
Reference: XF:tcpipsys-icmp-dos(3894)
Reference: URL:http://xforce.iss.net/static/3894.php


Name: CVE-1999-1159

Description:
SSH 2.0.11 and earlier allows local users to request remote forwarding from privileged ports without being root.

Status: Entry
Reference: BUGTRAQ:19981229 ssh2 security problem (and patch) (fwd)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91495920911490&w=2
Reference: XF:ssh-privileged-port-forward(1471)
Reference: URL:http://xforce.iss.net/static/1471.php


Name: CVE-1999-1160

Description:
Vulnerability in ftpd/kftpd in HP-UX 10.x and 9.x allows local and possibly remote users to gain root privileges.

Status: Entry
Reference: HP:HPSBUX9702-055
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420581&w=2
Reference: CIAC:H-33
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/h-33.shtml
Reference: XF:hp-ftpd-kftpd(7437)
Reference: URL:http://www.iss.net/security_center/static/7437.php


Name: CVE-1999-1161

Description:
Vulnerability in ppl in HP-UX 10.x and earlier allows local users to gain root privileges by forcing ppl to core dump.

Status: Entry
Reference: BUGTRAQ:19961103 Re: Untitled
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420102&w=2
Reference: BUGTRAQ:19961104 ppl bugs
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420103&w=2
Reference: HP:HPSBUX9704-057
Reference: URL:http://www.codetalker.com/advisories/vendor/hp/hpsbux9704-057.html
Reference: CIAC:H-32
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/h-32.shtml
Reference: AUSCERT:AA-97.07
Reference: XF:hp-ppl(7438)
Reference: URL:http://www.iss.net/security_center/static/7438.php


Name: CVE-1999-1162

Description:
Vulnerability in passwd in SCO UNIX 4.0 and earlier allows attackers to cause a denial of service by preventing users from being able to log into the system.

Status: Entry
Reference: CERT:CA-1993-08
Reference: URL:http://www.cert.org/advisories/CA-1993-08.html
Reference: XF:sco-passwd-deny(542)
Reference: URL:http://www.iss.net/security_center/static/542.php


Name: CVE-1999-1163

Description:
Vulnerability in HP Series 800 S/X/V Class servers allows remote attackers to gain access to the S/X/V Class console via the Service Support Processor (SSP) Teststation.

Status: Entry
Reference: HP:HPSBUX9911-105
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94347039929958&w=2
Reference: XF:hp-ssp(7439)
Reference: URL:http://www.iss.net/security_center/static/7439.php


Name: CVE-1999-1167

Description:
Cross-site scripting vulnerability in Third Voice Web annotation utility allows remote users to read sensitive data and generate fake web pages for other Third Voice users by injecting malicious Javascript into an annotation.

Status: Entry
Reference: CONFIRM:http://www.wired.com/news/technology/0,1282,20677,00.html
Reference: MISC:http://www.wired.com/news/technology/0,1282,20636,00.html
Reference: XF:thirdvoice-cross-site-scripting(7252)
Reference: URL:http://www.iss.net/security_center/static/7252.php


Name: CVE-1999-1175

Description:
Web Cache Control Protocol (WCCP) in Cisco Cache Engine for Cisco IOS 11.2 and earlier does not use authentication, which allows remote attackers to redirect HTTP traffic to arbitrary hosts via WCCP packets to UDP port 2048.

Status: Entry
Reference: CISCO:19980513 Cisco Web Cache Control Protocol Router Vulnerability
Reference: URL:http://www.cisco.com/warp/public/770/wccpauth-pub.shtml
Reference: CIAC:I-054
Reference: URL:http://www.ciac.org/ciac/bulletins/i-054.shtml
Reference: XF:cisco-wccp-vuln(1577)
Reference: URL:http://xforce.iss.net/static/1577.php


Name: CVE-1999-1177

Description:
Directory traversal vulnerability in nph-publish before 1.2 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the pathname for an upload operation.

Status: Entry
Reference: MISC:http://www.w3.org/Security/Faq/wwwsf4.html
Reference: CONFIRM:http://www-genome.wi.mit.edu/WWW/tools/CGI_scripts/server_publish/nph-publish
Reference: XF:http-cgi-nphpublish(2055)
Reference: URL:http://xforce.iss.net/static/2055.php


Name: CVE-1999-1181

Description:
Vulnerability in On-Line Customer Registration software for IRIX 6.2 through 6.4 allows local users to gain root privileges.

Status: Entry
Reference: SGI:19980901-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980901-01-PX
Reference: CIAC:J-003
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/j-003.shtml
Reference: XF:irix-register(7441)
Reference: URL:http://www.iss.net/security_center/static/7441.php


Name: CVE-1999-1188

Description:
mysqld in MySQL 3.21 creates log files with world-readable permissions, which allows local users to obtain passwords for users who are added to the user database.

Status: Entry
Reference: BUGTRAQ:19981227 mysql: mysqld creates world readable logs..
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91479159617803&w=2
Reference: XF:mysql-readable-log-files(1568)
Reference: URL:http://xforce.iss.net/static/1568.php


Name: CVE-1999-1189

Description:
Buffer overflow in Netscape Navigator/Communicator 4.7 for Windows 95 and Windows 98 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long argument after the ? character in a URL that references an .asp, .cgi, .html, or .pl file.

Status: Entry
Reference: BUGTRAQ:19991124 Netscape Communicator 4.7 - Navigator Overflows
Reference: URL:http://www.securityfocus.com/archive/1/36306
Reference: BUGTRAQ:19991127 Netscape Communicator 4.7 - Navigator Overflows
Reference: URL:http://www.securityfocus.com/archive/1/36608
Reference: BID:822
Reference: URL:http://www.securityfocus.com/bid/822
Reference: XF:netscape-long-argument-bo(7884)
Reference: URL:http://xforce.iss.net/xforce/xfdb/7884


Name: CVE-1999-1191

Description:
Buffer overflow in chkey in Solaris 2.5.1 and earlier allows local users to gain root privileges via a long command line argument.

Status: Entry
Reference: BUGTRAQ:19970519 Re: Finally, most of an exploit for Solaris 2.5.1's ps.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167418335&w=2
Reference: AUSCERT:AA-97.18
Reference: URL:ftp://ftp.auscert.org.au/pub/auscert/advisory/AA-97.18.solaris.chkey.buffer.overflow.vul
Reference: SUN:00144
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/144
Reference: BID:207
Reference: URL:http://www.securityfocus.com/bid/207
Reference: XF:solaris-chkey-bo(7442)
Reference: URL:http://www.iss.net/security_center/static/7442.php


Name: CVE-1999-1192

Description:
Buffer overflow in eeprom in Solaris 2.5.1 and earlier allows local users to gain root privileges via a long command line argument.

Status: Entry
Reference: SUN:00143
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/143
Reference: BID:206
Reference: URL:http://www.securityfocus.com/bid/206
Reference: XF:solaris-eeprom-bo(7444)
Reference: URL:http://www.iss.net/security_center/static/7444.php


Name: CVE-1999-1193

Description:
The "me" user in NeXT NeXTstep 2.1 and earlier has wheel group privileges, which could allow the me user to use the su command to become root.

Status: Entry
Reference: CERT:CA-1991-06
Reference: URL:http://www.cert.org/advisories/CA-1991-06.html
Reference: XF:next-me(581)
Reference: URL:http://xforce.iss.net/static/581.php
Reference: BID:20
Reference: URL:http://www.securityfocus.com/bid/20


Name: CVE-1999-1194

Description:
chroot in Digital Ultrix 4.1 and 4.0 is insecurely installed, which allows local users to gain privileges.

Status: Entry
Reference: CERT:CA-1991-05
Reference: URL:http://www.cert.org/advisories/CA-1991-05.html
Reference: BID:17
Reference: URL:http://www.securityfocus.com/bid/17
Reference: XF:dec-chroot(577)
Reference: URL:http://xforce.iss.net/static/577.php


Name: CVE-1999-1197

Description:
TIOCCONS in SunOS 4.1.1 does not properly check the permissions of a user who tries to redirect console output and input, which could allow a local user to gain privileges.

Status: Entry
Reference: CERT:CA-1990-12
Reference: URL:http://www.cert.org/advisories/CA-1990-12.html
Reference: BID:14
Reference: URL:http://www.securityfocus.com/bid/14
Reference: XF:sunos-tioccons-console-redirection(7140)
Reference: URL:http://www.iss.net/security_center/static/7140.php


Name: CVE-1999-1198

Description:
BuildDisk program on NeXT systems before 2.0 does not prompt users for the root password, which allows local users to gain root privileges.

Status: Entry
Reference: CERT:CA-1990-06
Reference: URL:http://www.cert.org/advisories/CA-1990-06.html
Reference: CIAC:B-01
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/b-01.shtml
Reference: BID:11
Reference: URL:http://www.securityfocus.com/bid/11
Reference: XF:nextstep-builddisk-root-access(7141)
Reference: URL:http://www.iss.net/security_center/static/7141.php


Name: CVE-1999-1199

Description:
Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.

Status: Entry
Reference: BUGTRAQ:19980807 YA Apache DoS attack
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90252779826784&w=2
Reference: BUGTRAQ:19980808 Debian Apache Security Update
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90276683825862&w=2
Reference: BUGTRAQ:19980810 Apache DoS Attack
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90286768232093&w=2
Reference: BUGTRAQ:19980811 Apache 'sioux' DOS fix for TurboLinux
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90280517007869&w=2
Reference: CONFIRM:http://www.redhat.com/support/errata/rh51-errata-general.html#apache


Name: CVE-1999-1201

Description:
Windows 95 and Windows 98 systems, when configured with multiple TCP/IP stacks bound to the same MAC address, allow remote attackers to cause a denial of service (traffic amplification) via a certain ICMP echo (ping) packet, which causes all stacks to send a ping response, aka TCP Chorusing.

Status: Entry
Reference: NTBUGTRAQ:19990206 New Windows 9x Bug: TCP Chorusing
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=91849617221319&w=2
Reference: BID:225
Reference: URL:http://www.securityfocus.com/bid/225
Reference: XF:win-multiple-ip-dos(7542)
Reference: URL:http://xforce.iss.net/xforce/xfdb/7542


Name: CVE-1999-1203

Description:
Multilink PPP for ISDN dialup users in Ascend before 4.6 allows remote attackers to cause a denial of service via a spoofed endpoint identifier.

Status: Entry
Reference: BUGTRAQ:19990210 Security problems in ISDN equipment authentication
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91868964203769&w=2
Reference: BUGTRAQ:19990212 PPP/ISDN multilink security issue - summary
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91888117502765&w=2
Reference: XF:ascend-ppp-isdn-dos(7498)
Reference: URL:http://www.iss.net/security_center/static/7498.php


Name: CVE-1999-1204

Description:
Check Point Firewall-1 does not properly handle certain restricted keywords (e.g., Mail, auth, time) in user-defined objects, which could produce a rule with a default "ANY" address and result in access to more systems than intended by the administrator.

Status: Entry
Reference: BUGTRAQ:19980511 Firewall-1 Reserved Keywords Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221101925912&w=2
Reference: CONFIRM:http://www.checkpoint.com/techsupport/config/keywords.html
Reference: XF:fw1-user-defined-keywords-access(7293)
Reference: URL:http://xforce.iss.net/static/7293.php
Reference: OSVDB:4416
Reference: URL:http://www.osvdb.org/4416


Name: CVE-1999-1205

Description:
nettune in HP-UX 10.01 and 10.00 is installed setuid root, which allows local users to cause a denial of service by modifying critical networking configuration information.

Status: Entry
Reference: BUGTRAQ:19960607 HP-UX B.10.01 vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167419195&w=2
Reference: HP:HPSBUX9607-035
Reference: URL:http://packetstormsecurity.org/advisories/ibm-ers/96-08
Reference: CIAC:G-34
Reference: XF:hp-nettune(414)
Reference: URL:http://xforce.iss.net/xforce/xfdb/414


Name: CVE-1999-1208

Description:
Buffer overflow in ping in AIX 4.2 and earlier allows local users to gain root privileges via a long command line argument.

Status: Entry
Reference: BUGTRAQ:19970721 AIX ping, lchangelv, xlock fixes
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602661419337&w=2
Reference: BUGTRAQ:19970721 AIX ping (Exploit)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602661419330&w=2
Reference: XF:ping-bo(803)
Reference: URL:http://xforce.iss.net/static/803.php


Name: CVE-1999-1209

Description:
Vulnerability in scoterm in SCO OpenServer 5.0 and SCO Open Desktop/Open Server 3.0 allows local users to gain root privileges.

Status: Entry
Reference: BUGTRAQ:19971204 scoterm exploit
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88131151000069&w=2
Reference: CERT:VB-97.14
Reference: URL:http://www.cert.org/vendor_bulletins/VB-97.14.scoterm
Reference: XF:sco-scoterm(690)
Reference: URL:http://xforce.iss.net/xforce/xfdb/690


Name: CVE-1999-1214

Description:
The asynchronous I/O facility in 4.4 BSD kernel does not check user credentials when setting the recipient of I/O notification, which allows local users to cause a denial of service by using certain ioctl and fcntl calls to cause the signal to be sent to an arbitrary process ID.

Status: Entry
Reference: OPENBSD:19970915 Vulnerability in I/O Signal Handling
Reference: URL:http://www.openbsd.com/advisories/signals.txt
Reference: MISC:http://www.openbsd.com/advisories/signals.txt
Reference: OSVDB:11062
Reference: URL:http://www.osvdb.org/11062
Reference: XF:openbsd-iosig(556)
Reference: URL:http://xforce.iss.net/static/556.php


Name: CVE-1999-1215

Description:
LOGIN.EXE program in Novell Netware 4.0 and 4.01 temporarily writes user name and password information to disk, which could allow local users to gain privileges.

Status: Entry
Reference: CIAC:D-21
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/d-21.shtml
Reference: CERT:CA-1993-12
Reference: URL:http://www.cert.org/advisories/CA-1993-12.html
Reference: XF:novell-login(545)
Reference: URL:http://xforce.iss.net/static/545.php


Name: CVE-1999-1217

Description:
The PATH in Windows NT includes the current working directory (.), which could allow local users to gain privileges by placing Trojan horse programs with the same name as commonly used system programs into certain directories.

Status: Entry
Reference: NTBUGTRAQ:19970725 Re: NT security - why bother?
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=87602726319435&w=2
Reference: NTBUGTRAQ:19970723 NT security - why bother?
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=87602726319426&w=2
Reference: XF:nt-path(526)
Reference: URL:http://xforce.iss.net/static/526.php


Name: CVE-1999-1222

Description:
Netbt.sys in Windows NT 4.0 allows remote malicious DNS servers to cause a denial of service (crash) by returning 0.0.0.0 as the IP address for a DNS host name lookup.

Status: Entry
Reference: MSKB:Q188571
Reference: URL:http://support.microsoft.com/support/kb/articles/Q188/5/71.ASP
Reference: XF:dns-netbtsys-dos(3893)
Reference: URL:http://xforce.iss.net/static/3893.php


Name: CVE-1999-1223

Description:
IIS 3.0 allows remote attackers to cause a denial of service via a request to an ASP page in which the URL contains a large number of / (forward slash) characters.

Status: Entry
Reference: MSKB:Q187503
Reference: URL:http://support.microsoft.com/support/kb/articles/q187/5/03.asp
Reference: XF:url-asp-av(3892)
Reference: URL:http://xforce.iss.net/static/3892.php


Name: CVE-1999-1226

Description:
Netscape Communicator 4.7 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long certificate key.

Status: Entry
Reference: MISC:http://www.securiteam.com/exploits/Netscape_4_7_and_earlier_vulnerable_to__Huge_Key__DoS.html
Reference: XF:netscape-huge-key-dos(3436)
Reference: URL:http://xforce.iss.net/static/3436.php


Name: CVE-1999-1233

Description:
IIS 4.0 does not properly restrict access for the initial session request from a user's IP address if the address does not resolve to a DNS domain, aka the "Domain Resolution" vulnerability.

Status: Entry
Reference: MS:MS99-039
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-039.asp
Reference: MSKB:241562
Reference: URL:http://support.microsoft.com/support/kb/articles/Q241/5/62.asp
Reference: BID:657
Reference: URL:http://www.securityfocus.com/bid/657
Reference: XF:iis-unresolved-domain-access(3306)
Reference: URL:http://xforce.iss.net/static/3306.php


Name: CVE-1999-1243

Description:
SGI Desktop Permissions Tool in IRIX 6.0.1 and earlier allows local users to modify permissions for arbitrary files and gain privileges.

Status: Entry
Reference: CIAC:F-16
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/f-16.shtml
Reference: SGI:19950301-01-P373
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19950301-01-P373
Reference: XF:sgi-permissions(2113)
Reference: URL:http://xforce.iss.net/static/2113.php


Name: CVE-1999-1246

Description:
Direct Mailer feature in Microsoft Site Server 3.0 saves user domain names and passwords in plaintext in the TMLBQueue network share, which has insecure default permissions, allowing remote attackers to read the passwords and gain privileges.

Status: Entry
Reference: MSKB:Q229972
Reference: URL:http://support.microsoft.com/support/kb/articles/Q229/9/72.asp
Reference: XF:siteserver-directmail-passwords(2068)
Reference: URL:http://xforce.iss.net/static/2068.php


Name: CVE-1999-1249

Description:
movemail in HP-UX 10.20 has insecure permissions, which allows local users to gain privileges.

Status: Entry
Reference: HP:HPSBUX9701-047
Reference: URL:http://www.codetalker.com/advisories/vendor/hp/hpsbux9701-047.html
Reference: XF:hp-movemail(2057)
Reference: URL:http://xforce.iss.net/static/2057.php
Reference: OSVDB:8099
Reference: URL:http://www.osvdb.org/8099


Name: CVE-1999-1258

Description:
rpc.pwdauthd in SunOS 4.1.1 and earlier does not properly prevent remote access to the daemon, which allows remote attackers to obtain sensitive system information.

Status: Entry
Reference: SUN:00102
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/102
Reference: XF:sun-pwdauthd(1782)
Reference: URL:http://xforce.iss.net/static/1782.php


Name: CVE-1999-1259

Description:
Microsoft Office 98, Macintosh Edition, does not properly initialize the disk space used by Office 98 files and effectively inserts data from previously deleted files into the Office file, which could allow attackers to obtain sensitive information.

Status: Entry
Reference: MSKB:Q189529
Reference: URL:http://support.microsoft.com/support/kb/articles/q189/5/29.asp
Reference: XF:office-extraneous-data(1780)
Reference: URL:http://xforce.iss.net/static/1780.php


Name: CVE-1999-1262

Description:
Java in Netscape 4.5 does not properly restrict applets from connecting to other hosts besides the one from which the applet was loaded, which violates the Java security model and could allow remote attackers to conduct unauthorized activities.

Status: Entry
Reference: BUGTRAQ:19990202 Unsecured server in applets under Netscape
Reference: URL:http://www.securityfocus.com/archive/1/12231
Reference: XF:java-socket-open(1727)
Reference: URL:http://xforce.iss.net/static/1727.php


Name: CVE-1999-1263

Description:
Metamail before 2.7-7.2 allows remote attackers to overwrite arbitrary files via an e-mail message containing a uuencoded attachment that specifies the full pathname for the file to be modified, which is processed by uuencode in Metamail scripts such as sun-audio-file.

Status: Entry
Reference: BUGTRAQ:19971024 Vulnerability in metamail
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87773365324657&w=2
Reference: XF:metamail-file-creation(1677)
Reference: URL:http://xforce.iss.net/static/1677.php


Name: CVE-1999-1276

Description:
fte-console in the fte package before 0.46b-4.1 does not drop root privileges, which allows local users to gain root access via the virtual console device.

Status: Entry
Reference: DEBIAN:19981207 fte-console: does not drop its root priviliges
Reference: URL:http://www.debian.org/security/1998/19981207
Reference: XF:fte-console-privileges(1609)
Reference: URL:http://xforce.iss.net/static/1609.php


Name: CVE-1999-1279

Description:
An interaction between the AS/400 shared folders feature and Microsoft SNA Server 3.0 and earlier allows users to view each other's folders when the users share the same Local APPC LU.

Status: Entry
Reference: MSKB:Q138001
Reference: URL:http://support.microsoft.com/support/kb/articles/q138/0/01.asp
Reference: XF:snaserver-shared-folders(1548)
Reference: URL:http://xforce.iss.net/static/1548.php


Name: CVE-1999-1284

Description:
NukeNabber allows remote attackers to cause a denial of service by connecting to the NukeNabber port (1080) without sending any data, which causes the CPU usage to rise to 100% from the report.exe program that is executed upon the connection.

Status: Entry
Reference: BUGTRAQ:19981105 various *lame* DoS attacks
Reference: URL:http://www.securityfocus.com/archive/1/11131
Reference: BUGTRAQ:19981107 Re: various *lame* DoS attacks
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91063407332594&w=2
Reference: MISC:http://www.dynamsol.com/puppet/text/new.txt
Reference: XF:nukenabber-timeout-dos(1540)
Reference: URL:http://xforce.iss.net/static/1540.php


Name: CVE-1999-1288

Description:
Samba 1.9.18 inadvertently includes a prototype application, wsmbconf, which is installed with incorrect permissions including the setgid bit, which allows local users to read and write files and possibly gain privileges via bugs in the program.

Status: Entry
Reference: BUGTRAQ:19981119 Vulnerability in Samba on RedHat, Caldera and PHT TurboLinux
Reference: URL:http://www.securityfocus.com/archive/1/11397
Reference: CALDERA:SA-1998.35
Reference: URL:http://www.caldera.com/support/security/advisories/SA-1998.35.txt
Reference: XF:samba-wsmbconf(1406)
Reference: URL:http://xforce.iss.net/static/1406.php


Name: CVE-1999-1290

Description:
Buffer overflow in nftp FTP client version 1.40 allows remote malicious FTP servers to cause a denial of service, and possibly execute arbitrary commands, via a long response string.

Status: Entry
Reference: BUGTRAQ:19981117 nftp vulnerability (fwd)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91127951426494&w=2
Reference: CONFIRM:http://www.ayukov.com/nftp/history.html
Reference: XF:nftp-bo(1397)
Reference: URL:http://xforce.iss.net/static/1397.php


Name: CVE-1999-1294

Description:
Office Shortcut Bar (OSB) in Windows 3.51 enables backup and restore permissions, which are inherited by programs such as File Manager that are started from the Shortcut Bar, which could allow local users to read folders for which they do not have permission.

Status: Entry
Reference: MSKB:Q146604
Reference: URL:http://support.microsoft.com/support/kb/articles/q146/6/04.asp
Reference: XF:nt-filemgr(562)
Reference: URL:http://xforce.iss.net/static/562.php


Name: CVE-1999-1297

Description:
cmdtool in OpenWindows 3.0 and XView 3.0 in SunOS 4.1.4 and earlier allows attackers with physical access to the system to display unechoed characters (such as those from password prompts) via the L2/AGAIN key.

Status: Entry
Reference: SUNBUG:1077164
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fpatches%2F100452&zone_32=10045%2A%20
Reference: XF:sun-cmdtool-echo(7482)
Reference: URL:http://xforce.iss.net/static/7482.php


Name: CVE-1999-1298

Description:
Sysinstall in FreeBSD 2.2.1 and earlier, when configuring anonymous FTP, creates the ftp user without a password and with /bin/date as the shell, which could allow attackers to gain access to certain system resources.

Status: Entry
Reference: FREEBSD:FreeBSD-SA-97:03
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/old/FreeBSD-SA-97:03.sysinstall.asc
Reference: XF:freebsd-sysinstall-ftp-password(7537)
Reference: URL:http://www.iss.net/security_center/static/7537.php
Reference: OSVDB:6087
Reference: URL:http://www.osvdb.org/6087


Name: CVE-1999-1301

Description:
A design flaw in the Z-Modem protocol allows the remote sender of a file to execute arbitrary programs on the client, as implemented in rz in the rzsz module of FreeBSD before 2.1.5, and possibly other programs.

Status: Entry
Reference: CIAC:G-31
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/g-31.shtml
Reference: FREEBSD:FreeBSD-SA-96:17
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/old/FreeBSD-SA-96:17.rzsz.asc
Reference: XF:rzsz-command-execution(7540)
Reference: URL:http://www.iss.net/security_center/static/7540.php


Name: CVE-1999-1309

Description:
Sendmail before 8.6.7 allows local users to gain root access via a large value in the debug (-d) command line option.

Status: Entry
Reference: BUGTRAQ:19940314 sendmail -d problem (OLD yet still here)
Reference: URL:http://www.dataguard.no/bugtraq/1994_1/0040.html
Reference: BUGTRAQ:19940315 so...
Reference: URL:http://www.dataguard.no/bugtraq/1994_1/0043.html
Reference: BUGTRAQ:19940315 anyone know details?
Reference: URL:http://www.dataguard.no/bugtraq/1994_1/0042.html
Reference: BUGTRAQ:19940315 Security problem in sendmail versions 8.x.x
Reference: URL:http://www.dataguard.no/bugtraq/1994_1/0048.html
Reference: BUGTRAQ:19940327 sendmail exploit script - resend
Reference: URL:http://www.dataguard.no/bugtraq/1994_1/0078.html
Reference: CERT:CA-1994-12
Reference: URL:http://www.cert.org/advisories/CA-94.12.sendmail.vulnerabilities
Reference: XF:sendmail-debug-gain-root(7155)
Reference: URL:http://xforce.iss.net/static/7155.php


Name: CVE-1999-1316

Description:
Passfilt.dll in Windows NT SP2 allows users to create a password that contains the user's name, which could make it easier for an attacker to guess.

Status: Entry
Reference: MSKB:Q247975
Reference: URL:http://support.microsoft.com/support/kb/articles/Q247/9/75.asp
Reference: XF:passfilt-fullname(7391)
Reference: URL:http://xforce.iss.net/static/7391.php


Name: CVE-1999-1317

Description:
Windows NT 4.0 SP4 and earlier allows local users to gain privileges by modifying the symbolic link table in the \?? object folder using a different case letter (upper or lower) to point to a different device.

Status: Entry
Reference: NTBUGTRAQ:19990312 [ ALERT ] Case Sensitivity and Symbolic Links
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92127046701349&w=2
Reference: NTBUGTRAQ:19990314 AW: [ ALERT ] Case Sensitivity and Symbolic Links
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92162979530341&w=2
Reference: MSKB:Q222159
Reference: URL:http://support.microsoft.com/support/kb/articles/q222/1/59.asp
Reference: XF:nt-symlink-case(7398)
Reference: URL:http://xforce.iss.net/static/7398.php


Name: CVE-1999-1318

Description:
/usr/5bin/su in SunOS 4.1.3 and earlier uses a search path that includes the current working directory (.), which allows local users to gain privileges via Trojan horse programs.

Status: Entry
Reference: SUNBUG:1121935
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fpatches%2F100630&zone_32=112193%2A%20
Reference: XF:sun-su-path(7480)
Reference: URL:http://www.iss.net/security_center/static/7480.php


Name: CVE-1999-1320

Description:
Vulnerability in Novell NetWare 3.x and earlier allows local users to gain privileges via packet spoofing.

Status: Entry
Reference: CIAC:D-01
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/d-01.shtml
Reference: XF:netware-packet-spoofing-privileges(7213)
Reference: URL:http://www.iss.net/security_center/static/7213.php


Name: CVE-1999-1321

Description:
Buffer overflow in ssh 1.2.26 client with Kerberos V enabled could allow remote attackers to cause a denial of service or execute arbitrary commands via a long DNS hostname that is not properly handled during TGT ticket passing.

Status: Entry
Reference: BUGTRAQ:19981105 security patch for ssh-1.2.26 kerberos code
Reference: URL:http://lists.netspace.org/cgi-bin/wa?A2=ind9811A&L=bugtraq&P=R4814
Reference: OSVDB:4883
Reference: URL:http://www.osvdb.org/4883


Name: CVE-1999-1324

Description:
VAXstations running Open VMS 5.3 through 5.5-2 with VMS DECwindows or MOTIF do not properly disable access to user accounts that exceed the break-in limit threshold for failed login attempts, which makes it easier for attackers to conduct brute force password guessing.

Status: Entry
Reference: CIAC:D-06
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/d-06.shtml
Reference: XF:openvms-sysgen-enabled(7225)
Reference: URL:http://xforce.iss.net/static/7225.php


Name: CVE-1999-1325

Description:
SAS System 5.18 on VAX/VMS is installed with insecure permissions for its directories and startup file, which allows local users to gain privileges.

Status: Entry
Reference: CIAC:C-19
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/c-19.shtml
Reference: XF:vaxvms-sas-gain-privileges(7261)
Reference: URL:http://xforce.iss.net/static/7261.php


Name: CVE-1999-1326

Description:
wu-ftpd 2.4 FTP server does not properly drop privileges when an ABOR (abort file transfer) command is executed during a file transfer, which causes a signal to be handled incorrectly and allows local and possibly remote attackers to read arbitrary files.

Status: Entry
Reference: BUGTRAQ:19970104 serious security bug in wu-ftpd v2.4
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420401&w=2
Reference: BUGTRAQ:19970105 BoS: serious security bug in wu-ftpd v2.4 -- PATCH
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420408&w=2
Reference: XF:wuftpd-abor-gain-privileges(7169)
Reference: URL:http://xforce.iss.net/static/7169.php


Name: CVE-1999-1327

Description:
Buffer overflow in linuxconf 1.11r11-rh2 on Red Hat Linux 5.1 allows local users to gain root privileges via a long LANG environmental variable.

Status: Entry
Reference: BUGTRAQ:19980601 Re: SECURITY: Red Hat Linux 5.1 linuxconf bug (fwd)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221103125826&w=2
Reference: CONFIRM:http://www.redhat.com/support/errata/rh51-errata-general.html#linuxconf
Reference: XF:linuxconf-lang-bo(7239)
Reference: URL:http://www.iss.net/security_center/static/7239.php
Reference: OSVDB:6065
Reference: URL:http://www.osvdb.org/6065


Name: CVE-1999-1328

Description:
linuxconf before 1.11.r11-rh3 on Red Hat Linux 5.1 allows local users to overwrite arbitrary files and gain root access via a symlink attack.

Status: Entry
Reference: BUGTRAQ:19980826 [djb@redhat.com: Unidentified subject!]
Reference: BUGTRAQ:19980823 Security concerns in linuxconf shipped w/RedHat 5.1
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90383955231511&w=2
Reference: CONFIRM:http://www.redhat.com/support/errata/rh51-errata-general.html#linuxconf
Reference: XF:linuxconf-symlink-gain-privileges(7232)
Reference: URL:http://www.iss.net/security_center/static/7232.php
Reference: OSVDB:6068
Reference: URL:http://www.osvdb.org/6068


Name: CVE-1999-1329

Description:
Buffer overflow in SysVInit in Red Hat Linux 5.1 and earlier allows local users to gain privileges.

Status: Entry
Reference: CONFIRM:http://www.redhat.com/support/errata/rh50-errata-general.html#SysVinit
Reference: XF:sysvinit-root-bo(7250)
Reference: URL:http://www.iss.net/security_center/static/7250.php


Name: CVE-1999-1330

Description:
The snprintf function in the db library 1.85.4 ignores the size parameter, which could allow attackers to exploit buffer overflows that would be prevented by a properly implemented snprintf.

Status: Entry
Reference: BUGTRAQ:19970709 [linux-security] so-called snprintf() in db-1.85.4 (fwd)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602661419259&w=2
Reference: CONFIRM:http://lists.openresources.com/Debian/debian-bugs-closed/msg00581.html
Reference: CONFIRM:http://www.redhat.com/support/errata/rh42-errata-general.html#db
Reference: XF:linux-libdb-snprintf-bo(7244)
Reference: URL:http://www.iss.net/security_center/static/7244.php


Name: CVE-1999-1331

Description:
netcfg 2.16-1 in Red Hat Linux 4.2 allows the Ethernet interface to be controlled by users on reboot when an option is set, which allows local users to cause a denial of service by shutting down the interface.

Status: Entry
Reference: CONFIRM:http://www.redhat.com/support/errata/rh42-errata-general.html#netcfg
Reference: XF:netcfg-ethernet-dos(7245)
Reference: URL:http://www.iss.net/security_center/static/7245.php


Name: CVE-1999-1332

Description:
gzexe in the gzip package on Red Hat Linux 5.0 and earlier allows local users to overwrite files of other users via a symlink attack on a temporary file.

Status: Entry
Reference: BUGTRAQ:19980128 GZEXE - the big problem
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88603844115233&w=2
Reference: CONFIRM:http://www.redhat.com/support/errata/rh50-errata-general.html#gzip
Reference: DEBIAN:DSA-308
Reference: URL:http://www.debian.org/security/2003/dsa-308
Reference: BID:7845
Reference: URL:http://www.securityfocus.com/bid/7845
Reference: OSVDB:3812
Reference: URL:http://www.osvdb.org/3812
Reference: XF:gzip-gzexe-tmp-symlink(7241)
Reference: URL:http://www.iss.net/security_center/static/7241.php


Name: CVE-1999-1333

Description:
automatic download option in ncftp 2.4.2 FTP client in Red Hat Linux 5.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the names of files that are to be downloaded.

Status: Entry
Reference: BUGTRAQ:19980319 ncftp 2.4.2 MkDirs bug
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=89042322924057&w=2
Reference: CONFIRM:http://www.redhat.com/support/errata/rh50-errata-general.html#ncftp
Reference: XF:ncftp-autodownload-command-execution(7240)
Reference: URL:http://www.iss.net/security_center/static/7240.php
Reference: OSVDB:6111
Reference: URL:http://www.osvdb.org/6111


Name: CVE-1999-1335

Description:
snmpd server in cmu-snmp SNMP package before 3.3-1 in Red Hat Linux 4.0 is configured to allow remote attackers to read and write sensitive information.

Status: Entry
Reference: CONFIRM:http://www.redhat.com/support/errata/rh40-errata-general.html#cmu-snmp
Reference: XF:cmusnmp-read-write(7251)
Reference: URL:http://xforce.iss.net/static/7251.php


Name: CVE-1999-1336

Description:
3Com HiPer Access Router Card (HiperARC) 4.0 through 4.2.29 allows remote attackers to cause a denial of service (reboot) via a flood of IAC packets to the telnet port.

Status: Entry
Reference: BUGTRAQ:19990812 3com hiperarch flaw [hiperbomb.c]
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93458364903256&w=2
Reference: BUGTRAQ:19990816 Re: 3com hiperarch flaw [hiperbomb.c]
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93492615408725&w=2
Reference: OSVDB:6057
Reference: URL:http://www.osvdb.org/6057


Name: CVE-1999-1337

Description:
FTP client in Midnight Commander (mc) before 4.5.11 stores usernames and passwords for visited sites in plaintext in the world-readable history file, which allows other local users to gain privileges.

Status: Entry
Reference: BUGTRAQ:19990801 midnight commander vulnerability(?) (fwd)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93370073207984&w=2
Reference: XF:midnight-commander-data-disclosure(9873)
Reference: URL:http://www.iss.net/security_center/static/9873.php
Reference: OSVDB:5921
Reference: URL:http://www.osvdb.org/5921


Name: CVE-1999-1339

Description:
Vulnerability when Network Address Translation (NAT) is enabled in Linux 2.2.10 and earlier with ipchains, or FreeBSD 3.2 with ipfw, allows remote attackers to cause a denial of service (kernel panic) via a ping -R (record route) command.

Status: Entry
Reference: BUGTRAQ:19990722 Re: ping -R causes kernel panic on a forwarding machine ( 2.2.5 a nd 2 .2.10)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93277766505061&w=2
Reference: BUGTRAQ:19990722 Linux +ipchains+ ping -R
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93277426802802&w=2
Reference: CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.2/patch-2.2.11.gz
Reference: XF:ipchains-ping-route-dos(7257)
Reference: URL:http://www.iss.net/security_center/static/7257.php
Reference: OSVDB:6105
Reference: URL:http://www.osvdb.org/6105


Name: CVE-1999-1341

Description:
Linux kernel before 2.3.18 or 2.2.13pre15, with SLIP and PPP options, allows local unprivileged users to forge IP packets via the TIOCSETD option on tty devices.

Status: Entry
Reference: BUGTRAQ:19991022 Local user can send forged packets
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94061108411308&w=2
Reference: XF:linux-tiocsetd-forge-packets(7858)
Reference: URL:http://xforce.iss.net/static/7858.php


Name: CVE-1999-1351

Description:
Directory traversal vulnerability in KVIrc IRC client 0.9.0 with the "Listen to !nick <soundname> requests" option enabled allows remote attackers to read arbitrary files via a .. (dot dot) in a DCC GET request.

Status: Entry
Reference: BUGTRAQ:19990924 Kvirc bug
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93845560631314&w=2
Reference: XF:kvirc-dot-directory-traversal(7761)
Reference: URL:http://www.iss.net/security_center/static/7761.php


Name: CVE-1999-1356

Description:
Compaq Integration Maintenance Utility as used in Compaq Insight Manager agent before SmartStart 4.50 modifies the legal notice caption (LegalNoticeCaption) and text (LegalNoticeText) in Windows NT, which could produce a legal notice that is in violation of the security policy.

Status: Entry
Reference: BUGTRAQ:19990902 Compaq CIM UG Overwrites Legal Notice
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93646669500991&w=2
Reference: NTBUGTRAQ:19990902 Compaq CIM UG Overwrites Legal Notice
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93637792706047&w=2
Reference: NTBUGTRAQ:19990917 Re: Compaq CIM UG Overwrites Legal Notice
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93759822830815&w=2
Reference: XF:compaq-smartstart-legal-notice(7763)
Reference: URL:http://www.iss.net/security_center/static/7763.php


Name: CVE-1999-1358

Description:
When an administrator in Windows NT or Windows 2000 changes a user policy, the policy is not properly updated if the local ntconfig.pol is not writable by the user, which could allow local users to bypass restrictions that would otherwise be enforced by the policy, possibly by changing the policy file to be read-only.

Status: Entry
Reference: MSKB:Q157673
Reference: URL:http://support.microsoft.com/support/kb/articles/q157/6/73.asp
Reference: XF:nt-user-policy-update(7400)
Reference: URL:http://www.iss.net/security_center/static/7400.php


Name: CVE-1999-1359

Description:
When the Ntconfig.pol file is used on a server whose name is longer than 13 characters, Windows NT does not properly enforce policies for global groups, which could allow users to bypass restrictions that were intended by those policies.

Status: Entry
Reference: MSKB:Q163875
Reference: URL:http://support.microsoft.com/support/kb/articles/q163/8/75.asp
Reference: XF:nt-group-policy-longname(7401)
Reference: URL:http://www.iss.net/security_center/static/7401.php


Name: CVE-1999-1360

Description:
Windows NT 4.0 allows local users to cause a denial of service via a user mode application that closes a handle that was opened in kernel mode, which causes a crash when the kernel attempts to close the handle.

Status: Entry
Reference: MSKB:Q160650
Reference: URL:http://support.microsoft.com/support/kb/articles/q160/6/50.asp
Reference: XF:nt-kernel-handle-dos(7402)
Reference: URL:http://www.iss.net/security_center/static/7402.php


Name: CVE-1999-1362

Description:
Win32k.sys in Windows NT 4.0 before SP2 allows local users to cause a denial of service (crash) by calling certain WIN32K functions with incorrect parameters.

Status: Entry
Reference: MSKB:Q160601
Reference: URL:http://support.microsoft.com/support/kb/articles/q160/6/01.asp
Reference: XF:nt-win32k-dos(7403)
Reference: URL:http://www.iss.net/security_center/static/7403.php


Name: CVE-1999-1363

Description:
Windows NT 3.51 and 4.0 allow local users to cause a denial of service (crash) by running a program that creates a large number of locks on a file, which exhausts the NonPagedPool.

Status: Entry
Reference: MSKB:Q163143
Reference: URL:http://support.microsoft.com/support/kb/articles/q163/1/43.asp
Reference: XF:nt-nonpagedpool-dos(7405)
Reference: URL:http://www.iss.net/security_center/static/7405.php


Name: CVE-1999-1365

Description:
Windows NT searches a user's home directory (%systemroot% by default) before other directories to find critical programs such as NDDEAGNT.EXE, EXPLORER.EXE, USERINIT.EXE or TASKMGR.EXE, which could allow local users to bypass access restrictions or gain privileges by placing a Trojan horse program into the root directory, which is writable by default.

Status: Entry
Reference: NTBUGTRAQ:19990628 NT runs Explorer.exe, Taskmgr.exe etc. from wrong location
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93069418400856&w=2
Reference: NTBUGTRAQ:19990630 Update: NT runs explorer.exe, etc...
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93127894731200&w=2
Reference: XF:nt-login-default-folder(2336)
Reference: URL:http://xforce.iss.net/xforce/xfdb/2336
Reference: BID:0515
Reference: URL:http://www.securityfocus.com/bid/0515


Name: CVE-1999-1379

Description:
DNS allows remote attackers to use DNS name servers as traffic amplifiers via a UDP DNS query with a spoofed source address, which produces more traffic to the victim than was sent by the attacker.

Status: Entry
Reference: BUGTRAQ:19990730 Possible Denial Of Service using DNS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93348057829957&w=2
Reference: BUGTRAQ:19990810 Possible Denial Of Service using DNS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93433758607623&w=2
Reference: AUSCERT:AL-1999.004
Reference: URL:ftp://ftp.auscert.org.au/pub/auscert/advisory/AL-1999.004.dns_dos
Reference: CIAC:J-063
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/j-063.shtml
Reference: XF:dns-udp-query-dos(7238)
Reference: URL:http://www.iss.net/security_center/static/7238.php


Name: CVE-1999-1380

Description:
Symantec Norton Utilities 2.0 for Windows 95 marks the TUNEOCX.OCX ActiveX control as safe for scripting, which allows remote attackers to execute arbitrary commands via the run option through malicious web pages that are accessed by browsers such as Internet Explorer 3.0.

Status: Entry
Reference: MISC:http://www.net-security.sk/bugs/NT/nu20.html
Reference: MISC:http://mlarchive.ima.com/win95/1997/May/0342.html
Reference: MISC:http://news.zdnet.co.uk/story/0,,s2065518,00.html
Reference: XF:nu-tuneocx-activex-control(7188)
Reference: URL:http://www.iss.net/security_center/static/7188.php


Name: CVE-1999-1382

Description:
NetWare NFS mode 1 and 2 implements the "Read Only" flag in Unix by changing the ownership of a file to root, which allows local users to gain root privileges by creating a setuid program and setting it to "Read Only," which NetWare-NFS changes to a setuid root program.

Status: Entry
Reference: BUGTRAQ:19980108 NetWare NFS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88427711321769&w=2
Reference: BUGTRAQ:19980812 Re: Netware NFS (fwd)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90295697702474&w=2
Reference: CONFIRM:http://support.novell.com/cgi-bin/search/tidfinder.cgi?2940551
Reference: XF:netware-nfs-file-ownership(7246)
Reference: URL:http://www.iss.net/security_center/static/7246.php


Name: CVE-1999-1384

Description:
Indigo Magic System Tour in the SGI system tour package (systour) for IRIX 5.x through 6.3 allows local users to gain root privileges via a Trojan horse .exitops program, which is called by the inst command that is executed by the RemoveSystemTour program.

Status: Entry
Reference: BUGTRAQ:19961030 (Another) vulnerability in new SGIs
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420095&w=2
Reference: AUSCERT:AA-96.08
Reference: URL:ftp://ftp.auscert.org.au/pub/auscert/advisory/AA-96.08.SGI.systour.vul
Reference: SGI:19961101-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19961101-01-I
Reference: BID:470
Reference: URL:http://www.securityfocus.com/bid/470
Reference: XF:irix-systour(7456)
Reference: URL:http://www.iss.net/security_center/static/7456.php


Name: CVE-1999-1385

Description:
Buffer overflow in ppp program in FreeBSD 2.1 and earlier allows local users to gain privileges via a long HOME environment variable.

Status: Entry
Reference: BUGTRAQ:19961219 Exploit for ppp bug (FreeBSD 2.1.0).
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420332&w=2
Reference: FREEBSD:FreeBSD-SA-96:20
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/old/FreeBSD-SA-96:20.stack-overflow.asc
Reference: XF:ppp-bo(7465)
Reference: URL:http://www.iss.net/security_center/static/7465.php
Reference: OSVDB:6085
Reference: URL:http://www.osvdb.org/6085


Name: CVE-1999-1386

Description:
Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl-eaXXXXX file.

Status: Entry
Reference: BUGTRAQ:19980308 another /tmp race: `perl -e' opens temp file not safely
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88932165406213&w=2
Reference: CONFIRM:http://www.redhat.com/support/errata/rh50-errata-general.html#perl
Reference: XF:perl-e-tmp-symlink(7243)
Reference: URL:http://www.iss.net/security_center/static/7243.php


Name: CVE-1999-1397

Description:
Index Server 2.0 on IIS 4.0 stores physical path information in the ContentIndex\Catalogs subkey of the AllowedPaths registry key, whose permissions allows local and remote users to obtain the physical paths of directories that are being indexed.

Status: Entry
Reference: BUGTRAQ:19990323 Index Server 2.0 and the Registry
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92242671024118&w=2
Reference: NTBUGTRAQ:19990323 Index Server 2.0 and the Registry
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92223293409756&w=2
Reference: BID:476
Reference: URL:http://www.securityfocus.com/bid/476
Reference: XF:iis-indexserver-reveal-path(7559)
Reference: URL:http://www.iss.net/security_center/static/7559.php


Name: CVE-1999-1402

Description:
The access permissions for a UNIX domain socket are ignored in Solaris 2.x and SunOS 4.x, and other BSD-based operating systems before 4.4, which could allow local users to connect to the socket and possibly disrupt or control the operations of the program using that socket.

Status: Entry
Reference: BUGTRAQ:19970517 UNIX domain socket (Solarisx86 2.5)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167418317&w=2
Reference: BUGTRAQ:19971003 Solaris 2.6 and sockets
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602248718482&w=2
Reference: BID:456
Reference: URL:http://www.securityfocus.com/bid/456
Reference: XF:sun-domain-socket-permissions(7172)
Reference: URL:http://www.iss.net/security_center/static/7172.php


Name: CVE-1999-1407

Description:
ifdhcpc-done script for configuring DHCP on Red Hat Linux 5 allows local users to append text to arbitrary files via a symlink attack on the dhcplog file.

Status: Entry
Reference: BUGTRAQ:19980309 *sigh* another RH5 /tmp problem
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88950856416985&w=2
Reference: BID:368
Reference: URL:http://www.securityfocus.com/bid/368
Reference: XF:initscripts-ifdhcpdone-dhcplog-symlink(7294)
Reference: URL:http://www.iss.net/security_center/static/7294.php
Reference: CONFIRM:http://www.redhat.com/support/errata/rh50-errata-general.html#initscripts


Name: CVE-1999-1409

Description:
The at program in IRIX 6.2 and NetBSD 1.3.2 and earlier allows local users to read portions of arbitrary files by submitting the file to at with the -f argument, which generates error messages that at sends to the user via e-mail.

Status: Entry
Reference: BUGTRAQ:19980703 more about 'at'
Reference: URL:http://www.shmoo.com/mail/bugtraq/jul98/msg00064.html
Reference: BUGTRAQ:19980805 irix-6.2 "at -f" vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90233906612929&w=2
Reference: NETBSD:NetBSD-SA1998-004
Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/security/advisories/NetBSD-SA1998-004.txt.asc
Reference: BID:331
Reference: URL:http://www.securityfocus.com/bid/331
Reference: XF:at-f-read-files(7577)
Reference: URL:http://www.iss.net/security_center/static/7577.php


Name: CVE-1999-1411

Description:
The installation of the fsp package 2.71-10 in Debian GNU/Linux 2.0 adds the anonymous FTP user without notifying the administrator, which could automatically enable anonymous FTP on some servers such as wu-ftp.

Status: Entry
Reference: DEBIAN:19981126 new version of fsp fixes security flaw
Reference: URL:http://lists.debian.org/debian-security-announce/debian-security-announce-1998/msg00033.html
Reference: BUGTRAQ:19981128 Debian: Security flaw in FSP
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91228908407679&w=2
Reference: BUGTRAQ:19981130 Debian: Security flaw in FSP
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91244712808780&w=2
Reference: BUGTRAQ:19990217 Debian GNU/Linux 2.0r5 released (fwd)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91936850009861&w=2
Reference: BID:316
Reference: URL:http://www.securityfocus.com/bid/316
Reference: XF:fsp-anon-ftp-access(7574)
Reference: URL:http://www.iss.net/security_center/static/7574.php


Name: CVE-1999-1414

Description:
IBM Netfinity Remote Control allows local users to gain administrator privileges by starting programs from the process manager, which runs with system level privileges.

Status: Entry
Reference: NTBUGTRAQ:19990525 Security Leak with IBM Netfinity Remote Control Software
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92765856706547&w=2
Reference: NTBUGTRAQ:19990609 IBM's response to "Security Leak with IBM Netfinity Remote Control Software
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92902484317769&w=2
Reference: BID:284
Reference: URL:http://www.securityfocus.com/bid/284


Name: CVE-1999-1419

Description:
Buffer overflow in nss_nisplus.so.1 library in NIS+ in Solaris 2.3 and 2.4 allows local users to gain root privileges.

Status: Entry
Reference: SUN:00148
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/148
Reference: BID:219
Reference: URL:http://www.securityfocus.com/bid/219
Reference: XF:sun-nisplus-bo(7535)
Reference: URL:http://www.iss.net/security_center/static/7535.php


Name: CVE-1999-1423

Description:
ping in Solaris 2.3 through 2.6 allows local users to cause a denial of service (crash) via a ping request to a multicast address through the loopback interface, e.g. via ping -i.

Status: Entry
Reference: BUGTRAQ:19970626 Solaris Ping bug (DoS)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602558319160&w=2
Reference: BUGTRAQ:19970627 SUMMARY: Solaris Ping bug (DoS)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602558319171&w=2
Reference: BUGTRAQ:19970627 Solaris Ping bug(inetsvc)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602558319181&w=2
Reference: BUGTRAQ:19971005 Solaris Ping Bug and other [bc] oddities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602558319180&w=2
Reference: SUN:00146
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/146
Reference: BID:209
Reference: URL:http://www.securityfocus.com/bid/209
Reference: XF:ping-multicast-loopback-dos(7492)
Reference: URL:http://www.iss.net/security_center/static/7492.php


Name: CVE-1999-1432

Description:
Power management (Powermanagement) on Solaris 2.4 through 2.6 does not start the xlock process until after the sys-suspend has completed, which allows an attacker with physical access to input characters to the last active application from the keyboard for a short period after the system is restoring, which could lead to increased privileges.

Status: Entry
Reference: BUGTRAQ:19980716 Security risk with powermanagemnet on Solaris 2.6
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104525997&w=2
Reference: BID:160
Reference: URL:http://www.securityfocus.com/bid/160
Reference: SUNBUG:4024179


Name: CVE-1999-1433

Description:
HP JetAdmin D.01.09 on Solaris allows local users to change the permissions of arbitrary files via a symlink attack on the /tmp/jetadmin.log file.

Status: Entry
Reference: BUGTRAQ:19980715 JetAdmin software
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104525988&w=2
Reference: BUGTRAQ:19980722 Re: JetAdmin software
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104526067&w=2
Reference: BID:157
Reference: URL:http://www.securityfocus.com/bid/157


Name: CVE-1999-1437

Description:
ePerl 2.2.12 allows remote attackers to read arbitrary files and possibly execute certain commands by specifying a full pathname of the target file as an argument to bar.phtml.

Status: Entry
Reference: BUGTRAQ:19980707 ePerl: bad handling of ISINDEX queries
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104525890&w=2
Reference: BUGTRAQ:19980710 ePerl Security Update Available
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104525927&w=2
Reference: BID:151
Reference: URL:http://www.securityfocus.com/bid/151


Name: CVE-1999-1452

Description:
GINA in Windows NT 4.0 allows attackers with physical access to display a portion of the clipboard of the user who has locked the workstation by pasting (CTRL-V) the contents into the username prompt.

Status: Entry
Reference: NTBUGTRAQ:19990129 ole objects in a "secured" environment?
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=91764169410814&w=2
Reference: NTBUGTRAQ:19990205 Alert: MS releases GINA-fix for SP3, SP4, and TS
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=91822011021558&w=2
Reference: BUGTRAQ:19990129 ole objects in a "secured" environment?
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91788829326419&w=2
Reference: MSKB:Q214802
Reference: URL:http://support.microsoft.com/support/kb/articles/q214/8/02.asp
Reference: BID:198
Reference: URL:http://www.securityfocus.com/bid/198
Reference: XF:nt-gina-clipboard(1975)
Reference: URL:http://xforce.iss.net/static/1975.php


Name: CVE-1999-1455

Description:
RSH service utility RSHSVC in Windows NT 3.5 through 4.0 does not properly restrict access as specified in the .Rhosts file when a user comes from an authorized host, which could allow unauthorized users to access the service by logging in from an authorized host.

Status: Entry
Reference: MSKB:Q158320
Reference: URL:http://support.microsoft.com/support/kb/articles/q158/3/20.asp
Reference: XF:nt-rshsvc-ale-bypass(7422)
Reference: URL:http://xforce.iss.net/static/7422.php


Name: CVE-1999-1456

Description:
thttpd HTTP server 2.03 and earlier allows remote attackers to read arbitrary files via a GET request with more than one leading / (slash) character in the filename.

Status: Entry
Reference: BUGTRAQ:19980819 thttpd 2.04 released (fwd)
Reference: URL:http://www.securityfocus.com/archive/1/10368
Reference: CONFIRM:http://www.acme.com/software/thttpd/thttpd.html#releasenotes
Reference: XF:thttpd-file-read(1809)
Reference: URL:http://xforce.iss.net/static/1809.php


Name: CVE-1999-1468

Description:
rdist in various UNIX systems uses popen to execute sendmail, which allows local users to gain root privileges by modifying the IFS (Internal Field Separator) variable.

Status: Entry
Reference: MISC:http://www.alw.nih.gov/Security/8lgm/8lgm-Advisory-01.html
Reference: CERT:CA-91.20
Reference: URL:http://www.cert.org/advisories/CA-91.20.rdist.vulnerability
Reference: BID:31
Reference: URL:http://www.securityfocus.com/bid/31
Reference: XF:rdist-popen-gain-privileges(7160)
Reference: URL:http://www.iss.net/security_center/static/7160.php
Reference: OSVDB:8106
Reference: URL:http://www.osvdb.org/8106


Name: CVE-1999-1472

Description:
Internet Explorer 4.0 allows remote attackers to read arbitrary text and HTML files on the user's machine via a small IFRAME that uses Dynamic HTML (DHTML) to send the data to the attacker, aka the Freiburg text-viewing issue.

Status: Entry
Reference: BUGTRAQ:19971017 Security Hole in Explorer 4.0
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87710897923098&w=2
Reference: MISC:http://www.insecure.org/sploits/Internet_explorer_4.0.hack.html
Reference: CONFIRM:http://www.microsoft.com/Windows/ie/security/freiburg.asp
Reference: MSKB:Q176794
Reference: URL:http://support.microsoft.com/support/kb/articles/q176/7/94.asp
Reference: MSKB:Q176697
Reference: URL:http://support.microsoft.com/support/kb/articles/q176/6/97.asp
Reference: XF:http-ie-spy(587)
Reference: URL:http://xforce.iss.net/static/587.php
Reference: OSVDB:7819
Reference: URL:http://www.osvdb.org/7819


Name: CVE-1999-1473

Description:
When a Web site redirects the browser to another site, Internet Explorer 3.02 and 4.0 automatically resends authentication information to the second site, aka the "Page Redirect Issue."

Status: Entry
Reference: MSKB:Q176697
Reference: URL:http://support.microsoft.com/support/kb/articles/q176/6/97.asp
Reference: XF:ie-page-redirect(7426)
Reference: URL:http://www.iss.net/security_center/static/7426.php
Reference: OSVDB:7818
Reference: URL:http://www.osvdb.org/7818


Name: CVE-1999-1476

Description:
A bug in Intel Pentium processor (MMX and Overdrive) allows local users to cause a denial of service (hang) in Intel-based operating systems such as Windows NT and Windows 95, via an invalid instruction, aka the "Invalid Operand with Locked CMPXCHG8B Instruction" problem.

Status: Entry
Reference: MSKB:Q163852
Reference: URL:http://support.microsoft.com/support/kb/articles/q163/8/52.asp
Reference: XF:pentium-crash(704)
Reference: URL:http://xforce.iss.net/static/704.php


Name: CVE-1999-1478

Description:
The Sun HotSpot Performance Engine VM allows a remote attacker to cause a denial of service on any server running HotSpot via a URL that includes the [ character.

Status: Entry
Reference: NTBUGTRAQ:19990706 Bug in SUN's Hotspot VM
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93138827429589&w=2
Reference: NTBUGTRAQ:19990716 FW: (Review ID: 85125) Hotspot crashes bringing down webserver
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93240220324183&w=2
Reference: BID:522
Reference: URL:http://www.securityfocus.com/bid/522
Reference: XF:sun-hotspot-vm(2348)
Reference: URL:http://xforce.iss.net/static/2348.php


Name: CVE-1999-1481

Description:
Squid 2.2.STABLE5 and below, when using external authentication, allows attackers to bypass access controls via a newline in the user/password pair.

Status: Entry
Reference: BUGTRAQ:19991025 [squid] exploit for external authentication problem
Reference: URL:http://www.securityfocus.com/archive/1/33295
Reference: BUGTRAQ:19991103 [squid]exploit for external authentication problem
Reference: URL:http://www.securityfocus.com/archive/1/33295
Reference: CONFIRM:http://www.squid-cache.org/Versions/v2/2.2/bugs/
Reference: BID:741
Reference: URL:http://www.securityfocus.com/bid/741
Reference: XF:squid-proxy-auth-access(3433)
Reference: URL:http://xforce.iss.net/static/3433.php


Name: CVE-1999-1486

Description:
sadc in IBM AIX 4.1 through 4.3, when called from programs such as timex that are setgid adm, allows local users to overwrite arbitrary files via a symlink attack.

Status: Entry
Reference: CONFIRM:http://techsupport.services.ibm.com/aix/fixes/v4/os/bos.acct.4.3.1.0.info
Reference: AIXAPAR:IX75554
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IX75554&apar=only
Reference: AIXAPAR:IX76853
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IX76853&apar=only
Reference: AIXAPAR:IX76330
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IX76330&apar=only
Reference: BID:408
Reference: URL:http://www.securityfocus.com/bid/408
Reference: XF:aix-sadc-timex(7675)
Reference: URL:http://xforce.iss.net/xforce/xfdb/7675


Name: CVE-1999-1488

Description:
sdrd daemon in IBM SP2 System Data Repository (SDR) allows remote attackers to read files without authentication.

Status: Entry
Reference: CIAC:I-079A
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/i-079a.shtml
Reference: BID:371
Reference: URL:http://www.securityfocus.com/bid/371
Reference: XF:ibm-sdr-read-files(7217)
Reference: URL:http://www.iss.net/security_center/static/7217.php


Name: CVE-1999-1490

Description:
xosview 1.5.1 in Red Hat 5.1 allows local users to gain root access via a long HOME environmental variable.

Status: Entry
Reference: BUGTRAQ:19980528 ALERT: Tiresome security hole in "xosview", RedHat5.1?
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221101926021&w=2
Reference: BUGTRAQ:19980529 Re: Tiresome security hole in "xosview" (xosexp.c)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221101926034&w=2
Reference: BID:362
Reference: URL:http://www.securityfocus.com/bid/362
Reference: XF:linux-xosview-bo(8787)
Reference: URL:http://www.iss.net/security_center/static/8787.php


Name: CVE-1999-1494

Description:
colorview in Silicon Graphics IRIX 5.1, 5.2, and 6.0 allows local attackers to read arbitrary files via the -text argument.

Status: Entry
Reference: BUGTRAQ:19940809 Re: IRIX 5.2 Security Advisory
Reference: URL:http://www.securityfocus.com/archive/1/675
Reference: BUGTRAQ:19950307 sigh. another Irix 5.2 hole.
Reference: URL:http://www.tryc.on.ca/archives/bugtraq/1995_1/0614.html
Reference: SGI:19950209-00-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19950209-01-P
Reference: XF:sgi-colorview(2112)
Reference: URL:http://xforce.iss.net/static/2112.php
Reference: BID:336
Reference: URL:http://www.securityfocus.com/bid/336


Name: CVE-1999-1507

Description:
Sun SunOS 4.1 through 4.1.3 allows local attackers to gain root access via insecure permissions on files and directories such as crash.

Status: Entry
Reference: CERT:CA-1993-03
Reference: URL:http://www.cert.org/advisories/CA-1993-03.html
Reference: BID:59
Reference: URL:http://www.securityfocus.com/bid/59
Reference: XF:sun-dir(521)
Reference: URL:http://xforce.iss.net/static/521.php


Name: CVE-1999-1512

Description:
The AMaViS virus scanner 0.2.0-pre4 and earlier allows remote attackers to execute arbitrary commands as root via an infected mail message with shell metacharacters in the reply-to field.

Status: Entry
Reference: BUGTRAQ:19990716 AMaViS virus scanner for Linux - root exploit
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93219846414732&w=2
Reference: CONFIRM:http://www.amavis.org/ChangeLog.txt
Reference: BID:527
Reference: URL:http://www.securityfocus.com/bid/527
Reference: XF:amavis-command-execute(2349)
Reference: URL:http://xforce.iss.net/static/2349.php


Name: CVE-1999-1520

Description:
A configuration problem in the Ad Server Sample directory (AdSamples) in Microsoft Site Server 3.0 allows an attacker to obtain the SITE.CSC file, which exposes sensitive SQL database information.

Status: Entry
Reference: BUGTRAQ:19990511 [ALERT] Site Server 3.0 May Expose SQL IDs and PSWs
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92647407227303&w=2
Reference: BID:256
Reference: URL:http://www.securityfocus.com/bid/256
Reference: XF:siteserver-site-csc(2270)
Reference: URL:http://xforce.iss.net/static/2270.php


Name: CVE-1999-1530

Description:
cgiwrap as used on Cobalt RaQ 2.0 and RaQ 3i does not properly identify the user for running certain scripts, which allows a malicious site administrator to view or modify data located at another virtual site on the same system.

Status: Entry
Reference: BUGTRAQ:19991108 Security flaw in Cobalt RaQ2 cgiwrap
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94209954200450&w=2
Reference: BUGTRAQ:19991109 [Cobalt] Security Advisory - cgiwrap
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94225629200045&w=2
Reference: BID:777
Reference: URL:http://www.securityfocus.com/bid/777
Reference: XF:cobalt-cgiwrap-incorrect-permissions(7764)
Reference: URL:http://www.iss.net/security_center/static/7764.php
Reference: OSVDB:35
Reference: URL:http://www.osvdb.org/35


Name: CVE-1999-1531

Description:
Buffer overflow in IBM HomePagePrint 1.0.7 for Windows98J allows a malicious Web site to execute arbitrary code on a viewer's system via a long IMG_SRC HTML tag.

Status: Entry
Reference: BUGTRAQ:19991102 Some holes for Win/UNIX softwares
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94157187815629&w=2
Reference: BID:763
Reference: URL:http://www.securityfocus.com/bid/763
Reference: XF:ibm-homepageprint-bo(7767)
Reference: URL:http://www.iss.net/security_center/static/7767.php


Name: CVE-1999-1535

Description:
Buffer overflow in AspUpload.dll in Persits Software AspUpload before 1.4.0.2 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long argument in the HTTP request.

Status: Entry
Reference: NTBUGTRAQ:19990720 Buffer overflow in AspUpload 1.4
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93256878011447&w=2
Reference: NTBUGTRAQ:19990818 AspUpload Buffer Overflow Fixed
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93501427820328&w=2
Reference: BID:592
Reference: URL:http://www.securityfocus.com/bid/592
Reference: XF:http-aspupload-bo(3291)
Reference: URL:http://xforce.iss.net/static/3291.php


Name: CVE-1999-1537

Description:
IIS 3.x and 4.x does not distinguish between pages requiring encryption and those that do not, which allows remote attackers to cause a denial of service (resource exhaustion) via SSL requests to the HTTPS port for normally unencrypted files, which will cause IIS to perform extra work to send the files over SSL.

Status: Entry
Reference: NTBUGTRAQ:19990707 SSL and IIS.
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93138827329577&w=2
Reference: BID:521
Reference: URL:http://www.securityfocus.com/bid/521
Reference: XF:ssl-iis-dos(2352)
Reference: URL:http://xforce.iss.net/static/2352.php


Name: CVE-1999-1542

Description:
RPMMail before 1.4 allows remote attackers to execute commands via an e-mail message with shell metacharacters in the "MAIL FROM" command.

Status: Entry
Reference: BUGTRAQ:19991004 RH6.0 local/remote command execution
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93915641729415&w=2
Reference: BUGTRAQ:19991006 Fwd: [Re: RH6.0 local/remote command execution]
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93923853105687&w=2
Reference: XF:linux-rh-rpmmail(3353)
Reference: URL:http://xforce.iss.net/static/3353.php


Name: CVE-1999-1550

Description:
bigconf.conf in F5 BIG/ip 2.1.2 and earlier allows remote attackers to read arbitrary files by specifying the target file in the "file" parameter.

Status: Entry
Reference: BUGTRAQ:19991108 BigIP - bigconf.cgi holes
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94217006208374&w=2
Reference: BUGTRAQ:19991109 Re: BigIP - bigconf.cgi holes
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94217879020184&w=2
Reference: BUGTRAQ:19991109
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94225879703021&w=2
Reference: BID:778
Reference: URL:http://www.securityfocus.com/bid/778
Reference: XF:bigip-bigconf-view-files(7771)
Reference: URL:http://www.iss.net/security_center/static/7771.php


Name: CVE-1999-1556

Description:
Microsoft SQL Server 6.5 uses weak encryption for the password for the SQLExecutiveCmdExec account and stores it in an accessible portion of the registry, which could allow local users to gain privileges by reading and decrypting the CmdExecAccount value.

Status: Entry
Reference: NTBUGTRAQ:19980629 MS SQL Server 6.5 stores password in unprotected registry keys
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=90222453431645&w=2
Reference: BID:109
Reference: URL:http://www.securityfocus.com/bid/109
Reference: XF:mssql-sqlexecutivecmdexec-password(7354)
Reference: URL:http://xforce.iss.net/xforce/xfdb/7354


Name: CVE-1999-1565

Description:
Man2html 2.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file.

Status: Entry
Reference: BUGTRAQ:19990820 [SECURITY] New versions of man2html fixes postinst glitch
Reference: URL:http://www.securityfocus.com/archive/1/24784
Reference: OSVDB:6291
Reference: URL:http://www.osvdb.org/6291


Name: CVE-1999-1568

Description:
Off-by-one error in NcFTPd FTP server before 2.4.1 allows a remote attacker to cause a denial of service (crash) via a long PORT command.

Status: Entry
Reference: BUGTRAQ:19990223 NcFTPd remote buffer overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91981352617720&w=2
Reference: BUGTRAQ:19990223 Comments on NcFTPd "theoretical root compromise"
Reference: URL:http://www.securityfocus.com/archive/1/12699
Reference: XF:ncftpd-port-bo(1833)
Reference: URL:http://xforce.iss.net/static/1833.php


Name: CVE-2000-0001

Description:
RealMedia server allows remote attackers to cause a denial of service via a long ramgen request.

Status: Entry
Reference: BUGTRAQ:19991222 RealMedia Server 5.0 Crasher (rmscrash.c)
Reference: BID:888
Reference: URL:http://www.securityfocus.com/bid/888
Reference: XF:realserver-ramgen-dos


Name: CVE-2000-0002

Description:
Buffer overflow in ZBServer Pro 1.50 allows remote attackers to execute commands via a long GET request.

Status: Entry
Reference: NTBUGTRAQ:19991223 Local / Remote GET Buffer Overflow Vulnerability in ZBServer 1.5 Pro Edition for Win98/NT
Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind9912&L=NTBUGTRAQ&P=R3556
Reference: BUGTRAQ:19991223 Local / Remote GET Buffer Overflow Vulnerability in ZBServer 1.5 Pro Edition for Win98/NT
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94598388530358&w=2
Reference: BUGTRAQ:20000128 ZBServer 1.50-r1x exploit (WinNT)
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=36B0596E.8D111D66@teleline.es
Reference: VULNWATCH:20020114 ZBServer Pro DoS Vulnerability
Reference: BID:889
Reference: URL:http://www.securityfocus.com/bid/889
Reference: XF:zbserver-get-bo


Name: CVE-2000-0003

Description:
Buffer overflow in UnixWare rtpm program allows local users to gain privileges via a long environmental variable.

Status: Entry
Reference: BUGTRAQ:19991230 UnixWare rtpm exploit + discussion
Reference: BUGTRAQ:20000127 New SCO patches...
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94908470928258&w=2


Name: CVE-2000-0004

Description:
ZBServer Pro allows remote attackers to read source code for executable files by inserting a . (dot) into the URL.

Status: Entry
Reference: NTBUGTRAQ:19991223 Local / Remote GET Buffer Overflow Vulnerability in ZBServer 1.5 Pro Edition for Win98/NT
Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind9912&L=NTBUGTRAQ&P=R3556
Reference: BUGTRAQ:19991223 Re: Local / Remote GET Buffer Overflow Vulnerability in ZBServer 1.5 Pro Edition for Win98/NT
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94606572912422&w=2
Reference: XF:zbserver-url-dot


Name: CVE-2000-0006

Description:
strace allows local users to read arbitrary files via memory mapped file names.

Status: Entry
Reference: BUGTRAQ:19991225 strace can lie
Reference: URL:http://online.securityfocus.com/archive/1/39831
Reference: XF:linux-strace(4554)
Reference: URL:http://xforce.iss.net/static/4554.php


Name: CVE-2000-0007

Description:
Trend Micro PC-Cillin does not restrict access to its internal proxy port, allowing remote attackers to conduct a denial of service.

Status: Entry
Reference: BUGTRAQ:19991230 PC-Cillin 6.x DoS Attack
Reference: XF:pccillin-proxy-remote-dos(4491)
Reference: URL:http://xforce.iss.net/static/4491.php
Reference: BID:1740
Reference: URL:http://www.securityfocus.com/bid/1740


Name: CVE-2000-0009

Description:
The bna_pass program in Optivity NETarchitect uses the PATH environmental variable for finding the "rm" program, which allows local users to execute arbitrary commands.

Status: Entry
Reference: BUGTRAQ:19991230 bna,sh
Reference: XF:netarchitect-path-vulnerability
Reference: BID:907
Reference: URL:http://www.securityfocus.com/bid/907


Name: CVE-2000-0010

Description:
WebWho+ whois.cgi program allows remote attackers to execute commands via shell metacharacters in the TLD parameter.

Status: Entry
Reference: BUGTRAQ:19991226 WebWho+ ADVISORY
Reference: XF:http-cgi-webwhoplus


Name: CVE-2000-0011

Description:
Buffer overflow in AnalogX SimpleServer:WWW HTTP server allows remote attackers to execute commands via a long GET request.

Status: Entry
Reference: BUGTRAQ:19991231 Local / Remote GET Buffer Overflow Vulnerability in AnalogX SimpleServer:WWW HTTP Server v1.1
Reference: MISC:http://www.analogx.com/contents/download/network/sswww.htm
Reference: XF:simpleserver-get-bo
Reference: BID:906
Reference: URL:http://www.securityfocus.com/bid/906
Reference: OSVDB:1184
Reference: URL:http://www.osvdb.org/1184


Name: CVE-2000-0012

Description:
Buffer overflow in w3-msql CGI program in miniSQL package allows remote attackers to execute commands.

Status: Entry
Reference: BUGTRAQ:19991227 remote buffer overflow in miniSQL
Reference: BID:898
Reference: URL:http://www.securityfocus.com/bid/898
Reference: XF:w3-msql-scanf-bo


Name: CVE-2000-0013

Description:
IRIX soundplayer program allows local users to gain privileges by including shell metacharacters in a .wav file, which is executed via the midikeys program.

Status: Entry
Reference: BUGTRAQ:19991231 irix-soundplayer.sh
Reference: XF:irix-soundplayer-symlink
Reference: BID:909
Reference: URL:http://www.securityfocus.com/bid/909


Name: CVE-2000-0014

Description:
Denial of service in Savant web server via a null character in the requested URL.

Status: Entry
Reference: BUGTRAQ:19991228 Local / Remote D.o.S Attack in Savant Web Server V2.0 WIN9X / NT / 2K
Reference: BID:897
Reference: URL:http://www.securityfocus.com/bid/897
Reference: XF:savant-server-null-dos


Name: CVE-2000-0015

Description:
CascadeView TFTP server allows local users to gain privileges via a symlink attack.

Status: Entry
Reference: BUGTRAQ:19991231 tftpserv.sh
Reference: BID:910
Reference: URL:http://www.securityfocus.com/bid/910
Reference: XF:cascadeview-tftp-symlink


Name: CVE-2000-0018

Description:
wmmon in FreeBSD allows local users to gain privileges via the .wmmonrc configuration file.

Status: Entry
Reference: BUGTRAQ:19991221 Wmmon under FreeBSD
Reference: BID:885
Reference: URL:http://www.securityfocus.com/bid/885
Reference: XF:freebsd-wmmon-root-exploit
Reference: OSVDB:1169
Reference: URL:http://www.osvdb.org/1169


Name: CVE-2000-0020

Description:
DNS PRO allows remote attackers to conduct a denial of service via a large number of connections.

Status: Entry
Reference: NTBUGTRAQ:19991221 Remote D.o.S Attack in DNS PRO v5.7 WinNT From FBLI Software Vulnerability
Reference: BUGTRAQ:19991221 Remote D.o.S Attack in DNS PRO v5.7 WinNT From FBLI Software Vulnerability
Reference: XF:dnspro-flood-dos


Name: CVE-2000-0022

Description:
Lotus Domino HTTP server does not properly disable anonymous access for the cgi-bin directory.

Status: Entry
Reference: BUGTRAQ:19991221 serious Lotus Domino HTTP denial of service
Reference: BUGTRAQ:19991227 Re: Lotus Domino HTTP denial of service attack
Reference: BID:881
Reference: URL:http://www.securityfocus.com/bid/881


Name: CVE-2000-0023

Description:
Buffer overflow in Lotus Domino HTTP server allows remote attackers to cause a denial of service via a long URL.

Status: Entry
Reference: BUGTRAQ:19991221 serious Lotus Domino HTTP denial of service
Reference: BUGTRAQ:19991222 Lotus Notes HTTP cgi-bin vulnerability: possible workaround
Reference: BUGTRAQ:19991227 Re: Lotus Domino HTTP denial of service attack
Reference: BID:881
Reference: URL:http://www.securityfocus.com/bid/881
Reference: OSVDB:51
Reference: URL:http://www.osvdb.org/51


Name: CVE-2000-0024

Description:
IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka the "Escape Character Parsing" vulnerability.

Status: Entry
Reference: MISC:http://www.acrossecurity.com/aspr/ASPR-1999-11-10-1-PUB.txt
Reference: MS:MS99-061
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-061.asp
Reference: BUGTRAQ:19991228 Third Party Software Affected by IIS "Escape Character Parsing" Vulnerability
Reference: BUGTRAQ:19991229 More info on MS99-061 (IIS escape character vulnerability)
Reference: XF:iis-badescapes
Reference: MSKB:Q246401
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q246401


Name: CVE-2000-0025

Description:
IIS 4.0 and Site Server 3.0 allow remote attackers to read source code for ASP files if the file is in a virtual directory whose name includes extensions such as .com, .exe, .sh, .cgi, or .dll, aka the "Virtual Directory Naming" vulnerability.

Status: Entry
Reference: MS:MS99-058
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-058.mspx
Reference: MSKB:Q238606
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q238606
Reference: OSVDB:8098
Reference: URL:http://www.osvdb.org/8098


Name: CVE-2000-0026

Description:
Buffer overflow in UnixWare i2odialogd daemon allows remote attackers to gain root access via a long username/password authorization string.

Status: Entry
Reference: BUGTRAQ:19991222 UnixWare i2odialogd remote root exploit
Reference: BUGTRAQ:19991223 FYI, SCO Security patches available.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94606167110764&w=2
Reference: BID:876
Reference: URL:http://www.securityfocus.com/bid/876
Reference: OSVDB:6310
Reference: URL:http://www.osvdb.org/6310


Name: CVE-2000-0027

Description:
IBM Network Station Manager NetStation allows local users to gain privileges via a symlink attack.

Status: Entry
Reference: BUGTRAQ:19991227 IBM NetStation/UnixWare local root exploit
Reference: URL:http://www.securityfocus.com/archive/1/39962
Reference: BID:900
Reference: URL:http://www.securityfocus.com/bid/900
Reference: XF:ibm-netstat-race-condition(5381)
Reference: URL:http://www.iss.net/security_center/static/5381.php


Name: CVE-2000-0029

Description:
UnixWare pis and mkpis commands allow local users to gain privileges via a symlink attack.

Status: Entry
Reference: BUGTRAQ:19991227 UnixWare local pis exploit
Reference: BUGTRAQ:20000113 Info on some security holes reported against SCO Unixware.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94780294009285&w=2
Reference: BID:901
Reference: URL:http://www.securityfocus.com/bid/901


Name: CVE-2000-0030

Description:
Solaris dmispd dmi_cmd allows local users to fill up restricted disk space by adding files to the /var/dmi/db database.

Status: Entry
Reference: BUGTRAQ:19991222 Solaris 2.7 dmispd local/remote problems
Reference: XF:sol-dmispd-fill-disk
Reference: BID:878
Reference: URL:http://www.securityfocus.com/bid/878


Name: CVE-2000-0031

Description:
The initscripts package in Red Hat Linux allows local users to gain privileges via a symlink attack.

Status: Entry
Reference: L0PHT:19991227 initscripts-4.48-1 RedHat Linux 6.1
Reference: REDHAT:RHSA-1999:052-04


Name: CVE-2000-0032

Description:
Solaris dmi_cmd allows local users to crash the dmispd daemon by adding a malformed file to the /var/dmi/db database.

Status: Entry
Reference: BUGTRAQ:19991222 Solaris 2.7 dmispd local/remote problems
Reference: XF:sol-dmispd-dos
Reference: BID:878
Reference: URL:http://www.securityfocus.com/bid/878
Reference: OSVDB:7582
Reference: URL:http://www.osvdb.org/7582


Name: CVE-2000-0033

Description:
InterScan VirusWall SMTP scanner does not properly scan messages with malformed attachments.

Status: Entry
Reference: BUGTRAQ:19991227 Trend Micro InterScan VirusWall SMTP bug
Reference: BID:899
Reference: URL:http://www.securityfocus.com/bid/899
Reference: XF:interscan-viruswall-bypass


Name: CVE-2000-0034

Description:
Netscape 4.7 records user passwords in the preferences.js file during an IMAP or POP session, even if the user has not enabled "remember passwords."

Status: Entry
Reference: BUGTRAQ:19991222 More Netscape Passwords Available.
Reference: XF:netscape-password-preferences


Name: CVE-2000-0036

Description:
Outlook Express 5 for Macintosh downloads attachments to HTML mail without prompting the user, aka the "HTML Mail Attachment" vulnerability.

Status: Entry
Reference: MS:MS99-060
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-060.asp
Reference: MSKB:Q249082
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q249082


Name: CVE-2000-0037

Description:
Majordomo wrapper allows local users to gain privileges by specifying an alternate configuration file.

Status: Entry
Reference: BUGTRAQ:19991228 majordomo local exploit
Reference: BUGTRAQ:20000113 Info on some security holes reported against SCO Unixware.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94780294009285&w=2
Reference: BUGTRAQ:20000124 majordomo 1.94.5 does not fix all vulnerabilities
Reference: REDHAT:RHSA-2000:005
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-005.html
Reference: BID:903
Reference: URL:http://www.securityfocus.com/bid/903


Name: CVE-2000-0039

Description:
AltaVista search engine allows remote attackers to read files above the document root via a .. (dot dot) in the query.cgi CGI program.

Status: Entry
Reference: BUGTRAQ:19991229 AltaVista
Reference: BUGTRAQ:19991230 Follow UP AltaVista
Reference: BUGTRAQ:19991229 AltaVista followup and monitor script
Reference: BUGTRAQ:20000103 FW: Patch issued for AltaVista Search Engine Directory TraversalVulnerability
Reference: BUGTRAQ:20000109 Altavista followup
Reference: BID:896
Reference: URL:http://www.securityfocus.com/bid/896
Reference: OSVDB:15
Reference: URL:http://www.osvdb.org/15


Name: CVE-2000-0040

Description:
glFtpD allows local users to gain privileges via metacharacters in the SITE ZIPCHK command.

Status: Entry
Reference: BUGTRAQ:19991223 Multiple vulnerabilites in glFtpD (current versions)


Name: CVE-2000-0041

Description:
Macintosh systems generate large ICMP datagrams in response to malformed datagrams, allowing them to be used as amplifiers in a flood attack.

Status: Entry
Reference: BUGTRAQ:19991229 The "Mac DoS Attack," a Scheme for Blocking Internet Connections
Reference: BID:890
Reference: URL:http://www.securityfocus.com/bid/890


Name: CVE-2000-0042

Description:
Buffer overflow in CSM mail server allows remote attackers to cause a denial of service or execute commands via a long HELO command.

Status: Entry
Reference: BUGTRAQ:19991229 Local / Remote D.o.S Attack in CSM Mail Server for Windows 95/NT v.2000.08.A
Reference: XF:csm-server-bo
Reference: BID:895
Reference: URL:http://www.securityfocus.com/bid/895


Name: CVE-2000-0043

Description:
Buffer overflow in CamShot WebCam HTTP server allows remote attackers to execute commands via a long GET request.

Status: Entry
Reference: BUGTRAQ:19991230 Local / Remote GET Buffer Overflow Vulnerability in CamShot WebCam HTTP Server v2.5 for Win9x/NT
Reference: BID:905
Reference: URL:http://www.securityfocus.com/bid/905
Reference: XF:camshot-http-get-overflow


Name: CVE-2000-0044

Description:
Macros in War FTP 1.70 and 1.67b2 allow local or remote attackers to read arbitrary files or execute commands.

Status: Entry
Reference: BUGTRAQ:20000105 SECURITY ALERT - WAR FTP DAEMON ALL VERSIONS
Reference: BID:919
Reference: URL:http://www.securityfocus.com/bid/919
Reference: XF:warftp-macro-access-files


Name: CVE-2000-0045

Description:
MySQL allows local users to modify passwords for arbitrary MySQL users via the GRANT privilege.

Status: Entry
Reference: BUGTRAQ:20000111 Serious bug in MySQL password handling.
Reference: BUGTRAQ:20000113 New MySQL Available
Reference: XF:mysql-pwd-grant
Reference: BID:926
Reference: URL:http://www.securityfocus.com/bid/926


Name: CVE-2000-0048

Description:
get_it program in Corel Linux Update allows local users to gain root access by specifying an alternate PATH for the cp program.

Status: Entry
Reference: BUGTRAQ:20000112 Serious Bug in Corel Linux.(Local root exploit)
Reference: BID:928
Reference: URL:http://www.securityfocus.com/bid/928
Reference: CONFIRM:http://linux.corel.com/support/clos_patch1.htm
Reference: XF:linux-corel-update


Name: CVE-2000-0050

Description:
The Allaire Spectra Webtop allows authenticated users to access other Webtop sections by specifying explicit URLs.

Status: Entry
Reference: ALLAIRE:ASB00-01
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=13976&Method=Full
Reference: XF:allaire-webtop-access
Reference: BID:915
Reference: URL:http://www.securityfocus.com/bid/915


Name: CVE-2000-0051

Description:
The Allaire Spectra Configuration Wizard allows remote attackers to cause a denial of service by repeatedly resubmitting data collections for indexing via a URL.

Status: Entry
Reference: ALLAIRE:ASB00-02
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=13977&Method=Full
Reference: BID:916
Reference: URL:http://www.securityfocus.com/bid/916
Reference: XF:allaire-spectra-config-dos


Name: CVE-2000-0052

Description:
Red Hat userhelper program in the usermode package allows local users to gain root access via PAM and a .. (dot dot) attack.

Status: Entry
Reference: L0PHT:20000104 PamSlam
Reference: URL:http://www.l0pht.com/advisories/pam_advisory
Reference: REDHAT:RHSA-2000:001
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-001.html
Reference: XF:linux-pam-userhelper
Reference: URL:http://xforce.iss.net/search.php3?type=2&pattern=linux-pam-userhelper
Reference: BID:913
Reference: URL:http://www.securityfocus.com/bid/913


Name: CVE-2000-0053

Description:
Microsoft Commercial Internet System (MCIS) IMAP server allows remote attackers to cause a denial of service via a malformed IMAP request.

Status: Entry
Reference: MS:MS00-001
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-001.asp
Reference: MSKB:Q246731
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q246731
Reference: BID:912
Reference: URL:http://www.securityfocus.com/bid/912
Reference: XF:mcis-malformed-imap


Name: CVE-2000-0056

Description:
IMail IMONITOR status.cgi CGI script allows remote attackers to cause a denial of service with many calls to status.cgi.

Status: Entry
Reference: BUGTRAQ:20000105 Local / Remote D.o.S Attack in IMail IMONITOR Server for WinNT Version 5.08
Reference: BID:914
Reference: URL:http://www.securityfocus.com/bid/914
Reference: XF:imail-imonitor-status-dos


Name: CVE-2000-0057

Description:
Cold Fusion CFCACHE tag places temporary cache files within the web document root, allowing remote attackers to obtain sensitive system information.

Status: Entry
Reference: ALLAIRE:ASB00-03
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=13978&Method=Full
Reference: XF:coldfusion-cfcache
Reference: BID:917
Reference: URL:http://www.securityfocus.com/bid/917


Name: CVE-2000-0060

Description:
Buffer overflow in aVirt Rover POP3 server 1.1 allows remote attackers to cause a denial of service via a long user name.

Status: Entry
Reference: NTBUGTRAQ:19991227 Local / Remote Remote DoS Attack in Rover POP3 Server V1.1 NT From aVirt
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=94647711311057&w=2
Reference: BUGTRAQ:19991227 Local / Remote Remote DoS Attack in Rover POP3 Server V1.1 NT From aVirt
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94633851427858&w=2
Reference: BID:894
Reference: URL:http://www.securityfocus.com/bid/894
Reference: XF:avirt-rover-pop3-dos(3765)
Reference: URL:http://www.iss.net/security_center/static/3765.php


Name: CVE-2000-0062

Description:
The DTML implementation in the Z Object Publishing Environment (Zope) allows remote attackers to conduct unauthorized activities.

Status: Entry
Reference: BUGTRAQ:20000104 [petrilli@digicool.com: [Zope] SECURITY ALERT]
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000104222219.B41650@schvin.net
Reference: BID:922
Reference: URL:http://www.securityfocus.com/bid/922
Reference: XF:zope-dtml


Name: CVE-2000-0063

Description:
cgiproc CGI script in Nortel Contivity HTTP server allows remote attackers to read arbitrary files by specifying the filename in a parameter to the script.

Status: Entry
Reference: BUGTRAQ:20000118 Nortel Contivity Vulnerability
Reference: XF:http-cgi-cgiproc-file-read
Reference: BID:938
Reference: URL:http://www.securityfocus.com/bid/938


Name: CVE-2000-0064

Description:
cgiproc CGI script in Nortel Contivity HTTP server allows remote attackers to cause a denial of service via a malformed URL that includes shell metacharacters.

Status: Entry
Reference: BUGTRAQ:20000118 Nortel Contivity Vulnerability
Reference: BID:938
Reference: URL:http://www.securityfocus.com/bid/938
Reference: XF:http-cgi-cgiproc-dos
Reference: OSVDB:7583
Reference: URL:http://www.osvdb.org/7583


Name: CVE-2000-0065

Description:
Buffer overflow in InetServ 3.0 allows remote attackers to execute commands via a long GET request.

Status: Entry
Reference: NTBUGTRAQ:20000117 Remote Buffer Exploit - InetServ 3.0
Reference: XF:inetserv-get-bo


Name: CVE-2000-0070

Description:
NtImpersonateClientOfPort local procedure call in Windows NT 4.0 allows local users to gain privileges, aka "Spoofed LPC Port Request."

Status: Entry
Reference: BINDVIEW:20000113 Local Promotion Vulnerability in Windows NT 4
Reference: URL:http://www.bindview.com/security/advisory/adv_NtImpersonate.html
Reference: MS:MS00-003
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-003.asp
Reference: MSKB:Q247869
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q247869
Reference: XF:nt-spoofed-lpc-port
Reference: URL:http://xforce.iss.net/search.php3?type=2&pattern=nt-spoofed-lpc-port
Reference: BID:934
Reference: URL:http://www.securityfocus.com/bid/934


Name: CVE-2000-0072

Description:
Visual Casel (Vcasel) does not properly prevent users from executing files, which allows local users to use a relative pathname to specify an alternate file which has an approved name and possibly gain privileges.

Status: Entry
Reference: BUGTRAQ:20000118 Warning: VCasel security hole.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94823061421676&w=2
Reference: BID:937
Reference: URL:http://www.securityfocus.com/bid/937
Reference: XF:vcasel-filename-trusting(3867)
Reference: URL:http://www.iss.net/security_center/static/3867.php


Name: CVE-2000-0073

Description:
Buffer overflow in Microsoft Rich Text Format (RTF) reader allows attackers to cause a denial of service via a malformed control word.

Status: Entry
Reference: MS:MS00-005
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-005.asp
Reference: MSKB:Q249973
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q249973
Reference: XF:win-malformed-rtf-control-word
Reference: URL:http://xforce.iss.net/search.php3?type=2&pattern=win-malformed-rtf-control-word


Name: CVE-2000-0075

Description:
Super Mail Transfer Package (SMTP), later called MsgCore, has a memory leak which allows remote attackers to cause a denial of service by repeating multiple HELO, MAIL FROM, RCPT TO, and DATA commands in the same session.

Status: Entry
Reference: NTBUGTRAQ:20000113 Local / Remote D.o.S Attack in Super Mail Transfer Package (SMTP) Server for WinNT Version 1.9x
Reference: BUGTRAQ:20000113 Local / Remote D.o.S Attack in Super Mail Transfer Package (SMTP) Server for WinNT Version 1.9x
Reference: BID:930
Reference: URL:http://www.securityfocus.com/bid/930
Reference: XF:supermail-memleak-dos


Name: CVE-2000-0076

Description:
nviboot boot script in the Debian nvi package allows local users to delete files via malformed entries in vi.recover.

Status: Entry
Reference: BUGTRAQ:19991230 vibackup.sh
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94709988232618&w=2
Reference: DEBIAN:20000108
Reference: XF:nvi-delete-files
Reference: BID:1439
Reference: URL:http://www.securityfocus.com/bid/1439


Name: CVE-2000-0080

Description:
AIX techlibss allows local users to overwrite files via a symlink attack.

Status: Entry
Reference: BUGTRAQ:20000110 2nd attempt: AIX techlibss follows links
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94757136413681&w=2
Reference: BID:931
Reference: URL:http://www.securityfocus.com/bid/931
Reference: XF:aix-techlibss-symbolic-link


Name: CVE-2000-0083

Description:
HP asecure creates the Audio Security File audio.sec with insecure permissions, which allows local users to cause a denial of service or gain additional privileges.

Status: Entry
Reference: HP:HPSBUX0001-109
Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2031
Reference: XF:hp-audio-security-perms


Name: CVE-2000-0087

Description:
Netscape Mail Notification (nsnotify) utility in Netscape Communicator uses IMAP without SSL, even if the user has set a preference for Communicator to use an SSL connection, allowing a remote attacker to sniff usernames and passwords in plaintext.

Status: Entry
Reference: BUGTRAQ:20000113 Misleading sense of security in Netscape
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94790377622943&w=2
Reference: XF:netscape-mail-notify-plaintext(4385)
Reference: URL:http://www.iss.net/security_center/static/4385.php


Name: CVE-2000-0088

Description:
Buffer overflow in the conversion utilities for Japanese, Korean and Chinese Word 5 documents allows an attacker to execute commands, aka the "Malformed Conversion Data" vulnerability.

Status: Entry
Reference: MS:MS00-002
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-002.mspx
Reference: XF:office-malformed-convert
Reference: BID:946
Reference: URL:http://www.securityfocus.com/bid/946


Name: CVE-2000-0089

Description:
The rdisk utility in Microsoft Terminal Server Edition and Windows NT 4.0 stores registry hive information in a temporary file with permissions that allow local users to read it, aka the "RDISK Registry Enumeration File" vulnerability.

Status: Entry
Reference: NTBUGTRAQ:20000121 RDISK registry enumeration file vulnerability in Windows NT 4.0 Terminal Server Edition
Reference: BUGTRAQ:20000122 RDISK registry enumeration file vulnerability in Windows NT 4.0 Terminal Server Edition
Reference: MS:MS00-004
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-004.mspx
Reference: MSKB:Q249108
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q249108
Reference: BID:947
Reference: URL:http://www.securityfocus.com/bid/947
Reference: XF:nt-rdisk-enum-file


Name: CVE-2000-0090

Description:
VMWare 1.1.2 allows local users to cause a denial of service via a symlink attack.

Status: Entry
Reference: BUGTRAQ:20000124 VMware 1.1.2 Symlink Vulnerability
Reference: XF:linux-vmware-symlink
Reference: BID:943
Reference: URL:http://www.securityfocus.com/bid/943
Reference: OSVDB:1205
Reference: URL:http://www.osvdb.org/1205


Name: CVE-2000-0091

Description:
Buffer overflow in vchkpw/vpopmail POP authentication package allows remote attackers to gain root privileges via a long username or password.

Status: Entry
Reference: BUGTRAQ:20000122 remote root qmail-pop with vpopmail advisory and exploit with patch
Reference: BUGTRAQ:20000123 Re: vpopmail/vchkpw remote root exploit
Reference: BID:942
Reference: URL:http://www.securityfocus.com/bid/942
Reference: MISC:http://www.inter7.com/vpopmail/ChangeLog
Reference: MISC:http://www.inter7.com/vpopmail/


Name: CVE-2000-0092

Description:
The BSD make program allows local users to modify files via a symlink attack when the -j option is being used.

Status: Entry
Reference: FREEBSD:FreeBSD-SA-00:01
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:01.make.asc
Reference: BID:939
Reference: URL:http://www.securityfocus.com/bid/939
Reference: XF:gnu-makefile-tmp-root


Name: CVE-2000-0094

Description:
procfs in BSD systems allows local users to gain root privileges by modifying the /proc/pid/mem interface via a modified file descriptor for stderr.

Status: Entry
Reference: BUGTRAQ:20000121 *BSD procfs vulnerability
Reference: FREEBSD:FreeBSD-SA-00:02
Reference: NETBSD:NetBSD-SA2000-001
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2000-001.txt.asc
Reference: OPENBSD:20000120 [2.6] 018: SECURITY FIX: Jan 20, 2000
Reference: BID:940
Reference: URL:http://www.securityfocus.com/bid/940
Reference: OSVDB:20760
Reference: URL:http://www.osvdb.org/20760
Reference: XF:netbsd-procfs(3995)
Reference: URL:http://xforce.iss.net/xforce/xfdb/3995


Name: CVE-2000-0095

Description:
The PMTU discovery procedure used by HP-UX 10.30 and 11.00 for determining the optimum MTU generates large amounts of traffic in response to small packets, allowing remote attackers to cause the system to be used as a packet amplifier.

Status: Entry
Reference: HP:HPSBUX0001-110
Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2041
Reference: BID:944
Reference: URL:http://www.securityfocus.com/bid/944


Name: CVE-2000-0097

Description:
The WebHits ISAPI filter in Microsoft Index Server allows remote attackers to read arbitrary files, aka the "Malformed Hit-Highlighting Argument" vulnerability.

Status: Entry
Reference: NTBUGTRAQ:20000127 Alert: MS IIS 4 / IS 2 (Cerberus Security Advisory CISADV000126)
Reference: MS:MS00-006
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-006.asp
Reference: BID:950
Reference: URL:http://www.securityfocus.com/bid/950
Reference: XF:http-indexserver-dirtrans
Reference: OSVDB:1210
Reference: URL:http://www.osvdb.org/1210


Name: CVE-2000-0098

Description:
Microsoft Index Server allows remote attackers to determine the real path for a web directory via a request to an Internet Data Query file that does not exist.

Status: Entry
Reference: MS:MS00-006
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-006.asp


Name: CVE-2000-0099

Description:
Buffer overflow in UnixWare ppptalk command allows local users to gain privileges via a long prompt argument.

Status: Entry
Reference: BUGTRAQ:20000119 Unixware ppptalk
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94848865112897&w=2


Name: CVE-2000-0100

Description:
The SMS Remote Control program is installed with insecure permissions, which allows local users to gain privileges by modifying or replacing the program.

Status: Entry
Reference: NTBUGTRAQ:20000115 Security Vulnerability with SMS 2.0 Remote Control
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/current/0045.html
Reference: MS:MS00-012
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-012.asp


Name: CVE-2000-0107

Description:
Linux apcd program allows local attackers to modify arbitrary files via a symlink attack.

Status: Entry
Reference: DEBIAN:20000201
Reference: URL:http://www.debian.org/security/2000/20000201
Reference: BID:958
Reference: URL:http://www.securityfocus.com/bid/958


Name: CVE-2000-0111

Description:
The RightFax web client uses predictable session numbers, which allows remote attackers to hijack user sessions.

Status: Entry
Reference: BUGTRAQ:20000129 [LoWNOISE] Rightfax web client 5.2
Reference: BID:953
Reference: URL:http://www.securityfocus.com/bid/953
Reference: XF:avt-rightfax-predict-session


Name: CVE-2000-0112

Description:
The default installation of Debian GNU/Linux uses an insecure Master Boot Record (MBR) which allows a local user to boot from a floppy disk during the installation.

Status: Entry
Reference: BUGTRAQ:20000202 vulnerability in Linux Debian default boot configuration
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94973075614088&w=2
Reference: BID:960
Reference: URL:http://www.securityfocus.com/bid/960
Reference: XF:debian-mbr-bypass-security


Name: CVE-2000-0113

Description:
The SyGate Remote Management program does not properly restrict access to its administration service, which allows remote attackers to cause a denial of service, or access network traffic statistics.

Status: Entry
Reference: BUGTRAQ:20000128 SyGate 3.11 Port 7323 / Remote Admin hole
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94934808714972&w=2
Reference: BUGTRAQ:20000202 SV: SyGate 3.11 Port 7323 / Remote Admin hole
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94952641025328&w=2
Reference: BUGTRAQ:20000203 UPDATE: Sygate 3.11 Port 7323 Telnet Hole
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94973281714994&w=2
Reference: CONFIRM:http://www.sybergen.com/support/fix.htm
Reference: BID:952
Reference: URL:http://www.securityfocus.com/bid/952


Name: CVE-2000-0116

Description:
Firewall-1 does not properly filter script tags, which allows remote attackers to bypass the "Strip Script Tags" restriction by including an extra < in front of the SCRIPT tag.

Status: Entry
Reference: NTBUGTRAQ:20000129 "Strip Script Tags" in FW-1 can be circumvented
Reference: BUGTRAQ:20000129 "Strip Script Tags" in FW-1 can be circumvented
Reference: BID:954
Reference: URL:http://www.securityfocus.com/bid/954
Reference: XF:http-script-bypass
Reference: OSVDB:1212
Reference: URL:http://www.osvdb.org/1212


Name: CVE-2000-0117

Description:
The siteUserMod.cgi program in Cobalt RaQ2 servers allows any Site Administrator to modify passwords for other users, site administrators, and possibly admin (root).

Status: Entry
Reference: BUGTRAQ:20000127 Cobalt RaQ2 - a user of mine changed my admin password..
Reference: BUGTRAQ:20000131 [ Cobalt ] Security Advisory -- 01.31.2000
Reference: XF:http-cgi-cobalt-passwords
Reference: BID:951
Reference: URL:http://www.securityfocus.com/bid/951


Name: CVE-2000-0120

Description:
The Remote Access Service invoke.cfm template in Allaire Spectra 1.0 allows users to bypass authentication via the bAuthenticated parameter.

Status: Entry
Reference: ALLAIRE:ASB00-04
Reference: BID:955
Reference: URL:http://www.securityfocus.com/bid/955
Reference: XF:allaire-spectra-ras-access(4025)
Reference: URL:http://xforce.iss.net/static/4025.php


Name: CVE-2000-0121

Description:
The Recycle Bin utility in Windows NT and Windows 2000 allows local users to read or modify files by creating a subdirectory with the victim's SID in the recycler directory, aka the "Recycle Bin Creation" vulnerability.

Status: Entry
Reference: NTBUGTRAQ:20000201 "Recycle Bin Creation" Vulnerability in Windows NT / Windows 2000
Reference: MS:MS00-007
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-007.mspx
Reference: MSKB:Q248399
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q248399
Reference: BID:963
Reference: URL:http://www.securityfocus.com/bid/963


Name: CVE-2000-0127

Description:
The Webspeed configuration program does not properly disable access to the WSMadmin utility, which allows remote attackers to gain privileges via wsisa.dll.

Status: Entry
Reference: BUGTRAQ:20000203 Webspeed security issue
Reference: CONFIRM:http://www.progress.com/services/support/cgi-bin/techweb-kbase.cgi/webkb.html?kbid=19412&keywords=security%20Webspeed
Reference: BID:969
Reference: URL:http://www.securityfocus.com/bid/969
Reference: XF:webspeed-adminutil-auth


Name: CVE-2000-0128

Description:
The Finger Server 0.82 allows remote attackers to execute commands via shell metacharacters.

Status: Entry
Reference: BUGTRAQ:20000204 "The Finger Server"
Reference: CONFIRM:http://www.glazed.org/finger/changelog.txt
Reference: XF:finger-server-input
Reference: OSVDB:7610
Reference: URL:http://www.osvdb.org/7610


Name: CVE-2000-0130

Description:
Buffer overflow in SCO scohelp program allows remote attackers to execute commands.

Status: Entry
Reference: BUGTRAQ:20000127 New SCO patches...
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94908470928258&w=2
Reference: SCO:SB-00.02a
Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-00.02a
Reference: XF:sco-help-bo


Name: CVE-2000-0131

Description:
Buffer overflow in War FTPd 1.6x allows users to cause a denial of service via long MKD and CWD commands.

Status: Entry
Reference: BUGTRAQ:20000201 war-ftpd 1.6x DoS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94960703721503&w=2
Reference: BID:966
Reference: URL:http://www.securityfocus.com/bid/966
Reference: OSVDB:4677
Reference: URL:http://www.osvdb.org/4677


Name: CVE-2000-0139

Description:
Internet Anywhere POP3 Mail Server allows local users to cause a denial of service via a malformed RETR command.

Status: Entry
Reference: BUGTRAQ:20000210 remote DoS on Internet Anywhere Mail Server Ver.3.1.3
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95021326417936&w=2
Reference: BID:982
Reference: URL:http://www.securityfocus.com/bid/982


Name: CVE-2000-0140

Description:
Internet Anywhere POP3 Mail Server allows remote attackers to cause a denial of service via a large number of connections.

Status: Entry
Reference: BUGTRAQ:20000210 remote DoS on Internet Anywhere Mail Server Ver.3.1.3
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95021326417936&w=2
Reference: NTBUGTRAQ:20000210 remote DoS on Internet Anywhere Mail Server Ver.3.1.3
Reference: BID:980
Reference: URL:http://www.securityfocus.com/bid/980


Name: CVE-2000-0141

Description:
Infopop Ultimate Bulletin Board (UBB) allows remote attackers to execute commands via shell metacharacters in the topic hidden field.

Status: Entry
Reference: BUGTRAQ:20000211 perl-cgi hole in UltimateBB by Infopop Corp.
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-8&msg=20000211224935.A13236@infomag.ape.relarn.ru
Reference: BUGTRAQ:20000225 FW: Important UBB News For Licensed Users
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-22&msg=NDBBLKOPOLNKELHPDEFKIEPGCAAA.renzo.toma@veronica.nl
Reference: BID:991
Reference: URL:http://www.securityfocus.com/bid/991
Reference: MISC:http://www.ultimatebb.com/home/versions.shtml
Reference: XF:http-cgi-ultimatebb


Name: CVE-2000-0144

Description:
Axis 700 Network Scanner does not properly restrict access to administrator URLs, which allows users to bypass the password protection via a .. (dot dot) attack.

Status: Entry
Reference: BUGTRAQ:20000207 Infosec.20000207.axis700.a
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0034.html
Reference: BID:971
Reference: URL:http://www.securityfocus.com/bid/971


Name: CVE-2000-0145

Description:
The libguile.so library file used by gnucash in Debian GNU/Linux is installed with world-writable permissions.

Status: Entry
Reference: BUGTRAQ:20000205 Debian (frozen): Perms on /usr/lib/libguile.so.6.0.0


Name: CVE-2000-0146

Description:
The Java Server in the Novell GroupWise Web Access Enhancement Pack allows remote attackers to cause a denial of service via a long URL to the servlet.

Status: Entry
Reference: BUGTRAQ:20000207 Novell GroupWise 5.5 Enhancement Pack Web Access Denial of Servic e
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0049.html
Reference: BID:972
Reference: URL:http://www.securityfocus.com/bid/972
Reference: XF:novell-groupwise-url-dos


Name: CVE-2000-0148

Description:
MySQL 3.22 allows remote attackers to bypass password authentication and access a database via a short check string.

Status: Entry
Reference: BUGTRAQ:20000208 Remote access vulnerability in all MySQL server versions
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0053.html
Reference: BUGTRAQ:20000214 MySQL 3.22.32 released
Reference: BID:975
Reference: URL:http://www.securityfocus.com/bid/975


Name: CVE-2000-0149

Description:
Zeus web server allows remote attackers to view the source code for CGI programs via a null character (%00) at the end of a URL.

Status: Entry
Reference: BUGTRAQ:20000209 [SAFER 000209.EXP.1.2] Zeus Web Server - obtaining source of CGI scripts
Reference: BUGTRAQ:20000208 Zeus Web Server: Null Terminated Strings
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0057.html
Reference: BID:977
Reference: URL:http://www.securityfocus.com/bid/977
Reference: OSVDB:254
Reference: URL:http://www.osvdb.org/254
Reference: XF:zeus-server-null-string(3982)
Reference: URL:http://xforce.iss.net/xforce/xfdb/3982


Name: CVE-2000-0150

Description:
Check Point Firewall-1 allows remote attackers to bypass port access restrictions on an FTP server by forcing it to send malicious packets that Firewall-1 misinterprets as a valid 227 response to a client's PASV attempt.

Status: Entry
Reference: BUGTRAQ:20000209 FireWall-1 FTP Server Vulnerability
Reference: BUGTRAQ:20000212 Re: FireWall-1 FTP Server Vulnerability
Reference: BUGTRAQ:20000210 Multiple firewalls: FTP Application Level Gateway "PASV" Vulnerability
Reference: CERT-VN:VU#328867
Reference: URL:http://www.kb.cert.org/vuls/id/328867
Reference: BID:979
Reference: URL:http://www.securityfocus.com/bid/979
Reference: OSVDB:4417
Reference: URL:http://www.osvdb.org/4417


Name: CVE-2000-0152

Description:
Remote attackers can cause a denial of service in Novell BorderManager 3.5 by pressing the enter key in a telnet connection to port 2000.

Status: Entry
Reference: BUGTRAQ:20000209 Novell BorderManager 3.5 Remote Slow Death
Reference: BUGTRAQ:20000211 BorderManager csatpxy.nlm fix avalable.
Reference: BID:976
Reference: URL:http://www.securityfocus.com/bid/976
Reference: OSVDB:7468
Reference: URL:http://www.osvdb.org/7468


Name: CVE-2000-0156

Description:
Internet Explorer 4.x and 5.x allows remote web servers to access files on the client that are outside of its security domain, aka the "Image Source Redirect" vulnerability.

Status: Entry
Reference: MS:MS00-009
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-009.mspx
Reference: OSVDB:7827
Reference: URL:http://www.osvdb.org/7827
Reference: XF:ie-image-source-redirect(3996)
Reference: URL:http://xforce.iss.net/xforce/xfdb/3996


Name: CVE-2000-0157

Description:
NetBSD ptrace call on VAX allows local users to gain privileges by modifying the PSL contents in the debugging process.

Status: Entry
Reference: NETBSD:1999-012
Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA1999-012.txt.asc
Reference: BID:992
Reference: URL:http://www.securityfocus.com/bid/992
Reference: XF:netbsd-ptrace


Name: CVE-2000-0159

Description:
HP Ignite-UX does not save /etc/passwd when it creates an image of a trusted system, which can set the password field to a blank and allow an attacker to gain privileges.

Status: Entry
Reference: HP:HPSBUX0002-111
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-15&msg=20000217160216.13708.qmail@underground.org


Name: CVE-2000-0161

Description:
Sample web sites on Microsoft Site Server 3.0 Commerce Edition do not validate an identification number, which allows remote attackers to execute SQL commands.

Status: Entry
Reference: MS:MS00-010
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-010.asp
Reference: BID:994
Reference: URL:http://www.securityfocus.com/bid/994


Name: CVE-2000-0162

Description:
The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x allows a remote attacker to read files via a malicious Java applet that escapes the Java sandbox, aka the "VM File Reading" vulnerability.

Status: Entry
Reference: MS:MS00-011
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-011.asp


Name: CVE-2000-0164

Description:
The installation of Sun Internet Mail Server (SIMS) creates a world-readable file that allows local users to obtain passwords.

Status: Entry
Reference: BUGTRAQ:20000220 Sun Internet Mail Server
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-15&msg=Pine.SOL.4.21.0002200031320.22675-100000@klayman.hq.formus.pl
Reference: SUNBUG:4316521
Reference: BID:1004
Reference: URL:http://www.securityfocus.com/bid/1004
Reference: XF:sims-temp-world-readable


Name: CVE-2000-0165

Description:
The Delegate application proxy has several buffer overflows which allow a remote attacker to execute commands.

Status: Entry
Reference: BUGTRAQ:20000210 Re: application proxies?
Reference: FREEBSD:FreeBSD-SA-00:04
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-15&msg=Pine.BSF.4.21.0002192249290.10784-100000@freefall.freebsd.org
Reference: CIAC:K-023
Reference: URL:http://www.ciac.org/ciac/bulletins/k-023.shtml
Reference: XF:delegate-proxy-bo


Name: CVE-2000-0166

Description:
Buffer overflow in the InterAccess telnet server TelnetD allows remote attackers to execute commands via a long login name.

Status: Entry
Reference: BUGTRAQ:20000221 Local / Remote Exploiteable Buffer Overflow Vulnerability in InterAccess TelnetD Server 4.0 for Windows NT
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NCBBKFKDOLAGKIAPMILPGEJHCCAA.labs@ussrback.com
Reference: BUGTRAQ:20000223 Pragma Systems response to USSRLabs report
Reference: BID:995
Reference: URL:http://www.securityfocus.com/bid/995
Reference: XF:interaccess-telnet-login-bo


Name: CVE-2000-0168

Description:
Microsoft Windows 9x operating systems allow an attacker to cause a denial of service via a pathname that includes file device names, aka the "DOS Device in Path Name" vulnerability.

Status: Entry
Reference: BUGTRAQ:20000306 con\con is a old thing (anyway is cool)
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NCBBKFKDOLAGKIAPMILPCENECCAA.labs@ussrback.com
Reference: MS:MS00-017
Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2126
Reference: BID:1043
Reference: URL:http://www.securityfocus.com/bid/1043
Reference: XF:win-dos-devicename-dos


Name: CVE-2000-0169

Description:
Batch files in the Oracle web listener ows-bin directory allow remote attackers to execute commands via a malformed URL that includes '?&'.

Status: Entry
Reference: NTBUGTRAQ:20000314 Oracle Web Listener 4.0.x
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q1/0211.html
Reference: BID:1053
Reference: URL:http://www.securityfocus.com/bid/1053
Reference: XF:oracle-weblistener-remote-attack


Name: CVE-2000-0170

Description:
Buffer overflow in the man program in Linux allows local users to gain privileges via the MANPAGER environmental variable.

Status: Entry
Reference: BUGTRAQ:20000226 man bugs might lead to root compromise (RH 6.1 and other boxes)
Reference: BID:1011
Reference: URL:http://www.securityfocus.com/bid/1011


Name: CVE-2000-0171

Description:
atsadc in the atsar package for Linux does not properly check the permissions of an output file, which allows local users to gain root privileges.

Status: Entry
Reference: BUGTRAQ:20000311 TESO advisory -- atsadc
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0102.html
Reference: XF:atsar-root-access
Reference: BID:1048
Reference: URL:http://www.securityfocus.com/bid/1048


Name: CVE-2000-0172

Description:
The mtr program only uses a seteuid call when attempting to drop privileges, which could allow local users to gain root privileges.

Status: Entry
Reference: BUGTRAQ:20000303 Potential security problem with mtr
Reference: DEBIAN:20000309 mtr
Reference: FREEBSD:FreeBSD-SA-00:09
Reference: BUGTRAQ:20000308 [TL-Security-Announce] mtr-0.41 and earlier TLSA2000003-1 (fwd)
Reference: BID:1038
Reference: URL:http://www.securityfocus.com/bid/1038


Name: CVE-2000-0174

Description:
StarOffice StarScheduler web server allows remote attackers to read arbitrary files via a .. (dot dot) attack.

Status: Entry
Reference: BUGTRAQ:20000308 [SAFER 000309.EXP.1.4] StarScheduler (StarOffice) vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0063.html
Reference: BID:1040
Reference: URL:http://www.securityfocus.com/bid/1040
Reference: XF:staroffice-scheduler-fileread


Name: CVE-2000-0175

Description:
Buffer overflow in StarOffice StarScheduler web server allows remote attackers to gain root access via a long GET command.

Status: Entry
Reference: BUGTRAQ:20000308 [SAFER 000309.EXP.1.4] StarScheduler (StarOffice) vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0063.html
Reference: XF:staroffice-scheduler-bo
Reference: BID:1039
Reference: URL:http://www.securityfocus.com/bid/1039


Name: CVE-2000-0178

Description:
ServerIron switches by Foundry Networks have predictable TCP/IP sequence numbers, which allows remote attackers to spoof or hijack sessions.

Status: Entry
Reference: BUGTRAQ:20000227 Advisory: Foundry Networks ServerIron TCP/IP sequence predictability
Reference: MISC:http://www.foundrynet.com/bugTraq.html
Reference: BID:1017
Reference: URL:http://www.securityfocus.com/bid/1017


Name: CVE-2000-0179

Description:
HP OpenView OmniBack 2.55 allows remote attackers to cause a denial of service via a large number of connections to port 5555.

Status: Entry
Reference: BUGTRAQ:20000228 HP Omniback remote DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0387.html
Reference: HP:HPSBUX0006-115
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0006-115
Reference: BID:1015
Reference: URL:http://www.securityfocus.com/bid/1015
Reference: XF:omniback-connection-dos


Name: CVE-2000-0180

Description:
Sojourn search engine allows remote attackers to read arbitrary files via a .. (dot dot) attack.

Status: Entry
Reference: NTBUGTRAQ:20000313 SOJOURN Search engine exposes files
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q1/0201.html
Reference: BID:1052
Reference: URL:http://www.securityfocus.com/bid/1052
Reference: XF:sojourn-file-read(4197)
Reference: URL:http://xforce.iss.net/static/4197.php


Name: CVE-2000-0181

Description:
Firewall-1 3.0 and 4.0 leaks packets with private IP address information, which could allow remote attackers to determine the real IP address of the host that is making the connection.

Status: Entry
Reference: BUGTRAQ:20000311 Our old friend Firewall-1
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0119.html
Reference: BID:1054
Reference: URL:http://www.securityfocus.com/bid/1054
Reference: OSVDB:1256
Reference: URL:http://www.osvdb.org/1256


Name: CVE-2000-0182

Description:
iPlanet Web Server 4.1 allows remote attackers to cause a denial of service via a large number of GET commands, which consumes memory and causes a kernel panic.

Status: Entry
Reference: BUGTRAQ:20000223 DoS for the iPlanet Web Server, Enterprise Edition 4.1


Name: CVE-2000-0183

Description:
Buffer overflow in ircII 4.4 IRC client allows remote attackers to execute commands via the DCC chat capability.

Status: Entry
Reference: BUGTRAQ:20000310 Fwd: ircii-4.4 buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0093.html
Reference: FREEBSD:FreeBSD-SA-00:11
Reference: REDHAT:RHSA-2000:008
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-008.html
Reference: BID:1046
Reference: URL:http://www.securityfocus.com/bid/1046


Name: CVE-2000-0184

Description:
Linux printtool sets the permissions of printer configuration files to be world-readable, which allows local attackers to obtain printer share passwords.

Status: Entry
Reference: BUGTRAQ:20000309
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0082.html
Reference: BID:1037
Reference: URL:http://www.securityfocus.com/bid/1037


Name: CVE-2000-0185

Description:
RealMedia RealServer reveals the real IP address of a Real Server, even if the address is supposed to be private.

Status: Entry
Reference: BUGTRAQ:20000308 RealServer exposes internal IP addresses
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0069.html
Reference: BID:1049
Reference: URL:http://www.securityfocus.com/bid/1049


Name: CVE-2000-0186

Description:
Buffer overflow in the dump utility in the Linux ext2fs backup package allows local users to gain privileges via a long command line argument.

Status: Entry
Reference: BUGTRAQ:20000228 [ Hackerslab bug_paper ] Linux dump buffer overflow
Reference: TURBO:TLSA200007-1
Reference: REDHAT:RHSA-2000:100
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-100.html
Reference: BID:1020
Reference: URL:http://www.securityfocus.com/bid/1020


Name: CVE-2000-0189

Description:
ColdFusion Server 4.x allows remote attackers to determine the real pathname of the server via an HTTP request to the application.cfm or onrequestend.cfm files.

Status: Entry
Reference: NTBUGTRAQ:20000301 ColdFusions application.cfm shows full path
Reference: BUGTRAQ:20000305 ColdFusion Bug: Application.cfm shows full path
Reference: BID:1021
Reference: URL:http://www.securityfocus.com/bid/1021


Name: CVE-2000-0191

Description:
Axis StorPoint CD allows remote attackers to access administrator URLs without authentication via a .. (dot dot) attack.

Status: Entry
Reference: BUGTRAQ:20000229 Infosec.20000229.axisstorpointcd.a
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=41256894.00492503.00@mailgw.backupcentralen.se
Reference: XF:axis-storpoint-auth
Reference: BID:1025
Reference: URL:http://www.securityfocus.com/bid/1025
Reference: OSVDB:19
Reference: URL:http://www.osvdb.org/19


Name: CVE-2000-0192

Description:
The default installation of Caldera OpenLinux 2.3 includes the CGI program rpm_query, which allows remote attackers to determine what packages are installed on the system.

Status: Entry
Reference: BUGTRAQ:20000304 OpenLinux 2.3: rpm_query
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0029.html
Reference: BID:1036
Reference: URL:http://www.securityfocus.com/bid/1036


Name: CVE-2000-0193

Description:
The default configuration of Dosemu in Corel Linux 1.0 allows local users to execute the system.com program and gain privileges.

Status: Entry
Reference: BUGTRAQ:20000302 Corel Linux 1.0 dosemu default configuration: Local root vuln
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200003020436.PAA20168@jawa.chilli.net.au
Reference: BID:1030
Reference: URL:http://www.securityfocus.com/bid/1030
Reference: XF:linux-dosemu-config


Name: CVE-2000-0194

Description:
buildxconf in Corel Linux allows local users to modify or create arbitrary files via the -x or -f parameters.

Status: Entry
Reference: BUGTRAQ:20000224 Corel Linux 1.0 local root compromise
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0323.html
Reference: BID:1007
Reference: URL:http://www.securityfocus.com/bid/1007


Name: CVE-2000-0195

Description:
setxconf in Corel Linux allows local users to gain root access via the -T parameter, which executes the user's .xserverrc file.

Status: Entry
Reference: BUGTRAQ:20000224 Corel Linux 1.0 local root compromise
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0323.html
Reference: BID:1008
Reference: URL:http://www.securityfocus.com/bid/1008
Reference: XF:corel-linux-setxconf-root


Name: CVE-2000-0196

Description:
Buffer overflow in mhshow in the Linux nmh package allows remote attackers to execute commands via malformed MIME headers in an email message.

Status: Entry
Reference: DEBIAN:20000229
Reference: REDHAT:RHSA-2000:006
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-006.html
Reference: BID:1018
Reference: URL:http://www.securityfocus.com/bid/1018


Name: CVE-2000-0200

Description:
Buffer overflow in Microsoft Clip Art Gallery allows remote attackers to cause a denial of service or execute commands via a malformed CIL (clip art library) file, aka the "Clip Art Buffer Overrun" vulnerability.

Status: Entry
Reference: MS:MS00-015
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-015.mspx
Reference: BID:1034
Reference: URL:http://www.securityfocus.com/bid/1034


Name: CVE-2000-0201

Description:
The window.showHelp() method in Internet Explorer 5.x does not restrict HTML help files (.chm) to be executed from the local host, which allows remote attackers to execute arbitrary commands via Microsoft Networking.

Status: Entry
Reference: BUGTRAQ:20000301 IE 5.x allows executing arbitrary programs using .chm files
Reference: BID:1033
Reference: URL:http://www.securityfocus.com/bid/1033


Name: CVE-2000-0202

Description:
Microsoft SQL Server 7.0 and Microsoft Data Engine (MSDE) 1.0 allow remote attackers to gain privileges via a malformed Select statement in an SQL query.

Status: Entry
Reference: MS:MS00-014
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-014.mspx
Reference: BID:1041
Reference: URL:http://www.securityfocus.com/bid/1041


Name: CVE-2000-0206

Description:
The installation of Oracle 8.1.5.x on Linux follows symlinks and creates the orainstRoot.sh file with world-writeable permissions, which allows local users to gain privileges.

Status: Entry
Reference: BUGTRAQ:20000305 Oracle installer problem
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0023.html
Reference: BID:1035
Reference: URL:http://www.securityfocus.com/bid/1035


Name: CVE-2000-0207

Description:
SGI InfoSearch CGI program infosrch.cgi allows remote attackers to execute commands via shell metacharacters.

Status: Entry
Reference: BUGTRAQ:20000301 infosrch.cgi vulnerability (IRIX 6.5)
Reference: SGI:20000501-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20000501-01-P
Reference: XF:irix-infosrch-fname
Reference: BID:1031
Reference: URL:http://www.securityfocus.com/bid/1031


Name: CVE-2000-0208

Description:
The htdig (ht://Dig) CGI program htsearch allows remote attackers to read arbitrary files by enclosing the file name with backticks (`) in parameters to htsearch.

Status: Entry
Reference: BUGTRAQ:20000228 ht://Dig remote information exposure
Reference: FREEBSD:FreeBSD-SA-00:06
Reference: DEBIAN:20000227
Reference: TURBO:TLSA200005-1
Reference: BID:1026
Reference: URL:http://www.securityfocus.com/bid/1026


Name: CVE-2000-0209

Description:
Buffer overflow in Lynx 2.x allows remote attackers to crash Lynx and possibly execute commands via a long URL in a malicious web page.

Status: Entry
Reference: BUGTRAQ:20000227 lynx - someone is deaf and blind ;)
Reference: FREEBSD:FreeBSD-SA-00:08
Reference: BID:1012
Reference: URL:http://www.securityfocus.com/bid/1012


Name: CVE-2000-0210

Description:
The lit program in Sun Flex License Manager (FlexLM) follows symlinks, which allows local users to modify arbitrary files.

Status: Entry
Reference: BUGTRAQ:20000221 flex license manager tempfile predictable name...
Reference: BID:998
Reference: URL:http://www.securityfocus.com/bid/998


Name: CVE-2000-0211

Description:
The Windows Media server allows remote attackers to cause a denial of service via a series of client handshake packets that are sent in an improper sequence, aka the "Misordered Windows Media Services Handshake" vulnerability.

Status: Entry
Reference: MS:MS00-013
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-013.mspx
Reference: XF:win-media-dos
Reference: BID:1000
Reference: URL:http://www.securityfocus.com/bid/1000


Name: CVE-2000-0212

Description:
InterAccess TelnetID Server 4.0 allows remote attackers to conduct a denial of service via malformed terminal client configuration information.

Status: Entry
Reference: BUGTRAQ:20000224 Local / Remote D.o.S Attack in InterAccess TelnetD Server Release 4.0 *ALL BUILDS* for WinNT Vulnerability
Reference: BID:1001
Reference: URL:http://www.securityfocus.com/bid/1001
Reference: XF:interaccess-telnet-dos(4033)
Reference: URL:http://xforce.iss.net/xforce/xfdb/4033


Name: CVE-2000-0215

Description:
Vulnerability in SCO cu program in UnixWare 7.x allows local users to gain privileges.

Status: Entry
Reference: SCO:SB-00.05
Reference: BID:1019
Reference: URL:http://www.securityfocus.com/bid/1019


Name: CVE-2000-0217

Description:
The default configuration of SSH allows X forwarding, which could allow a remote attacker to control a client's X sessions via a malicious xauth program.

Status: Entry
Reference: BUGTRAQ:20000224 SSH & xauth
Reference: BID:1006
Reference: URL:http://www.securityfocus.com/bid/1006


Name: CVE-2000-0218

Description:
Buffer overflow in Linux mount and umount allows local users to gain root privileges via a long relative pathname.

Status: Entry
Reference: SUSE:20000210 util < 2.10f
Reference: CALDERA:CSSA-2000-002.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2000-002.0.txt
Reference: OSVDB:6980
Reference: URL:http://www.osvdb.org/6980
Reference: OSVDB:7004
Reference: URL:http://www.osvdb.org/7004


Name: CVE-2000-0221

Description:
The Nautica Marlin bridge allows remote attackers to cause a denial of service via a zero length UDP packet to the SNMP port.

Status: Entry
Reference: BUGTRAQ:20000225 Scorpion Marlin
Reference: BID:1009
Reference: URL:http://www.securityfocus.com/bid/1009


Name: CVE-2000-0222

Description:
The installation for Windows 2000 does not activate the Administrator password until the system has rebooted, which allows remote attackers to connect to the ADMIN$ share without a password until the reboot occurs.

Status: Entry
Reference: BUGTRAQ:20000215 Windows 2000 installation process weakness
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000215155750.M4500@safe.hsc.fr
Reference: BID:990
Reference: URL:http://www.securityfocus.com/bid/990


Name: CVE-2000-0223

Description:
Buffer overflow in the wmcdplay CD player program for the WindowMaker desktop allows local users to gain root privileges via a long parameter.

Status: Entry
Reference: BUGTRAQ:20000311 TESO advisory -- wmcdplay
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0107.html
Reference: BID:1047
Reference: URL:http://www.securityfocus.com/bid/1047


Name: CVE-2000-0224

Description:
ARCserve agent in SCO UnixWare 7.x allows local attackers to gain root privileges via a symlink attack.

Status: Entry
Reference: NAI:20000215 ARCserve symlink vulnerability
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-15&msg=000101bf78af$94528870$4d2f45a1@jmagdych.na.nai.com
Reference: SCO:SSE063
Reference: XF:sco-openserver-arc-symlink


Name: CVE-2000-0225

Description:
The Pocsag POC32 program does not properly prevent remote users from accessing its server port, even if the option has been disabled.

Status: Entry
Reference: BUGTRAQ:20000303 Pocsag remote access to client can't be disabled.
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=003601bf854b$6893a090$0100a8c0@FIREWALKER
Reference: BID:1032
Reference: URL:http://www.securityfocus.com/bid/1032
Reference: XF:telnet-pocsag
Reference: OSVDB:259
Reference: URL:http://www.osvdb.org/259


Name: CVE-2000-0226

Description:
IIS 4.0 allows attackers to cause a denial of service by requesting a large buffer in a POST or PUT command which consumes memory, aka the "Chunked Transfer Encoding Buffer Overflow Vulnerability."

Status: Entry
Reference: MS:MS00-018
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-018.asp
Reference: BID:1066
Reference: URL:http://www.securityfocus.com/bid/1066
Reference: XF:iis-chunked-encoding-dos


Name: CVE-2000-0228

Description:
Microsoft Windows Media License Manager allows remote attackers to cause a denial of service by sending a malformed request that causes the manager to halt, aka the "Malformed Media License Request" Vulnerability.

Status: Entry
Reference: MS:MS00-016
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-016.asp
Reference: BID:1058
Reference: URL:http://www.securityfocus.com/bid/1058
Reference: XF:mwmt-malformed-media-license


Name: CVE-2000-0229

Description:
gpm-root in the gpm package does not properly drop privileges, which allows local users to gain privileges by starting a utility from gpm-root.

Status: Entry
Reference: BUGTRAQ:20000322 gpm-root
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0242.html
Reference: SUSE:20000405 Security hole in gpm < 1.18.1
Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_45.html
Reference: REDHAT:RHSA-2000:009
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-009.html
Reference: REDHAT:RHSA-2000:045
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-045.html
Reference: BID:1069
Reference: URL:http://www.securityfocus.com/bid/1069
Reference: XF:linux-gpm-root


Name: CVE-2000-0230

Description:
Buffer overflow in imwheel allows local users to gain root privileges via the imwheel-solo script and a long HOME environmental variable.

Status: Entry
Reference: BUGTRAQ:20000316 TESO & C-Skills development advisory -- imwheel
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0168.html
Reference: REDHAT:RHSA-2000:016
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-016.html
Reference: XF:linux-imwheel-bo
Reference: BID:1060
Reference: URL:http://www.securityfocus.com/bid/1060


Name: CVE-2000-0231

Description:
Linux kreatecd trusts a user-supplied path that is used to find the cdrecord program, allowing local users to gain root privileges.

Status: Entry
Reference: BUGTRAQ:20000316 "TESO & C-Skills development advisory -- kreatecd" at:
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0162.html
Reference: SUSE:20000405 Security hole in kreatecd < 0.3.8b
Reference: XF:linux-kreatecd-path
Reference: BID:1061
Reference: URL:http://www.securityfocus.com/bid/1061


Name: CVE-2000-0232

Description:
Microsoft TCP/IP Printing Services, aka Print Services for Unix, allows an attacker to cause a denial of service via a malformed TCP/IP print request.

Status: Entry
Reference: MS:MS00-021
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-021.asp
Reference: BUGTRAQ:20000330 Remote DoS Attack in Windows 2000/NT 4.0 TCP/IP Print Request Server Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0306.html
Reference: BID:1082
Reference: URL:http://www.securityfocus.com/bid/1082
Reference: XF:win-tcpip-printing-dos


Name: CVE-2000-0233

Description:
SuSE Linux IMAP server allows remote attackers to bypass IMAP authentication and gain privileges.

Status: Entry
Reference: SUSE:20000327 Security hole in SuSE Linux IMAP Server
Reference: URL:http://archives.neohapsis.com/archives/vendor/2000-q1/0035.html
Reference: XF:linux-imap-remote-unauthorized-access


Name: CVE-2000-0234

Description:
The default configuration of Cobalt RaQ2 and RaQ3 as specified in access.conf allows remote attackers to view sensitive contents of a .htaccess file.

Status: Entry
Reference: BUGTRAQ:20000330 Cobalt apache configuration exposes .htaccess
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000330220757.28456.qmail@securityfocus.com
Reference: CONFIRM:http://www.securityfocus.com/templates/advisory.html?id=2150
Reference: BID:1083
Reference: URL:http://www.securityfocus.com/bid/1083
Reference: XF:cobalt-raq-remote-access


Name: CVE-2000-0235

Description:
Buffer overflow in the huh program in the orville-write package allows local users to gain root privileges.

Status: Entry
Reference: FREEBSD:FreeBSD-SA-00:10
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:10-orville-write.asc
Reference: BID:1070
Reference: URL:http://www.securityfocus.com/bid/1070
Reference: XF:freebsd-orvillewrite-bo
Reference: OSVDB:1263
Reference: URL:http://www.osvdb.org/1263


Name: CVE-2000-0236

Description:
Netscape Enterprise Server with Directory Indexing enabled allows remote attackers to list server directories via web publishing tags such as ?wp-ver-info and ?wp-cs-dump.

Status: Entry
Reference: BUGTRAQ:20000317 [SAFER 000317.EXP.1.5] Netscape Enterprise Server and '?wp' tags
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=38D2173D.24E39DD0@relaygroup.com
Reference: BID:1063
Reference: URL:http://www.securityfocus.com/bid/1063
Reference: XF:netscape-server-directory-indexing


Name: CVE-2000-0237

Description:
Netscape Enterprise Server with Web Publishing enabled allows remote attackers to list arbitrary directories via a GET request for the /publisher directory, which provides a Java applet that allows the attacker to browse the directories.

Status: Entry
Reference: MISC:http://zsh.stupidphat.com/advisory.cgi?000311-1
Reference: BID:1075
Reference: URL:http://www.securityfocus.com/bid/1075
Reference: XF:netscape-webpublisher-invalid-access


Name: CVE-2000-0238

Description:
Buffer overflow in the web server for Norton AntiVirus for Internet Email Gateways allows remote attackers to cause a denial of service via a long URL.

Status: Entry
Reference: BUGTRAQ:20000317 DoS with NAVIEG
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=s8d1f3e3.036@kib.co.kodiak.ak.us
Reference: XF:nav-email-gateway-dos
Reference: BID:1064
Reference: URL:http://www.securityfocus.com/bid/1064


Name: CVE-2000-0240

Description:
vqSoft vqServer program allows remote attackers to read arbitrary files via a /........../ in the URL, a variation of a .. (dot dot) attack.

Status: Entry
Reference: BUGTRAQ:20000321 vqserver /........../
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=4.1.20000321084646.0095c7f0@olga.swip.net
Reference: CONFIRM:http://www.vqsoft.com/vq/server/faqs/dotdotbug.html
Reference: XF:vqserver-dir-traverse
Reference: BID:1067
Reference: URL:http://www.securityfocus.com/bid/1067
Reference: OSVDB:270
Reference: URL:http://www.osvdb.org/270


Name: CVE-2000-0243

Description:
AnalogX SimpleServer:WWW HTTP server 1.03 allows remote attackers to cause a denial of service via a short GET request to cgi-bin.

Status: Entry
Reference: BUGTRAQ:20000324 AnalogX SimpleServer 1.03 Remote Crash" at:
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=web-5645555@post2.rnci.com
Reference: MISC:http://www.analogx.com/contents/download/network/sswww.htm
Reference: XF:simpleserver-exception-dos(4189)
Reference: URL:http://xforce.iss.net/static/4189.php
Reference: BID:1076
Reference: URL:http://www.securityfocus.com/bid/1076
Reference: OSVDB:1265
Reference: URL:http://www.osvdb.org/1265


Name: CVE-2000-0245

Description:
Vulnerability in SGI IRIX objectserver daemon allows remote attackers to create user accounts.

Status: Entry
Reference: BUGTRAQ:20000328 Objectserver vulnerability
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200003290852.aa27218@blaze.arl.mil
Reference: SGI:20000303-01-PX
Reference: URL:ftp://sgigate.sgi.com/security/20000303-01-PX
Reference: CIAC:K-030
Reference: URL:http://www.ciac.org/ciac/bulletins/k-030.shtml
Reference: BID:1079
Reference: URL:http://www.securityfocus.com/bid/1079
Reference: OSVDB:1267
Reference: URL:http://www.osvdb.org/1267
Reference: XF:irix-objectserver-create-accounts(4206)
Reference: URL:http://xforce.iss.net/xforce/xfdb/4206


Name: CVE-2000-0246

Description:
IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mapped to a UNC share, which allows remote attackers to read the source code of ASP and other files, aka the "Virtualized UNC Share" vulnerability.

Status: Entry
Reference: MS:MS00-019
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-019.asp
Reference: MSKB:Q249599
Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=249599
Reference: BID:1081
Reference: URL:http://www.securityfocus.com/bid/1081
Reference: XF:iis-virtual-unc-share


Name: CVE-2000-0247

Description:
Unknown vulnerability in Generic-NQS (GNQS) allows local users to gain root privileges.

Status: Entry
Reference: BUGTRAQ:20000322 Local root compromise in GNQS 3.50.6 and 3.50.7
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0236.html
Reference: MISC:http://ftp.gnqs.org/pub/gnqs/source/by-version-number/v3.50/Generic-NQS-3.50.8-ChangeLog.txt
Reference: FREEBSD:FreeBSD-SA-00:13
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:13.generic-nqs.asc
Reference: BID:1842
Reference: URL:http://www.securityfocus.com/bid/1842
Reference: XF:generic-nqs-local-root(4306)
Reference: URL:http://xforce.iss.net/xforce/xfdb/4306


Name: CVE-2000-0249

Description:
The AIX Fast Response Cache Accelerator (FRCA) allows local users to modify arbitrary files via the configuration capability in the frcactrl program.

Status: Entry
Reference: ISS:20000426 Insecure file handling in IBM AIX frcactrl program
Reference: URL:http://xforce.iss.net/alerts/advise47.php3
Reference: IBM:ERS-OAR-E01-2000:075.1
Reference: XF:aix-frcactrl
Reference: BID:1152
Reference: URL:http://www.securityfocus.com/bid/1152


Name: CVE-2000-0251

Description:
HP-UX 11.04 VirtualVault (VVOS) sends data to unprivileged processes via an interface that has multiple aliased IP addresses.

Status: Entry
Reference: HP:HPSBUX0004-112
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0021.html
Reference: BID:1090
Reference: URL:http://www.securityfocus.com/bid/1090
Reference: XF:hp-virtual-vault


Name: CVE-2000-0252

Description:
The dansie shopping cart application cart.pl allows remote attackers to execute commands via a shell metacharacters in a form variable.

Status: Entry
Reference: BUGTRAQ:20000411 Back Door in Commercial Shopping Cart
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0051.html
Reference: BID:1115
Reference: URL:http://www.securityfocus.com/bid/1115
Reference: XF:dansie-shell-metacharacters
Reference: URL:http://xforce.iss.net/static/4975.php


Name: CVE-2000-0253

Description:
The dansie shopping cart application cart.pl allows remote attackers to modify sensitive purchase information via hidden form fields.

Status: Entry
Reference: BUGTRAQ:20000411 Re: Back Door in Commercial Shopping Cart
Reference: BID:1115
Reference: URL:http://www.securityfocus.com/bid/1115
Reference: XF:shopping-cart-form-tampering
Reference: URL:http://xforce.iss.net/static/4621.php


Name: CVE-2000-0254

Description:
The dansie shopping cart application cart.pl allows remote attackers to obtain the shopping cart database and configuration information via a URL that references either the env, db, or vars form variables.

Status: Entry
Reference: BUGTRAQ:20000411 Re: Back Door in Commercial Shopping Cart
Reference: BID:1115
Reference: URL:http://www.securityfocus.com/bid/1115
Reference: XF:dansie-form-variables
Reference: URL:http://xforce.iss.net/static/4954.php


Name: CVE-2000-0255

Description:
The Nbase-Xyplex EdgeBlaster router allows remote attackers to cause a denial of service via a scan for the FormMail CGI program.

Status: Entry
Reference: BUGTRAQ:20000405 SilverBack Security Advisory: Nbase-Xyplex DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0022.html
Reference: BID:1091
Reference: URL:http://www.securityfocus.com/bid/1091
Reference: XF:nbase-xyplex-router


Name: CVE-2000-0257

Description:
Buffer overflow in the NetWare remote web administration utility allows remote attackers to cause a denial of service or execute commands via a long URL.

Status: Entry
Reference: BUGTRAQ:20000418 Novell Netware 5.1 (server 5.00h, Dec 11, 1999)...
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.21.0004171825340.10088-100000@nimue.tpi.pl
Reference: BID:1118
Reference: URL:http://www.securityfocus.com/bid/1118
Reference: XF:netware-remote-admin-overflow


Name: CVE-2000-0258

Description:
IIS 4.0 and 5.0 allows remote attackers to cause a denial of service by sending many URLs with a large number of escaped characters, aka the "Myriad Escaped Characters" Vulnerability.

Status: Entry
Reference: MS:MS00-023
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-023.asp
Reference: BID:1101
Reference: URL:http://www.securityfocus.com/bid/1101


Name: CVE-2000-0260

Description:
Buffer overflow in the dvwssr.dll DLL in Microsoft Visual Interdev 1.0 allows users to cause a denial of service or execute commands, aka the "Link View Server-Side Component" vulnerability.

Status: Entry
Reference: MS:MS00-025
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-025.asp
Reference: BID:1109
Reference: URL:http://www.securityfocus.com/bid/1109
Reference: OSVDB:282
Reference: URL:http://www.osvdb.org/282


Name: CVE-2000-0261

Description:
The AVM KEN! web server allows remote attackers to read arbitrary files via a .. (dot dot) attack.

Status: Entry
Reference: BUGTRAQ:20000415 (no subject)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0073.html
Reference: BUGTRAQ:20000418 AVM's Statement
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=383085010.956159226625.JavaMail.root@web305-mc.mail.com
Reference: XF:ken-download-files
Reference: BID:1103
Reference: URL:http://www.securityfocus.com/bid/1103
Reference: OSVDB:1282
Reference: URL:http://www.osvdb.org/1282


Name: CVE-2000-0262

Description:
The AVM KEN! ISDN Proxy server allows remote attackers to cause a denial of service via a malformed request.

Status: Entry
Reference: BUGTRAQ:20000415 (no subject)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0073.html
Reference: BUGTRAQ:20000418 AVM's Statement
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=383085010.956159226625.JavaMail.root@web305-mc.mail.com
Reference: BID:1103
Reference: URL:http://www.securityfocus.com/bid/1103
Reference: XF:ken-dos


Name: CVE-2000-0263

Description:
The X font server xfs in Red Hat Linux 6.x allows an attacker to cause a denial of service via a malformed request.

Status: Entry
Reference: BUGTRAQ:20000416 xfs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0079.html
Reference: XF:redhat-fontserver-dos
Reference: BID:1111
Reference: URL:http://www.securityfocus.com/bid/1111


Name: CVE-2000-0264

Description:
Panda Security 3.0 with registry editing disabled allows users to edit the registry and gain privileges by directly executing a .reg file or using other methods.

Status: Entry
Reference: BUGTRAQ:20000417 bugs in Panda Security 3.0
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=38FB45F2.550EA000@teleline.es
Reference: CONFIRM:http://updates.pandasoftware.com/docs/us/Avoidvulnerability.zip
Reference: XF:panda-admin-privileges
Reference: BID:1119
Reference: URL:http://www.securityfocus.com/bid/1119


Name: CVE-2000-0265

Description:
Panda Security 3.0 allows users to uninstall the Panda software via its Add/Remove Programs applet.

Status: Entry
Reference: BUGTRAQ:20000417 bugs in Panda Security 3.0
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=38FB45F2.550EA000@teleline.es
Reference: CONFIRM:http://updates.pandasoftware.com/docs/us/Avoidvulnerability.zip
Reference: BID:1119
Reference: URL:http://www.securityfocus.com/bid/1119
Reference: XF:panda-uninstall-program


Name: CVE-2000-0267

Description:
Cisco Catalyst 5.4.x allows a user to gain access to the "enable" mode without a password.

Status: Entry
Reference: CISCO:20000419 Cisco Catalyst Enable Password Bypass Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/catos-enable-bypass-pub.shtml
Reference: XF:cisco-catalyst-password-bypass
Reference: BID:1122
Reference: URL:http://www.securityfocus.com/bid/1122
Reference: OSVDB:1288
Reference: URL:http://www.osvdb.org/1288


Name: CVE-2000-0268

Description:
Cisco IOS 11.x and 12.x allows remote attackers to cause a denial of service by sending the ENVIRON option to the Telnet daemon before it is ready to accept it, which causes the system to reboot.

Status: Entry
Reference: CISCO:20000420 Cisco IOS Software TELNET Option Handling Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/iostelnetopt-pub.shtml
Reference: BID:1123
Reference: URL:http://www.securityfocus.com/bid/1123
Reference: XF:cisco-ios-option-handling
Reference: OSVDB:1289
Reference: URL:http://www.osvdb.org/1289


Name: CVE-2000-0272

Description:
RealNetworks RealServer allows remote attackers to cause a denial of service by sending malformed input to the server at port 7070.

Status: Entry
Reference: BUGTRAQ:20000420 Remote DoS attack in Real Networks Real Server Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95625288231045&w=2
Reference: CONFIRM:http://service.real.com/help/faq/servg270.html
Reference: XF:realserver-remote-dos
Reference: BID:1128
Reference: URL:http://www.securityfocus.com/bid/1128


Name: CVE-2000-0273

Description:
PCAnywhere allows remote attackers to cause a denial of service by terminating the connection before PCAnywhere provides a login prompt.

Status: Entry
Reference: BUGTRAQ:20000409 A funny way to DOS pcANYWHERE8.0 and 9.0
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0031.html
Reference: BID:1095
Reference: URL:http://www.securityfocus.com/bid/1095
Reference: XF:pcanywhere-login-dos


Name: CVE-2000-0274

Description:
The Linux trustees kernel patch allows attackers to cause a denial of service by accessing a file or directory with a long name.

Status: Entry
Reference: BUGTRAQ:20000410 linux trustees 1.5 long path name vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0035.html
Reference: CONFIRM:http://www.braysystems.com/linux/trustees.html
Reference: XF:linux-trustees-patch-dos
Reference: BID:1096
Reference: URL:http://www.securityfocus.com/bid/1096


Name: CVE-2000-0276

Description:
BeOS 4.5 and 5.0 allow local users to cause a denial of service via malformed direct system calls using interrupt 37.

Status: Entry
Reference: BUGTRAQ:20000410 BeOS syscall bug
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000410131628.659.qmail@securityfocus.com
Reference: BID:1098
Reference: URL:http://www.securityfocus.com/bid/1098
Reference: XF:beos-syscall-dos


Name: CVE-2000-0277

Description:
Microsoft Excel 97 and 2000 does not warn the user when executing Excel Macro Language (XLM) macros in external text files, which could allow an attacker to execute a macro virus, aka the "XLM Text Macro" vulnerability.

Status: Entry
Reference: MS:MS00-022
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-022.asp
Reference: BID:1087
Reference: URL:http://www.securityfocus.com/bid/1087
Reference: OSVDB:1272
Reference: URL:http://www.osvdb.org/1272


Name: CVE-2000-0278

Description:
The SalesLogix Eviewer allows remote attackers to cause a denial of service by accessing the URL for the slxweb.dll administration program, which does not authenticate the user.

Status: Entry
Reference: BUGTRAQ:20000331 SalesLogix Eviewer Web App Bug: URL request crashes eviewer web application
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/current/0006.html
Reference: BID:1089
Reference: URL:http://www.securityfocus.com/bid/1089
Reference: XF:eviewer-admin-request-dos


Name: CVE-2000-0279

Description:
BeOS allows remote attackers to cause a denial of service via malformed packets whose length field is less than the length of the headers.

Status: Entry
Reference: BUGTRAQ:20000407 BeOS Networking DOS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0029.html
Reference: MISC:http://bebugs.be.com/devbugs/detail.php3?oid=2505312
Reference: BID:1100
Reference: URL:http://www.securityfocus.com/bid/1100
Reference: XF:beos-networking-dos


Name: CVE-2000-0282

Description:
TalentSoft webpsvr daemon in the Web+ shopping cart application allows remote attackers to read arbitrary files via a .. (dot dot) attack on the webplus CGI program.

Status: Entry
Reference: BUGTRAQ:20000412 TalentSoft Web+ Input Validation Bug Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0050.html
Reference: CONFIRM:ftp://ftp.talentsoft.com/Download/Webplus/Unix/Patches/Webplus46p%20Read%20me.html
Reference: BID:1102
Reference: URL:http://www.securityfocus.com/bid/1102
Reference: XF:talentsoft-web-input


Name: CVE-2000-0283

Description:
The default installation of IRIX Performance Copilot allows remote attackers to access sensitive system information via the pmcd daemon.

Status: Entry
Reference: BUGTRAQ:20000412 Performance Copilot for IRIX 6.5
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0056.html
Reference: BID:1106
Reference: URL:http://www.securityfocus.com/bid/1106
Reference: XF:irix-pmcd-info


Name: CVE-2000-0285

Description:
Buffer overflow in XFree86 3.3.x allows local users to execute arbitrary commands via a long -xkbmap parameter.

Status: Entry
Reference: BUGTRAQ:20000416 XFree86 server overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0076.html
Reference: BID:1306
Reference: URL:http://www.securityfocus.com/bid/1306
Reference: XF:xfree86-xkbmap-parameter-bo


Name: CVE-2000-0287

Description:
The BizDB CGI script bizdb-search.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the dbname parameter.

Status: Entry
Reference: BUGTRAQ:20000412 BizDB Search Script Enables Shell Command Execution at the Server
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0058.html
Reference: BID:1104
Reference: URL:http://www.securityfocus.com/bid/1104
Reference: XF:http-cgi-bizdb


Name: CVE-2000-0289

Description:
IP masquerading in Linux 2.2.x allows remote attackers to route UDP packets through the internal interface by modifying the external source IP address and port number to match those of an established connection.

Status: Entry
Reference: BUGTRAQ:20000327 Security Problems with Linux 2.2.x IP Masquerading
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0284.html
Reference: SUSE:20000520 Security hole in kernel < 2.2.15
Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_48.html
Reference: BID:1078
Reference: URL:http://www.securityfocus.com/bid/1078
Reference: XF:linux-masquerading-dos


Name: CVE-2000-0290

Description:
Buffer overflow in Webstar HTTP server allows remote attackers to cause a denial of service via a long GET request.

Status: Entry
Reference: BUGTRAQ:20000331 Webstar 4.0 Buffer overflow vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0005.html
Reference: XF:macos-webstar-get-bo(4792)
Reference: URL:http://xforce.iss.net/static/4792.php
Reference: BID:1822
Reference: URL:http://www.securityfocus.com/bid/1822


Name: CVE-2000-0292

Description:
The Adtran MX2800 M13 Multiplexer allows remote attackers to cause a denial of service via a ping flood to the Ethernet interface, which causes the device to crash.

Status: Entry
Reference: BUGTRAQ:20000418 Adtran DoS
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.10004190908140.32750-100000@localhost.localdomain
Reference: BID:1129
Reference: URL:http://www.securityfocus.com/bid/1129
Reference: XF:adtran-ping-dos


Name: CVE-2000-0294

Description:
Buffer overflow in healthd for FreeBSD allows local users to gain root privileges.

Status: Entry
Reference: FREEBSD:FreeBSD-SA-00:12
Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2162
Reference: BID:1107
Reference: URL:http://www.securityfocus.com/bid/1107
Reference: XF:freebsd-healthd
Reference: OSVDB:606
Reference: URL:http://www.osvdb.org/606


Name: CVE-2000-0296

Description:
fcheck allows local users to gain privileges by embedding shell metacharacters into file names that are processed by fcheck.

Status: Entry
Reference: BUGTRAQ:20000331 fcheck v.2.7.45 and insecure use of Perl's system()
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/current/0011.html
Reference: BID:1086
Reference: URL:http://www.securityfocus.com/bid/1086
Reference: XF:fcheck-shell


Name: CVE-2000-0297

Description:
Allaire Forums 2.0.5 allows remote attackers to bypass access restrictions to secure conferences via the rightAccessAllForums or rightModerateAllForums variables.

Status: Entry
Reference: ALLAIRE:ASB00-06
Reference: URL:http://www2.allaire.com/handlers/index.cfm?ID=15099&Method=Full
Reference: BID:1085
Reference: URL:http://www.securityfocus.com/bid/1085
Reference: XF:allaire-forums-allaccess
Reference: OSVDB:1270
Reference: URL:http://www.osvdb.org/1270


Name: CVE-2000-0298

Description:
The unattended installation of Windows 2000 with the OEMPreinstall option sets insecure permissions for the All Users and Default Users directories.

Status: Entry
Reference: NTBUGTRAQ:20000407 All Users startup folder left open if unattended install and OEMP reinstall=1
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0027.html
Reference: XF:win2k-unattended-install(4278)
Reference: URL:http://xforce.iss.net/static/4278.php
Reference: BID:1758
Reference: URL:http://www.securityfocus.com/bid/1758


Name: CVE-2000-0301

Description:
Ipswitch IMAIL server 6.02 and earlier allows remote attackers to cause a denial of service via the AUTH CRAM-MD5 command.

Status: Entry
Reference: BUGTRAQ:20000405 Re: IMAIL (Ipswitch) DoS with Eudora (Qualcomm)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95505800117143&w=2
Reference: CONFIRM:http://support.ipswitch.com/kb/IM-20000208-DM02.htm
Reference: BID:1094
Reference: URL:http://www.securityfocus.com/bid/1094
Reference: XF:ipswitch-imail-dos


Name: CVE-2000-0302

Description:
Microsoft Index Server allows remote attackers to view the source code of ASP files by appending a %20 to the filename in the CiWebHitsFile argument to the null.htw URL.

Status: Entry
Reference: BUGTRAQ:20000331 Alert: MS Index Server (CISADV000330)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95453598317340&w=2
Reference: MS:MS00-006
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-006.asp
Reference: BID:1084
Reference: URL:http://www.securityfocus.com/bid/1084
Reference: XF:http-indexserver-asp-source
Reference: OSVDB:271
Reference: URL:http://www.osvdb.org/271


Name: CVE-2000-0303

Description:
Quake3 Arena allows malicious server operators to read or modify files on a client via a dot dot (..) attack.

Status: Entry
Reference: ISS:20000503 Vulnerability in Quake3Arena Auto-Download Feature
Reference: URL:http://xforce.iss.net/alerts/advise50.php3
Reference: CONFIRM:http://www.quake3arena.com/news/index.html
Reference: BID:1169
Reference: URL:http://www.securityfocus.com/bid/1169
Reference: XF:quake3-auto-download
Reference: OSVDB:7531
Reference: URL:http://www.osvdb.org/7531


Name: CVE-2000-0304

Description:
Microsoft IIS 4.0 and 5.0 with the IISADMPWD virtual directory installed allows a remote attacker to cause a denial of service via a malformed request to the inetinfo.exe program, aka the "Undelimited .HTR Request" vulnerability.

Status: Entry
Reference: ISS:20000511 Microsoft IIS Remote Denial of Service Attack
Reference: URL:http://xforce.iss.net/alerts/advise52.php3
Reference: MS:MS00-031
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-031.mspx
Reference: BID:1191
Reference: URL:http://www.securityfocus.com/bid/1191
Reference: XF:iis-authchangeurl-dos


Name: CVE-2000-0305

Description:
Windows 95, Windows 98, Windows 2000, Windows NT 4.0, and Terminal Server systems allow a remote attacker to cause a denial of service by sending a large number of identical fragmented IP packets, aka jolt2 or the "IP Fragment Reassembly" vulnerability.

Status: Entry
Reference: BINDVIEW:20000519 jolt2 - Remote DoS against NT, W2K, 9x
Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2240
Reference: MS:MS00-029
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-029.asp
Reference: BID:1236
Reference: URL:http://www.securityfocus.com/bid/1236
Reference: XF:ip-fragment-reassembly-dos


Name: CVE-2000-0306

Description:
Buffer overflow in calserver in SCO OpenServer allows remote attackers to gain root access via a long message.

Status: Entry
Reference: SCO:SB-99.02
Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-99.02a
Reference: BUGTRAQ:19981229 Local/remote exploit for SCO UNIX.
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=1998-12-29&msg=AAh6GYsGU1@leshka.chuvashia.su


Name: CVE-2000-0307

Description:
Vulnerability in xserver in SCO UnixWare 2.1.x and OpenServer 5.05 and earlier allows an attacker to cause a denial of service which prevents access to reserved port numbers below 1024.

Status: Entry
Reference: SCO:SB-99.07
Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-99.07b


Name: CVE-2000-0308

Description:
Insecure file permissions for Netscape FastTrack Server 2.x, Enterprise Server 2.0, and Proxy Server 2.5 in SCO UnixWare 7.0.x and 2.1.3 allow an attacker to gain root privileges.

Status: Entry
Reference: SCO:SB-99.08
Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-99.08a


Name: CVE-2000-0309

Description:
The i386 trace-trap handling in OpenBSD 2.4 with DDB enabled allows a local user to cause a denial of service.

Status: Entry
Reference: OPENBSD:19990212 i386 trace-trap handling when DDB was configured could cause a system crash.
Reference: URL:http://www.openbsd.org/errata24.html#trctrap
Reference: OSVDB:6126
Reference: URL:http://www.osvdb.org/6126


Name: CVE-2000-0310

Description:
IP fragment assembly in OpenBSD 2.4 allows a remote attacker to cause a denial of service by sending a large number of fragmented packets.

Status: Entry
Reference: OPENBSD:19990217 IP fragment assembly can bog the machine excessively and cause problems.
Reference: URL:http://www.openbsd.org/errata24.html#maxqueue
Reference: OSVDB:7539
Reference: URL:http://www.osvdb.org/7539


Name: CVE-2000-0311

Description:
The Windows 2000 domain controller allows a malicious user to modify Active Directory information by modifying an unprotected attribute, aka the "Mixed Object Access" vulnerability.

Status: Entry
Reference: MS:MS00-026
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-026.asp
Reference: XF:ms-mixed-object
Reference: BID:1145
Reference: URL:http://www.securityfocus.com/bid/1145


Name: CVE-2000-0313

Description:
Vulnerability in OpenBSD 2.6 allows a local user to change interface media configurations.

Status: Entry
Reference: OPENBSD:19991109 Any user can change interface media configurations.
Reference: URL:http://www.openbsd.org/errata.html#ifmedia
Reference: OSVDB:7540
Reference: URL:http://www.osvdb.org/7540


Name: CVE-2000-0314

Description:
traceroute in NetBSD 1.3.3 and Linux systems allows local users to flood other systems by providing traceroute with a large waittime (-w) option, which is not parsed properly and sets the time delay for sending packets to zero.

Status: Entry
Reference: BUGTRAQ:19990213 traceroute as a flooder
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91893782027835&w=2
Reference: NETBSD:NetBSD-SA1999-004
Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA1999-004.txt.asc
Reference: OSVDB:7574
Reference: URL:http://www.osvdb.org/7574


Name: CVE-2000-0315

Description:
traceroute in NetBSD 1.3.3 and Linux systems allows local unprivileged users to modify the source address of the packets, which could be used in spoofing attacks.

Status: Entry
Reference: BUGTRAQ:19990213 traceroute as a flooder
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91893782027835&w=2
Reference: NETBSD:NetBSD-SA1999-004
Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA1999-004.txt.asc
Reference: OSVDB:7575
Reference: URL:http://www.osvdb.org/7575


Name: CVE-2000-0316

Description:
Buffer overflow in Solaris 7 lp allows local users to gain root privileges via a long -d option.

Status: Entry
Reference: BUGTRAQ:20000424 Solaris 7 x86 lp exploit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0191.html
Reference: SUNBUG:4314312
Reference: BID:1143
Reference: URL:http://www.securityfocus.com/bid/1143
Reference: XF:solaris-lp-bo


Name: CVE-2000-0318

Description:
Atrium Mercur Mail Server 3.2 allows local attackers to read other user's email and create arbitrary files via a dot dot (..) attack.

Status: Entry
Reference: NTBUGTRAQ:20000413 Security problems with Atrium Mercur Mailserver 3.20
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0057.html
Reference: BID:1144
Reference: URL:http://www.securityfocus.com/bid/1144
Reference: XF:mercur-remote-dot-attack


Name: CVE-2000-0319

Description:
mail.local in Sendmail 8.10.x does not properly identify the .\n string which identifies the end of message text, which allows a remote attacker to cause a denial of service or corrupt mailboxes via a message line that is 2047 characters long and ends in .\n.

Status: Entry
Reference: BUGTRAQ:20000424 unsafe fgets() in sendmail's mail.local
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=2694.000424@SECURITY.NNOV.RU
Reference: XF:sendmail-maillocal-dos
Reference: BID:1146
Reference: URL:http://www.securityfocus.com/bid/1146


Name: CVE-2000-0320

Description:
Qpopper 2.53 and 3.0 does not properly identify the \n string which identifies the end of message text, which allows a remote attacker to cause a denial of service or corrupt mailboxes via a message line that is 1023 characters long and ends in \n.

Status: Entry
Reference: BUGTRAQ:20000421 unsafe fgets() in qpopper
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=9763.000421@SECURITY.NNOV.RU
Reference: BID:1133
Reference: URL:http://www.securityfocus.com/bid/1133
Reference: XF:qpopper-fgets-spoofing


Name: CVE-2000-0322

Description:
The passwd.php3 CGI script in the Red Hat Piranha Virtual Server Package allows local users to execure arbitrary commands via shell metacharacters.

Status: Entry
Reference: BUGTRAQ:20000424 piranha default password/exploit
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Enip.BSO.23.0004241601140.28851-100000@www.whitehats.com
Reference: REDHAT:RHSA-2000:014
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-014.html
Reference: BID:1149
Reference: URL:http://www.securityfocus.com/bid/1149
Reference: XF:piranha-passwd-execute


Name: CVE-2000-0323

Description:
The Microsoft Jet database engine allows an attacker to modify text files via a database query, aka the "Text I-ISAM" vulnerability.

Status: Entry
Reference: BUGTRAQ:19990728 Alert : MS Office 97 Vulnerability
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=1999-08-22&msg=19990729195531.25108.qmail@underground.org
Reference: MS:MS99-030
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-030.asp
Reference: XF:jet-text-isam
Reference: BID:595
Reference: URL:http://www.securityfocus.com/level2/?go=vulnerabilities&id=595


Name: CVE-2000-0324

Description:
pcAnywhere 8.x and 9.0 allows remote attackers to cause a denial of service via a TCP SYN scan, e.g. by nmap.

Status: Entry
Reference: BUGTRAQ:20000425 Denial of Service Against pcAnywhere.
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.3.96.1000425150157.13567A-100000@sword.damocles.com
Reference: BUGTRAQ:20010211 Symantec pcAnywhere 9.0 DoS / Buffer Overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0201.html
Reference: BUGTRAQ:20010212 Re: Symantec pcAnywhere 9.0 DoS / Buffer Overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0258.html
Reference: BID:1150
Reference: URL:http://www.securityfocus.com/bid/1150
Reference: XF:pcanywhere-tcpsyn-dos(4347)
Reference: URL:http://www.iss.net/security_center/static/4347.php
Reference: OSVDB:1301
Reference: URL:http://www.osvdb.org/1301


Name: CVE-2000-0327

Description:
Microsoft Virtual Machine (VM) allows remote attackers to escape the Java sandbox and execute commands via an applet containing an illegal cast operation, aka the "Virtual Machine Verifier" vulnerability.

Status: Entry
Reference: BUGTRAQ:19991014 Another Microsoft Java Flaw Disovered
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93993545118416&w=2
Reference: MS:MS99-045
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-045.asp
Reference: XF:msvm-verifier-java


Name: CVE-2000-0328

Description:
Windows NT 4.0 generates predictable random TCP initial sequence numbers (ISN), which allows remote attackers to perform spoofing and session hijacking.

Status: Entry
Reference: BUGTRAQ:19990824 NT Predictable Initial TCP Sequence numbers - changes observed with SP4
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=4.1.19990824165629.00abcb40@192.168.124.1
Reference: MS:MS99-046
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-046.asp
Reference: BID:604
Reference: URL:http://www.securityfocus.com/bid/604
Reference: XF:nt-sequence-prediction-sp4
Reference: XF:tcp-seq-predict


Name: CVE-2000-0329

Description:
A Microsoft ActiveX control allows a remote attacker to execute a malicious cabinet file via an attachment and an embedded script in an HTML mail, aka the "Active Setup Control" vulnerability.

Status: Entry
Reference: MS:MS99-048
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-048.asp
Reference: XF:ie-active-setup-control


Name: CVE-2000-0330

Description:
The networking software in Windows 95 and Windows 98 allows remote attackers to execute commands via a long file name string, aka the "File Access URL" vulnerability.

Status: Entry
Reference: MS:MS99-049
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-049.asp
Reference: XF:win-fileurl-overflow


Name: CVE-2000-0331

Description:
Buffer overflow in Microsoft command processor (CMD.EXE) for Windows NT and Windows 2000 allows a local user to cause a denial of service via a long environment variable, aka the "Malformed Environment Variable" vulnerability.

Status: Entry
Reference: BUGTRAQ:20000421 CMD.EXE overflow (CISADV000420)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0147.html
Reference: MS:MS00-027
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-027.asp
Reference: BID:1135
Reference: URL:http://www.securityfocus.com/bid/1135
Reference: XF:nt-cmd-overflow


Name: CVE-2000-0332

Description:
UltraBoard.pl or UltraBoard.cgi CGI scripts in UltraBoard 1.6 allows remote attackers to read arbitrary files via a pathname string that includes a dot dot (..) and ends with a null byte.

Status: Entry
Reference: BUGTRAQ:20000502 Fun with UltraBoard V1.6X
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000503091316.99073.qmail@hotmail.com
Reference: BID:1164
Reference: URL:http://www.securityfocus.com/bid/1164
Reference: XF:ultraboard-printabletopic-fileread
Reference: OSVDB:1309
Reference: URL:http://www.osvdb.org/1309
Reference: OSVDB:4065
Reference: URL:http://www.osvdb.org/4065


Name: CVE-2000-0334

Description:
The Allaire Spectra container editor preview tool does not properly enforce object security, which allows an attacker to conduct unauthorized activities via an object-method that is added to the container object with a publishing rule.

Status: Entry
Reference: ALLAIRE:ASB00-10
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=15411&Method=Full
Reference: BID:1181
Reference: URL:http://www.securityfocus.com/bid/1181
Reference: XF:allaire-spectra-container-editor-preview


Name: CVE-2000-0335

Description:
The resolver in glibc 2.1.3 uses predictable IDs, which allows a local attacker to spoof DNS query results.

Status: Entry
Reference: BUGTRAQ:20000502 glibc resolver weakness
Reference: BID:1166
Reference: URL:http://www.securityfocus.com/bid/1166
Reference: XF:glibc-resolver-id-predictable


Name: CVE-2000-0336

Description:
Linux OpenLDAP server allows local users to modify arbitrary files via a symlink attack.

Status: Entry
Reference: REDHAT:RHSA-2000:012
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-012.html
Reference: CALDERA:CSSA-2000-009.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-009.0.txt
Reference: TURBO:TLSA2000010-1
Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2000-May/000009.html
Reference: BID:1232
Reference: URL:http://www.securityfocus.com/bid/1232
Reference: XF:openldap-symlink-attack


Name: CVE-2000-0337

Description:
Buffer overflow in Xsun X server in Solaris 7 allows local users to gain root privileges via a long -dev parameter.

Status: Entry
Reference: BUGTRAQ:20000424 Solaris x86 Xsun overflow.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0188.html
Reference: SUNBUG:4335411
Reference: XF:solaris-xsun-bo
Reference: BID:1140
Reference: URL:http://www.securityfocus.com/bid/1140


Name: CVE-2000-0338

Description:
Concurrent Versions Software (CVS) uses predictable temporary file names for locking, which allows local users to cause a denial of service by creating the lock directory before it is created for use by a legitimate CVS user.

Status: Entry
Reference: BUGTRAQ:20000423 CVS DoS
Reference: URL:http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3D20000423174038.A520%40clico.pl
Reference: BID:1136
Reference: URL:http://www.securityfocus.com/bid/1136
Reference: XF:cvs-tempfile-dos


Name: CVE-2000-0339

Description:
ZoneAlarm 2.1.10 and earlier does not filter UDP packets with a source port of 67, which allows remote attackers to bypass the firewall rules.

Status: Entry
Reference: BUGTRAQ:20000420 ZoneAlarm
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000421044123.2353.qmail@securityfocus.com
Reference: BID:1137
Reference: URL:http://www.securityfocus.com/bid/1137
Reference: XF:zonealarm-portscan
Reference: OSVDB:1294
Reference: URL:http://www.osvdb.org/1294


Name: CVE-2000-0340

Description:
Buffer overflow in Gnomelib in SuSE Linux 6.3 allows local users to execute arbitrary commands via the DISPLAY environmental variable.

Status: Entry
Reference: BUGTRAQ:20000428 SuSE 6.3 Gnomelib buffer overflow
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=00042902575201.09597@wintermute-pub
Reference: CONFIRM:http://www.suse.com/us/support/download/updates/axp_63.html
Reference: BID:1155
Reference: URL:http://www.securityfocus.com/bid/1155
Reference: XF:linux-gnomelib-bo


Name: CVE-2000-0341

Description:
ATRIUM Cassandra NNTP Server 1.10 allows remote attackers to cause a denial of service via a long login name.

Status: Entry
Reference: NTBUGTRAQ:20000501 Remote DoS attack in CASSANDRA NNTPServer v1.10 from ATRIUM
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=95736106504870&w=2
Reference: BID:1156
Reference: URL:http://www.securityfocus.com/bid/1156
Reference: XF:nntpserver-cassandra-bo


Name: CVE-2000-0342

Description:
Eudora 4.x allows remote attackers to bypass the user warning for executable attachments such as .exe, .com, and .bat by using a .lnk file that refers to the attachment, aka "Stealth Attachment."

Status: Entry
Reference: MISC:http://www.peacefire.org/security/stealthattach/explanation.html
Reference: CONFIRM:http://news.cnet.com/news/0-1005-200-1773077.html?tag=st.ne.fd.lthd.1005-200-1773077
Reference: BID:1157
Reference: URL:http://www.securityfocus.com/bid/1157
Reference: XF:eudora-warning-message


Name: CVE-2000-0344

Description:
The knfsd NFS server in Linux kernel 2.2.x allows remote attackers to cause a denial of service via a negative size value.

Status: Entry
Reference: BUGTRAQ:20000501 Linux knfsd DoS issue
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.21.0005012042550.6419-100000@ferret.lmh.ox.ac.uk
Reference: BID:1160
Reference: URL:http://www.securityfocus.com/bid/1160
Reference: XF:linux-knfsd-dos


Name: CVE-2000-0346

Description:
AppleShare IP 6.1 and later allows a remote attacker to read potentially sensitive information via an invalid range request to the web server.

Status: Entry
Reference: BUGTRAQ:20000502 INFO:AppleShare IP 6.3.2 squashes security bug
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000502133240.21807.qmail@securityfocus.com
Reference: CONFIRM:http://asu.info.apple.com/swupdates.nsf/artnum/n11670
Reference: XF:macos-appleshare-invalid-range
Reference: BID:1162
Reference: URL:http://www.securityfocus.com/bid/1162


Name: CVE-2000-0347

Description:
Windows 95 and Windows 98 allow a remote attacker to cause a denial of service via a NetBIOS session request packet with a NULL source name.

Status: Entry
Reference: NTBUGTRAQ:20000501 el8.org advisory - Win 95/98 DoS (RFParalyze.c)
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=95737580922397&w=2
Reference: BID:1163
Reference: URL:http://www.securityfocus.com/bid/1163
Reference: XF:win-netbios-source-null


Name: CVE-2000-0348

Description:
A vulnerability in the Sendmail configuration file sendmail.cf as installed in SCO UnixWare 7.1.0 and earlier allows an attacker to gain root privileges.

Status: Entry
Reference: SCO:SB-99.10
Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-99.10a


Name: CVE-2000-0349

Description:
Vulnerability in the passthru driver in SCO UnixWare 7.1.0 allows an attacker to cause a denial of service.

Status: Entry
Reference: SCO:SB-99.13
Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-99.13a


Name: CVE-2000-0350

Description:
A debugging feature in NetworkICE ICEcap 2.0.23 and earlier is enabled, which allows a remote attacker to bypass the weak authentication and post unencrypted events.

Status: Entry
Reference: MISC:http://www.securityfocus.com/templates/advisory.html?id=2220
Reference: CONFIRM:http://advice.networkice.com/advice/Support/KB/q000166/
Reference: BID:1216
Reference: URL:http://www.securityfocus.com/bid/1216
Reference: XF:netice-icecap-alert-execute
Reference: XF:netice-icecap-default
Reference: OSVDB:312
Reference: URL:http://www.osvdb.org/312


Name: CVE-2000-0351

Description:
Some packaging commands in SCO UnixWare 7.1.0 have insecure privileges, which allows local users to add or remove software packages.

Status: Entry
Reference: SCO:SB-99.09
Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-99.09b


Name: CVE-2000-0352

Description:
Pine before version 4.21 does not properly filter shell metacharacters from URLs, which allows remote attackers to execute arbitrary commands via a malformed URL.

Status: Entry
Reference: BUGTRAQ:19991117 Pine: expanding env vars in URLs (seems to be fixed as of 4.21)
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.9911171818220.12375-100000@ray.compu-aid.com
Reference: CALDERA:CSSA-1999-036.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-036.0.txt
Reference: SUSE:19991227 Security hole in Pine < 4.21
Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_36.html
Reference: XF:pine-remote-exe
Reference: BID:810
Reference: URL:http://www.securityfocus.com/bid/810


Name: CVE-2000-0353

Description:
Pine 4.x allows a remote attacker to execute arbitrary commands via an index.html file which executes lynx and obtains a uudecoded file from a malicious web server, which is then executed by Pine.

Status: Entry
Reference: MISC:http://www.securiteam.com/unixfocus/HHP-Pine_remote_exploit.html
Reference: SUSE:19990628 Execution of commands in Pine 4.x
Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_6.html
Reference: SUSE:19990911 Update for Pine (fixed IMAP support)
Reference: URL:http://www.novell.com/linux/security/advisories/pine_update_announcement.html
Reference: BID:1247
Reference: URL:http://www.securityfocus.com/bid/1247
Reference: XF:pine-lynx-execute-commands


Name: CVE-2000-0354

Description:
mirror 2.8.x in Linux systems allows remote attackers to create files one level above the local target directory.

Status: Entry
Reference: BUGTRAQ:19990928 mirror 2.9 hole
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=15769.990928@tomcat.ru
Reference: DEBIAN:19991018 Incorrect directory name handling in mirror
Reference: URL:http://www.debian.org/security/1999/19991018
Reference: SUSE:19991001 Security hole in mirror
Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_22.html
Reference: BID:681
Reference: URL:http://www.securityfocus.com/bid/681
Reference: XF:mirror-perl-remote-file-creation


Name: CVE-2000-0356

Description:
Pluggable Authentication Modules (PAM) in Red Hat Linux 6.1 does not properly lock access to disabled NIS accounts.

Status: Entry
Reference: REDHAT:RHSA-1999:040
Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=1789
Reference: XF:linux-pam-nis-login
Reference: BID:697
Reference: URL:http://www.securityfocus.com/bid/697


Name: CVE-2000-0359

Description:
Buffer overflow in Trivial HTTP (THTTPd) allows remote attackers to cause a denial of service or execute arbitrary commands via a long If-Modified-Since header.

Status: Entry
Reference: BUGTRAQ:19991113 thttpd 2.04 stack overflow (VD#6)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/1626.html
Reference: SUSE:19991116 Security hole in thttpd 1.90a - 2.04
Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_30.html
Reference: XF:thttpd-ifmodifiedsince-header-dos
Reference: BID:1248
Reference: URL:http://www.securityfocus.com/bid/1248


Name: CVE-2000-0360

Description:
Buffer overflow in INN 2.2.1 and earlier allows remote attackers to cause a denial of service via a maliciously formatted article.

Status: Entry
Reference: SUSE:19991124 Security hole in inn <= 2.2.1
Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_34.html
Reference: CALDERA:CSSA-1999-038.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-038.0.txt
Reference: XF:inn-remote-dos
Reference: BID:1249
Reference: URL:http://www.securityfocus.com/bid/1249


Name: CVE-2000-0361

Description:
The PPP wvdial.lxdialog script in wvdial 1.4 and earlier creates a .config file with world readable permissions, which allows a local attacker in the dialout group to access login and password information.

Status: Entry
Reference: SUSE:19991214 Security hole in wvdial <= 1.4
Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_35.html
Reference: XF:wvdial-gain-dialup-info


Name: CVE-2000-0362

Description:
Buffer overflows in Linux cdwtools 093 and earlier allows local users to gain root privileges.

Status: Entry
Reference: SUSE:19991019 Security hole in cdwtools < 093
Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_25.html
Reference: BID:738
Reference: URL:http://www.securityfocus.com/bid/738
Reference: XF:linux-cdda2cdr


Name: CVE-2000-0363

Description:
Linux cdwtools 093 and earlier allows local users to gain root privileges via the /tmp directory.

Status: Entry
Reference: SUSE:19991019 Security hole in cdwtools < 093
Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_25.html
Reference: BID:738
Reference: URL:http://www.securityfocus.com/bid/738
Reference: XF:linux-cdda2cdr


Name: CVE-2000-0366

Description:
dump in Debian GNU/Linux 2.1 does not properly restore symlinks, which allows a local user to modify the ownership of arbitrary files.

Status: Entry
Reference: DEBIAN:19991202 problem restoring symlinks
Reference: URL:http://www.debian.org/security/1999/19991202
Reference: XF:debian-dump-modify-ownership
Reference: BID:1442
Reference: URL:http://www.securityfocus.com/bid/1442


Name: CVE-2000-0367

Description:
Vulnerability in eterm 0.8.8 in Debian GNU/Linux allows an attacker to gain root privileges.

Status: Entry
Reference: DEBIAN:19990218 Root exploit in eterm
Reference: URL:http://www.debian.org/security/1999/19990218
Reference: XF:linux-eterm


Name: CVE-2000-0368

Description:
Classic Cisco IOS 9.1 and later allows attackers with access to the loging prompt to obtain portions of the command history of previous users, which may allow the attacker to access sensitive data.

Status: Entry
Reference: CISCO:19981014 Cisco IOS Command History Release at Login Prompt
Reference: URL:http://www.cisco.com/warp/public/770/ioshist-pub.shtml
Reference: CIAC:J-009
Reference: URL:http://www.ciac.org/ciac/bulletins/j-009.shtml


Name: CVE-2000-0369

Description:
The IDENT server in Caldera Linux 2.3 creates multiple threads for each IDENT request, which allows remote attackers to cause a denial of service.

Status: Entry
Reference: CALDERA:CSSA-1999-029.1
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-029.1.txt
Reference: BID:1266
Reference: URL:http://www.securityfocus.com/bid/1266
Reference: XF:caldera-ident-server-dos


Name: CVE-2000-0370

Description:
The debug option in Caldera Linux smail allows remote attackers to execute commands via shell metacharacters in the -D option for the rmail command.

Status: Entry
Reference: CALDERA:CSSA-1999-001.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-001.0.txt
Reference: BID:1268
Reference: URL:http://www.securityfocus.com/bid/1268
Reference: XF:caldera-smail-rmail-command


Name: CVE-2000-0371

Description:
The libmediatool library used for the KDE mediatool allows local users to create arbitrary files via a symlink attack.

Status: Entry
Reference: CALDERA:CSSA-1999-005.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-005.0.txt
Reference: BID:1269
Reference: URL:http://www.securityfocus.com/bid/1269
Reference: XF:kde-mediatool


Name: CVE-2000-0372

Description:
Vulnerability in Caldera rmt command in the dump package 0.4b4 allows a local user to gain root privileges.

Status: Entry
Reference: CALDERA:CSSA-1999-014.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-014.0.txt
Reference: XF:linux-rmt
Reference: URL:http://xforce.iss.net/static/2268.php
Reference: OSVDB:7940
Reference: URL:http://www.osvdb.org/7940


Name: CVE-2000-0373

Description:
Vulnerabilities in the KDE kvt terminal program allow local users to gain root privileges.

Status: Entry
Reference: CALDERA:CSSA-1999-015.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-015.0.txt
Reference: REDHAT:RHSA-1999:015-01
Reference: URL:http://www.redhat.com/support/errata/RHSA1999015_01.html
Reference: XF:kde-kvt
Reference: URL:http://xforce.iss.net/static/2266.php


Name: CVE-2000-0374

Description:
The default configuration of kdm in Caldera and Mandrake Linux, and possibly other distributions, allows XDMCP connections from any host, which allows remote attackers to obtain sensitive information or bypass additional access restrictions.

Status: Entry
Reference: CALDERA:CSSA-1999-021.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-021.0.txt
Reference: MANDRAKE:MDKSA-2002:025
Reference: URL:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:025
Reference: BID:1446
Reference: URL:http://www.securityfocus.com/bid/1446
Reference: XF:xdmcp-kdm-default-configuration(4856)
Reference: URL:http://xforce.iss.net/xforce/xfdb/4856


Name: CVE-2000-0375

Description:
The kernel in FreeBSD 3.2 follows symbolic links when it creates core dump files, which allows local attackers to modify arbitrary files.

Status: Entry
Reference: FREEBSD:FreeBSD-SA-99:04
Reference: OSVDB:6084
Reference: URL:http://www.osvdb.org/6084


Name: CVE-2000-0376

Description:
Buffer overflow in the HTTP proxy server for the i-drive Filo software allows remote attackers to execute arbitrary commands via a long HTTP GET request.

Status: Entry
Reference: ISS:20000607 Buffer Overflow in i-drive Filo (tm) software
Reference: BID:1324
Reference: URL:http://www.securityfocus.com/bid/1324
Reference: XF:idrive-filo-bo


Name: CVE-2000-0377

Description:
The Remote Registry server in Windows NT 4.0 allows local authenticated users to cause a denial of service via a malformed request, which causes the winlogon process to fail, aka the "Remote Registry Access Authentication" vulnerability.

Status: Entry
Reference: MS:MS00-040
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-040.asp
Reference: MSKB:Q264684
Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=264684
Reference: XF:nt-registry-request-dos
Reference: BID:1331
Reference: URL:http://www.securityfocus.com/bid/1331
Reference: OVAL:oval:org.mitre.oval:def:1021
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1021


Name: CVE-2000-0378

Description:
The pam_console PAM module in Linux systems performs a chown on various devices upon a user login, but an open file descriptor for those devices can be maintained after the user logs out, which allows that user to sniff activity on these devices when subsequent users log in.

Status: Entry
Reference: BUGTRAQ:20000502 pam_console bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0023.html
Reference: BID:1176
Reference: URL:http://www.securityfocus.com/bid/1176
Reference: XF:linux-pam-sniff-activities


Name: CVE-2000-0379

Description:
The Netopia R9100 router does not prevent authenticated users from modifying SNMP tables, even if the administrator has configured it to do so.

Status: Entry
Reference: BUGTRAQ:20000507 Advisory: Netopia R9100 router vulnerability
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200005082054.NAA32590@linux.mtndew.com
Reference: CONFIRM:http://www.netopia.com/equipment/purchase/fmw_update.html
Reference: BID:1177
Reference: URL:http://www.securityfocus.com/bid/1177
Reference: XF:netopia-snmp-comm-strings


Name: CVE-2000-0380

Description:
The IOS HTTP service in Cisco routers and switches running IOS 11.1 through 12.1 allows remote attackers to cause a denial of service by requesting a URL that contains a %% string.

Status: Entry
Reference: BUGTRAQ:20000426 Cisco HTTP possible bug:
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0261.html
Reference: CISCO:20000514 Cisco IOS HTTP Server Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/ioshttpserver-pub.shtml
Reference: XF:cisco-ios-http-dos
Reference: BID:1154
Reference: URL:http://www.securityfocus.com/bid/1154
Reference: OSVDB:1302
Reference: URL:http://www.osvdb.org/1302


Name: CVE-2000-0381

Description:
The Gossamer Threads DBMan db.cgi CGI script allows remote attackers to view environmental variables and setup information by referencing a non-existing database in the db parameter.

Status: Entry
Reference: BUGTRAQ:20000505 Black Watch Labs Vulnerability Alert
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0067.html
Reference: MISC:http://www.perfectotech.com/blackwatchlabs/vul5_05.html
Reference: XF:http-cgi-dbman-db
Reference: BID:1178
Reference: URL:http://www.securityfocus.com/bid/1178


Name: CVE-2000-0382

Description:
ColdFusion ClusterCATS appends stale query string arguments to a URL during HTML redirection, which may provide sensitive information to the redirected site.

Status: Entry
Reference: ALLAIRE:ASB00-12
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=15697&Method=Full
Reference: BID:1179
Reference: URL:http://www.securityfocus.com/bid/1179
Reference: XF:allaire-clustercats-url-redirect


Name: CVE-2000-0387

Description:
The makelev program in the golddig game from the FreeBSD ports collection allows local users to overwrite arbitrary files.

Status: Entry
Reference: FREEBSD:FreeBSD-SA-00:16
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:16.golddig.asc
Reference: BID:1184
Reference: URL:http://www.securityfocus.com/bid/1184
Reference: XF:golddig-overwrite-files


Name: CVE-2000-0388

Description:
Buffer overflow in FreeBSD libmytinfo library allows local users to execute commands via a long TERMCAP environmental variable.

Status: Entry
Reference: FREEBSD:FreeBSD-SA-00:17
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00%3A17.libmytinfo.asc
Reference: BID:1185
Reference: URL:http://www.securityfocus.com/bid/1185
Reference: XF:libmytinfo-bo


Name: CVE-2000-0389

Description:
Buffer overflow in krb_rd_req function in Kerberos 4 and 5 allows remote attackers to gain root privileges.

Status: Entry
Reference: BUGTRAQ:20000516 BUFFER OVERRUN VULNERABILITIES IN KERBEROS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0184.html
Reference: CERT:CA-2000-06
Reference: URL:http://www.cert.org/advisories/CA-2000-06.html
Reference: FREEBSD:FreeBSD-SA-00:20
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-05/0295.html
Reference: REDHAT:RHSA-2000:025
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-025.html
Reference: XF:kerberos-krb-rd-req-bo
Reference: BID:1220
Reference: URL:http://www.securityfocus.com/bid/1220


Name: CVE-2000-0390

Description:
Buffer overflow in krb425_conv_principal function in Kerberos 5 allows remote attackers to gain root privileges.

Status: Entry
Reference: BUGTRAQ:20000516 BUFFER OVERRUN VULNERABILITIES IN KERBEROS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0184.html
Reference: CERT:CA-2000-06
Reference: URL:http://www.cert.org/advisories/CA-2000-06.html
Reference: FREEBSD:FreeBSD-SA-00:20
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-05/0295.html
Reference: REDHAT:RHSA-2000:025
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-025.html
Reference: BID:1220
Reference: URL:http://www.securityfocus.com/bid/1220
Reference: XF:kerberos-krb425-conv-principal-bo
Reference: OSVDB:4884
Reference: URL:http://www.osvdb.org/4884


Name: CVE-2000-0391

Description:
Buffer overflow in krshd in Kerberos 5 allows remote attackers to gain root privileges.

Status: Entry
Reference: BUGTRAQ:20000516 BUFFER OVERRUN VULNERABILITIES IN KERBEROS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0184.html
Reference: CERT:CA-2000-06
Reference: URL:http://www.cert.org/advisories/CA-2000-06.html
Reference: FREEBSD:FreeBSD-SA-00:20
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-05/0295.html
Reference: REDHAT:RHSA-2000:025
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-025.html
Reference: XF:kerberos-krshd-bo
Reference: BID:1220
Reference: URL:http://www.securityfocus.com/bid/1220
Reference: OSVDB:4876
Reference: URL:http://www.osvdb.org/4876


Name: CVE-2000-0392

Description:
Buffer overflow in ksu in Kerberos 5 allows local users to gain root privileges.

Status: Entry
Reference: BUGTRAQ:20000516 BUFFER OVERRUN VULNERABILITIES IN KERBEROS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0184.html
Reference: CERT:CA-2000-06
Reference: URL:http://www.cert.org/advisories/CA-2000-06.html
Reference: FREEBSD:FreeBSD-SA-00:20
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-05/0295.html
Reference: REDHAT:RHSA-2000:025
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-025.html
Reference: XF:kerberos-ksu-bo
Reference: BID:1220
Reference: URL:http://www.securityfocus.com/bid/1220


Name: CVE-2000-0393

Description:
The KDE kscd program does not drop privileges when executing a program specified in a user's SHELL environmental variable, which allows the user to gain privileges by specifying an alternate program to execute.

Status: Entry
Reference: BUGTRAQ:20000516 kscd vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0172.html
Reference: SUSE:20000529 kmulti <= 1.1.2
Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_50.html
Reference: XF:kscd-shell-env-variable
Reference: BID:1206
Reference: URL:http://www.securityfocus.com/bid/1206


Name: CVE-2000-0394

Description:
NetProwler 3.0 allows remote attackers to cause a denial of service by sending malformed IP packets that trigger NetProwler's Man-in-the-Middle signature.

Status: Entry
Reference: BUGTRAQ:20000519 RFP2K05: NetProwler vs. RFProwler
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95878603510835&w=2
Reference: BUGTRAQ:20000522 RFP2K05 - NetProwler "Fragmentation" Issue
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=392AD3B3.3E9BE3EA@axent.com
Reference: XF:axent-netprowler-ipfrag-dos
Reference: BID:1225
Reference: URL:http://www.securityfocus.com/bid/1225


Name: CVE-2000-0395

Description:
Buffer overflow in CProxy 3.3 allows remote users to cause a denial of service via a long HTTP request.

Status: Entry
Reference: BUGTRAQ:20000516 CProxy v3.3 SP 2 DoS
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=007d01bfbf48$e44f0e40$01dc11ac@peopletel.org
Reference: XF:cproxy-http-dos
Reference: BID:1213
Reference: URL:http://www.securityfocus.com/bid/1213


Name: CVE-2000-0396

Description:
The add.exe program in the Carello shopping cart software allows remote attackers to duplicate files on the server, which could allow the attacker to read source code for web scripts such as .ASP files.

Status: Entry
Reference: BUGTRAQ:20000524 Alert: Carello File Creation flaw
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0285.html
Reference: BID:1245
Reference: URL:http://www.securityfocus.com/bid/1245
Reference: XF:carello-file-duplication


Name: CVE-2000-0397

Description:
The EMURL web-based email account software encodes predictable identifiers in user session URLs, which allows a remote attacker to access a user's email account.

Status: Entry
Reference: BUGTRAQ:20000515 Vulnerability in EMURL-based e-mail providers
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0160.html
Reference: XF:emurl-account-access
Reference: BID:1203
Reference: URL:http://www.securityfocus.com/bid/1203


Name: CVE-2000-0398

Description:
Buffer overflow in wconsole.dll in Rockliffe MailSite Management Agent allows remote attackers to execute arbitrary commands via a long query_string parameter in the HTTP GET request.

Status: Entry
Reference: BUGTRAQ:20000524 Alert: Buffer overflow in Rockliffe's MailSite
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0286.html
Reference: BID:1244
Reference: URL:http://www.securityfocus.com/bid/1244
Reference: XF:mailsite-get-overflow


Name: CVE-2000-0399

Description:
Buffer overflow in MDaemon POP server allows remote attackers to cause a denial of service via a long user name.

Status: Entry
Reference: BUGTRAQ:20000524 Deerfield Communications MDaemon Mail Server DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0301.html
Reference: XF:deerfield-mdaemon-dos
Reference: BID:1250
Reference: URL:http://www.securityfocus.com/bid/1250


Name: CVE-2000-0402

Description:
The Mixed Mode authentication capability in Microsoft SQL Server 7.0 stores the System Administrator (sa) account in plaintext in a log file which is readable by any user, aka the "SQL Server 7.0 Service Pack Password" vulnerability.

Status: Entry
Reference: MS:MS00-035
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-035.asp
Reference: MSKB:Q263968
Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=263968
Reference: BID:1281
Reference: URL:http://www.securityfocus.com/bid/1281
Reference: XF:mssql-agent-stored-pw
Reference: XF:mssql-sa-pw-in-sqlsplog


Name: CVE-2000-0403

Description:
The CIFS Computer Browser service on Windows NT 4.0 allows a remote attacker to cause a denial of service by sending a large number of host announcement requests to the master browse tables, aka the "HostAnnouncement Flooding" or "HostAnnouncement Frame" vulnerability.

Status: Entry
Reference: MS:MS00-036
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-036.asp
Reference: MSKB:Q263307
Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=263307
Reference: XF:win-browser-hostannouncement
Reference: BID:1261
Reference: URL:http://www.securityfocus.com/bid/1261


Name: CVE-2000-0404

Description:
The CIFS Computer Browser service allows remote attackers to cause a denial of service by sending a ResetBrowser frame to the Master Browser, aka the "ResetBrowser Frame" vulnerability.

Status: Entry
Reference: MS:MS00-036
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-036.asp
Reference: MSKB:Q262694
Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=262694
Reference: BID:1262
Reference: URL:http://www.securityfocus.com/bid/1262
Reference: XF:win-browser-reset-frame


Name: CVE-2000-0405

Description:
Buffer overflow in L0pht AntiSniff allows remote attackers to execute arbitrary commands via a malformed DNS response packet.

Status: Entry
Reference: L0PHT:20000515 AntiSniff version 1.01 and Researchers version 1 DNS overflow
Reference: URL:http://www.l0pht.com/advisories/asniff_advisory.txt
Reference: BID:1207
Reference: URL:http://www.securityfocus.com/bid/1207
Reference: XF:antisniff-dns-overflow
Reference: OSVDB:3179
Reference: URL:http://www.osvdb.org/3179


Name: CVE-2000-0406

Description:
Netscape Communicator before version 4.73 and Navigator 4.07 do not properly validate SSL certificates, which allows remote attackers to steal information by redirecting traffic from a legitimate web server to their own malicious server, aka the "Acros-Suencksen SSL" vulnerability.

Status: Entry
Reference: MISC:http://www.acrossecurity.com/aspr/ASPR-2000-04-06-1-PUB.txt
Reference: CERT:CA-2000-05
Reference: URL:http://www.cert.org/advisories/CA-2000-05.html
Reference: REDHAT:RHSA-2000:028
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-028.html
Reference: BID:1188
Reference: URL:http://www.securityfocus.com/bid/1188
Reference: XF:netscape-invalid-ssl-sessions


Name: CVE-2000-0407

Description:
Buffer overflow in Solaris netpr program allows local users to execute arbitrary commands via a long -p option.

Status: Entry
Reference: BUGTRAQ:20000512 New Solaris root exploit for /usr/lib/lp/bin/netpr
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0141.html
Reference: XF:sol-netpr-bo
Reference: BID:1200
Reference: URL:http://www.securityfocus.com/bid/1200


Name: CVE-2000-0408

Description:
IIS 4.05 and 5.0 allow remote attackers to cause a denial of service via a long, complex URL that appears to contain a large number of file extensions, aka the "Malformed Extension Data in URL" vulnerability.

Status: Entry
Reference: MISC:http://www.ussrback.com/labs40.html
Reference: MS:MS00-030
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-030.asp
Reference: MSKB:Q260205
Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=260205
Reference: XF:iis-url-extension-data-dos
Reference: BID:1190
Reference: URL:http://www.securityfocus.com/bid/1190


Name: CVE-2000-0409

Description:
Netscape 4.73 and earlier follows symlinks when it imports a new certificate, which allows local users to overwrite files of the user importing the certificate.

Status: Entry
Reference: BUGTRAQ:20000510 Possible symlink problems with Netscape 4.73
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0126.html
Reference: BID:1201
Reference: URL:http://www.securityfocus.com/bid/1201
Reference: XF:netscape-import-certificate-symlink


Name: CVE-2000-0410

Description:
ColdFusion Server 4.5.1 allows remote attackers to cause a denial of service by making repeated requests to a CFCACHE tagged cache file that is not stored in memory.

Status: Entry
Reference: NTBUGTRAQ:20000510 Cold Fusion Server 4.5.1 DoS Vulnerability.
Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0005&L=ntbugtraq&F=&S=&P=4843
Reference: XF:coldfusion-cfcache-dos
Reference: BID:1192
Reference: URL:http://www.securityfocus.com/bid/1192


Name: CVE-2000-0411

Description:
Matt Wright's FormMail CGI script allows remote attackers to obtain environmental variables via the env_report parameter.

Status: Entry
Reference: BUGTRAQ:20000510 Black Watch Labs Vulnerability Alert
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0125.html
Reference: MISC:http://www.perfectotech.com/blackwatchlabs/vul5_10.html
Reference: XF:http-cgi-formmail-environment
Reference: BID:1187
Reference: URL:http://www.securityfocus.com/bid/1187


Name: CVE-2000-0414

Description:
Vulnerability in shutdown command for HP-UX 11.X and 10.X allows allows local users to gain privileges via malformed input variables.

Status: Entry
Reference: HP:HPSBUX0005-113
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0047.html
Reference: XF:hp-shutdown-privileges
Reference: BID:1214
Reference: URL:http://www.securityfocus.com/bid/1214


Name: CVE-2000-0416

Description:
NTMail 5.x allows network users to bypass the NTMail proxy restrictions by redirecting their requests to NTMail's web configuration server.

Status: Entry
Reference: BUGTRAQ:20000511 NTMail Proxy Exploit
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NABBJLKKPKIHDIMKFKGCMEFANMAB.georger@nls.net
Reference: CONFIRM:http://www.gordano.com/support/archives/ntmail/2000-05/00001114.htm
Reference: XF:ntmail-bypass-proxy
Reference: BID:1196
Reference: URL:http://www.securityfocus.com/bid/1196


Name: CVE-2000-0417

Description:
The HTTP administration interface to the Cayman 3220-H DSL router allows remote attackers to cause a denial of service via a long username or password.

Status: Entry
Reference: BUGTRAQ:20000505 Cayman 3220-H DSL Router DOS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0075.html
Reference: BUGTRAQ:20000523 Cayman 3220H DSL Router Software Update and New Bonus Attack
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0280.html
Reference: XF:cayman-router-dos
Reference: BID:1219
Reference: URL:http://www.securityfocus.com/bid/1219


Name: CVE-2000-0418

Description:
The Cayman 3220-H DSL router allows remote attackers to cause a denial of service via oversized ICMP echo (ping) requests.

Status: Entry
Reference: BUGTRAQ:20000523 Cayman 3220H DSL Router Software Update and New Bonus Attack
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0280.html
Reference: XF:cayman-dsl-dos
Reference: BID:1240
Reference: URL:http://www.securityfocus.com/bid/1240


Name: CVE-2000-0419

Description:
The Office 2000 UA ActiveX Control is marked as "safe for scripting," which allows remote attackers to conduct unauthorized activities via the "Show Me" function in Office Help, aka the "Office 2000 UA Control" vulnerability.

Status: Entry
Reference: MS:MS00-034
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-034.asp
Reference: MSKB:Q262767
Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=262767
Reference: CERT:CA-2000-07
Reference: URL:http://www.cert.org/advisories/CA-2000-07.html
Reference: BID:1197
Reference: URL:http://www.securityfocus.com/bid/1197
Reference: XF:office-ua-control


Name: CVE-2000-0421

Description:
The process_bug.cgi script in Bugzilla allows remote attackers to execute arbitrary commands via shell metacharacters.

Status: Entry
Reference: BUGTRAQ:20000510 Advisory: Unchecked system(blaat $var blaat) call in Bugzilla 2.8
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0128.html
Reference: XF:bugzilla-unchecked-system-call
Reference: BID:1199
Reference: URL:http://www.securityfocus.com/bid/1199


Name: CVE-2000-0424

Description:
The CGI counter 4.0.7 by George Burgyan allows remote attackers to execute arbitrary commands via shell metacharacters.

Status: Entry
Reference: BUGTRAQ:20000514 Vulnerability in CGI counter 4.0.7 by George Burgyan
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200005151024.aa01811@blaze.arl.mil
Reference: BID:1202
Reference: URL:http://www.securityfocus.com/bid/1202
Reference: XF:http-cgi-burgyan-counter


Name: CVE-2000-0425

Description:
Buffer overflow in the Web Archives component of L-Soft LISTSERV 1.8 allows remote attackers to execute arbitrary commands.

Status: Entry
Reference: CONFIRM:http://www.lsoft.com/news/default.asp?item=Advisory0
Reference: BUGTRAQ:20000505 Alert: Listserv Web Archives (wa) buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0048.html
Reference: XF:http-cgi-listserv-wa-bo
Reference: BID:1167
Reference: URL:http://www.securityfocus.com/bid/1167


Name: CVE-2000-0426

Description:
UltraBoard 1.6 and other versions allow remote attackers to cause a denial of service by referencing UltraBoard in the Session parameter, which causes UltraBoard to fork copies of itself.

Status: Entry
Reference: BUGTRAQ:20000505 Re: Fun with UltraBoard V1.6X
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0059.html
Reference: BID:1175
Reference: URL:http://www.securityfocus.com/bid/1175
Reference: XF:ultraboard-cgi-dos


Name: CVE-2000-0427

Description:
The Aladdin Knowledge Systems eToken device allows attackers with physical access to the device to obtain sensitive information without knowing the PIN of the owner by resetting the PIN in the EEPROM.

Status: Entry
Reference: L0PHT:20000504 eToken Private Information Extraction and Physical Attack
Reference: URL:http://www.l0pht.com/advisories/etoken-piepa.txt
Reference: XF:aladdin-etoken-pin-reset
Reference: BID:1170
Reference: URL:http://www.securityfocus.com/bid/1170
Reference: OSVDB:3266
Reference: URL:http://www.osvdb.org/3266


Name: CVE-2000-0428

Description:
Buffer overflow in the SMTP gateway for InterScan Virus Wall 3.32 and earlier allows a remote attacker to execute arbitrary commands via a long filename for a uuencoded attachment.

Status: Entry
Reference: NAI:20000503 Trend Micro InterScan VirusWall Remote Overflow
Reference: URL:http://www.nai.com/nai_labs/asp_set/advisory/39_Trend.asp
Reference: BID:1168
Reference: URL:http://www.securityfocus.com/bid/1168
Reference: XF:interscan-viruswall-bo


Name: CVE-2000-0430

Description:
Cart32 allows remote attackers to access sensitive debugging information by appending /expdate to the URL request.

Status: Entry
Reference: BUGTRAQ:20000503 Another interesting Cart32 command
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95738697301956&w=2
Reference: XF:cart32-expdate
Reference: BID:1358
Reference: URL:http://www.securityfocus.com/bid/1358


Name: CVE-2000-0431

Description:
Cobalt RaQ2 and RaQ3 does not properly set the access permissions and ownership for files that are uploaded via FrontPage, which allows attackers to bypass cgiwrap and modify files.

Status: Entry
Reference: BUGTRAQ:20000522 Problem with FrontPage on Cobalt RaQ2/RaQ3
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000523100045.B11049@HiWAAY.net
Reference: BUGTRAQ:20000525 Cobalt Networks - Security Advisory - Frontpage
Reference: CONFIRM:http://archives.neohapsis.com/archives/bugtraq/2000-05/0305.html
Reference: BID:1238
Reference: URL:http://www.securityfocus.com/bid/1238
Reference: XF:cobalt-cgiwrap-bypass
Reference: OSVDB:1346
Reference: URL:http://www.osvdb.org/1346


Name: CVE-2000-0432

Description:
The calender.pl and the calendar_admin.pl calendar scripts by Matt Kruse allow remote attackers to execute arbitrary commands via shell metacharacters.

Status: Entry
Reference: BUGTRAQ:20000516 Vuln in calender.pl (Matt Kruse calender script)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0173.html
Reference: BID:1215
Reference: URL:http://www.securityfocus.com/bid/1215
Reference: XF:http-cgi-calendar-execute


Name: CVE-2000-0435

Description:
The allmanageup.pl file upload CGI script in the Allmanage Website administration software 2.6 can be called directly by remote attackers, which allows them to modify user accounts or web pages.

Status: Entry
Reference: BUGTRAQ:20000516 Allmanage.pl Vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0167.html
Reference: XF:http-cgi-allmanage-account-access
Reference: BID:1217
Reference: URL:http://www.securityfocus.com/bid/1217
Reference: OSVDB:1337
Reference: URL:http://www.osvdb.org/1337


Name: CVE-2000-0436

Description:
MetaProducts Offline Explorer 1.2 and earlier allows remote attackers to access arbitrary files via a .. (dot dot) attack.

Status: Entry
Reference: BUGTRAQ:20000522 MetaProducts Offline Explorer Directory Traversal Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0254.html
Reference: CONFIRM:http://www.metaproducts.com/mpOE-HY.html
Reference: BID:1231
Reference: URL:http://www.securityfocus.com/bid/1231
Reference: XF:offline-explorer-directory-traversal


Name: CVE-2000-0437

Description:
Buffer overflow in the CyberPatrol daemon "cyberdaemon" used in gauntlet and WebShield allows remote attackers to cause a denial of service or execute arbitrary commands.

Status: Entry
Reference: CONFIRM:http://www.tis.com/support/cyberadvisory.html
Reference: CONFIRM:http://www.pgp.com/jump/gauntlet_advisory.asp
Reference: BUGTRAQ:20000522 Gauntlet CyberPatrol Buffer Overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0249.html
Reference: XF:gauntlet-cyberdaemon-bo
Reference: BID:1234
Reference: URL:http://www.securityfocus.com/bid/1234
Reference: OSVDB:322
Reference: URL:http://www.osvdb.org/322


Name: CVE-2000-0438

Description:
Buffer overflow in fdmount on Linux systems allows local users in the "floppy" group to execute arbitrary commands via a long mountpoint parameter.

Status: Entry
Reference: BUGTRAQ:20000522 fdmount buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0245.html
Reference: XF:linux-fdmount-bo
Reference: BID:1239
Reference: URL:http://www.securityfocus.com/bid/1239


Name: CVE-2000-0439

Description:
Internet Explorer 4.0 and 5.0 allows a malicious web site to obtain client cookies from another domain by including that domain name and escaped characters in a URL, aka the "Unauthorized Cookie Access" vulnerability.

Status: Entry
Reference: BUGTRAQ:20000510 IE Domain Confusion Vulnerability
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000511135609.D7774@securityfocus.com
Reference: BUGTRAQ:20000511 IE Domain Confusion Vulnerability is an Email problem also
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NDBBKGHPMKBKDDGLDEEHAEHMDIAA.rms2000@bellatlantic.net
Reference: MS:MS00-033
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-033.asp
Reference: BID:1194
Reference: URL:http://www.securityfocus.com/bid/1194
Reference: OSVDB:1326
Reference: URL:http://www.osvdb.org/1326
Reference: XF:ie-cookie-disclosure(4447)
Reference: URL:http://xforce.iss.net/xforce/xfdb/4447


Name: CVE-2000-0440

Description:
NetBSD 1.4.2 and earlier allows remote attackers to cause a denial of service by sending a packet with an unaligned IP timestamp option.

Status: Entry
Reference: NETBSD:NetBSD-SA2000-002
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-002.txt.asc
Reference: FREEBSD:FreeBSD-SA-00:23
Reference: BUGTRAQ:20000506 [NHC20000504a.0: NetBSD Panics when sent unaligned IP options]
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0088.html
Reference: BID:1173
Reference: URL:http://www.securityfocus.com/bid/1173
Reference: XF:netbsd-unaligned-ip-options


Name: CVE-2000-0441

Description:
Vulnerability in AIX 3.2.x and 4.x allows local users to gain write access to files on locally or remotely mounted AIX filesystems.

Status: Entry
Reference: IBM:ERS-OAR-E01-2000:087.1
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0275.html
Reference: BID:1241
Reference: URL:http://www.securityfocus.com/bid/1241
Reference: XF:aix-local-filesystem


Name: CVE-2000-0442

Description:
Qpopper 2.53 and earlier allows local users to gain privileges via a formatting string in the From: header, which is processed by the euidl command.

Status: Entry
Reference: BUGTRAQ:20000523 Qpopper 2.53 remote problem, user can gain gid=mail
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0267.html
Reference: SUSE:20000608 pop <= 2000.3.4
Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_51.html
Reference: BID:1242
Reference: URL:http://www.securityfocus.com/bid/1242
Reference: XF:qualcomm-qpopper-euidl


Name: CVE-2000-0443

Description:
The web interface server in HP Web JetAdmin 5.6 allows remote attackers to read arbitrary files via a .. (dot dot) attack.

Status: Entry
Reference: BUGTRAQ:20000524 HP Web JetAdmin Version 5.6 Web interface Server Directory Traversal Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0281.html
Reference: XF:hp-jetadmin-directory-traversal
Reference: BID:1243
Reference: URL:http://www.securityfocus.com/bid/1243
Reference: OSVDB:1350
Reference: URL:http://www.osvdb.org/1350


Name: CVE-2000-0445

Description:
The pgpk command in PGP 5.x on Unix systems uses an insufficiently random data source for non-interactive key pair generation, which may produce predictable keys.

Status: Entry
Reference: BUGTRAQ:20000523 Key Generation Security Flaw in PGP 5.0
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0273.html
Reference: CERT:CA-2000-09
Reference: URL:http://www.cert.org/advisories/CA-2000-09.html
Reference: BID:1251
Reference: URL:http://www.securityfocus.com/bid/1251
Reference: XF:pgp-key-predictable
Reference: OSVDB:1355
Reference: URL:http://www.osvdb.org/1355


Name: CVE-2000-0446

Description:
Buffer overflow in MDBMS database server allows remote attackers to execute arbitrary commands via a long string.

Status: Entry
Reference: BUGTRAQ:20000524 Remote xploit for MDBMS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0274.html
Reference: XF:mdbms-bo
Reference: BID:1252
Reference: URL:http://www.securityfocus.com/bid/1252


Name: CVE-2000-0447

Description:
Buffer overflow in WebShield SMTP 4.5.44 allows remote attackers to execute arbitrary commands via a long configuration parameter to the WebShield remote management service.

Status: Entry
Reference: BUGTRAQ:20000525 DST2K0003 : Buffer Overrun in NAI WebShield SMTP v4.5.44 Managem ent Tool
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=6C740781F92BD411831F0090273A8AB806FD4A@exchange.servers.delphis.net
Reference: XF:nai-webshield-bo
Reference: BID:1254
Reference: URL:http://www.securityfocus.com/bid/1254
Reference: OSVDB:327
Reference: URL:http://www.osvdb.org/327


Name: CVE-2000-0448

Description:
The WebShield SMTP Management Tool version 4.5.44 does not properly restrict access to the management port when an IP address does not resolve to a hostname, which allows remote attackers to access the configuration via the GET_CONFIG command.

Status: Entry
Reference: BUGTRAQ:20000525 DST2K0003 : Buffer Overrun in NAI WebShield SMTP v4.5.44 Managem ent Tool
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=6C740781F92BD411831F0090273A8AB806FD4A@exchange.servers.delphis.net
Reference: XF:nai-webshield-getconfig
Reference: BID:1253
Reference: URL:http://www.securityfocus.com/bid/1253
Reference: OSVDB:326
Reference: URL:http://www.osvdb.org/326


Name: CVE-2000-0451

Description:
The Intel express 8100 ISDN router allows remote attackers to cause a denial of service via oversized or fragmented ICMP packets.

Status: Entry
Reference: BUGTRAQ:20000518 Remote Dos attack against Intel express 8100 router
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0229.html
Reference: XF:intel-8100-remote-dos
Reference: BID:1228
Reference: URL:http://www.securityfocus.com/bid/1228


Name: CVE-2000-0452

Description:
Buffer overflow in the ESMTP service of Lotus Domino Server 5.0.1 allows remote attackers to cause a denial of service via a long MAIL FROM command.

Status: Entry
Reference: BUGTRAQ:20000518 Lotus ESMTP Service (Lotus Domino Release 5.0.1 (Intl))
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0219.html
Reference: XF:lotus-domino-esmtp-bo
Reference: BID:1229
Reference: URL:http://www.securityfocus.com/bid/1229
Reference: OSVDB:321
Reference: URL:http://www.osvdb.org/321


Name: CVE-2000-0453

Description:
XFree86 3.3.x and 4.0 allows a user to cause a denial of service via a negative counter value in a malformed TCP packet that is sent to port 6000.

Status: Entry
Reference: BUGTRAQ:20000518 Nasty XFree Xserver DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0223.html
Reference: CALDERA:CSSA-2000-012.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2000-012.0.txt
Reference: BID:1235
Reference: URL:http://www.securityfocus.com/bid/1235


Name: CVE-2000-0454

Description:
Buffer overflow in Linux cdrecord allows local users to gain privileges via the dev parameter.

Status: Entry
Reference: BUGTRAQ:20000527 Mandrake 7.0: /usr/bin/cdrecord gid=80 (strike #2)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0367.html
Reference: BUGTRAQ:20000603 [Gael Duval ] [Security Announce] cdrecord
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0434.html
Reference: BUGTRAQ:20000607 Conectiva Linux Security Announcement - cdrecord
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0019.html
Reference: BID:1265
Reference: URL:http://www.securityfocus.com/bid/1265
Reference: XF:linux-cdrecord-execute


Name: CVE-2000-0455

Description:
Buffer overflow in xlockmore xlock program version 4.16 and earlier allows local users to read sensitive data from memory via a long -mode option.

Status: Entry
Reference: NAI:20000529 Initialized Data Overflow in Xlock
Reference: URL:http://www.nai.com/nai_labs/asp_set/advisory/41initialized.asp
Reference: NETBSD:NetBSD-SA2000-003
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-003.txt.asc
Reference: TURBO:TLSA2000012-1
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0375.html
Reference: BID:1267
Reference: URL:http://www.securityfocus.com/bid/1267
Reference: XF:xlock-bo-read-passwd


Name: CVE-2000-0456

Description:
NetBSD 1.4.2 and earlier allows local users to cause a denial of service by repeatedly running certain system calls in the kernel which do not yield the CPU, aka "cpu-hog".

Status: Entry
Reference: NETBSD:NetBSD-SA2000-005
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-005.txt.asc
Reference: BID:1272
Reference: URL:http://www.securityfocus.com/bid/1272
Reference: XF:bsd-syscall-cpu-dos
Reference: OSVDB:1365
Reference: URL:http://www.osvdb.org/1365


Name: CVE-2000-0457

Description:
ISM.DLL in IIS 4.0 and 5.0 allows remote attackers to read file contents by requesting the file and appending a large number of encoded spaces (%20) and terminated with a .htr extension, aka the ".HTR File Fragment Reading" or "File Fragment Reading via .HTR" vulnerability.

Status: Entry
Reference: BUGTRAQ:20000511 Alert: IIS ism.dll exposes file contents
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95810120719608&w=2
Reference: MS:MS00-031
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-031.mspx
Reference: BID:1193
Reference: URL:http://www.securityfocus.com/bid/1193
Reference: XF:iis-ism-file-access(4448)
Reference: URL:http://xforce.iss.net/static/4448.php


Name: CVE-2000-0458

Description:
The MSWordView application in IMP creates world-readable files in the /tmp directory, which allows other local users to read potentially sensitive information.

Status: Entry
Reference: BUGTRAQ:20000424 Two Problems in IMP 2
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95672120116627&w=2
Reference: BID:1360
Reference: URL:http://www.securityfocus.com/bid/1360
Reference: XF:imp-tmpfile-view


Name: CVE-2000-0459

Description:
IMP does not remove files properly if the MSWordView application quits, which allows local users to cause a denial of service by filling up the disk space by requesting a large number of documents and prematurely stopping the request.

Status: Entry
Reference: BUGTRAQ:20000424 Two Problems in IMP 2
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95672120116627&w=2
Reference: BID:1361
Reference: URL:http://www.securityfocus.com/bid/1361
Reference: XF:imp-wordfile-dos


Name: CVE-2000-0460

Description:
Buffer overflow in KDE kdesud on Linux allows local uses to gain privileges via a long DISPLAY environmental variable.

Status: Entry
Reference: BUGTRAQ:20000526 KDE: /usr/bin/kdesud, gid = 0 exploit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0353.html
Reference: BID:1274
Reference: URL:http://www.securityfocus.com/bid/1274
Reference: XF:kde-display-environment-overflow


Name: CVE-2000-0461

Description:
The undocumented semconfig system call in BSD freezes the state of semaphores, which allows local users to cause a denial of service of the semaphore system by using the semconfig call.

Status: Entry
Reference: OPENBSD:20000526
Reference: URL:http://www.openbsd.org/errata26.html#semconfig
Reference: NETBSD:NetBSD-SA2000-004
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-004.txt.asc
Reference: FREEBSD:FreeBSD-SA-00:19
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:19.semconfig.asc
Reference: XF:bsd-semaphore-dos
Reference: BID:1270
Reference: URL:http://www.securityfocus.com/bid/1270


Name: CVE-2000-0462

Description:
ftpd in NetBSD 1.4.2 does not properly parse entries in /etc/ftpchroot and does not chroot the specified users, which allows those users to access other files outside of their home directory.

Status: Entry
Reference: NETBSD:NetBSD-SA2000-006
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-006.txt.asc
Reference: BID:1273
Reference: URL:http://www.securityfocus.com/bid/1273
Reference: XF:netbsd-ftpchroot-parsing
Reference: OSVDB:1366
Reference: URL:http://www.osvdb.org/1366


Name: CVE-2000-0463

Description:
BeOS 5.0 allows remote attackers to cause a denial of service via fragmented TCP packets.

Status: Entry
Reference: BUGTRAQ:20000517 AUX Security Advisory on Be/OS 5.0 (DoS)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0197.html
Reference: XF:beos-tcp-frag-dos
Reference: BID:1222
Reference: URL:http://www.securityfocus.com/bid/1222


Name: CVE-2000-0464

Description:
Internet Explorer 4.x and 5.x allows remote attackers to execute arbitrary commands via a buffer overflow in the ActiveX parameter parsing capability, aka the "Malformed Component Attribute" vulnerability.

Status: Entry
Reference: MS:MS00-033
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-033.asp
Reference: MSKB:Q261257
Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=261257
Reference: XF:ie-malformed-component-attribute
Reference: BID:1223
Reference: URL:http://www.securityfocus.com/bid/1223


Name: CVE-2000-0465

Description:
Internet Explorer 4.x and 5.x does properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files via the frame, aka the "Frame Domain Verification" vulnerability.

Status: Entry
Reference: MS:MS00-033
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-033.asp
Reference: MSKB:Q251108
Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=251108
Reference: MSKB:Q255676
Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=255676
Reference: BID:1224
Reference: URL:http://www.securityfocus.com/bid/1224
Reference: XF:ie-frame-domain-verification


Name: CVE-2000-0466

Description:
AIX cdmount allows local users to gain root privileges via shell metacharacters.

Status: Entry
Reference: ISS:20000620 Insecure call of external program in AIX cdmount
Reference: URL:http://xforce.iss.net/alerts/advise55.php
Reference: XF:aix-cdmount-insecure-call
Reference: BID:1384
Reference: URL:http://www.securityfocus.com/bid/1384


Name: CVE-2000-0467

Description:
Buffer overflow in Linux splitvt 1.6.3 and earlier allows local users to gain root privileges via a long password in the screen locking function.

Status: Entry
Reference: BUGTRAQ:20000614 Splitvt exploit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0125.html
Reference: DEBIAN:20000605a
Reference: BID:1346
Reference: URL:http://www.securityfocus.com/bid/1346
Reference: XF:splitvt-screen-lock-bo


Name: CVE-2000-0468

Description:
man in HP-UX 10.20 and 11 allows local attackers to overwrite files via a symlink attack.

Status: Entry
Reference: BUGTRAQ:20000601 HP Security vulnerability in the man command
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.SOL.4.02.10006021014400.4779-100000@nofud.nwest.attws.com
Reference: BID:1302
Reference: URL:http://www.securityfocus.com/bid/1302
Reference: XF:hp-man-file-overwrite


Name: CVE-2000-0469

Description:
Selena Sol WebBanner 4.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack.

Status: Entry
Reference: BUGTRAQ:20000613 CGI: Selena Sol's WebBanner ( Random Banner Generator ) Vulnerability
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-06-22&msg=ILENKALMCAFBLHBGEOFKGEJCCAAA.jwesterink@jwesterink.daxis.nl
Reference: BUGTRAQ:20000620 Re: CGI: Selena Sol's WebBanner ( Random Banner Generator ) Vulnerability
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=4.2.0.58.20000620193604.00979950@mail.clark.net
Reference: BID:1347
Reference: URL:http://www.securityfocus.com/bid/1347
Reference: XF:webbanner-input-validation-exe


Name: CVE-2000-0470

Description:
Allegro RomPager HTTP server allows remote attackers to cause a denial of service via a malformed authentication request.

Status: Entry
Reference: BUGTRAQ:20000601 Hardware Exploit - Gets network Down
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0398.html
Reference: BID:1290
Reference: URL:http://www.securityfocus.com/bid/1290
Reference: XF:rompager-malformed-dos
Reference: URL:http://xforce.iss.net/static/4588.php


Name: CVE-2000-0471

Description:
Buffer overflow in ufsrestore in Solaris 8 and earlier allows local users to gain root privileges via a long pathname.

Status: Entry
Reference: BUGTRAQ:20000614 Vulnerability in Solaris ufsrestore
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0114.html
Reference: SUNBUG:4339366
Reference: SUN:00210
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/210
Reference: CERT-VN:VU#36866
Reference: URL:http://www.kb.cert.org/vuls/id/36866
Reference: BID:1348
Reference: URL:http://www.securityfocus.com/bid/1348
Reference: OSVDB:1398
Reference: URL:http://www.osvdb.org/1398
Reference: XF:sol-ufsrestore-bo
Reference: URL:http://xforce.iss.net/static/4711.php


Name: CVE-2000-0472

Description:
Buffer overflow in innd 2.2.2 allows remote attackers to execute arbitrary commands via a cancel request containing a long message ID.

Status: Entry
Reference: BUGTRAQ:20000106 innd 2.2.2 remote buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0003.html
Reference: CALDERA:CSSA-2000-016.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-016.0.txt
Reference: BUGTRAQ:20000707 inn update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0097.html
Reference: BUGTRAQ:20000721 [ANNOUNCE] INN 2.2.3 available
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0298.html
Reference: BUGTRAQ:20000722 MDKSA-2000:023 inn update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0330.html
Reference: BID:1316
Reference: URL:http://www.securityfocus.com/bid/1316
Reference: XF:innd-cancel-overflow
Reference: URL:http://xforce.iss.net/static/4615.php


Name: CVE-2000-0474

Description:
Real Networks RealServer 7.x allows remote attackers to cause a denial of service via a malformed request for a page in the viewsource directory.

Status: Entry
Reference: BUGTRAQ:20000601 Remote DoS attack in Real Networks Real Server (Strike #2) Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0410.html
Reference: BUGTRAQ:20000601 Remote DoS attack in RealServer: USSR-2000043
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0427.html
Reference: BID:1288
Reference: URL:http://www.securityfocus.com/bid/1288
Reference: XF:realserver-malformed-remote-dos
Reference: URL:http://xforce.iss.net/static/4587.php


Name: CVE-2000-0475

Description:
Windows 2000 allows a local user process to access another user's desktop within the same windows station, aka the "Desktop Separation" vulnerability.

Status: Entry
Reference: MS:MS00-020
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-020.asp
Reference: BID:1350
Reference: URL:http://www.securityfocus.com/bid/1350
Reference: XF:win2k-desktop-separation
Reference: URL:http://xforce.iss.net/static/4714.php


Name: CVE-2000-0477

Description:
Buffer overflow in Norton Antivirus for Exchange (NavExchange) allows remote attackers to cause a denial of service via a .zip file that contains long file names.

Status: Entry
Reference: BUGTRAQ:20000614 Vulnerabilities in Norton Antivirus for Exchange
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0136.html
Reference: BID:1351
Reference: URL:http://www.securityfocus.com/bid/1351
Reference: XF:antivirus-nav-zip-bo
Reference: URL:http://xforce.iss.net/static/4710.php


Name: CVE-2000-0478

Description:
In some cases, Norton Antivirus for Exchange (NavExchange) enters a "fail-open" state which allows viruses to pass through the server.

Status: Entry
Reference: BUGTRAQ:20000614 Vulnerabilities in Norton Antivirus for Exchange
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0136.html
Reference: BID:1351
Reference: URL:http://www.securityfocus.com/bid/1351
Reference: XF:antivirus-nav-fail-open
Reference: URL:http://xforce.iss.net/static/4709.php
Reference: OSVDB:6266
Reference: URL:http://www.osvdb.org/6266


Name: CVE-2000-0481

Description:
Buffer overflow in KDE Kmail allows a remote attacker to cause a denial of service via an attachment with a long file name.

Status: Entry
Reference: VULN-DEV:20000601 Kmail heap overflow
Reference: URL:http://securityfocus.com/templates/archive.pike?list=82&date=2000-06-22&msg=00060200422401.01667@lez
Reference: BID:1380
Reference: URL:http://www.securityfocus.com/bid/1380
Reference: XF:kde-kmail-attachment-dos
Reference: URL:http://xforce.iss.net/static/4993.php


Name: CVE-2000-0482

Description:
Check Point Firewall-1 allows remote attackers to cause a denial of service by sending a large number of malformed fragmented IP packets.

Status: Entry
Reference: BUGTRAQ:20000605 FW-1 IP Fragmentation Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0473.html
Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#IP_Fragmentation
Reference: BID:1312
Reference: URL:http://www.securityfocus.com/bid/1312
Reference: XF:fw1-packet-fragment-dos
Reference: URL:http://xforce.iss.net/static/4609.php
Reference: OSVDB:1379
Reference: URL:http://www.osvdb.org/1379


Name: CVE-2000-0483

Description:
The DocumentTemplate package in Zope 2.2 and earlier allows a remote attacker to modify DTMLDocuments or DTMLMethods without authorization.

Status: Entry
Reference: BUGTRAQ:20000615 [Brian@digicool.com: [Zope] Zope security alert and 2.1.7 update [*important*]]
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0144.html
Reference: CONFIRM:http://www.zope.org/Products/Zope/Hotfix_06_16_2000/security_alert
Reference: REDHAT:RHSA-2000:038
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-038.html
Reference: FREEBSD:FreeBSD-SA-00:38
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00%3A38.zope.asc
Reference: BUGTRAQ:20000728 MDKSA-2000:026 Zope update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0412.html
Reference: BUGTRAQ:2000615 Conectiva Linux Security Announcement - ZOPE
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000616103807.A3768@conectiva.com.br
Reference: BID:1354
Reference: URL:http://www.securityfocus.com/bid/1354
Reference: XF:zope-dtml-remote-modify
Reference: URL:http://xforce.iss.net/static/4716.php


Name: CVE-2000-0484

Description:
Buffer overflow in Small HTTP Server allows remote attackers to cause a denial of service via a long GET request.

Status: Entry
Reference: BUGTRAQ:20000616 Remote DoS Attack in Small HTTP Server ver. 1.212 Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96113651713414&w=2
Reference: NTBUGTRAQ:20000616 Remote DoS Attack in Small HTTP Server ver. 1.212 Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=96151775004229&w=2
Reference: BID:1355
Reference: URL:http://www.securityfocus.com/bid/1355
Reference: XF:small-http-get-overflow-dos
Reference: URL:http://xforce.iss.net/static/4692.php


Name: CVE-2000-0485

Description:
Microsoft SQL Server allows local users to obtain database passwords via the Data Transformation Service (DTS) package Properties dialog, aka the "DTS Password" vulnerability.

Status: Entry
Reference: BUGTRAQ:20000530 Fw: Steal Passwords Using SQL Server EM
Reference: URL:http://www.securityfocus.com/archive/1/62771
Reference: MS:MS00-041
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-041.asp
Reference: BID:1292
Reference: URL:http://www.securityfocus.com/bid/1292
Reference: XF:mssql-dts-reveal-passwords
Reference: URL:http://xforce.iss.net/static/4582.php


Name: CVE-2000-0486

Description:
Buffer overflow in Cisco TACACS+ tac_plus server allows remote attackers to cause a denial of service via a malformed packet with a long length field.

Status: Entry
Reference: BUGTRAQ:20000530 An Analysis of the TACACS+ Protocol and its Implementations
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0369.html
Reference: CONFIRM:http://archives.neohapsis.com/archives/bugtraq/2000-05/0370.html
Reference: BID:1293
Reference: URL:http://www.securityfocus.com/bid/1293
Reference: XF:tacacsplus-packet-length-dos
Reference: URL:http://xforce.iss.net/static/4985.php


Name: CVE-2000-0488

Description:
Buffer overflow in ITHouse mail server 1.04 allows remote attackers to execute arbitrary commands via a long RCPT TO mail command.

Status: Entry
Reference: BUGTRAQ:20000601 DST2K0007: Buffer Overrun in ITHouse Mail Server v1.04
Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q2/0148.html
Reference: BID:1285
Reference: URL:http://www.securityfocus.com/bid/1285
Reference: XF:ithouse-rcpt-overflow(4580)
Reference: URL:http://xforce.iss.net/static/4580.php


Name: CVE-2000-0489

Description:
FreeBSD, NetBSD, and OpenBSD allow an attacker to cause a denial of service by creating a large number of socket pairs using the socketpair function, setting a large buffer size via setsockopt, then writing large buffers.

Status: Entry
Reference: BUGTRAQ:19990826 Local DoS in FreeBSD
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.9908270039010.16315-100000@thetis.deor.org
Reference: BUGTRAQ:20000601 Local FreeBSD, Openbsd, NetBSD, DoS Vulnerability - Mac OS X affected
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NCBBKFKDOLAGKIAPMILPCEJLCEAA.labs@ussrback.com
Reference: BID:622
Reference: URL:http://www.securityfocus.com/bid/622
Reference: XF:bsd-setsockopt-dos
Reference: URL:http://xforce.iss.net/static/3298.php


Name: CVE-2000-0490

Description:
Buffer overflow in the NetWin DSMTP 2.7q in the NetWin dmail package allows remote attackers to execute arbitrary commands via a long ETRN request.

Status: Entry
Reference: BUGTRAQ:20000601 Netwin's Dmail package
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0407.html
Reference: CONFIRM:http://netwinsite.com/dmail/security.htm
Reference: BID:1297
Reference: URL:http://www.securityfocus.com/bid/1297
Reference: XF:dmail-etrn-dos
Reference: URL:http://xforce.iss.net/static/4579.php


Name: CVE-2000-0493

Description:
Buffer overflow in Simple Network Time Sync (SMTS) daemon allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long string.

Status: Entry
Reference: VULN-DEV:20000601 Vulnerability in SNTS
Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2000-q2/0843.html
Reference: BID:1289
Reference: URL:http://www.securityfocus.com/bid/1289
Reference: XF:timesync-bo-execute
Reference: URL:http://xforce.iss.net/static/4602.php


Name: CVE-2000-0494

Description:
Veritas Volume Manager creates a world writable .server_pids file, which allows local users to add arbitrary commands into the file, which is then executed by the vmsa_server script.

Status: Entry
Reference: BUGTRAQ:20000616 Veritas Volume Manager 3.0.x hole
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0151.html
Reference: CONFIRM:http://seer.support.veritas.com/tnotes/volumeman/230053.htm
Reference: BID:1356
Reference: URL:http://www.securityfocus.com/bid/1356
Reference: XF:veritas-volume-manager


Name: CVE-2000-0495

Description:
Microsoft Windows Media Encoder allows remote attackers to cause a denial of service via a malformed request, aka the "Malformed Windows Media Encoder Request" vulnerability.

Status: Entry
Reference: MS:MS00-038
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-038.asp
Reference: BID:1282
Reference: URL:http://www.securityfocus.com/bid/1282
Reference: XF:ms-malformed-media-dos
Reference: URL:http://xforce.iss.net/static/4585.php


Name: CVE-2000-0497

Description:
IBM WebSphere server 3.0.2 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case.

Status: Entry
Reference: NTBUGTRAQ:20000612 IBM WebSphere JSP showcode vulnerability
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0263.html
Reference: CONFIRM:http://www-4.ibm.com/software/webservers/appserv/efix.html
Reference: BID:1328
Reference: URL:http://www.securityfocus.com/bid/1328
Reference: XF:websphere-jsp-source-read


Name: CVE-2000-0498

Description:
Unify eWave ServletExec allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case.

Status: Entry
Reference: NTBUGTRAQ:20000608 Potential vulnerability in Unify eWave ServletExec
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0250.html
Reference: BID:1328
Reference: URL:http://www.securityfocus.com/bid/1328
Reference: XF:ewave-servletexec-jsp-source-read(4649)
Reference: URL:http://xforce.iss.net/static/4649.php


Name: CVE-2000-0499

Description:
The default configuration of BEA WebLogic 3.1.8 through 4.5.1 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case.

Status: Entry
Reference: NTBUGTRAQ:20000612 BEA WebLogic JSP showcode vulnerability
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0262.htm
Reference: CONFIRM:http://developer.bea.com/alerts/security_000612.html
Reference: BID:1328
Reference: URL:http://www.securityfocus.com/bid/1328
Reference: XF:weblogic-jsp-source-read
Reference: URL:http://xforce.iss.net/static/4694.php


Name: CVE-2000-0500

Description:
The default configuration of BEA WebLogic 5.1.0 allows a remote attacker to view source code of programs by requesting a URL beginning with /file/, which causes the default servlet to display the file without further processing.

Status: Entry
Reference: CONFIRM:http://www.weblogic.com/docs51/admindocs/http.html#file
Reference: BUGTRAQ:20000621 BEA WebLogic /file/ showcode vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96161462915381&w=2
Reference: BID:1378
Reference: URL:http://www.securityfocus.com/bid/1378
Reference: XF:weblogic-file-source-read
Reference: URL:http://xforce.iss.net/static/4775.php


Name: CVE-2000-0501

Description:
Race condition in MDaemon 2.8.5.0 POP server allows local users to cause a denial of service by entering a UIDL command and quickly exiting the server.

Status: Entry
Reference: NTBUGTRAQ:20000616 mdaemon 2.8.5.0 WinNT and Win9x remote DoS
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0277.html
Reference: BID:1366
Reference: URL:http://www.securityfocus.com/bid/1366
Reference: XF:mdaemon-pass-dos
Reference: URL:http://xforce.iss.net/static/4745.php


Name: CVE-2000-0502

Description:
Mcafee VirusScan 4.03 does not properly restrict access to the alert text file before it is sent to the Central Alert Server, which allows local users to modify alerts in an arbitrary fashion.

Status: Entry
Reference: BUGTRAQ:20000607 Mcafee Alerting DOS vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0038.html
Reference: BID:1326
Reference: URL:http://www.securityfocus.com/bid/1326
Reference: XF:mcafee-alerting-dos(4641)
Reference: URL:http://xforce.iss.net/static/4641.php
Reference: OSVDB:6287
Reference: URL:http://www.osvdb.org/6287


Name: CVE-2000-0504

Description:
libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro.

Status: Entry
Reference: BUGTRAQ:20000619 XFree86: libICE DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0170.html
Reference: CONFIRM:http://www.xfree86.org/security/
Reference: BID:1369
Reference: URL:http://www.securityfocus.com/bid/1369
Reference: XF:linux-libice-dos


Name: CVE-2000-0505

Description:
The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.

Status: Entry
Reference: BUGTRAQ:20000603 Re: IBM HTTP SERVER / APACHE
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.BSF.4.20.0006031912360.45740-100000@alive.znep.com
Reference: BID:1284
Reference: URL:http://www.securityfocus.com/bid/1284
Reference: XF:ibm-http-file-retrieve
Reference: URL:http://xforce.iss.net/static/4575.php


Name: CVE-2000-0506

Description:
The "capabilities" feature in Linux before 2.2.16 allows local users to cause a denial of service or gain privileges by setting the capabilities to prevent a setuid program from dropping privileges, aka the "Linux kernel setuid/setcap vulnerability."

Status: Entry
Reference: BUGTRAQ:20000609 Sendmail & procmail local root exploits on Linux kernel up to 2.2.16pre5
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.21.0006090852340.3475-300000@alfa.elzabsoft.pl
Reference: REDHAT:RHSA-2000:037
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-037.html
Reference: TURBO:TLSA2000013-1
Reference: SGI:20000802-01-P
Reference: URL:ftp://sgigate.sgi.com/security/20000802-01-P
Reference: BUGTRAQ:20000609 Trustix Security Advisory
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0062.html
Reference: BUGTRAQ:20000608 CONECTIVA LINUX SECURITY ANNOUNCEMENT - kernel
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0063.html
Reference: BID:1322
Reference: URL:http://www.securityfocus.com/bid/1322
Reference: XF:linux-kernel-capabilities


Name: CVE-2000-0507

Description:
Imate Webmail Server 2.5 allows remote attackers to cause a denial of service via a long HELO command.

Status: Entry
Reference: BUGTRAQ:20000601 DST2K0006: Denial of Service Possibility in Imate WebMail Server
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95990195708509&w=2
Reference: BID:1286
Reference: URL:http://www.securityfocus.com/bid/1286
Reference: XF:nt-webmail-dos
Reference: URL:http://xforce.iss.net/static/4586.php


Name: CVE-2000-0508

Description:
rpc.lockd in Red Hat Linux 6.1 and 6.2 allows remote attackers to cause a denial of service via a malformed request.

Status: Entry
Reference: BUGTRAQ:20000608 Remote DOS in linux rpc.lockd
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0073.html
Reference: BID:1372
Reference: URL:http://www.securityfocus.com/bid/1372
Reference: XF:linux-lockd-remote-dos
Reference: URL:http://xforce.iss.net/static/5050.php


Name: CVE-2000-0510

Description:
CUPS (Common Unix Printing System) 1.04 and earlier allows remote attackers to cause a denial of service via a malformed IPP request.

Status: Entry
Reference: BUGTRAQ:20000620 CUPS DoS Bugs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0188.html
Reference: CONFIRM:ftp://ftp.easysw.com/pub/cups/1.0.5/cups-DoS.patch
Reference: BID:1373
Reference: URL:http://www.securityfocus.com/bid/1373
Reference: XF:debian-cups-malformed-ipp
Reference: URL:http://xforce.iss.net/static/4846.php


Name: CVE-2000-0511

Description:
CUPS (Common Unix Printing System) 1.04 and earlier allows remote attackers to cause a denial of service via a CGI POST request.

Status: Entry
Reference: BUGTRAQ:20000620 CUPS DoS Bugs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0188.html
Reference: CONFIRM:ftp://ftp.easysw.com/pub/cups/1.0.5/cups-DoS.patch
Reference: BID:1373
Reference: URL:http://www.securityfocus.com/bid/1373
Reference: XF:debian-cups-posts
Reference: URL:http://xforce.iss.net/static/4846.php


Name: CVE-2000-0512

Description:
CUPS (Common Unix Printing System) 1.04 and earlier does not properly delete request files, which allows a remote attacker to cause a denial of service.

Status: Entry
Reference: BUGTRAQ:20000620 CUPS DoS Bugs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0188.html
Reference: CONFIRM:ftp://ftp.easysw.com/pub/cups/1.0.5/cups-DoS.patch
Reference: BID:1373
Reference: URL:http://www.securityfocus.com/bid/1373
Reference: XF:debian-cups-posts
Reference: URL:http://xforce.iss.net/static/4846.php


Name: CVE-2000-0513

Description:
CUPS (Common Unix Printing System) 1.04 and earlier allows remote attackers to cause a denial of service by authenticating with a user name that does not exist or does not have a shadow password.

Status: Entry
Reference: BUGTRAQ:20000620 CUPS DoS Bugs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0188.html
Reference: CONFIRM:ftp://ftp.easysw.com/pub/cups/1.0.5/cups-DoS.patch
Reference: BID:1373
Reference: URL:http://www.securityfocus.com/bid/1373
Reference: XF:debian-cups-posts
Reference: URL:http://xforce.iss.net/static/4846.php


Name: CVE-2000-0514

Description:
GSSFTP FTP daemon in Kerberos 5 1.1.x does not properly restrict access to some FTP commands, which allows remote attackers to cause a denial of service, and local users to gain root privileges.

Status: Entry
Reference: BUGTRAQ:20000614 Security Advisory: REMOTE ROOT VULNERABILITY IN GSSFTP DAEMON
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=ldvsnufao18.fsf@saint-elmos-fire.mit.edu
Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/ftp.txt
Reference: BID:1374
Reference: URL:http://www.securityfocus.com/bid/1374
Reference: XF:kerberos-gssftpd-dos
Reference: URL:http://xforce.iss.net/static/4734.php
Reference: OSVDB:4885
Reference: URL:http://www.osvdb.org/4885


Name: CVE-2000-0515

Description:
The snmpd.conf configuration file for the SNMP daemon (snmpd) in HP-UX 11.0 is world writable, which allows local users to modify SNMP configuration or gain privileges.

Status: Entry
Reference: BUGTRAQ:20000607 [ Hackerslab bug_paper ] HP-UX SNMP daemon vulnerability
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200006070511.OAA05492@dogfoot.hackerslab.org
Reference: BUGTRAQ:20000608 Re: HP-UX SNMP daemon vulnerability
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200006090640.XAA00779@hpchs.cup.hp.com
Reference: BID:1327
Reference: URL:http://www.securityfocus.com/bid/1327
Reference: XF:hpux-snmp-daemon
Reference: URL:http://xforce.iss.net/static/4643.php


Name: CVE-2000-0516

Description:
When configured to store configuration information in an LDAP directory, Shiva Access Manager 5.0.0 stores the root DN (Distinguished Name) name and password in cleartext in a file that is world readable, which allows local users to compromise the LDAP server.

Status: Entry
Reference: BUGTRAQ:20000606 Shiva Access Manager 5.0.0 Plaintext LDAP root password.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0008.html
Reference: BID:1329
Reference: URL:http://www.securityfocus.com/bid/1329
Reference: XF:shiva-plaintext-ldap-password
Reference: URL:http://xforce.iss.net/static/4612.php


Name: CVE-2000-0517

Description:
Netscape 4.73 and earlier does not properly warn users about a potentially invalid certificate if the user has previously accepted the certificate for a different web site, which could allow remote attackers to spoof a legitimate web site by compromising that site's DNS information.

Status: Entry
Reference: CERT:CA-2000-08
Reference: URL:http://www.cert.org/advisories/CA-2000-08.html
Reference: BID:1260
Reference: URL:http://www.securityfocus.com/bid/1260
Reference: XF:netscape-ssl-certificate
Reference: URL:http://xforce.iss.net/static/4550.php


Name: CVE-2000-0518

Description:
Internet Explorer 4.x and 5.x does not properly verify all contents of an SSL certificate if a connection is made to the server via an image or a frame, aka one of two different "SSL Certificate Validation" vulnerabilities.

Status: Entry
Reference: MISC:http://www.acrossecurity.com/aspr/ASPR-1999-12-15-1-PUB.txt
Reference: MS:MS00-039
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-039.asp
Reference: CERT:CA-2000-10
Reference: URL:http://www.cert.org/advisories/CA-2000-10.html
Reference: BID:1309
Reference: URL:http://www.securityfocus.com/bid/1309
Reference: XF:ie-invalid-frame-image-certificate
Reference: URL:http://xforce.iss.net/static/4624.php


Name: CVE-2000-0519

Description:
Internet Explorer 4.x and 5.x does not properly re-validate an SSL certificate if the user establishes a new SSL session with the same server during the same Internet Explorer session, aka one of two different "SSL Certificate Validation" vulnerabilities.

Status: Entry
Reference: MISC:http://www.acrossecurity.com/aspr/ASPR-1999-12-15-1-PUB.txt
Reference: MS:MS00-039
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-039.asp
Reference: CERT:CA-2000-10
Reference: URL:http://www.cert.org/advisories/CA-2000-10.html
Reference: BID:1309
Reference: URL:http://www.securityfocus.com/bid/1309
Reference: XF:ie-revalidate-certificate
Reference: URL:http://xforce.iss.net/static/4627.php


Name: CVE-2000-0521

Description:
Savant web server allows remote attackers to read source code of CGI scripts via a GET request that does not include the HTTP version number.

Status: Entry
Reference: BUGTRAQ:20000605 MDMA Advisory #5: Reading of CGI Scripts under Savant Webserver
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0469.html
Reference: BID:1313
Reference: URL:http://www.securityfocus.com/bid/1313
Reference: XF:savant-source-read
Reference: URL:http://xforce.iss.net/static/4616.php


Name: CVE-2000-0522

Description:
RSA ACE/Server allows remote attackers to cause a denial of service by flooding the server's authentication request port with UDP packets, which causes the server to crash.

Status: Entry
Reference: BUGTRAQ:20000608 Potential DoS Attack on RSA's ACE/Server
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=011a01bfd14c$3c206960$050010ac@xtranet.co.uk
Reference: CONFIRM:ftp://ftp.securid.com/support/outgoing/dos/readme.txt
Reference: BUGTRAQ:20000714 Re: RSA Aceserver UDP Flood Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0197.html
Reference: BID:1332
Reference: URL:http://www.securityfocus.com/bid/1332
Reference: XF:aceserver-udp-packet-dos
Reference: URL:http://xforce.iss.net/static/5053.php


Name: CVE-2000-0523

Description:
Buffer overflow in the logging feature of EServ 2.9.2 and earlier allows an attacker to execute arbitrary commands via a long MKD command.

Status: Entry
Reference: BUGTRAQ:20000606 MDMA Advisory #6: EServ Logging Heap Overflow Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0009.html
Reference: BID:1315
Reference: URL:http://www.securityfocus.com/bid/1315
Reference: XF:eserv-logging-overflow
Reference: URL:http://xforce.iss.net/static/4614.php


Name: CVE-2000-0525

Description:
OpenSSH does not properly drop privileges when the UseLogin option is enabled, which allows local users to execute arbitrary commands by providing the command to the ssh daemon.

Status: Entry
Reference: BUGTRAQ:20000609 OpenSSH's UseLogin option allows remote access with root privilege.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0065.html
Reference: OPENBSD:20000606 The non-default UseLogin feature in /etc/sshd_config is broken and should not be used.
Reference: URL:http://www.openbsd.org/errata.html#uselogin
Reference: BID:1334
Reference: URL:http://www.securityfocus.com/bid/1334
Reference: XF:openssh-uselogin-remote-exec
Reference: URL:http://xforce.iss.net/static/4646.php
Reference: OSVDB:341
Reference: URL:http://www.osvdb.org/341


Name: CVE-2000-0528

Description:
Net Tools PKI Server does not properly restrict access to remote attackers when the XUDA template files do not contain absolute pathnames for other files.

Status: Entry
Reference: BUGTRAQ:20000619 Net Tools PKI server exploits
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0166.html
Reference: CONFIRM:ftp://ftp.tis.com/gauntlet/hide/pki/hotfix.txt
Reference: BID:1364
Reference: URL:http://www.securityfocus.com/bid/1364
Reference: XF:nettools-pki-unauthenticated-access
Reference: URL:http://xforce.iss.net/static/4743.php
Reference: OSVDB:4353
Reference: URL:http://www.osvdb.org/4353


Name: CVE-2000-0529

Description:
Net Tools PKI Server allows remote attackers to cause a denial of service via a long HTTP request.

Status: Entry
Reference: BUGTRAQ:20000619 Net Tools PKI server exploits
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0166.html
Reference: CONFIRM:ftp://ftp.tis.com/gauntlet/hide/pki/hotfix.txt
Reference: BID:1363
Reference: URL:http://www.securityfocus.com/bid/1363
Reference: XF:nettools-pki-http-bo
Reference: URL:http://xforce.iss.net/static/4744.php
Reference: OSVDB:4352
Reference: URL:http://www.osvdb.org/4352


Name: CVE-2000-0530

Description:
The KApplication class in the KDE 1.1.2 configuration file management capability allows local users to overwrite arbitrary files.

Status: Entry
Reference: BUGTRAQ:20000531 KDE::KApplication feature?
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0387.html
Reference: CALDERA:CSSA-2000-015.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-015.0.txt
Reference: REDHAT:RHSA-2000:032
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-032.html
Reference: BID:1291
Reference: URL:http://www.securityfocus.com/bid/1291
Reference: XF:kde-configuration-file-creation
Reference: URL:http://xforce.iss.net/static/4583.php


Name: CVE-2000-0532

Description:
A FreeBSD patch for SSH on 2000-01-14 configures ssh to listen on port 722 as well as port 22, which might allow remote attackers to access SSH through port 722 even if port 22 is otherwise filtered.

Status: Entry
Reference: FREEBSD:FreeBSD-SA-00:21
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-06/0031.html
Reference: BID:1323
Reference: URL:http://www.securityfocus.com/bid/1323
Reference: XF:freebsd-ssh-ports
Reference: URL:http://xforce.iss.net/static/4638.php
Reference: OSVDB:1387
Reference: URL:http://www.osvdb.org/1387


Name: CVE-2000-0533

Description:
Vulnerability in cvconnect in SGI IRIX WorkShop allows local users to overwrite arbitrary files.

Status: Entry
Reference: SGI:20000601-01-P
Reference: URL:ftp://sgigate.sgi.com/security/20000601-01-P
Reference: BID:1379
Reference: URL:http://www.securityfocus.com/bid/1379
Reference: XF:irix-workshop-cvconnect-overwrite
Reference: URL:http://xforce.iss.net/static/4725.php


Name: CVE-2000-0534

Description:
The apsfilter software in the FreeBSD ports package does not properly read user filter configurations, which allows local users to execute commands as the lpd user.

Status: Entry
Reference: FREEBSD:FreeBSD-SA-00:22
Reference: BID:1325
Reference: URL:http://www.securityfocus.com/bid/1325
Reference: XF:apsfilter-elevate-privileges
Reference: URL:http://xforce.iss.net/static/4617.php
Reference: OSVDB:1389
Reference: URL:http://www.osvdb.org/1389


Name: CVE-2000-0536

Description:
xinetd 2.1.8.x does not properly restrict connections if hostnames are used for access control and the connecting host does not have a reverse DNS entry.

Status: Entry
Reference: CONFIRM:http://www.synack.net/xinetd/
Reference: DEBIAN:20000619 xinetd: bug in access control mechanism
Reference: URL:http://www.debian.org/security/2000/20000619
Reference: BID:1381
Reference: URL:http://www.securityfocus.com/bid/1381
Reference: XF:xinetd-improper-restrictions
Reference: URL:http://xforce.iss.net/static/4986.php


Name: CVE-2000-0537

Description:
BRU backup software allows local users to append data to arbitrary files by specifying an alternate configuration file with the BRUEXECLOG environmental variable.

Status: Entry
Reference: BUGTRAQ:20000606 BRU Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0013.html
Reference: CALDERA:CSSA-2000-018.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-018.0.txt
Reference: BID:1321
Reference: URL:http://www.securityfocus.com/bid/1321
Reference: XF:bru-execlog-env-variable
Reference: URL:http://xforce.iss.net/static/4644.php


Name: CVE-2000-0538

Description:
ColdFusion Administrator for ColdFusion 4.5.1 and earlier allows remote attackers to cause a denial of service via a long login password.

Status: Entry
Reference: BUGTRAQ:20000607 New Allaire ColdFusion DoS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96045469627806&w=2
Reference: ALLAIRE:ASB00-14
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=16122&Method=Full
Reference: BID:1314
Reference: URL:http://www.securityfocus.com/bid/1314
Reference: XF:coldfusion-parse-dos
Reference: URL:http://xforce.iss.net/static/4611.php
Reference: OSVDB:3399
Reference: URL:http://www.osvdb.org/3399


Name: CVE-2000-0539

Description:
Servlet examples in Allaire JRun 2.3.x allow remote attackers to obtain sensitive information, e.g. listing HttpSession ID's via the SessionServlet servlet.

Status: Entry
Reference: ALLAIRE:ASB00-015
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=16290&Method=Full
Reference: BID:1386
Reference: URL:http://www.securityfocus.com/bid/1386
Reference: XF:jrun-read-sample-files
Reference: URL:http://xforce.iss.net/static/4774.php
Reference: OSVDB:818
Reference: URL:http://www.osvdb.org/818


Name: CVE-2000-0540

Description:
JSP sample files in Allaire JRun 2.3.x allow remote attackers to access arbitrary files (e.g. via viewsource.jsp) or obtain configuration information.

Status: Entry
Reference: ALLAIRE:ASB00-015
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=16290&Method=Full
Reference: BID:1386
Reference: URL:http://www.securityfocus.com/bid/1386
Reference: XF:jrun-read-sample-files
Reference: URL:http://xforce.iss.net/static/4774.php
Reference: OSVDB:2713
Reference: URL:http://www.osvdb.org/2713


Name: CVE-2000-0541

Description:
The Panda Antivirus console on port 2001 allows local users to execute arbitrary commands without authentication via the CMD command.

Status: Entry
Reference: BUGTRAQ:20000617 Infosec.20000617.panda.a
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0164.html
Reference: XF:panda-antivirus-remote-admin(4707)
Reference: URL:http://xforce.iss.net/xforce/xfdb/4707
Reference: BID:1359
Reference: URL:http://www.securityfocus.com/bid/1359


Name: CVE-2000-0542

Description:
Tigris remote access server before 11.5.4.22 does not properly record Radius accounting information when a user fails the initial login authentication but subsequently succeeds.

Status: Entry
Reference: BUGTRAQ:20000612 ACC/Ericsson Tigris Accounting Failure
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0104.html
Reference: BID:1345
Reference: URL:http://www.securityfocus.com/bid/1345
Reference: XF:tigris-radius-login-failure
Reference: URL:http://xforce.iss.net/static/4705.php


Name: CVE-2000-0548

Description:
Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the e_msg variable in the kerb_err_reply function.

Status: Entry
Reference: BUGTRAQ:20000609 Security Advisory: MULTIPLE DENIAL OF SERVICE VULNERABILITIES IN KRB4 KDC
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html
Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt
Reference: REDHAT:RHSA-2000:031
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-031.html
Reference: CERT:CA-2000-11
Reference: URL:http://www.cert.org/advisories/CA-2000-11.html
Reference: CIAC:K-051
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/k-051.shtml
Reference: XF:kerberos-emsg-bo
Reference: OSVDB:4875
Reference: URL:http://www.osvdb.org/4875


Name: CVE-2000-0549

Description:
Kerberos 4 KDC program does not properly check for null termination of AUTH_MSG_KDC_REQUEST requests, which allows remote attackers to cause a denial of service via a malformed request.

Status: Entry
Reference: BUGTRAQ:20000609 Security Advisory: MULTIPLE DENIAL OF SERVICE VULNERABILITIES IN KRB4 KDC
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html
Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt
Reference: REDHAT:RHSA-2000:031
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-031.html
Reference: CERT:CA-2000-11
Reference: URL:http://www.cert.org/advisories/CA-2000-11.html
Reference: CIAC:K-051
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/k-051.shtml


Name: CVE-2000-0550

Description:
Kerberos 4 KDC program improperly frees memory twice (aka "double-free"), which allows remote attackers to cause a denial of service.

Status: Entry
Reference: BUGTRAQ:20000609 Security Advisory: MULTIPLE DENIAL OF SERVICE VULNERABILITIES IN KRB4 KDC
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html
Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt
Reference: REDHAT:RHSA-2000:031
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-031.html
Reference: CERT:CA-2000-11
Reference: URL:http://www.cert.org/advisories/CA-2000-11.html
Reference: CIAC:K-051
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/k-051.shtml
Reference: XF:kerberos-free-memory
Reference: BID:1465
Reference: URL:http://www.securityfocus.com/bid/1465


Name: CVE-2000-0551

Description:
The file transfer mechanism in Danware NetOp 6.0 does not provide authentication, which allows remote attackers to access and modify arbitrary files.

Status: Entry
Reference: BUGTRAQ:20000523 I think
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0339.html
Reference: BID:1263
Reference: URL:http://www.securityfocus.com/bid/1263
Reference: XF:danware-netop-bypass-security(4569)
Reference: URL:http://xforce.iss.net/static/4569.php


Name: CVE-2000-0552

Description:
ICQwebmail client for ICQ 2000A creates a world readable temporary file during login and does not delete it, which allows local users to obtain sensitive information.

Status: Entry
Reference: NTBUGTRAQ:20000606 ICQ2000A ICQmail temparary internet link vulnearbility
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0237.html
Reference: BID:1307
Reference: URL:http://www.securityfocus.com/bid/1307
Reference: XF:icq-temp-link
Reference: URL:http://xforce.iss.net/static/4607.php


Name: CVE-2000-0553

Description:
Race condition in IPFilter firewall 3.4.3 and earlier, when configured with overlapping "return-rst" and "keep state" rules, allows remote attackers to bypass access restrictions.

Status: Entry
Reference: BUGTRAQ:20000525 Security Vulnerability in IPFilter 3.3.15 and 3.4.3
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0326.html
Reference: BID:1308
Reference: URL:http://www.securityfocus.com/bid/1308
Reference: XF:ipfilter-firewall-race-condition
Reference: URL:http://xforce.iss.net/static/4994.php
Reference: OSVDB:1377
Reference: URL:http://www.osvdb.org/1377


Name: CVE-2000-0555

Description:
Ceilidh allows remote attackers to cause a denial of service via a large number of POST requests.

Status: Entry
Reference: NTBUGTRAQ:20000608 DST2K0010: DoS & Path Revealing Vulnerability in Ceilidh v2.60a
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0246.html
Reference: BID:1320
Reference: URL:http://www.securityfocus.com/bid/1320
Reference: XF:ceilidh-post-dos
Reference: URL:http://xforce.iss.net/static/4622.php


Name: CVE-2000-0556

Description:
Buffer overflow in the web interface for Cmail 2.4.7 allows remote attackers to cause a denial of service by sending a large user name to the user dialog running on port 8002.

Status: Entry
Reference: NTBUGTRAQ:20000608 DST2K0011: DoS & BufferOverrun in CMail v2.4.7 WebMail
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0248.html
Reference: CONFIRM:http://www.computalynx.net/news/Jun2000/news0806200001.html
Reference: BID:1319
Reference: URL:http://www.securityfocus.com/bid/1319
Reference: XF:cmail-long-username-dos
Reference: URL:http://xforce.iss.net/static/4625.php


Name: CVE-2000-0557

Description:
Buffer overflow in the web interface for Cmail 2.4.7 allows remote attackers to execute arbitrary commands via a long GET request.

Status: Entry
Reference: NTBUGTRAQ:20000608 DST2K0011: DoS & BufferOverrun in CMail v2.4.7 WebMail
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0248.html
Reference: BID:1318
Reference: URL:http://www.securityfocus.com/bid/1318
Reference: XF:cmail-get-overflow-execute
Reference: URL:http://xforce.iss.net/static/4626.php


Name: CVE-2000-0558

Description:
Buffer overflow in HP Openview Network Node Manager 6.1 allows remote attackers to execute arbitrary commands via the Alarm service (OVALARMSRV) on port 2345.

Status: Entry
Reference: NTBUGTRAQ:20000608 DST2K0012: BufferOverrun in HP Openview Network Node Manager v6.1
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0249.html
Reference: BID:1317
Reference: URL:http://www.securityfocus.com/bid/1317


Name: CVE-2000-0561

Description:
Buffer overflow in WebBBS 1.15 allows remote attackers to execute arbitrary commands via a long HTTP GET request.

Status: Entry
Reference: BUGTRAQ:20000620 DST2K0018: Multiple BufferOverruns in WebBBS HTTP Server v1.15
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0175.html
Reference: BID:1365
Reference: URL:http://www.securityfocus.com/bid/1365
Reference: XF:webbbs-get-request-overflow
Reference: URL:http://xforce.iss.net/static/4742.php
Reference: OSVDB:3544
Reference: URL:http://www.osvdb.org/3544


Name: CVE-2000-0565

Description:
SmartFTP Daemon 0.2 allows a local user to access arbitrary files by uploading and specifying an alternate user configuration file via a .. (dot dot) attack.

Status: Entry
Reference: BUGTRAQ:20000613 SmartFTP Daemon v0.2 Beta Build 9 - Remote Exploit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0100.html
Reference: BID:1344
Reference: URL:http://www.securityfocus.com/bid/1344
Reference: XF:smartftp-directory-traversal
Reference: URL:http://xforce.iss.net/static/4706.php
Reference: OSVDB:1394
Reference: URL:http://www.osvdb.org/1394


Name: CVE-2000-0566

Description:
makewhatis in Linux man package allows local users to overwrite files via a symlink attack.

Status: Entry
Reference: ISS:20000712 Insecure temporary file handling in Linux makewhatis
Reference: REDHAT:RHSA-2000:041
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-041.html
Reference: CALDERA:CSSA-2000-021.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2000-021.0.txt
Reference: MANDRAKE:MDKSA-2000:015
Reference: URL:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2000:015
Reference: BUGTRAQ:20000707 [Security Announce] man update
Reference: BUGTRAQ:20000727 CONECTIVA LINUX SECURITY ANNOUNCEMENT - MAN
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0390.html
Reference: BID:1434
Reference: URL:http://www.securityfocus.com/bid/1434
Reference: XF:linux-man-makewhatis-tmp
Reference: URL:http://xforce.iss.net/static/4900.php


Name: CVE-2000-0567

Description:
Buffer overflow in Microsoft Outlook and Outlook Express allows remote attackers to execute arbitrary commands via a long Date field in an email header, aka the "Malformed E-mail Header" vulnerability.

Status: Entry
Reference: MS:MS00-043
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-043.mspx
Reference: BUGTRAQ:20000719 Buffer Overflow in MS Outlook Email Clients
Reference: BUGTRAQ:20000719 Aaron Drew - Security Advisory: Buffer Overflow in MS Outlook & Outlook Express Email Clients
Reference: BID:1481
Reference: URL:http://www.securityfocus.com/bid/1481
Reference: XF:outlook-date-overflow
Reference: URL:http://xforce.iss.net/static/4953.php


Name: CVE-2000-0568

Description:
Sybergen Secure Desktop 2.1 does not properly protect against false router advertisements (ICMP type 9), which allows remote attackers to modify default routes.

Status: Entry
Reference: BUGTRAQ:20000630 Multiple vulnerabilities in Sybergen Secure Desktop
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=4125690E.00524395.00@guardianit.se
Reference: XF:sybergen-routing-table-modify
Reference: BID:1417
Reference: URL:http://www.securityfocus.com/bid/1417


Name: CVE-2000-0569

Description:
Sybergen Sygate allows remote attackers to cause a denial of service by sending a malformed DNS UDP packet to its internal interface.

Status: Entry
Reference: WIN2KSEC:20000630 Any LAN user can crash Sygate
Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q2/0189.html
Reference: BID:1420
Reference: URL:http://www.securityfocus.com/bid/1420
Reference: XF:sygate-udp-packet-dos(5049)
Reference: URL:http://xforce.iss.net/static/5049.php


Name: CVE-2000-0570

Description:
FirstClass Internet Services server 5.770, and other versions before 6.1, allows remote attackers to cause a denial of service by sending an email with a long To: mail header.

Status: Entry
Reference: BUGTRAQ:20000627 DoS in FirstClass Internet Services 5.770
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0295.html
Reference: XF:firstclass-large-bcc-dos(4843)
Reference: URL:http://xforce.iss.net/static/4843.php
Reference: BID:1421
Reference: URL:http://www.securityfocus.com/bid/1421
Reference: OSVDB:5718
Reference: URL:http://www.osvdb.org/5718


Name: CVE-2000-0571

Description:
LocalWEB HTTP server 1.2.0 allows remote attackers to cause a denial of service via a long GET request.

Status: Entry
Reference: BUGTRAQ:20000703 Remote DoS Attack in LocalWEB HTTP Server 1.2.0 Vulnerability
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-07-8&msg=NCBBKFKDOLAGKIAPMILPCEIHCFAA.labs@ussrback.com
Reference: BID:1423
Reference: URL:http://www.securityfocus.com/bid/1423
Reference: XF:localweb-get-bo
Reference: URL:http://xforce.iss.net/static/4896.php


Name: CVE-2000-0573

Description:
The lreply function in wu-ftpd 2.6.0 and earlier does not properly cleanse an untrusted format string, which allows remote attackers to execute arbitrary commands via the SITE EXEC command.

Status: Entry
Reference: BUGTRAQ:20000622 WuFTPD: Providing *remote* root since at least1994
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96171893218000&w=2
Reference: BUGTRAQ:20000623 WUFTPD 2.6.0 remote root exploit
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96179429114160&w=2
Reference: BUGTRAQ:20000707 New Released Version of the WuFTPD Sploit
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96299933720862&w=2
Reference: BUGTRAQ:20000623 ftpd: the advisory version
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000623091822.3321.qmail@fiver.freemessage.com
Reference: AUSCERT:AA-2000.02
Reference: URL:ftp://ftp.auscert.org.au/pub/auscert/advisory/AA-2000.02
Reference: CERT:CA-2000-13
Reference: URL:http://www.cert.org/advisories/CA-2000-13.html
Reference: DEBIAN:20000623
Reference: CALDERA:CSSA-2000-020.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-020.0.txt
Reference: REDHAT:RHSA-2000:039
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-039.html
Reference: BUGTRAQ:20000723 CONECTIVA LINUX SECURITY ANNOUNCEMENT - WU-FTPD (re-release)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0244.html
Reference: BUGTRAQ:20000702 [Security Announce] wu-ftpd update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0017.html
Reference: BUGTRAQ:20000929 [slackware-security] wuftpd vulnerability - Slackware 4.0, 7.0, 7.1, -current
Reference: FREEBSD:FreeBSD-SA-00:29
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:29.wu-ftpd.asc.v1.1
Reference: NETBSD:NetBSD-SA2000-009
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2000-009.txt.asc
Reference: XF:wuftp-format-string-stack-overwrite
Reference: BID:1387
Reference: URL:http://www.securityfocus.com/bid/1387
Reference: XF:wuftp-format-string-stack-overwrite(4773)
Reference: URL:http://xforce.iss.net/xforce/xfdb/4773


Name: CVE-2000-0575

Description:
SSH 1.2.27 with Kerberos authentication support stores Kerberos tickets in a file which is created in the current directory of the user who is logging in, which could allow remote attackers to sniff the ticket cache if the home directory is installed on NFS.

Status: Entry
Reference: BUGTRAQ:20000630 Kerberos security vulnerability in SSH-1.2.27
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96256265914116&w=2
Reference: BID:1426
Reference: URL:http://www.securityfocus.com/bid/1426
Reference: XF:ssh-kerberos-tickets-disclosure(4903)
Reference: URL:http://xforce.iss.net/static/4903.php


Name: CVE-2000-0576

Description:
Oracle Web Listener for AIX versions 4.0.7.0.0 and 4.0.8.1.0 allows remote attackers to cause a denial of service via a malformed URL.

Status: Entry
Reference: BUGTRAQ:20000704 Oracle Web Listener for AIX DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0027.html
Reference: BID:1427
Reference: URL:http://www.securityfocus.com/bid/1427


Name: CVE-2000-0577

Description:
Netscape Professional Services FTP Server 1.3.6 allows remote attackers to read arbitrary files via a .. (dot dot) attack.

Status: Entry
Reference: BUGTRAQ:20000621 Netscape FTP Server - "Professional" as hell :>
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.21.0006211351280.23780-100000@nimue.tpi.pl
Reference: BUGTRAQ:20000629 (forw) Re: Netscape ftp Server (fwd)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0345.html
Reference: BID:1411
Reference: URL:http://www.securityfocus.com/bid/1411
Reference: XF:netscape-ftpserver-chroot


Name: CVE-2000-0579

Description:
IRIX crontab creates temporary files with predictable file names and with the umask of the user, which could allow local users to modify another user's crontab file as it is being edited.

Status: Entry
Reference: BUGTRAQ:20000621 Predictability Problems in IRIX Cron and Compilers
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0204.html
Reference: BID:1413
Reference: URL:http://www.securityfocus.com/bid/1413
Reference: XF:irix-cron-modify-crontab


Name: CVE-2000-0581

Description:
Windows 2000 Telnet Server allows remote attackers to cause a denial of service by sending a continuous stream of binary zeros, which causes the server to crash.

Status: Entry
Reference: BUGTRAQ:20000630 SecureXpert Advisory [SX-20000620-1]
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.3.96.1000630161841.4619A-100000@fjord.fscinternet.com
Reference: XF:win2k-telnetserver-dos
Reference: BID:1414
Reference: URL:http://www.securityfocus.com/bid/1414


Name: CVE-2000-0582

Description:
Check Point FireWall-1 4.0 and 4.1 allows remote attackers to cause a denial of service by sending a stream of invalid commands (such as binary zeros) to the SMTP Security Server proxy.

Status: Entry
Reference: BUGTRAQ:20000630 SecureXpert Advisory [SX-20000620-3]
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.3.96.1000630162106.4619C-100000@fjord.fscinternet.com
Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#SMTP_Security
Reference: XF:fw1-resource-overload-dos
Reference: BID:1416
Reference: URL:http://www.securityfocus.com/bid/1416
Reference: OSVDB:1438
Reference: URL:http://www.osvdb.org/1438


Name: CVE-2000-0583

Description:
vchkpw program in vpopmail before version 4.8 does not properly cleanse an untrusted format string used in a call to syslog, which allows remote attackers to cause a denial of service via a USER or PASS command that contains arbitrary formatting directives.

Status: Entry
Reference: BUGTRAQ:20000626 vpopmail-3.4.11 problems
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=395BD2A8.5D3396A7@secureaustin.com
Reference: CONFIRM:http://www.vpopmail.cx/vpopmail-ChangeLog
Reference: BID:1418
Reference: URL:http://www.securityfocus.com/bid/1418
Reference: XF:vpopmail-format-string


Name: CVE-2000-0584

Description:
Buffer overflow in Canna input system allows remote attackers to execute arbitrary commands via an SR_INIT command with a long user name or group name.

Status: Entry
Reference: MISC:http://shadowpenguin.backsection.net/advisories/advisory038.html
Reference: DEBIAN:20000702
Reference: FREEBSD:FreeBSD-SA-00:31
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:31.canna.asc.v1.1
Reference: BID:1445
Reference: URL:http://www.securityfocus.com/bid/1445
Reference: XF:canna-bin-execute-bo
Reference: URL:http://xforce.iss.net/static/4912.php


Name: CVE-2000-0585

Description:
ISC DHCP client program dhclient allows remote attackers to execute arbitrary commands via shell metacharacters.

Status: Entry
Reference: BUGTRAQ:20000624 Possible root exploit in ISC DHCP client.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0247.html
Reference: OPENBSD:20000624 A serious bug in dhclient(8) could allow strings from a malicious dhcp server to be executed in the shell as root.
Reference: DEBIAN:20000628 dhcp client: remote root exploit in dhcp client
Reference: URL:http://www.debian.org/security/2000/20000628
Reference: FREEBSD:FreeBSD-SA-00:34
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:34.dhclient.asc
Reference: BUGTRAQ:20000702 [Security Announce] dhcp update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0014.html
Reference: SUSE:20000711 Security Hole in dhclient < 2.0
Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_56.html
Reference: NETBSD:NetBSD-SA2000-008
Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-008.txt.asc
Reference: BID:1388
Reference: URL:http://www.securityfocus.com/bid/1388
Reference: XF:openbsd-isc-dhcp
Reference: URL:http://xforce.iss.net/static/4772.php


Name: CVE-2000-0586

Description:
Buffer overflow in Dalnet IRC server 4.6.5 allows remote attackers to cause a denial of service or execute arbitrary commands via the SUMMON command.

Status: Entry
Reference: VULN-DEV:20000628 dalnet 4.6.5 remote vulnerability
Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2000-q2/1092.html
Reference: XF:ircd-dalnet-summon-bo
Reference: BID:1404
Reference: URL:http://www.securityfocus.com/bid/1404


Name: CVE-2000-0587

Description:
The privpath directive in glftpd 1.18 allows remote attackers to bypass access restrictions for directories by using the file name completion capability.

Status: Entry
Reference: XF:glftpd-privpath-directive
Reference: BUGTRAQ:20000626 Glftpd privpath bugs... +fix
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.10006261041360.31907-200000@twix.thrijswijk.nl
Reference: BUGTRAQ:20000627 Re: Glftpd privpath bugs... +fix
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0317.html
Reference: BID:1401
Reference: URL:http://www.securityfocus.com/bid/1401


Name: CVE-2000-0588

Description:
SawMill 5.0.21 CGI program allows remote attackers to read the first line of arbitrary files by listing the file in the rfcf parameter, whose contents SawMill attempts to parse as configuration commands.

Status: Entry
Reference: BUGTRAQ:20000626 sawmill5.0.21 old path bug & weak hash algorithm
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0271.html
Reference: BUGTRAQ:20000706 Patch for Flowerfire Sawmill Vulnerabilities Available
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0080.html
Reference: BID:1402
Reference: URL:http://www.securityfocus.com/bid/1402
Reference: XF:sawmill-file-access


Name: CVE-2000-0590

Description:
Poll It 2.0 CGI script allows remote attackers to read arbitrary files by specifying the file name in the data_dir parameter.

Status: Entry
Reference: BUGTRAQ:20000706 Vulnerability in Poll_It cgi v2.0
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0076.html
Reference: BID:1431
Reference: URL:http://www.securityfocus.com/bid/1431
Reference: XF:http-cgi-pollit-variable-overwrite(4878)
Reference: URL:http://xforce.iss.net/static/4878.php


Name: CVE-2000-0591

Description:
Novell BorderManager 3.0 and 3.5 allows remote attackers to bypass URL filtering by encoding characters in the requested URL.

Status: Entry
Reference: BUGTRAQ:20000705 Novell BorderManager 3.0 EE - Encoded URL rule bypass
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0038.html
Reference: BID:1432
Reference: URL:http://www.securityfocus.com/bid/1432
Reference: XF:bordermanager-bypass-url-restriction


Name: CVE-2000-0593

Description:
WinProxy 2.0 and 2.0.1 allows remote attackers to cause a denial of service by sending an HTTP GET request without listing an HTTP version number.

Status: Entry
Reference: BUGTRAQ:20000627 [SPSadvisory #37]WinProxy 2.0.0/2.0.1 DoS and Exploitable Buffer Overflow
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200006271417.GFE84146.-BJXON@lac.co.jp
Reference: XF:winproxy-get-dos(4831)
Reference: URL:http://xforce.iss.net/static/4831.php
Reference: BID:1400
Reference: URL:http://www.securityfocus.com/bid/1400


Name: CVE-2000-0594

Description:
BitchX IRC client does not properly cleanse an untrusted format string, which allows remote attackers to cause a denial of service via an invite to a channel whose name includes special formatting characters.

Status: Entry
Reference: VULN-DEV:20000704 BitchX /ignore bug
Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2000-q3/0018.html
Reference: BUGTRAQ:20000704 BitchX exploit possibly waiting to happen, certain DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0026.html
Reference: REDHAT:RHSA-2000:042
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-042.html
Reference: FREEBSD:FreeBSD-SA-00:32
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-07/0042.html
Reference: CALDERA:CSSA-2000-022.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-022.0.txt
Reference: BUGTRAQ:20000707 BitchX update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0105.html
Reference: BUGTRAQ:20000707 CONECTIVA LINUX SECURITY ANNOUNCEMENT - BitchX
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0098.html
Reference: BID:1436
Reference: URL:http://www.securityfocus.com/bid/1436
Reference: XF:irc-bitchx-invite-dos
Reference: URL:http://xforce.iss.net/static/4897.php


Name: CVE-2000-0595

Description:
libedit searches for the .editrc file in the current directory instead of the user's home directory, which may allow local users to execute arbitrary commands by installing a modified .editrc in another directory.

Status: Entry
Reference: FREEBSD:FreeBSD-SA-00:24
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-07/0035.html
Reference: BID:1437
Reference: URL:http://www.securityfocus.com/bid/1437
Reference: XF:bsd-libedit-editrc
Reference: OSVDB:1446
Reference: URL:http://www.osvdb.org/1446


Name: CVE-2000-0596

Description:
Internet Explorer 5.x does not warn a user before opening a Microsoft Access database file that is referenced within ActiveX OBJECT tags in an HTML document, which could allow remote attackers to execute arbitrary commands, aka the "IE Script" vulnerability.

Status: Entry
Reference: BUGTRAQ:20000627 IE 5 and Access 2000 vulnerability - executing programs
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=39589359.762392DB@nat.bg
Reference: BUGTRAQ:20000627 FW: IE 5 and Access 2000 vulnerability - executing programs
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=000d01bfe0fb$418f59b0$96217aa8@src.bu.edu
Reference: MS:MS00-049
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-049.asp
Reference: CERT:CA-2000-16
Reference: URL:http://www.cert.org/advisories/CA-2000-16.html
Reference: XF:ie-access-vba-code-execute
Reference: BID:1398
Reference: URL:http://www.securityfocus.com/bid/1398


Name: CVE-2000-0597

Description:
Microsoft Office 2000 (Excel and PowerPoint) and PowerPoint 97 are marked as safe for scripting, which allows remote attackers to force Internet Explorer or some email clients to save files to arbitrary locations via the Visual Basic for Applications (VBA) SaveAs function, aka the "Office HTML Script" vulnerability.

Status: Entry
Reference: BUGTRAQ:20000627 IE 5 and Excel 2000, PowerPoint 2000 vulnerability - executing programs
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=39589349.ED9DBCAB@nat.bg
Reference: MS:MS00-049
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-049.asp
Reference: BID:1399
Reference: URL:http://www.securityfocus.com/bid/1399
Reference: XF:ie-powerpoint-activex-object-execute


Name: CVE-2000-0598

Description:
Fortech Proxy+ allows remote attackers to bypass access restrictions for to the administration service by redirecting their connections through the telnet proxy.

Status: Entry
Reference: BUGTRAQ:20000626 Proxy+ Telnet Gateway Problems
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0268.html
Reference: MISC:http://www.proxyplus.cz/faq/articles/EN/art01002.htm
Reference: BID:1395
Reference: URL:http://www.securityfocus.com/bid/1395
Reference: XF:fortech-proxy-telnet-gateway


Name: CVE-2000-0599

Description:
Buffer overflow in iMesh 1.02 allows remote attackers to execute arbitrary commands via a long string to the iMesh port.

Status: Entry
Reference: BUGTRAQ:20000629 iMesh 1.02 vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0335.html
Reference: MISC:http://www.imesh.com/download/download.html
Reference: XF:imesh-tcp-port-overflow
Reference: BID:1407
Reference: URL:http://www.securityfocus.com/bid/1407


Name: CVE-2000-0600

Description:
Netscape Enterprise Server in NetWare 5.1 allows remote attackers to cause a denial of service or execute arbitrary commands via a malformed URL.

Status: Entry
Reference: BUGTRAQ:20000626 Netscape Enterprise Server for NetWare Virtual Directory Vulnerab ility
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0264.html
Reference: BID:1393
Reference: URL:http://www.securityfocus.com/bid/1393
Reference: XF:netscape-virtual-directory-bo(4780)
Reference: URL:http://xforce.iss.net/static/4780.php


Name: CVE-2000-0601

Description:
LeafChat 1.7 IRC client allows a remote IRC server to cause a denial of service by rapidly sending a large amount of error messages.

Status: Entry
Reference: BUGTRAQ:20000625 LeafChat Denial of Service
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.BSF.4.10.10006252056110.74551-100000@unix.za.net
Reference: CONFIRM:http://www.leafdigital.com/Software/leafChat/history.html
Reference: XF:irc-leafchat-dos
Reference: BID:1396
Reference: URL:http://www.securityfocus.com/bid/1396


Name: CVE-2000-0602

Description:
Secure Locate (slocate) in Red Hat Linux allows local users to gain privileges via a malformed configuration file that is specified in the LOCATE_PATH environmental variable.

Status: Entry
Reference: BUGTRAQ:20000621 rh 6.2 - gid compromises, etc
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.21.0006211209500.22969-100000@nimue.tpi.pl
Reference: XF:redhat-secure-locate-path
Reference: BID:1385
Reference: URL:http://www.securityfocus.com/bid/1385


Name: CVE-2000-0603

Description:
Microsoft SQL Server 7.0 allows a local user to bypass permissions for stored procedures by referencing them via a temporary stored procedure, aka the "Stored Procedure Permissions" vulnerability.

Status: Entry
Reference: MS:MS00-048
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-048.asp
Reference: BID:1444
Reference: URL:http://www.securityfocus.com/bid/1444
Reference: XF:mssql-procedure-perms
Reference: URL:http://xforce.iss.net/static/4921.php


Name: CVE-2000-0604

Description:
gkermit in Red Hat Linux is improperly installed with setgid uucp, which allows local users to modify files owned by uucp.

Status: Entry
Reference: BUGTRAQ:20000621 rh 6.2 - gid compromises, etc
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.21.0006211209500.22969-100000@nimue.tpi.pl
Reference: BID:1383
Reference: URL:http://www.securityfocus.com/bid/1383
Reference: XF:redhat-gkermit


Name: CVE-2000-0610

Description:
NetWin dMailWeb and cwMail 2.6g and earlier allows remote attackers to bypass authentication and use the server for mail relay via a username that contains a carriage return.

Status: Entry
Reference: BUGTRAQ:20000623 NetWin dMailWeb Unrestricted Mail Relay
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0243.html
Reference: BID:1390
Reference: URL:http://www.securityfocus.com/bid/1390
Reference: XF:netwin-dmailweb-newline
Reference: URL:http://xforce.iss.net/static/4770.php


Name: CVE-2000-0611

Description:
The default configuration of NetWin dMailWeb and cwMail trusts all POP servers, which allows attackers to bypass normal authentication and cause a denial of service.

Status: Entry
Reference: BUGTRAQ:20000623 NetWin dMailWeb Unrestricted Mail Relay
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0243.html
Reference: BID:1391
Reference: URL:http://www.securityfocus.com/bid/1391
Reference: XF:netwin-dmailweb-auth
Reference: URL:http://xforce.iss.net/static/4771.php


Name: CVE-2000-0613

Description:
Cisco Secure PIX Firewall does not properly identify forged TCP Reset (RST) packets, which allows remote attackers to force the firewall to close legitimate connections.

Status: Entry
Reference: BUGTRAQ:20000320 PIX DMZ Denial of Service - TCP Resets
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=B3D6883199DBD311868100A0C9FC2CDC046B72@protea.citec.net
Reference: CISCO:20000711 Cisco Secure PIX Firewall TCP Reset Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/pixtcpreset-pub.shtml
Reference: BID:1454
Reference: URL:http://www.securityfocus.com/bid/1454
Reference: XF:cisco-pix-firewall-tcp
Reference: URL:http://xforce.iss.net/static/4928.php
Reference: OSVDB:1457
Reference: URL:http://www.osvdb.org/1457


Name: CVE-2000-0615

Description:
LPRng 3.6.x improperly installs lpd as setuid root, which can allow local users to append lpd trace and logging messages to files.

Status: Entry
Reference: BUGTRAQ:20000709 LPRng lpd should not be SETUID root
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0117.html
Reference: BID:1447
Reference: URL:http://www.securityfocus.com/bid/1447
Reference: XF:lpd-suid-root(7361)
Reference: URL:http://xforce.iss.net/static/7361.php


Name: CVE-2000-0616

Description:
Vulnerability in HP TurboIMAGE DBUTIL allows local users to gain additional privileges via DBUTIL.PUB.SYS.

Status: Entry
Reference: HP:HPSBMP0006-007
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0294.html
Reference: BID:1405
Reference: URL:http://www.securityfocus.com/bid/1405
Reference: XF:hp-turboimage-dbutil


Name: CVE-2000-0619

Description:
Top Layer AppSwitch 2500 allows remote attackers to cause a denial of service via malformed ICMP packets.

Status: Entry
Reference: VULN-DEV:20000520 TopLayer layer 7 switch Advisory
Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2000-q2/0680.html
Reference: VULN-DEV:20000614 Update on TopLayer Advisory
Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2000-q2/0921.html
Reference: BID:1258
Reference: URL:http://www.securityfocus.com/bid/1258
Reference: XF:toplayer-icmp-dos(7364)
Reference: URL:http://xforce.iss.net/static/7364.php


Name: CVE-2000-0620

Description:
libX11 X library allows remote attackers to cause a denial of service via a resource mask of 0, which causes libX11 to go into an infinite loop.

Status: Entry
Reference: BUGTRAQ:20000619 XFree86: Various nasty libX11 holes
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96146116627474&w=2
Reference: BID:1409
Reference: URL:http://www.securityfocus.com/bid/1409
Reference: XF:libx11-infinite-loop-dos(4996)
Reference: URL:http://xforce.iss.net/static/4996.php


Name: CVE-2000-0621

Description:
Microsoft Outlook 98 and 2000, and Outlook Express 4.0x and 5.0x, allow remote attackers to read files on the client's system via a malformed HTML message that stores files outside of the cache, aka the "Cache Bypass" vulnerability.

Status: Entry
Reference: MS:MS00-046
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-046.asp
Reference: CERT:CA-2000-14
Reference: URL:http://www.cert.org/advisories/CA-2000-14.html
Reference: BID:1501
Reference: URL:http://www.securityfocus.com/bid/1501
Reference: XF:outlook-cache-bypass
Reference: URL:http://xforce.iss.net/static/5013.php


Name: CVE-2000-0622

Description:
Buffer overflow in Webfind CGI program in O'Reilly WebSite Professional web server 2.x allows remote attackers to execute arbitrary commands via a URL containing a long "keywords" parameter.

Status: Entry
Reference: NAI:20000719 O'Reilly WebSite Professional Overflow
Reference: URL:http://www.nai.com/research/covert/advisories/043.asp
Reference: CONFIRM:http://website.oreilly.com/support/software/wspro25_releasenotes.txt
Reference: XF:website-webfind-bo(4962)
Reference: URL:http://xforce.iss.net/static/4962.php
Reference: BID:1487
Reference: URL:http://www.securityfocus.com/bid/1487


Name: CVE-2000-0624

Description:
Buffer overflow in Winamp 2.64 and earlier allows remote attackers to execute arbitrary commands via a long #EXTINF: extension in the M3U playlist.

Status: Entry
Reference: BUGTRAQ:20000720 Winamp M3U playlist parser buffer overflow security vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0289.html
Reference: CONFIRM:http://www.winamp.com/getwinamp/newfeatures.jhtml
Reference: BID:1496
Reference: URL:http://www.securityfocus.com/bid/1496
Reference: XF:winamp-playlist-parser-bo
Reference: URL:http://xforce.iss.net/static/4956.php


Name: CVE-2000-0627

Description:
BlackBoard CourseInfo 4.0 does not properly authenticate users, which allows local users to modify CourseInfo database information and gain privileges by directly calling the supporting CGI programs such as user_update_passwd.pl and user_update_admin.pl.

Status: Entry
Reference: BUGTRAQ:20000718 Blackboard Courseinfo v4.0 User Authentication
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0254.html
Reference: BUGTRAQ:20000719 Security Fix for Blackboard CourseInfo 4.0
Reference: URL:http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3D20000719151904.I17986@securityfocus.com
Reference: BID:1486
Reference: URL:http://www.securityfocus.com/bid/1486
Reference: XF:blackboard-courseinfo-dbase-modification
Reference: URL:http://xforce.iss.net/static/4946.php


Name: CVE-2000-0628

Description:
The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.

Status: Entry
Reference: BUGTRAQ:20000710 ANNOUNCE Apache::ASP v1.95 - Security Hole Fixed
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0142.html
Reference: CONFIRM:http://www.nodeworks.com/asp/changes.html
Reference: BID:1457
Reference: URL:http://www.securityfocus.com/bid/1457
Reference: XF:apache-source-asp-file-write
Reference: URL:http://xforce.iss.net/static/4931.php


Name: CVE-2000-0630

Description:
IIS 4.0 and 5.0 allows remote attackers to obtain fragments of source code by appending a +.htr to the URL, a variant of the "File Fragment Reading via .HTR" vulnerability.

Status: Entry
Reference: MS:MS00-044
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-044.asp
Reference: BID:1488
Reference: URL:http://www.securityfocus.com/bid/1488
Reference: XF:iis-htr-obtain-code
Reference: URL:http://xforce.iss.net/static/5104.php


Name: CVE-2000-0631

Description:
An administrative script from IIS 3.0, later included in IIS 4.0 and 5.0, allows remote attackers to cause a denial of service by accessing the script without a particular argument, aka the "Absent Directory Browser Argument" vulnerability.

Status: Entry
Reference: BUGTRAQ:20000718 ISBASE Security Advisory(SA2000-02)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96390444022878&w=2
Reference: MS:MS00-044
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-044.asp
Reference: BID:1476
Reference: URL:http://www.securityfocus.com/bid/1476
Reference: XF:iis-absent-directory-dos
Reference: URL:http://xforce.iss.net/static/4951.php


Name: CVE-2000-0632

Description:
Buffer overflow in the web archive component of L-Soft Listserv 1.8d and earlier allows remote attackers to execute arbitrary commands via a long query string.

Status: Entry
Reference: NAI:20000717 [COVERT-2000-07] LISTSERV Web Archive Remote Overflow
Reference: URL:http://www.nai.com/nai_labs/asp_set/advisory/43_Advisory.asp
Reference: CONFIRM:http://www.lsoft.com/news/default.asp?item=Advisory1
Reference: BID:1490
Reference: URL:http://www.securityfocus.com/bid/1490
Reference: XF:lsoft-listserv-querystring-bo
Reference: URL:http://xforce.iss.net/static/4952.php


Name: CVE-2000-0633

Description:
Vulnerability in Mandrake Linux usermode package allows local users to to reboot or halt the system.

Status: Entry
Reference: REDHAT:RHSA-2000:053
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-053.html
Reference: BUGTRAQ:20000718 MDKSA-2000:020 usermode update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0251.html
Reference: BUGTRAQ:20000812 Conectiva Linux security announcement - usermode
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0117.html
Reference: BID:1489
Reference: URL:http://www.securityfocus.com/bid/1489
Reference: XF:linux-usermode-dos
Reference: URL:http://xforce.iss.net/static/4944.php


Name: CVE-2000-0634

Description:
The web administration interface for CommuniGate Pro 3.2.5 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack.

Status: Entry
Reference: BUGTRAQ:20000717 S21SEC-003: Vulnerabilities in CommuniGate Pro v3.2.4
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0223.html
Reference: BID:1493
Reference: URL:http://www.securityfocus.com/bid/1493
Reference: XF:communigate-pro-file-read
Reference: URL:http://xforce.iss.net/static/5105.php
Reference: OSVDB:5774
Reference: URL:http://www.osvdb.org/5774


Name: CVE-2000-0635

Description:
The view_page.html sample page in the MiniVend shopping cart program allows remote attackers to execute arbitrary commands via shell metacharacters.

Status: Entry
Reference: BUGTRAQ:20000711 Akopia MiniVend Piped Command Execution Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0150.html
Reference: CONFIRM:http://www.zdnet.com/zdnn/stories/news/0,4586,2600258,00.html
Reference: BID:1449
Reference: URL:http://www.securityfocus.com/bid/1449
Reference: XF:minivend-viewpage-sample
Reference: URL:http://xforce.iss.net/static/4880.php


Name: CVE-2000-0636

Description:
HP JetDirect printers versions G.08.20 and H.08.20 and earlier allow remote attackers to cause a denial of service via a malformed FTP quote command.

Status: Entry
Reference: BUGTRAQ:20000719 HP Jetdirect - Invalid FTP Command DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0265.html
Reference: BID:1491
Reference: URL:http://www.securityfocus.com/bid/1491
Reference: XF:hp-jetdirect-quote-dos
Reference: URL:http://xforce.iss.net/static/4947.php


Name: CVE-2000-0637

Description:
Microsoft Excel 97 and 2000 allows an attacker to execute arbitrary commands by specifying a malicious .dll using the Register.ID function, aka the "Excel REGISTER.ID Function" vulnerability.

Status: Entry
Reference: BUGTRAQ:20000711 Excel 2000 vulnerability - executing programs
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=396B3F8F.9244D290@nat.bg
Reference: MS:MS00-051
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-051.asp
Reference: BID:1451
Reference: URL:http://www.securityfocus.com/bid/1451
Reference: XF:excel-register-function
Reference: URL:http://xforce.iss.net/static/5016.php


Name: CVE-2000-0638

Description:
bb-hostsvc.sh in Big Brother 1.4h1 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack on the HOSTSVC parameter.

Status: Entry
Reference: BUGTRAQ:20000711 BIG BROTHER EXPLOIT
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0146.html
Reference: BUGTRAQ:20000711 REMOTE EXPLOIT IN ALL CURRENT VERSIONS OF BIG BROTHER
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0147.html
Reference: CONFIRM:http://bb4.com/README.CHANGES
Reference: BID:1455
Reference: URL:http://www.securityfocus.com/bid/1455
Reference: XF:http-cgi-bigbrother-bbhostsvc
Reference: URL:http://xforce.iss.net/static/4879.php


Name: CVE-2000-0639

Description:
The default configuration of Big Brother 1.4h2 and earlier does not include proper access restrictions, which allows remote attackers to execute arbitrary commands by using bbd to upload a file whose extension will cause it to be executed as a CGI script by the web server.

Status: Entry
Reference: BUGTRAQ:20000711 Big Brother filename extension vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0171.html
Reference: BID:1494
Reference: URL:http://www.securityfocus.com/bid/1494
Reference: XF:big-brother-filename-extension
Reference: URL:http://xforce.iss.net/static/5103.php
Reference: OSVDB:1472
Reference: URL:http://www.osvdb.org/1472


Name: CVE-2000-0640

Description:
Guild FTPd allows remote attackers to determine the existence of files outside the FTP root via a .. (dot dot) attack, which provides different error messages depending on whether the file exists or not.

Status: Entry
Reference: BUGTRAQ:20000708 gnu-pop3d (FTGate problem), Savant Webserver, Guild FTPd
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0114.html
Reference: BID:1452
Reference: URL:http://www.securityfocus.com/bid/1452
Reference: XF:guild-ftpd-disclosure
Reference: URL:http://xforce.iss.net/static/4922.php
Reference: OSVDB:573
Reference: URL:http://www.osvdb.org/573


Name: CVE-2000-0641

Description:
Savant web server allows remote attackers to execute arbitrary commands via a long GET request.

Status: Entry
Reference: BUGTRAQ:20000708 gnu-pop3d (FTGate problem), Savant Webserver, Guild FTPd
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0114.html
Reference: BID:1453
Reference: URL:http://www.securityfocus.com/bid/1453
Reference: XF:savant-get-bo
Reference: URL:http://xforce.iss.net/static/4901.php


Name: CVE-2000-0642

Description:
The default configuration of WebActive HTTP Server 1.00 stores the web access log active.log in the document root, which allows remote attackers to view the logs by directly requesting the page.

Status: Entry
Reference: BUGTRAQ:20000711 Lame DoS in WEBactive win65/NT server
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200007130827.BAA32671@Rage.Resentment.org
Reference: BID:1497
Reference: URL:http://www.securityfocus.com/bid/1497
Reference: XF:webactive-active-log
Reference: URL:http://xforce.iss.net/static/5184.php


Name: CVE-2000-0643

Description:
Buffer overflow in WebActive HTTP Server 1.00 allows remote attackers to cause a denial of service via a long URL.

Status: Entry
Reference: BUGTRAQ:20000711 Lame DoS in WEBactive win65/NT server
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200007130827.BAA32671@Rage.Resentment.org
Reference: BID:1470
Reference: URL:http://www.securityfocus.com/bid/1470
Reference: XF:webactive-long-get-dos
Reference: URL:http://xforce.iss.net/static/4949.php


Name: CVE-2000-0644

Description:
WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of service by executing a STAT command while the LIST command is still executing.

Status: Entry
Reference: BUGTRAQ:20000721 WFTPD/WFTPD Pro 2.41 RC11 vulnerabilities.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0295.html
Reference: BID:1506
Reference: URL:http://www.securityfocus.com/bid/1506
Reference: XF:wftpd-stat-dos
Reference: URL:http://xforce.iss.net/static/5003.php
Reference: OSVDB:1477
Reference: URL:http://www.osvdb.org/1477


Name: CVE-2000-0650

Description:
The default installation of VirusScan 4.5 and NetShield 4.5 has insecure permissions for the registry key that identifies the AutoUpgrade directory, which allows local users to execute arbitrary commands by replacing SETUP.EXE in that directory with a Trojan Horse.

Status: Entry
Reference: NTBUGTRAQ:20000711 Potential Vulnerability in McAfee Netshield and VirusScan 4.5
Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0007&L=ntbugtraq&F=&S=&P=2753
Reference: BID:1458
Reference: URL:http://www.securityfocus.com/bid/1458
Reference: XF:nai-virusscan-netshield-autoupgrade(5177)
Reference: URL:http://xforce.iss.net/xforce/xfdb/5177
Reference: OSVDB:1458
Reference: URL:http://www.osvdb.org/1458
Reference: OSVDB:4200
Reference: URL:http://www.osvdb.org/4200


Name: CVE-2000-0651

Description:
The ClientTrust program in Novell BorderManager does not properly verify the origin of authentication requests, which could allow remote attackers to impersonate another user by replaying the authentication requests and responses from port 3024 of the victim's machine.

Status: Entry
Reference: BUGTRAQ:20000707 Novell Border Manger - Anyone can pose as an authenticated user
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=06256915.00591E18.00@uprrsmtp2.notes.up.com
Reference: BID:1440
Reference: URL:http://www.securityfocus.com/bid/1440
Reference: XF:novell-bordermanager-verification
Reference: URL:http://xforce.iss.net/static/5186.php


Name: CVE-2000-0652

Description:
IBM WebSphere allows remote attackers to read source code for executable web files by directly calling the default InvokerServlet using a URL which contains the "/servlet/file" string.

Status: Entry
Reference: BUGTRAQ:20000723 IBM WebSphere default servlet handler showcode vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0342.html
Reference: BID:1500
Reference: URL:http://www.securityfocus.com/bid/1500
Reference: XF:websphere-showcode
Reference: URL:http://xforce.iss.net/static/5012.php


Name: CVE-2000-0654

Description:
Microsoft Enterprise Manager allows local users to obtain database passwords via the Data Transformation Service (DTS) package Registered Servers Dialog dialog, aka a variant of the "DTS Password" vulnerability.

Status: Entry
Reference: MS:MS00-041
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-041.asp
Reference: BID:1466
Reference: URL:http://www.securityfocus.com/bid/1466
Reference: XF:mssql-dts-reveal-passwords
Reference: URL:http://xforce.iss.net/static/4582.php


Name: CVE-2000-0655

Description:
Netscape Communicator 4.73 and earlier allows remote attackers to cause a denial of service or execute arbitrary commands via a JPEG image containing a comment with an illegal field length of 1.

Status: Entry
Reference: BUGTRAQ:20000724 JPEG COM Marker Processing Vulnerability in Netscape Browsers
Reference: URL:http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3D200007242356.DAA01274%40false.com
Reference: REDHAT:RHSA-2000:046
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-046.html
Reference: SUSE:20000823 Security Hole in Netscape, Versions 4.x, possibly others
Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_60.html
Reference: TURBO:TLSA2000017-1
Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2000-August/000016.html
Reference: NETBSD:NetBSD-SA2000-011
Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-011.txt.asc
Reference: FREEBSD:FreeBSD-SA-00:39
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:39.netscape.asc
Reference: BUGTRAQ:20000801 MDKSA-2000:027-1 netscape update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0456.html
Reference: BUGTRAQ:20000810 Conectiva Linux Security Announcement - netscape
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0116.html
Reference: BID:1503
Reference: URL:http://www.securityfocus.com/bid/1503
Reference: XF:netscape-jpg-comment


Name: CVE-2000-0660

Description:
The WDaemon web server for WorldClient 2.1 allows remote attackers to read arbitrary files via a .. (dot dot) attack.

Status: Entry
Reference: BUGTRAQ:20000712 Infosec.20000712.worldclient.2.1
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0173.html
Reference: CONFIRM:http://www.altn.com/Downloads/WorldClient/Release/RelNotes.txt
Reference: BID:1462
Reference: URL:http://www.securityfocus.com/bid/1462
Reference: XF:worldclient-dir-traverse
Reference: URL:http://xforce.iss.net/static/4913.php
Reference: OSVDB:1459
Reference: URL:http://www.osvdb.org/1459


Name: CVE-2000-0661

Description:
WircSrv IRC Server 5.07s allows remote attackers to cause a denial of service via a long string to the server port.

Status: Entry
Reference: BUGTRAQ:20000710 Remote DoS Attack in WircSrv Irc Server v5.07s Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0120.html
Reference: BID:1448
Reference: URL:http://www.securityfocus.com/bid/1448
Reference: XF:wircsrv-character-flood-dos
Reference: URL:http://xforce.iss.net/static/4914.php


Name: CVE-2000-0662

Description:
Internet Explorer 5.x and Microsoft Outlook allows remote attackers to read arbitrary files by redirecting the contents of an IFRAME using the DHTML Edit Control (DHTMLED).

Status: Entry
Reference: BUGTRAQ:20000714 IE 5.5 and 5.01 vulnerability - reading at least local and from any host text and parsed html files
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=396EF9D5.62EEC625@nat.bg
Reference: BID:1474
Reference: URL:http://www.securityfocus.com/bid/1474
Reference: XF:ie-dhtmled-file-read(5107)
Reference: URL:http://xforce.iss.net/static/5107.php


Name: CVE-2000-0663

Description:
The registry entry for the Windows Shell executable (Explorer.exe) in Windows NT and Windows 2000 uses a relative path name, which allows local users to execute arbitrary commands by inserting a Trojan Horse named Explorer.exe into the %Systemdrive% directory, aka the "Relative Shell Path" vulnerability.

Status: Entry
Reference: MS:MS00-052
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-052.asp
Reference: MSKB:Q269049
Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=269049
Reference: BID:1507
Reference: URL:http://www.securityfocus.com/bid/1507
Reference: XF:explorer-relative-path-name
Reference: URL:http://xforce.iss.net/static/5040.php


Name: CVE-2000-0664

Description:
AnalogX SimpleServer:WWW 1.06 and earlier allows remote attackers to read arbitrary files via a modified .. (dot dot) attack that uses the %2E URL encoding for the dots.

Status: Entry
Reference: BUGTRAQ:20000726 AnalogX "SimpleServer:WWW" dot dot bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0374.html
Reference: CONFIRM:http://www.analogx.com/contents/download/network/sswww.htm
Reference: BID:1508
Reference: URL:http://www.securityfocus.com/bid/1508
Reference: XF:analogx-simpleserver-directory-path
Reference: URL:http://xforce.iss.net/static/4999.php
Reference: OSVDB:388
Reference: URL:http://www.osvdb.org/388


Name: CVE-2000-0665

Description:
GAMSoft TelSrv telnet server 1.5 and earlier allows remote attackers to cause a denial of service via a long username.

Status: Entry
Reference: NTBUGTRAQ:20000717 DoS in Gamsoft TelSrv telnet server for MS Windows 95/98/NT/2k.
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0031.html
Reference: NTBUGTRAQ:20000729 TelSrv Reveals Usernames & Passwords After DoS Attack
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0056.html
Reference: BID:1478
Reference: URL:http://www.securityfocus.com/bid/1478
Reference: XF:gamsoft-telsrv-dos
Reference: URL:http://xforce.iss.net/static/4945.php
Reference: OSVDB:373
Reference: URL:http://www.osvdb.org/373


Name: CVE-2000-0666

Description:
rpc.statd in the nfs-utils package in various Linux distributions does not properly cleanse untrusted format strings, which allows remote attackers to gain root privileges.

Status: Entry
Reference: BUGTRAQ:20000716 Lots and lots of fun with rpc.statd
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0206.html
Reference: DEBIAN:20000719a
Reference: REDHAT:RHSA-2000:043
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-043.html
Reference: BUGTRAQ:20000717 CONECTIVA LINUX SECURITY ANNOUNCEMENT - nfs-utils
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0230.html
Reference: BUGTRAQ:20000718 Trustix Security Advisory - nfs-utils
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0236.html
Reference: BUGTRAQ:20000718 [Security Announce] MDKSA-2000:021 nfs-utils update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0260.html
Reference: CALDERA:CSSA-2000-025.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-025.0.txt
Reference: CERT:CA-2000-17
Reference: URL:http://www.cert.org/advisories/CA-2000-17.html
Reference: BID:1480
Reference: URL:http://www.securityfocus.com/bid/1480
Reference: XF:linux-rpcstatd-format-overwrite
Reference: URL:http://xforce.iss.net/static/4939.php


Name: CVE-2000-0668

Description:
pam_console PAM module in Linux systems allows a user to access the system console and reboot the system when a display manager such as gdm or kdm has XDMCP enabled.

Status: Entry
Reference: REDHAT:RHSA-2000:044
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-044.html
Reference: BUGTRAQ:20000727 CONECTIVA LINUX SECURITY ANNOUNCEMENT - PAM
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0398.html
Reference: BUGTRAQ:20000801 MDKSA-2000:029 pam update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0455.html
Reference: BID:1513
Reference: URL:http://www.securityfocus.com/bid/1513
Reference: XF:linux-pam-console
Reference: URL:http://xforce.iss.net/static/5001.php


Name: CVE-2000-0669

Description:
Novell NetWare 5.0 allows remote attackers to cause a denial of service by flooding port 40193 with random data.

Status: Entry
Reference: BUGTRAQ:20000711 Remote Denial Of Service -- NetWare 5.0 with SP 5
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=000501bfeab5$9330c3d0$d801a8c0@dimuthu.baysidegrp.com.au
Reference: BID:1467
Reference: URL:http://www.securityfocus.com/bid/1467
Reference: XF:netware-port40193-dos


Name: CVE-2000-0670

Description:
The cvsweb CGI script in CVSWeb 1.80 allows remote attackers with write access to a CVS repository to execute arbitrary commands via shell metacharacters.

Status: Entry
Reference: BUGTRAQ:20000712 cvsweb: remote shell for cvs committers
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0178.html
Reference: BUGTRAQ:20000714 MDKSA-2000:019 cvsweb update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0196.html
Reference: DEBIAN:20000719b
Reference: FREEBSD:FreeBSD-SA-00:37
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:37.cvsweb.asc
Reference: TURBO:TLSA2000016-1
Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2000-August/000015.html
Reference: BID:1469
Reference: URL:http://www.securityfocus.com/bid/1469
Reference: XF:cvsweb-shell-access
Reference: URL:http://xforce.iss.net/static/4925.php


Name: CVE-2000-0671

Description:
Roxen web server earlier than 2.0.69 allows allows remote attackers to bypass access restrictions, list directory contents, and read source code by inserting a null character (%00) to the URL.

Status: Entry
Reference: BUGTRAQ:20000721 Roxen security alert: Problems with URLs containing null characters.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0321.html
Reference: BUGTRAQ:20000721 Roxen Web Server Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0307.html
Reference: BID:1510
Reference: URL:http://www.securityfocus.com/bid/1510
Reference: XF:roxen-null-char-url
Reference: URL:http://xforce.iss.net/static/4965.php


Name: CVE-2000-0672

Description:
The default configuration of Jakarta Tomcat does not restrict access to the /admin context, which allows remote attackers to read arbitrary files by directly calling the administrative servlets to add a context for the root directory.

Status: Entry
Reference: BUGTRAQ:20000721 Jakarta-tomcat.../admin
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0309.html
Reference: BID:1548
Reference: URL:http://www.securityfocus.com/bid/1548
Reference: XF:jakarta-tomcat-admin
Reference: URL:http://xforce.iss.net/static/5160.php


Name: CVE-2000-0673

Description:
The NetBIOS Name Server (NBNS) protocol does not perform authentication, which allows remote attackers to cause a denial of service by sending a spoofed Name Conflict or Name Release datagram, aka the "NetBIOS Name Server Protocol Spoofing" vulnerability.

Status: Entry
Reference: NAI:20000727 Windows NetBIOS Name Conflicts
Reference: URL:http://www.nai.com/research/covert/advisories/044.asp
Reference: MS:MS00-047
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-047.asp
Reference: BID:1514
Reference: URL:http://www.securityfocus.com/bid/1514
Reference: BID:1515
Reference: URL:http://www.securityfocus.com/bid/1515
Reference: XF:netbios-name-server-spoofing
Reference: URL:http://xforce.iss.net/static/5035.php


Name: CVE-2000-0674

Description:
ftp.pl CGI program for Virtual Visions FTP browser allows remote attackers to read directories outside of the document root via a .. (dot dot) attack.

Status: Entry
Reference: BUGTRAQ:20000712 ftp.pl vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0177.html
Reference: BID:1471
Reference: URL:http://www.securityfocus.com/bid/1471
Reference: XF:virtualvision-ftp-browser
Reference: URL:http://xforce.iss.net/static/5187.php


Name: CVE-2000-0675

Description:
Buffer overflow in Infopulse Gatekeeper 3.5 and earlier allows remote attackers to execute arbitrary commands via a long string.

Status: Entry
Reference: BUGTRAQ:20000713 The MDMA Crew's GateKeeper Exploit
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=00af01bfece2$a52cbd80$367e1ec4@kungphusion
Reference: BID:1477
Reference: URL:http://www.securityfocus.com/bid/1477
Reference: XF:gatekeeper-long-string-bo
Reference: URL:http://xforce.iss.net/static/4948.php


Name: CVE-2000-0676

Description:
Netscape Communicator and Navigator 4.04 through 4.74 allows remote attackers to read arbitrary files by using a Java applet to open a connection to a URL using the "file", "http", "https", and "ftp" protocols, as demonstrated by Brown Orifice.

Status: Entry
Reference: BUGTRAQ:20000804 Dangerous Java/Netscape Security Hole
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0019.html
Reference: REDHAT:RHSA-2000:054
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-054.html
Reference: CALDERA:CSSA-2000-027.1
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-027.1.txt
Reference: FREEBSD:FreeBSD-SA-00:39
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:39.netscape.asc
Reference: SUSE:20000823 Security Hole in Netscape, Versions 4.x, possibly others
Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_60.html
Reference: BUGTRAQ:20000810 MDKSA-2000:033 Netscape Java vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0115.html
Reference: BUGTRAQ:20000821 MDKSA-2000:036 - netscape update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0265.html
Reference: BUGTRAQ:20000818 Conectiva Linux Security Announcement - netscape
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0236.html
Reference: CERT:CA-2000-15
Reference: URL:http://www.cert.org/advisories/CA-2000-15.html
Reference: BID:1546
Reference: URL:http://www.securityfocus.com/bid/1546
Reference: XF:java-brownorifice


Name: CVE-2000-0677

Description:
Buffer overflow in IBM Net.Data db2www CGI program allows remote attackers to execute arbitrary commands via a long PATH_INFO environmental variable.

Status: Entry
Reference: ISS:20000907 Buffer Overflow in IBM Net.Data db2www CGI program.
Reference: URL:http://xforce.iss.net/alerts/advise60.php
Reference: XF:ibm-netdata-db2www-bo
Reference: URL:http://xforce.iss.net/static/4976.php


Name: CVE-2000-0678

Description:
PGP 5.5.x through 6.5.3 does not properly check if an Additional Decryption Key (ADK) is stored in the signed portion of a public certificate, which allows an attacker who can modify a victim's public certificate to decrypt any data that has been encrypted with the modified certificate.

Status: Entry
Reference: CERT:CA-2000-18
Reference: URL:http://www.cert.org/advisories/CA-2000-18.html
Reference: BID:1606
Reference: URL:http://www.securityfocus.com/bid/1606
Reference: OSVDB:4354
Reference: URL:http://www.osvdb.org/4354


Name: CVE-2000-0679

Description:
The CVS 1.10.8 client trusts pathnames that are provided by the CVS server, which allows the server to force the client to create arbitrary files.

Status: Entry
Reference: BUGTRAQ:20000728 cvs security problem
Reference: URL:http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3Dhvou2daoebb.fsf%40serein.m17n.org
Reference: BID:1523
Reference: URL:http://www.securityfocus.com/bid/1523
Reference: XF:cvs-client-creates-file


Name: CVE-2000-0681

Description:
Buffer overflow in BEA WebLogic server proxy plugin allows remote attackers to execute arbitrary commands via a long URL with a .JSP extension.

Status: Entry
Reference: BUGTRAQ:20000815 BEA Weblogic server proxy library vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0186.html
Reference: BID:1570
Reference: URL:http://www.securityfocus.com/bid/1570
Reference: XF:weblogic-plugin-bo


Name: CVE-2000-0682

Description:
BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /ConsoleHelp/ into the URL, which invokes the FileServlet.

Status: Entry
Reference: BUGTRAQ:20000728 BEA's WebLogic force handlers show code vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0410.html
Reference: CONFIRM:http://developer.bea.com/alerts/security_000731.html
Reference: BID:1518
Reference: URL:http://www.securityfocus.com/bid/1518
Reference: XF:weblogic-fileservlet-show-code
Reference: OSVDB:1481
Reference: URL:http://www.osvdb.org/1481


Name: CVE-2000-0683

Description:
BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /*.shtml/ into the URL, which invokes the SSIServlet.

Status: Entry
Reference: BUGTRAQ:20000728 BEA's WebLogic force handlers show code vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0410.html
Reference: CONFIRM:http://developer.bea.com/alerts/security_000728.html
Reference: BID:1517
Reference: URL:http://www.securityfocus.com/bid/1517
Reference: OSVDB:1480
Reference: URL:http://www.osvdb.org/1480


Name: CVE-2000-0684

Description:
BEA WebLogic 5.1.x does not properly restrict access to the JSPServlet, which could allow remote attackers to compile and execute Java JSP code by directly invoking the servlet on any source file.

Status: Entry
Reference: BUGTRAQ:20000731 BEA's WebLogic *.jsp/*.jhtml remote command execution
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0434.html
Reference: CONFIRM:http://developer.bea.com/alerts/security_000731.html
Reference: BID:1525
Reference: URL:http://www.securityfocus.com/bid/1525
Reference: XF:html-malicious-tags


Name: CVE-2000-0685

Description:
BEA WebLogic 5.1.x does not properly restrict access to the PageCompileServlet, which could allow remote attackers to compile and execute Java JHTML code by directly invoking the servlet on any source file.

Status: Entry
Reference: BUGTRAQ:20000731 BEA's WebLogic *.jsp/*.jhtml remote command execution
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0434.html
Reference: CONFIRM:http://developer.bea.com/alerts/security_000731.html
Reference: BID:1525
Reference: URL:http://www.securityfocus.com/bid/1525
Reference: XF:html-malicious-tags


Name: CVE-2000-0693

Description:
pgxconfig in the Raptor GFX configuration tool uses a relative path name for a system call to the "cp" program, which allows local users to execute arbitrary commands by modifying their path to point to an alternate "cp" program.

Status: Entry
Reference: BUGTRAQ:20000802 Local root compromise in PGX Config Sun Sparc Solaris
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0463.html
Reference: BID:1563
Reference: URL:http://www.securityfocus.com/bid/1563
Reference: OSVDB:1501
Reference: URL:http://www.osvdb.org/1501


Name: CVE-2000-0694

Description:
pgxconfig in the Raptor GFX configuration tool allows local users to gain privileges via a symlink attack.

Status: Entry
Reference: BUGTRAQ:20000802 Local root compromise in PGX Config Sun Sparc Solaris
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0463.html
Reference: OSVDB:5740
Reference: URL:http://www.osvdb.org/5740


Name: CVE-2000-0698

Description:
Minicom 1.82.1 and earlier on some Linux systems allows local users to create arbitrary files owned by the uucp user via a symlink attack.

Status: Entry
Reference: BUGTRAQ:20000819 RH 6.1 / 6.2 minicom vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/77361
Reference: BID:1599
Reference: URL:http://www.securityfocus.com/bid/1599
Reference: XF:minicom-capture-groupown
Reference: URL:http://xforce.iss.net/static/5151.php


Name: CVE-2000-0699

Description:
Format string vulnerability in ftpd in HP-UX 10.20 allows remote attackers to cause a denial of service or execute arbitrary commands via format strings in the PASS command.

Status: Entry
Reference: BUGTRAQ:20000806 HPUX FTPd vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0028.html
Reference: BID:1560
Reference: URL:http://www.securityfocus.com/bid/1560


Name: CVE-2000-0700

Description:
Cisco Gigabit Switch Routers (GSR) with Fast Ethernet / Gigabit Ethernet cards, from IOS versions 11.2(15)GS1A up to 11.2(19)GS0.2 and some versions of 12.0, do not properly handle line card failures, which allows remote attackers to bypass ACLs or force the interface to stop forwarding packets.

Status: Entry
Reference: CISCO:20000803 Possible Access Control Bypass and Denial of Service in Gigabit Switch Routers Using Gigabit Ethernet or Fast Ethernet Cards
Reference: URL:http://www.cisco.com/warp/public/707/gsraclbypassdos-pub.shtml
Reference: BID:1541
Reference: URL:http://www.securityfocus.com/bid/1541
Reference: OSVDB:793
Reference: URL:http://www.osvdb.org/793
Reference: OSVDB:798
Reference: URL:http://www.osvdb.org/798


Name: CVE-2000-0702

Description:
The net.init rc script in HP-UX 11.00 (S008net.init) allows local users to overwrite arbitrary files via a symlink attack that points from /tmp/stcp.conf to the targeted file.

Status: Entry
Reference: BUGTRAQ:20000821 [HackersLab bugpaper] HP-UX net.init rc script
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0261.html
Reference: BID:1602
Reference: URL:http://www.securityfocus.com/bid/1602
Reference: XF:hp-netinit-symlink
Reference: URL:http://xforce.iss.net/static/5131.php


Name: CVE-2000-0703

Description:
suidperl (aka sperl) does not properly cleanse the escape sequence "~!" before calling /bin/mail to send an error report, which allows local users to gain privileges by setting the "interactive" environmental variable and calling suidperl with a filename that contains the escape sequence.

Status: Entry
Reference: BUGTRAQ:20000805 sperl 5.00503 (and newer ;) exploit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0022.html
Reference: SUSE:20000810 Security Hole in perl, all versions
Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_59.html
Reference: CALDERA:CSSA-2000-026.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-026.0.txt
Reference: DEBIAN:20000810
Reference: REDHAT:RHSA-2000:048
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-048.html
Reference: TURBO:TLSA2000018-1
Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2000-August/000017.html
Reference: BUGTRAQ:20000814 Trustix Security Advisory - perl and mailx
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0153.html
Reference: BUGTRAQ:20000808 MDKSA-2000:031 perl update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0086.html
Reference: BUGTRAQ:20000810 Conectiva Linux security announcemente - PERL
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0113.html
Reference: BID:1547
Reference: URL:http://www.securityfocus.com/bid/1547
Reference: XF:perl-shell-escape


Name: CVE-2000-0705

Description:
ntop running in web mode allows remote attackers to read arbitrary files via a .. (dot dot) attack.

Status: Entry
Reference: BUGTRAQ:20000802 [ Hackerslab bug_paper ] ntop web mode vulnerabliity
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0459.html
Reference: REDHAT:RHSA-2000:049
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-049.html
Reference: BID:1550
Reference: URL:http://www.securityfocus.com/bid/1550
Reference: XF:ntop-remote-file-access
Reference: OSVDB:1496
Reference: URL:http://www.osvdb.org/1496


Name: CVE-2000-0706

Description:
Buffer overflows in ntop running in web mode allows remote attackers to execute arbitrary commands.

Status: Entry
Reference: FREEBSD:FreeBSD-SA-00:36
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:36.ntop.asc
Reference: DEBIAN:20000830 ntop: Still remotely exploitable using buffer overflows
Reference: URL:http://www.debian.org/security/2000/20000830
Reference: BID:1576
Reference: URL:http://www.securityfocus.com/bid/1576
Reference: XF:ntop-bo
Reference: OSVDB:1513
Reference: URL:http://www.osvdb.org/1513


Name: CVE-2000-0707

Description:
PCCS MySQLDatabase Admin Tool Manager 1.2.4 and earlier installs the file dbconnect.inc within the web root, which allows remote attackers to obtain sensitive information such as the administrative password.

Status: Entry
Reference: BUGTRAQ:20000804 PCCS MySQL DB Admin Tool v1.2.3- Advisory
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0015.html
Reference: CONFIRM:http://pccs-linux.com/public/view.php3?bn=agora_pccslinux&key=965951324
Reference: BID:1557
Reference: URL:http://www.securityfocus.com/bid/1557
Reference: XF:pccs-mysql-admin-tool


Name: CVE-2000-0708

Description:
Buffer overflow in Pragma Systems TelnetServer 2000 version 4.0 allows remote attackers to cause a denial of service via a long series of null characters to the rexec port.

Status: Entry
Reference: NTBUGTRAQ:20000824 Remote DoS Attack in Pragma TelnetServer 2000 (Remote Execute Daemon) Vulnerability
Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0008&L=NTBUGTRAQ&P=R4247
Reference: CONFIRM:http://www.pragmasys.com/TelnetServer/
Reference: BID:1605
Reference: URL:http://www.securityfocus.com/bid/1605
Reference: XF:telnetserver-rpc-bo


Name: CVE-2000-0711

Description:
Netscape Communicator does not properly prevent a ServerSocket object from being created by untrusted entities, which allows remote attackers to create a server on the victim's system via a malicious applet, as demonstrated by Brown Orifice.

Status: Entry
Reference: BUGTRAQ:20000816 JDK 1.1.x Listening Socket Vulnerability (was Re: BrownOrifice can break firewalls!)
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=3999922128E.EE84TAKAGI@java-house.etl.go.jp
Reference: BUGTRAQ:20000805 Dangerous Java/Netscape Security Hole
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000805020429.11774.qmail@securityfocus.com
Reference: CERT:CA-2000-15
Reference: URL:http://www.cert.org/advisories/CA-2000-15.html
Reference: BID:1545
Reference: URL:http://www.securityfocus.com/bid/1545


Name: CVE-2000-0712

Description:
Linux Intrusion Detection System (LIDS) 0.9.7 allows local users to gain root privileges when LIDS is disabled via the security=0 boot option.

Status: Entry
Reference: MISC:http://www.egroups.com/message/lids/1038
Reference: BUGTRAQ:2000803 LIDS severe bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0486.html
Reference: CONFIRM:http://www.lids.org/changelog.html
Reference: BID:1549
Reference: URL:http://www.securityfocus.com/bid/1549
Reference: OSVDB:1495
Reference: URL:http://www.osvdb.org/1495


Name: CVE-2000-0716

Description:
WorldClient email client in MDaemon 2.8 includes the session ID in the referer field of an HTTP request when the user clicks on a URL, which allows the visited web site to hijcak the session ID and read the user's email.

Status: Entry
Reference: NTBUGTRAQ:20000809 Session hijacking in Alt-N's MDaemon 2.8
Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0008&L=ntbugtraq&F=&S=&P=459
Reference: BID:1553
Reference: URL:http://www.securityfocus.com/bid/1553
Reference: XF:mdaemon-session-id-hijack
Reference: URL:http://xforce.iss.net/static/5070.php


Name: CVE-2000-0717

Description:
GoodTech FTP server allows remote attackers to cause a denial of service via a large number of RNTO commands.

Status: Entry
Reference: BUGTRAQ:20000830 [EXPL] GoodTech's FTP Server vulnerable to a DoS (RNTO)
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=02ff01c0124c$e9387660$0201a8c0@aviram
Reference: BID:1619
Reference: URL:http://www.securityfocus.com/bid/1619
Reference: XF:ftp-goodtech-rnto-dos(5166)
Reference: URL:http://xforce.iss.net/xforce/xfdb/5166


Name: CVE-2000-0718

Description:
A race condition in MandrakeUpdate allows local users to modify RPM files while they are in the /tmp directory before they are installed.

Status: Entry
Reference: BUGTRAQ:20000812 MDKSA-2000:034 MandrakeUpdate update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0146.html
Reference: BID:1567
Reference: URL:http://www.securityfocus.com/bid/1567


Name: CVE-2000-0720

Description:
news.cgi in GWScripts News Publisher does not properly authenticate requests to add an author to the author index, which allows remote attackers to add new authors by directly posting an HTTP request to the new.cgi program with an addAuthor parameter, and setting the Referer to the news.cgi program.

Status: Entry
Reference: BUGTRAQ:20000829 News Publisher CGI Vulnerability
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=003301c0123b$18f8c1a0$953b29d4@e8s9s4
Reference: BID:1621
Reference: URL:http://www.securityfocus.com/bid/1621
Reference: XF:news-publisher-add-author(5169)
Reference: URL:http://xforce.iss.net/static/5169.php


Name: CVE-2000-0725

Description:
Zope before 2.2.1 does not properly restrict access to the getRoles method, which allows users who can edit DTML to add or modify roles by modifying the roles list that is included in a request.

Status: Entry
Reference: CONFIRM:http://www.zope.org/Products/Zope/Hotfix_08_09_2000/security_alert
Reference: REDHAT:RHSA-2000:052
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-052.html
Reference: DEBIAN:20000821 zope: unauthorized escalation of privilege (update)
Reference: URL:http://www.debian.org/security/2000/20000821
Reference: BUGTRAQ:20000821 Conectiva Linux Security Announcement - Zope
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0259.html
Reference: BUGTRAQ:20000816 MDKSA-2000:035 Zope update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0198.html
Reference: BID:1577
Reference: URL:http://www.securityfocus.com/bid/1577


Name: CVE-2000-0726

Description:
CGIMail.exe CGI program in Stalkerlab Mailers 1.1.2 allows remote attackers to read arbitrary files by specifying the file in the $Attach$ hidden form variable.

Status: Entry
Reference: BUGTRAQ:20000829 Stalker's CGImail Gives Read Access to All Server Files
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000829194618.H7744@thathost.com
Reference: BID:1623
Reference: URL:http://www.securityfocus.com/bid/1623
Reference: XF:mailers-cgimail-spoof(5165)
Reference: URL:http://xforce.iss.net/xforce/xfdb/5165


Name: CVE-2000-0727

Description:
xpdf PDF viewer client earlier than 0.91 does not properly launch a web browser for embedded URL's, which allows an attacker to execute arbitrary commands via a URL that contains shell metacharacters.

Status: Entry
Reference: BUGTRAQ:20000829 MDKSA-2000:041 - xpdf update
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96766355023239&w=2
Reference: BUGTRAQ:20000913 Conectiva Linux Security Announcement - xpdf
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96886599829687&w=2
Reference: DEBIAN:20000910 xpdf: local exploit
Reference: URL:http://www.debian.org/security/2000/20000910a
Reference: REDHAT:RHSA-2000:060
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-060.html
Reference: CALDERA:CSSA-2000-031.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-031.0.txt
Reference: BID:1624
Reference: URL:http://www.securityfocus.com/bid/1624


Name: CVE-2000-0728

Description:
xpdf PDF viewer client earlier than 0.91 allows local users to overwrite arbitrary files via a symlink attack.

Status: Entry
Reference: BUGTRAQ:20000829 MDKSA-2000:041 - xpdf update
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96766355023239&w=2
Reference: BUGTRAQ:20000913 Conectiva Linux Security Announcement - xpdf
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96886599829687&w=2
Reference: DEBIAN:20000910a
Reference: REDHAT:RHSA-2000:060
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-060.html
Reference: CALDERA:CSSA-2000-031.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-031.0.txt
Reference: BID:1624
Reference: URL:http://www.securityfocus.com/bid/1624


Name: CVE-2000-0729

Description:
FreeBSD 5.x, 4.x, and 3.x allows local users to cause a denial of service by executing a program with a malformed ELF image header.

Status: Entry
Reference: FREEBSD:FreeBSD-SA-00:41
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-08/0337.html
Reference: BID:1625
Reference: URL:http://www.securityfocus.com/bid/1625
Reference: XF:freebsd-elf-dos(5967)
Reference: URL:http://xforce.iss.net/xforce/xfdb/5967
Reference: OSVDB:1534
Reference: URL:http://www.osvdb.org/1534


Name: CVE-2000-0730

Description:
Vulnerability in newgrp command in HP-UX 11.0 allows local users to gain privileges.

Status: Entry
Reference: HP:HPSBUX0008-118
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0144.html
Reference: BID:1580
Reference: URL:http://www.securityfocus.com/bid/1580


Name: CVE-2000-0731

Description:
Directory traversal vulnerability in Worm HTTP server allows remote attackers to read arbitrary files via a .. (dot dot) attack.

Status: Entry
Reference: NTBUGTRAQ:20000825 DST2K0023: Directory Traversal Possible & Denial of Service in Wo rm HTTP Server
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0111.html
Reference: BID:1626
Reference: URL:http://www.securityfocus.com/bid/1626
Reference: XF:wormhttp-dir-traverse(5148)
Reference: URL:http://xforce.iss.net/static/5148.php
Reference: OSVDB:1535
Reference: URL:http://www.osvdb.org/1535


Name: CVE-2000-0732

Description:
Worm HTTP server allows remote attackers to cause a denial of service via a long URL.

Status: Entry
Reference: NTBUGTRAQ:20000825 DST2K0023: Directory Traversal Possible & Denial of Service in Wo rm HTTP Server
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0111.html
Reference: BID:1626
Reference: URL:http://www.securityfocus.com/bid/1626
Reference: XF:wormhttp-filename-dos
Reference: URL:http://xforce.iss.net/static/5149.php


Name: CVE-2000-0733

Description:
Telnetd telnet server in IRIX 5.2 through 6.1 does not properly cleans user-injected format strings, which allows remote attackers to execute arbitrary commands via a long RLD variable in the IAC-SB-TELOPT_ENVIRON request.

Status: Entry
Reference: BUGTRAQ:20000814 [LSD] IRIX telnetd remote vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0154.html
Reference: SGI:20000801-02-P
Reference: URL:ftp://sgigate.sgi.com/security/20000801-02-P
Reference: BID:1572
Reference: URL:http://www.securityfocus.com/bid/1572


Name: CVE-2000-0737

Description:
The Service Control Manager (SCM) in Windows 2000 creates predictable named pipes, which allows a local user with console access to gain administrator privileges, aka the "Service Control Manager Named Pipe Impersonation" vulnerability.

Status: Entry
Reference: MS:MS00-053
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-053.asp
Reference: BID:1535
Reference: URL:http://www.securityfocus.com/bid/1535


Name: CVE-2000-0738

Description:
WebShield SMTP 4.5 allows remote attackers to cause a denial of service by sending e-mail with a From: address that has a . (period) at the end, which causes WebShield to continuously send itself copies of the e-mail.

Status: Entry
Reference: NTBUGTRAQ:20000818 WebShield SMTP infinite loop DoS Attack
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0101.html
Reference: BID:1589
Reference: URL:http://www.securityfocus.com/bid/1589
Reference: XF:webshield-smtp-dos
Reference: URL:http://xforce.iss.net/static/5100.php


Name: CVE-2000-0739

Description:
Directory traversal vulnerability in strong.exe program in NAI Net Tools PKI server 1.0 before HotFix 3 allows remote attackers to read arbitrary files via a .. (dot dot) attack in an HTTPS request to the enrollment server.

Status: Entry
Reference: BUGTRAQ:20000802 NAI Net Tools PKI Server vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0473.html
Reference: CONFIRM:http://download.nai.com/products/licensed/pgp/hf3pki10.txt
Reference: BID:1537
Reference: URL:http://www.securityfocus.com/bid/1537
Reference: XF:nettools-pki-dir-traverse(5066)
Reference: URL:http://xforce.iss.net/static/5066.php
Reference: OSVDB:1489
Reference: URL:http://www.osvdb.org/1489


Name: CVE-2000-0740

Description:
Buffer overflow in strong.exe program in NAI Net Tools PKI server 1.0 before HotFix 3 allows remote attackers to execute arbitrary commands via a long URL in the HTTPS port.

Status: Entry
Reference: BUGTRAQ:20000802 NAI Net Tools PKI Server vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0473.html
Reference: CONFIRM:http://download.nai.com/products/licensed/pgp/hf3pki10.txt
Reference: BID:1536
Reference: URL:http://www.securityfocus.com/bid/1536
Reference: XF:nai-nettools-strong-bo(5026)
Reference: URL:http://xforce.iss.net/static/5026.php
Reference: OSVDB:1488
Reference: URL:http://www.osvdb.org/1488


Name: CVE-2000-0741

Description:
Format string vulnerability in strong.exe program in NAI Net Tools PKI server 1.0 before HotFix 3 allows remote attackers to execute arbitrary code via format strings in a URL with a .XUDA extension.

Status: Entry
Reference: BUGTRAQ:20000802 NAI Net Tools PKI Server vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0473.html
Reference: CONFIRM:http://download.nai.com/products/licensed/pgp/hf3pki10.txt
Reference: BID:1538
Reference: URL:http://www.securityfocus.com/bid/1538
Reference: OSVDB:1490
Reference: URL:http://www.osvdb.org/1490


Name: CVE-2000-0742

Description:
The IPX protocol implementation in Microsoft Windows 95 and 98 allows remote attackers to cause a denial of service by sending a ping packet with a source IP address that is a broadcast address, aka the "Malformed IPX Ping Packet" vulnerability.

Status: Entry
Reference: BUGTRAQ:20000602 ipx storm
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&mid=63120
Reference: MS:MS00-054
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-054.asp
Reference: BID:1544
Reference: URL:http://www.securityfocus.com/bid/1544
Reference: XF:win-ipx-ping-packet(5079)
Reference: URL:http://xforce.iss.net/static/5079.php


Name: CVE-2000-0743

Description:
Buffer overflow in University of Minnesota (UMN) gopherd 2.x allows remote attackers to execute arbitrary commands via a DES key generation request (GDESkey) that contains a long ticket value.

Status: Entry
Reference: BUGTRAQ:20000810 Remote vulnerability in Gopherd 2.x
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0112.html
Reference: BID:1569
Reference: URL:http://www.securityfocus.com/bid/1569


Name: CVE-2000-0744

Description:
DEPRECATED. This entry has been deprecated. It is a duplicate of CVE-2000-0743.

Status: Entry


Name: CVE-2000-0745

Description:
admin.php3 in PHP-Nuke does not properly verify the PHP-Nuke administrator password, which allows remote attackers to gain privileges by requesting a URL that does not specify the aid or pwd parameter.

Status: Entry
Reference: BUGTRAQ:20000821 Vuln. in all sites using PHP-Nuke, versions less than 3
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0243.html
Reference: BID:1592
Reference: URL:http://www.securityfocus.com/bid/1592
Reference: OSVDB:1521
Reference: URL:http://www.osvdb.org/1521


Name: CVE-2000-0747

Description:
The logrotate script for OpenLDAP before 1.2.11 in Conectiva Linux sends an improper signal to the kernel log daemon (klogd) and kills it.

Status: Entry
Reference: BUGTRAQ:20000726 CONECTIVA LINUX SECURITY ANNOUNCEMENT - OPENLDAP
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0379.html
Reference: XF:openldap-logrotate-script-dos(5036)
Reference: URL:http://xforce.iss.net/xforce/xfdb/5036


Name: CVE-2000-0749

Description:
Buffer overflow in the Linux binary compatibility module in FreeBSD 3.x through 5.x allows local users to gain root privileges via long filenames in the linux shadow file system.

Status: Entry
Reference: FREEBSD:FreeBSD-SA-00:42
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-08/0338.html
Reference: BID:1628
Reference: URL:http://www.securityfocus.com/bid/1628
Reference: XF:freebsd-linux-module-bo(5968)
Reference: URL:http://xforce.iss.net/xforce/xfdb/5968
Reference: OSVDB:1536
Reference: URL:http://www.osvdb.org/1536


Name: CVE-2000-0750

Description:
Buffer overflow in mopd (Maintenance Operations Protocol loader daemon) allows remote attackers to execute arbitrary commands via a long file name.

Status: Entry
Reference: BUGTRAQ:20000808 OpenBSD 2.7 / NetBSD 1.4.2 mopd buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0064.html
Reference: FREEBSD:FreeBSD-SA-00:40
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-08/0336.html
Reference: OPENBSD:20000705 Mopd contained a buffer overflow.
Reference: URL:http://www.openbsd.org/errata.html#mopd
Reference: REDHAT:RHSA-2000:050
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-050.html
Reference: MISC:http://cvsweb.netbsd.org/bsdweb.cgi/basesrc/usr.sbin/mopd/mopd/process.c.diff?r1=1.7&r2=1.8&f=h
Reference: BID:1558
Reference: URL:http://www.securityfocus.com/bid/1558


Name: CVE-2000-0751

Description:
mopd (Maintenance Operations Protocol loader daemon) does not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands.

Status: Entry
Reference: BUGTRAQ:20000808 OpenBSD 2.7 / NetBSD 1.4.2 mopd buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0064.html
Reference: FREEBSD:FreeBSD-SA-00:40
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-08/0336.html
Reference: OPENBSD:20000705 Mopd contained a buffer overflow.
Reference: URL:http://www.openbsd.org/errata.html#mopd
Reference: REDHAT:RHSA-2000:050
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-050.html
Reference: MISC:http://cvsweb.netbsd.org/bsdweb.cgi/basesrc/usr.sbin/mopd/mopd/process.c.diff?r1=1.7&r2=1.8&f=h
Reference: BID:1559
Reference: URL:http://www.securityfocus.com/bid/1559


Name: CVE-2000-0753

Description:
The Microsoft Outlook mail client identifies the physical path of the sender's machine within a winmail.dat attachment to Rich Text Format (RTF) files.

Status: Entry
Reference: BUGTRAQ:20000824 Outlook winmail.dat
Reference: URL:http://www.securityfocus.com/archive/1/78240
Reference: BUGTRAQ:20010802 Outlook 2000 Rich Text information disclosure
Reference: URL:http://www.securityfocus.com/archive/1/201422
Reference: BID:1631
Reference: URL:http://www.securityfocus.com/bid/1631
Reference: XF:outlook-reveal-path(5508)
Reference: URL:http://xforce.iss.net/static/5508.php


Name: CVE-2000-0754

Description:
Vulnerability in HP OpenView Network Node Manager (NMM) version 6.1 related to passwords.

Status: Entry
Reference: HP:HPSBUX0008-119
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0144.html
Reference: BID:1581
Reference: URL:http://www.securityfocus.com/bid/1581


Name: CVE-2000-0758

Description:
The web interface for Lyris List Manager 3 and 4 allows list subscribers to obtain administrative access by modifying the value of the list_admin hidden form field.

Status: Entry
Reference: BUGTRAQ:20000811 Lyris List Manager Administration Hole
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0149.html
Reference: CONFIRM:http://www.lyris.com/lm/lm_updates.html
Reference: BID:1584
Reference: URL:http://www.securityfocus.com/bid/1584


Name: CVE-2000-0761

Description:
OS2/Warp 4.5 FTP server allows remote attackers to cause a denial of service via a long username.

Status: Entry
Reference: BUGTRAQ:20000815 OS/2 Warp 4.5 FTP Server DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0166.html
Reference: CONFIRM:ftp://ftp.software.ibm.com/ps/products/tcpip/fixes/v4.3os2/ic27721/README
Reference: BID:1582
Reference: URL:http://www.securityfocus.com/bid/1582


Name: CVE-2000-0762

Description:
The default installation of eTrust Access Control (formerly SeOS) uses a default encryption key, which allows remote attackers to spoof the eTrust administrator and gain privileges.

Status: Entry
Reference: BUGTRAQ:20000811 eTrust Access Control - Root compromise for default install
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=004601c003a1$ba473260$ddeaa2cd@itradefair.net
Reference: CONFIRM:http://support.ca.com/techbases/eTrust/etrust_access_control-response.html
Reference: BID:1583
Reference: URL:http://www.securityfocus.com/bid/1583
Reference: XF:etrust-access-control-default
Reference: URL:http://xforce.iss.net/static/5076.php
Reference: OSVDB:1517
Reference: URL:http://www.osvdb.org/1517


Name: CVE-2000-0763

Description:
xlockmore and xlockf do not properly cleanse user-injected format strings, which allows local users to gain root privileges via the -d option.

Status: Entry
Reference: BUGTRAQ:20000816 xlock vulnerability
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000815231724.A14694@subterrain.net
Reference: DEBIAN:20000816 xlockmore: possible shadow file compromise
Reference: URL:http://www.debian.org/security/2000/20000816
Reference: FREEBSD:FreeBSD-SA-00:44.xlockmore
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-08/0340.html
Reference: BUGTRAQ:20000817 Conectiva Linux Security Announcement - xlockmore
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0212.html
Reference: BUGTRAQ:20000823 MDKSA-2000:038 - xlockmore update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0294.html
Reference: BID:1585
Reference: URL:http://www.securityfocus.com/bid/1585


Name: CVE-2000-0764

Description:
Intel Express 500 series switches allow a remote attacker to cause a denial of service via a malformed IP packet.

Status: Entry
Reference: BUGTRAQ:20000828 Intel Express Switch 500 series DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0338.html
Reference: BID:1609
Reference: URL:http://www.securityfocus.com/bid/1609
Reference: XF:intel-express-switch-dos
Reference: URL:http://xforce.iss.net/static/5154.php


Name: CVE-2000-0765

Description:
Buffer overflow in the HTML interpreter in Microsoft Office 2000 allows an attacker to execute arbitrary commands via a long embedded object tag, aka the "Microsoft Office HTML Object Tag" vulnerability.

Status: Entry
Reference: MS:MS00-056
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-056.asp
Reference: BID:1561
Reference: URL:http://www.securityfocus.com/bid/1561


Name: CVE-2000-0766

Description:
Buffer overflow in vqSoft vqServer 1.4.49 allows remote attackers to cause a denial of service or possibly gain privileges via a long HTTP GET request.

Status: Entry
Reference: BUGTRAQ:20000819 D.o.S Vulnerability in vqServer
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200008270354.UAA10952@user4.hushmail.com
Reference: BID:1610
Reference: URL:http://www.securityfocus.com/bid/1610
Reference: XF:vqserver-get-dos
Reference: URL:http://xforce.iss.net/static/5152.php


Name: CVE-2000-0767

Description:
The ActiveX control for invoking a scriptlet in Internet Explorer 4.x and 5.x renders arbitrary file types instead of HTML, which allows an attacker to read arbitrary files, aka the "Scriptlet Rendering" vulnerability.

Status: Entry
Reference: MS:MS00-055
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-055.asp
Reference: BID:1564
Reference: URL:http://www.securityfocus.com/bid/1564


Name: CVE-2000-0768

Description:
A function in Internet Explorer 4.x and 5.x does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files, aka a variant of the "Frame Domain Verification" vulnerability.

Status: Entry
Reference: MS:MS00-055
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-055.asp
Reference: BID:1564
Reference: URL:http://www.securityfocus.com/bid/1564


Name: CVE-2000-0770

Description:
IIS 4.0 and 5.0 does not properly restrict access to certain types of files when their parent folders have less restrictive permissions, which could allow remote attackers to bypass access restrictions to some files, aka the "File Permission Canonicalization" vulnerability.

Status: Entry
Reference: MS:MS00-057
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-057.asp
Reference: BID:1565
Reference: URL:http://www.securityfocus.com/bid/1565


Name: CVE-2000-0771

Description:
Microsoft Windows 2000 allows local users to cause a denial of service by corrupting the local security policy via malformed RPC traffic, aka the "Local Security Policy Corruption" vulnerability.

Status: Entry
Reference: MS:MS00-062
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-062.asp
Reference: BID:1613
Reference: URL:http://www.securityfocus.com/bid/1613


Name: CVE-2000-0773

Description:
Bajie HTTP web server 0.30a allows remote attackers to read arbitrary files via a URL that contains a "....", a variant of the dot dot directory traversal attack.

Status: Entry
Reference: BUGTRAQ:20000731 Two security flaws in Bajie Webserver
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0426.html
Reference: BID:1522
Reference: URL:http://www.securityfocus.com/bid/1522
Reference: XF:bajie-view-arbitrary-files(5021)
Reference: URL:http://xforce.iss.net/xforce/xfdb/5021


Name: CVE-2000-0776

Description:
Mediahouse Statistics Server 5.02x allows remote attackers to execute arbitrary commands via a long HTTP GET request.

Status: Entry
Reference: BUGTRAQ:20000810 [DeepZone Advisory] Statistics Server 5.02x stack overflow (Win2k remote exploit)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0118.html
Reference: BID:1568
Reference: URL:http://www.securityfocus.com/bid/1568
Reference: XF:mediahouse-stats-livestats-bo(5113)
Reference: URL:http://xforce.iss.net/static/5113.php


Name: CVE-2000-0777

Description:
The password protection feature of Microsoft Money can store the password in plaintext, which allows attackers with physical access to the system to obtain the password, aka the "Money Password" vulnerability.

Status: Entry
Reference: MS:MS00-061
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-061.asp
Reference: BID:1615
Reference: URL:http://www.securityfocus.com/bid/1615


Name: CVE-2000-0778

Description:
IIS 5.0 allows remote attackers to obtain source code for .ASP files and other scripts via an HTTP GET request with a "Translate: f" header, aka the "Specialized Header" vulnerability.

Status: Entry
Reference: MS:MS00-058
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-058.asp
Reference: BUGTRAQ:20000815 Translate:f summary, history and thoughts
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=080D5336D882D211B56B0060080F2CD696A7C9@beta.mia.cz
Reference: NTBUGTRAQ:20000816 Translate: f
Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0008&L=ntbugtraq&F=&S=&P=5212
Reference: BID:1578
Reference: URL:http://www.securityfocus.com/bid/1578
Reference: OVAL:oval:org.mitre.oval:def:927
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:927


Name: CVE-2000-0779

Description:
Checkpoint Firewall-1 with the RSH/REXEC setting enabled allows remote attackers to bypass access restrictions and connect to a RSH/REXEC client via malformed connection requests.

Status: Entry
Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#Improper_stderr
Reference: BID:1534
Reference: URL:http://www.securityfocus.com/bid/1534
Reference: OSVDB:1487
Reference: URL:http://www.osvdb.org/1487


Name: CVE-2000-0780

Description:
The web server in IPSWITCH IMail 6.04 and earlier allows remote attackers to read and delete arbitrary files via a .. (dot dot) attack.

Status: Entry
Reference: BUGTRAQ:20000830 Vulnerability Report On IPSWITCH's IMail
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96767207207553&w=2
Reference: CONFIRM:http://www.ipswitch.com/Support/IMail/news.html
Reference: BID:1617
Reference: URL:http://www.securityfocus.com/bid/1617


Name: CVE-2000-0781

Description:
uagentsetup in ARCServeIT Client Agent 6.62 does not properly check for the existence or ownership of a temporary file which is moved to the agent.cfg configuration file, which allows local users to execute arbitrary commands by modifying the temporary file before it is moved.

Status: Entry
Reference: BUGTRAQ:20000728 Client Agent 6.62 for Unix Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0431.html
Reference: BID:1519
Reference: URL:http://www.securityfocus.com/bid/1519
Reference: XF:arcserveit-clientagent-temp-file(5023)
Reference: URL:http://xforce.iss.net/xforce/xfdb/5023


Name: CVE-2000-0782

Description:
netauth.cgi program in Netwin Netauth 4.2e and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack.

Status: Entry
Reference: BUGTRAQ:20000817 Netauth: Web Based Email Management System
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NEBBJCLKGNOGCOIOBJNAGEHLCPAA.marc@eeye.com
Reference: CONFIRM:http://netwinsite.com/netauth/updates.htm
Reference: BID:1587
Reference: URL:http://www.securityfocus.com/bid/1587
Reference: XF:netwin-netauth-dir-traverse(5090)
Reference: URL:http://xforce.iss.net/xforce/xfdb/5090


Name: CVE-2000-0783

Description:
Watchguard Firebox II allows remote attackers to cause a denial of service by sending a malformed URL to the authentication service on port 4100.

Status: Entry
Reference: BUGTRAQ:20000815 Watchguard Firebox Authentication DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0162.html
Reference: BID:1573
Reference: URL:http://www.securityfocus.com/bid/1573
Reference: XF:firebox-url-dos
Reference: URL:http://xforce.iss.net/static/5098.php


Name: CVE-2000-0786

Description:
GNU userv 1.0.0 and earlier does not properly perform file descriptor swapping, which can corrupt the USERV_GROUPS and USERV_GIDS environmental variables and allow local users to bypass some access restrictions.

Status: Entry
Reference: BUGTRAQ:20000726 userv security boundary tool 1.0.1 (SECURITY FIX)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0389.html
Reference: DEBIAN:20000727 userv: local exploit
Reference: URL:http://www.debian.org/security/2000/20000727
Reference: CONFIRM:http://marc.theaimsgroup.com/?l=bugtraq&m=96473640717095&w=2
Reference: BID:1516
Reference: URL:http://www.securityfocus.com/bid/1516


Name: CVE-2000-0787

Description:
IRC Xchat client versions 1.4.2 and earlier allows remote attackers to execute arbitrary commands by encoding shell metacharacters into a URL which XChat uses to launch a web browser.

Status: Entry
Reference: BUGTRAQ: 20000817 XChat URL handler vulnerabilty
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0215.html
Reference: BID:1601
Reference: URL:http://www.securityfocus.com/bid/1601
Reference: REDHAT:RHSA-2000:055
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-055.html
Reference: BUGTRAQ:20000824 MDKSA-2000:039 - xchat update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0301.html
Reference: BUGTRAQ:20000825 Conectiva Linux Security Announcement - xchat
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0305.html


Name: CVE-2000-0788

Description:
The Mail Merge tool in Microsoft Word does not prompt the user before executing Visual Basic (VBA) scripts in an Access database, which could allow an attacker to execute arbitrary commands.

Status: Entry
Reference: BUGTRAQ:20000807 MS Word and MS Access vulnerability - executing arbitrary programs, may be exploited by IE/Outlook
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=398EB9CA.27E03A9C@nat.bg
Reference: MS:MS00-071
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-071.asp
Reference: BID:1566
Reference: URL:http://www.securityfocus.com/bid/1566
Reference: XF:word-mail-merge(5322)
Reference: URL:http://xforce.iss.net/static/5322.php


Name: CVE-2000-0790

Description:
The web-based folder display capability in Microsoft Internet Explorer 5.5 on Windows 98 allows local users to insert Trojan horse programs by modifying the Folder.htt file and using the InvokeVerb method in the ShellDefView ActiveX control to specify a default execute option for the first file that is listed in the folder.

Status: Entry
Reference: BUGTRAQ:20000828 IE 5.5/5.x for Win98 may execute arbitrary files that can be accessed thru Microsoft Networking. Also local Administrator compromise at least on default Windows 2000.
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=3998370D.732A03F1@nat.bg
Reference: BID:1571
Reference: URL:http://www.securityfocus.com/bid/1571
Reference: XF:ie-folder-remote-exe(5097)
Reference: URL:http://xforce.iss.net/static/5097.php


Name: CVE-2000-0792

Description:
Gnome Lokkit firewall package before 0.41 does not properly restrict access to some ports, even if a user does not make any services available.

Status: Entry
Reference: BUGTRAQ:20000819 Security update for Gnome-Lokkit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0252.html
Reference: BID:1590
Reference: URL:http://www.securityfocus.com/bid/1590
Reference: OSVDB:1520
Reference: URL:http://www.osvdb.org/1520


Name: CVE-2000-0795

Description:
Buffer overflow in lpstat in IRIX 6.2 and 6.3 allows local users to gain root privileges via a long -n option.

Status: Entry
Reference: BUGTRAQ:20000802 [LSD] some unpublished LSD exploit codes
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200008021924.e72JOVs12558@ix.put.poznan.pl
Reference: BID:1529
Reference: URL:http://www.securityfocus.com/bid/1529
Reference: OSVDB:1485
Reference: URL:http://www.osvdb.org/1485


Name: CVE-2000-0796

Description:
Buffer overflow in dmplay in IRIX 6.2 and 6.3 allows local users to gain root privileges via a long command line option.

Status: Entry
Reference: BUGTRAQ:20000802 [LSD] some unpublished LSD exploit codes
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200008021924.e72JOVs12558@ix.put.poznan.pl
Reference: BID:1528
Reference: URL:http://www.securityfocus.com/bid/1528
Reference: OSVDB:1484
Reference: URL:http://www.osvdb.org/1484
Reference: XF:irix-dmplay-bo(5064)
Reference: URL:http://xforce.iss.net/static/5064.php


Name: CVE-2000-0797

Description:
Buffer overflow in gr_osview in IRIX 6.2 and 6.3 allows local users to gain privileges via a long -D option.

Status: Entry
Reference: BUGTRAQ:20000802 [LSD] some unpublished LSD exploit codes
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200008021924.e72JOVs12558@ix.put.poznan.pl
Reference: SGI:20040104-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040104-01-P.asc
Reference: BID:1526
Reference: URL:http://www.securityfocus.com/bid/1526
Reference: XF:irix-grosview-bo(5062)
Reference: URL:http://xforce.iss.net/xforce/xfdb/5062
Reference: OSVDB:3815
Reference: URL:http://www.osvdb.org/3815


Name: CVE-2000-0799

Description:
inpview in InPerson in SGI IRIX 5.3 through IRIX 6.5.10 allows local users to gain privileges via a symlink attack on the .ilmpAAA temporary file.

Status: Entry
Reference: BUGTRAQ:20000802 [LSD] some unpublished LSD exploit codes
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200008021924.e72JOVs12558@ix.put.poznan.pl
Reference: SGI:20001101-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20001101-01-I
Reference: BID:1530
Reference: URL:http://www.securityfocus.com/bid/1530
Reference: XF:irix-inpview-symlink(5065)
Reference: URL:http://xforce.iss.net/static/5065.php


Name: CVE-2000-0803

Description:
GNU Groff uses the current working directory to find a device description file, which allows a local user to gain additional privileges by including a malicious postpro directive in the description file, which is executed when another user runs groff.

Status: Entry
Reference: ISS:20001004 GNU Groff utilities read untrusted commands from current working directory
Reference: XF:gnu-groff-utilities(5280)
Reference: URL:http://xforce.iss.net/xforce/xfdb/5280


Name: CVE-2000-0804

Description:
Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to bypass the directionality check via fragmented TCP connection requests or reopening closed TCP connection requests, aka "One-way Connection Enforcement Bypass."

Status: Entry
Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#One-way_Connection
Reference: XF:fw1-remote-bypass
Reference: URL:http://xforce.iss.net/static/5468.php
Reference: OSVDB:4419
Reference: URL:http://www.osvdb.org/4419


Name: CVE-2000-0805

Description:
Check Point VPN-1/FireWall-1 4.1 and earlier improperly retransmits encapsulated FWS packets, even if they do not come from a valid FWZ client, aka "Retransmission of Encapsulated Packets."

Status: Entry
Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#Retransmission_of
Reference: XF:fw1-client-spoof
Reference: URL:http://xforce.iss.net/static/5469.php
Reference: OSVDB:4415
Reference: URL:http://www.osvdb.org/4415


Name: CVE-2000-0806

Description:
The inter-module authentication mechanism (fwa1) in Check Point VPN-1/FireWall-1 4.1 and earlier may allow remote attackers to conduct a denial of service, aka "Inter-module Communications Bypass."

Status: Entry
Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#Inter-module_Communications
Reference: XF:fw1-fwa1-auth-replay
Reference: URL:http://xforce.iss.net/static/5162.php
Reference: OSVDB:4413
Reference: URL:http://www.osvdb.org/4413


Name: CVE-2000-0807

Description:
The OPSEC communications authentication mechanism (fwn1) in Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to spoof connections, aka the "OPSEC Authentication Vulnerability."

Status: Entry
Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#OPSEC_Authentication
Reference: XF:fw1-opsec-auth-spoof
Reference: URL:http://xforce.iss.net/static/5471.php
Reference: OSVDB:4420
Reference: URL:http://www.osvdb.org/4420


Name: CVE-2000-0808

Description:
The seed generation mechanism in the inter-module S/Key authentication mechanism in Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to bypass authentication via a brute force attack, aka "One-time (s/key) Password Authentication."

Status: Entry
Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#One-time_Password
Reference: XF:fw1-localhost-auth
Reference: URL:http://xforce.iss.net/static/5137.php
Reference: OSVDB:4421
Reference: URL:http://www.osvdb.org/4421


Name: CVE-2000-0809

Description:
Buffer overflow in Getkey in the protocol checker in the inter-module communication mechanism in Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to cause a denial of service.

Status: Entry
Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#Getkey_Buffer
Reference: XF:fw1-getkey-bo
Reference: URL:http://xforce.iss.net/static/5139.php
Reference: OSVDB:4422
Reference: URL:http://www.osvdb.org/4422


Name: CVE-2000-0810

Description:
Auction Weaver 1.0 through 1.04 does not properly validate the names of form fields, which allows remote attackers to delete arbitrary files and directories via a .. (dot dot) attack.

Status: Entry
Reference: BUGTRAQ:20001016 File deletion and other bugs in Auction Weaver LITE 1.0 - 1.04
Reference: BID:1782
Reference: URL:http://www.securityfocus.com/bid/1782
Reference: XF:auction-weaver-delete-files
Reference: URL:http://xforce.iss.net/static/5371.php
Reference: OSVDB:1600
Reference: URL:http://www.osvdb.org/1600


Name: CVE-2000-0811

Description:
Auction Weaver 1.0 through 1.04 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the username or bidfile form fields.

Status: Entry
Reference: BUGTRAQ:20001016 File deletion and other bugs in Auction Weaver LITE 1.0 - 1.04
Reference: BID:1783
Reference: URL:http://www.securityfocus.com/bid/1783
Reference: XF:auction-weaver-username-bidfile
Reference: URL:http://xforce.iss.net/static/5372.php
Reference: OSVDB:4053
Reference: URL:http://www.osvdb.org/4053


Name: CVE-2000-0813

Description:
Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to redirect FTP connections to other servers ("FTP Bounce") via invalid FTP commands that are processed improperly by FireWall-1, aka "FTP Connection Enforcement Bypass."

Status: Entry
Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#FTP_Connection
Reference: XF:fw1-ftp-redirect
Reference: URL:http://xforce.iss.net/static/5474.php
Reference: OSVDB:4434
Reference: URL:http://www.osvdb.org/4434


Name: CVE-2000-0816

Description:
Linux tmpwatch --fuser option allows local users to execute arbitrary commands by creating files whose names contain shell metacharacters.

Status: Entry
Reference: ISS:20001006 Insecure call of external programs in Red Hat Linux tmpwatch
Reference: URL:http://xforce.iss.net/alerts/advise64.php
Reference: REDHAT:RHSA-2000:080
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-080.html
Reference: MANDRAKE:MDKSA-2000:056
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-056.php3?dis=7.1
Reference: BID:1785
Reference: URL:http://www.securityfocus.com/bid/1785
Reference: XF:linux-tmpwatch-fuser(5320)
Reference: URL:http://xforce.iss.net/xforce/xfdb/5320


Name: CVE-2000-0818

Description:
The default installation for the Oracle listener program 7.3.4, 8.0.6, and 8.1.6 allows an attacker to cause logging information to be appended to arbitrary files and execute commands via the SET TRC_FILE or SET LOG_FILE commands.

Status: Entry
Reference: ISS:20001025 Vulnerability in the Oracle Listener Program
Reference: URL:http://xforce.iss.net/alerts/advise66.php
Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/listener_alert.pdf
Reference: XF:oracle-listener-connect-statements(5380)
Reference: URL:http://xforce.iss.net/xforce/xfdb/5380


Name: CVE-2000-0824

Description:
The unsetenv function in glibc 2.1.1 does not properly unset an environmental variable if the variable is provided twice to a program, which could allow local users to execute arbitrary commands in setuid programs by specifying their own duplicate environmental variables such as LD_PRELOAD or LD_LIBRARY_PATH.

Status: Entry
Reference: BUGTRAQ:19990917 A few bugs...
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93760201002154&w=2
Reference: BUGTRAQ:20000831 glibc unsetenv bug
Reference: URL:http://www.securityfocus.com/archive/1/79537
Reference: CALDERA:CSSA-2000-028.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-028.0.txt
Reference: DEBIAN:20000902 glibc: local root exploit
Reference: URL:http://www.debian.org/security/2000/20000902
Reference: MANDRAKE:MDKSA-2000:040
Reference: URL:http://www.linux-mandrake.com/en/updates/MDKSA-2000-040.php3
Reference: MANDRAKE:MDKSA-2000:045
Reference: URL:http://www.linux-mandrake.com/en/updates/MDKSA-2000-045.php3
Reference: REDHAT:RHSA-2000:057
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-057.html
Reference: TURBO:TLSA2000020-1
Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2000-September/000020.html
Reference: SUSE:20000924 glibc locale security problem
Reference: URL:http://www.novell.com/linux/security/advisories/adv5_draht_glibc_txt.html
Reference: BUGTRAQ:20000902 Conectiva Linux Security Announcement - glibc
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0436.html
Reference: BUGTRAQ:20000905 Conectiva Linux Security Announcement - glibc
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0509.html
Reference: BUGTRAQ:20000906 [slackware-security]: glibc 2.1.3 vulnerabilities patched
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0525.html
Reference: BID:648
Reference: URL:http://www.securityfocus.com/bid/648
Reference: BID:1639
Reference: URL:http://www.securityfocus.com/bid/1639
Reference: XF:glibc-ld-unsetenv
Reference: URL:http://xforce.iss.net/static/5173.php


Name: CVE-2000-0825

Description:
Ipswitch Imail 6.0 allows remote attackers to cause a denial of service via a large number of connections in which a long Host: header is sent, which causes a thread to crash.

Status: Entry
Reference: BUGTRAQ:20000817 Imail Web Service Remote DoS Attack v.2
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96659012127444&w=2
Reference: NTBUGTRAQ:20000817 Imail Web Service Remote DoS Attack v.2
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=96654521004571&w=2
Reference: WIN2KSEC:20000817 Imail Web Service Remote DoS Attack v.2
Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q3/0071.html
Reference: XF:ipswitch-imail-remote-dos(5475)
Reference: URL:http://xforce.iss.net/static/5475.php
Reference: BID:2011
Reference: URL:http://www.securityfocus.com/bid/2011


Name: CVE-2000-0829

Description:
The tmpwatch utility in Red Hat Linux forks a new process for each directory level, which allows local users to cause a denial of service by creating deeply nested directories in /tmp or /var/tmp/.

Status: Entry
Reference: BUGTRAQ:20000909 tmpwatch: local DoS : fork()bomb as root
Reference: URL:http://www.securityfocus.com/archive/1/81364
Reference: REDHAT:RHSA-2000:080
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-080.html
Reference: BID:1664
Reference: URL:http://www.securityfocus.com/bid/1664
Reference: XF:linux-tmpwatch-fork-dos
Reference: URL:http://xforce.iss.net/static/5217.php


Name: CVE-2000-0830

Description:
annclist.exe in webTV for Windows allows remote attackers to cause a denial of service by via a large, malformed UDP packet to ports 22701 through 22705.

Status: Entry
Reference: BUGTRAQ:20000913 trivial DoS in webTV
Reference: URL:http://www.securityfocus.com/archive/1/81852
Reference: MS:MS00-074
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-074.asp
Reference: BID:1671
Reference: URL:http://www.securityfocus.com/bid/1671
Reference: XF:webtv-udp-dos
Reference: URL:http://xforce.iss.net/static/5216.php


Name: CVE-2000-0834

Description:
The Windows 2000 telnet client attempts to perform NTLM authentication by default, which allows remote attackers to capture and replay the NTLM challenge/response via a telnet:// URL that points to the malicious server, aka the "Windows 2000 Telnet Client NTLM Authentication" vulnerability.

Status: Entry
Reference: ATSTAKE:A091400-1
Reference: URL:http://www.atstake.com/research/advisories/2000/a091400-1.txt
Reference: MS:MS00-067
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-067.asp
Reference: BID:1683
Reference: URL:http://www.securityfocus.com/bid/1683
Reference: XF:win2k-telnet-ntlm-authentication
Reference: URL:http://xforce.iss.net/static/5242.php


Name: CVE-2000-0837

Description:
FTP Serv-U 2.5e allows remote attackers to cause a denial of service by sending a large number of null bytes.

Status: Entry
Reference: BUGTRAQ:20000804 FTP Serv-U 2.5e vulnerability.
Reference: URL:http://www.securityfocus.com/archive/1/73843
Reference: BID:1543
Reference: URL:http://www.securityfocus.com/bid/1543
Reference: XF:servu-null-character-dos
Reference: URL:http://xforce.iss.net/static/5029.php


Name: CVE-2000-0838

Description:
Fastream FUR HTTP server 1.0b allows remote attackers to cause a denial of service via a long GET request.

Status: Entry
Reference: WIN2KSEC:20000914 DST2K0028: DoS in FUR HTTP Server v1.0b
Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q3/0111.html
Reference: XF:fur-get-dos(5237)
Reference: URL:http://xforce.iss.net/static/5237.php


Name: CVE-2000-0839

Description:
WinCOM LPD 1.00.90 allows remote attackers to cause a denial of service via a large number of LPD options to the LPD port (515).

Status: Entry
Reference: BUGTRAQ:20000919 VIGILANTE-2000013: WinCOM LPD DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0212.html
Reference: BID:1701
Reference: URL:http://www.securityfocus.com/bid/1701
Reference: XF:wincom-lpd-dos(5258)
Reference: URL:http://xforce.iss.net/static/5258.php


Name: CVE-2000-0844

Description:
Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.

Status: Entry
Reference: BUGTRAQ:20000904 UNIX locale format string vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0457.html
Reference: DEBIAN:20000902 glibc: local root exploit
Reference: URL:http://www.debian.org/security/2000/20000902
Reference: CALDERA:CSSA-2000-030.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-030.0.txt
Reference: REDHAT:RHSA-2000:057
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-057.html
Reference: SUSE:20000906 glibc locale security problem
Reference: URL:http://www.novell.com/linux/security/advisories/adv5_draht_glibc_txt.html
Reference: TURBO:TLSA2000020-1
Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2000-September/000020.html
Reference: AIXAPAR:IY13753
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0427.html
Reference: COMPAQ:SSRT0689U
Reference: URL:http://archives.neohapsis.com/archives/tru64/2000-q4/0000.html
Reference: SGI:20000901-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20000901-01-P
Reference: BUGTRAQ:20000902 Conectiva Linux Security Announcement - glibc
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0436.html
Reference: BID:1634
Reference: URL:http://www.securityfocus.com/bid/1634
Reference: XF:unix-locale-format-string(5176)
Reference: URL:http://xforce.iss.net/xforce/xfdb/5176


Name: CVE-2000-0846

Description:
Buffer overflow in Darxite 0.4 and earlier allows a remote attacker to execute arbitrary commands via a long username or password.

Status: Entry
Reference: BUGTRAQ:20000821 Darxite daemon remote exploit/DoS problem
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0256.html
Reference: BID:1598
Reference: URL:http://www.securityfocus.com/bid/1598
Reference: XF:darxite-login-bo
Reference: URL:http://xforce.iss.net/static/5134.php


Name: CVE-2000-0847

Description:
Buffer overflow in University of Washington c-client library (used by pine and other programs) allows remote attackers to execute arbitrary commands via a long X-Keywords header.

Status: Entry
Reference: BUGTRAQ:20000901 UW c-client library vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0425.html
Reference: BUGTRAQ:20000901 More about UW c-client library
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0437.html
Reference: FREEBSD:FreeBSD-SA-00:47.pine
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-09/0108.html
Reference: BID:1646
Reference: URL:http://www.securityfocus.com/bid/1646
Reference: BID:1687
Reference: URL:http://www.securityfocus.com/bid/1687
Reference: XF:c-client-dos(5223)
Reference: URL:http://xforce.iss.net/xforce/xfdb/5223


Name: CVE-2000-0848

Description:
Buffer overflow in IBM WebSphere web application server (WAS) allows remote attackers to execute arbitrary commands via a long Host: request header.

Status: Entry
Reference: BUGTRAQ:20000915 WebSphere application server plugin issue & vendor fix
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0192.html
Reference: MISC:http://www-4.ibm.com/software/webservers/appserv/doc/v3022/fxpklst.htm#Security
Reference: BID:1691
Reference: URL:http://www.securityfocus.com/bid/1691
Reference: XF:websphere-header-dos
Reference: URL:http://xforce.iss.net/static/5252.php


Name: CVE-2000-0849

Description:
Race condition in Microsoft Windows Media server allows remote attackers to cause a denial of service in the Windows Media Unicast Service via a malformed request, aka the "Unicast Service Race Condition" vulnerability.

Status: Entry
Reference: MS:MS00-064
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-064.asp
Reference: BID:1655
Reference: URL:http://www.securityfocus.com/bid/1655
Reference: XF:unicast-service-dos(5193)
Reference: URL:http://xforce.iss.net/xforce/xfdb/5193


Name: CVE-2000-0850

Description:
Netegrity SiteMinder before 4.11 allows remote attackers to bypass its authentication mechanism by appending "$/FILENAME.ext" (where ext is .ccc, .class, or .jpg) to the requested URL.

Status: Entry
Reference: ATSTAKE:A091100-1
Reference: URL:http://www.atstake.com/research/advisories/2000/a091100-1.txt
Reference: BID:1681
Reference: URL:http://www.securityfocus.com/bid/1681
Reference: XF:siteminder-bypass-authentication
Reference: URL:http://xforce.iss.net/static/5230.php


Name: CVE-2000-0851

Description:
Buffer overflow in the Still Image Service in Windows 2000 allows local users to gain additional privileges via a long WM_USER message, aka the "Still Image Service Privilege Escalation" vulnerability.

Status: Entry
Reference: ATSTAKE:A090700-1
Reference: URL:http://www.atstake.com/research/advisories/2000/a090700-1.txt
Reference: MS:MS00-065
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-065.asp
Reference: BID:1651
Reference: URL:http://www.securityfocus.com/bid/1651
Reference: XF:w2k-still-image-service
Reference: URL:http://xforce.iss.net/static/5203.php


Name: CVE-2000-0852

Description:
Multiple buffer overflows in eject on FreeBSD and possibly other OSes allows local users to gain root privileges.

Status: Entry
Reference: FREEBSD:FreeBSD-SA-00:49
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-09/0110.html
Reference: BID:1686
Reference: URL:http://www.securityfocus.com/bid/1686
Reference: XF:freebsd-eject-port
Reference: URL:http://xforce.iss.net/static/5248.php
Reference: OSVDB:1559
Reference: URL:http://www.osvdb.org/1559


Name: CVE-2000-0853

Description:
YaBB Bulletin Board 9.1.2000 allows remote attackers to read arbitrary files via a .. (dot dot) attack.

Status: Entry
Reference: BUGTRAQ:20000909 YaBB 1.9.2000 Vulnerabilitie
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0072.html
Reference: BID:1668
Reference: URL:http://www.securityfocus.com/bid/1668
Reference: XF:yabb-file-access
Reference: URL:http://xforce.iss.net/static/5254.php


Name: CVE-2000-0854

Description:
When a Microsoft Office 2000 document is launched, the directory of that document is first used to locate DLL's such as riched20.dll and msi.dll, which could allow an attacker to execute arbitrary commands by inserting a Trojan Horse DLL into the same directory as the document.

Status: Entry
Reference: WIN2KSEC:20000918 Double clicking on MS Office documents from Windows Explorer may execute arbitrary programs in some cases
Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q3/0117.html
Reference: BUGTRAQ:20000922 Eudora + riched20.dll affects WinZip v8.0 as well
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0277.html
Reference: BID:1699
Reference: URL:http://www.securityfocus.com/bid/1699
Reference: NTBUGTRAQ:20000921 Mitigators for possible exploit of Eudora via Guninski #21,2000
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0155.html
Reference: XF:office-dll-execution(5263)
Reference: URL:http://xforce.iss.net/static/5263.php


Name: CVE-2000-0856

Description:
Buffer overflow in SunFTP build 9(1) allows remote attackers to cause a denial of service or possibly execute arbitrary commands via a long GET request.

Status: Entry
Reference: BUGTRAQ:20000901 [EXPL] SunFTP vulnerable to two Denial-of-Service attacks (long buffer, half-open)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0408.html
Reference: BID:1638
Reference: URL:http://www.securityfocus.com/bid/1638


Name: CVE-2000-0858

Description:
Vulnerability in Microsoft Windows NT 4.0 allows remote attackers to cause a denial of service in IIS by sending it a series of malformed requests which cause INETINFO.EXE to fail, aka the "Invalid URL" vulnerability.

Status: Entry
Reference: BUGTRAQ:20000906 VIGILANTE-2000009: "Invalid URL" DoS
Reference: URL:http://www.securityfocus.com/archive/1/80413
Reference: MS:MS00-063
Reference: URL:http://archives.neohapsis.com/archives/vendor/2000-q3/0065.html
Reference: BID:1642
Reference: URL:http://www.securityfocus.com/bid/1642
Reference: XF:iis-invald-url-dos
Reference: URL:http://xforce.iss.net/static/5202.php


Name: CVE-2000-0859

Description:
The web configuration server for NTMail V5 and V6 allows remote attackers to cause a denial of service via a series of partial HTTP requests.

Status: Entry
Reference: BUGTRAQ:20000904 VIGILANTE-2000008: NTMail Configuration Service DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0471.html
Reference: BID:1640
Reference: URL:http://www.securityfocus.com/bid/1640
Reference: XF:ntmail-incomplete-http-requests
Reference: URL:http://xforce.iss.net/static/5182.php


Name: CVE-2000-0860

Description:
The file upload capability in PHP versions 3 and 4 allows remote attackers to read arbitrary files by setting hidden form fields whose names match the names of internal PHP script variables.

Status: Entry
Reference: BUGTRAQ:20000903 (SRADV00001) Arbitrary file disclosure through PHP file upload
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0455.html
Reference: BUGTRAQ:20000904 Re: [PHP-DEV] RE: (SRADV00001) Arbitrary file disclosure through PHP file upload
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0477.html
Reference: CONFIRM:http://cvsweb.php.net/viewcvs.cgi/php4/main/rfc1867.c.diff?r1=1.38%3Aphp_4_0_2&tr1=1.1&r2=text&tr2=1.45&diff_format=u
Reference: MANDRAKE:MDKSA-2000:048
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0150.html
Reference: BID:1649
Reference: URL:http://www.securityfocus.com/bid/1649
Reference: XF:php-file-upload
Reference: URL:http://xforce.iss.net/static/5190.php


Name: CVE-2000-0861

Description:
Mailman 1.1 allows list administrators to execute arbitrary commands via shell metacharacters in the %(listname) macro expansion.

Status: Entry
Reference: BUGTRAQ:20000907 Mailman 1.1 + external archiver vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0040.html
Reference: FREEBSD:FreeBSD-SA-00:51
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-09/0112.html
Reference: BID:1667
Reference: URL:http://www.securityfocus.com/bid/1667
Reference: XF:mailman-execute-external-commands(5493)
Reference: URL:http://xforce.iss.net/xforce/xfdb/5493


Name: CVE-2000-0862

Description:
Vulnerability in an administrative interface utility for Allaire Spectra 1.0.1 allows remote attackers to read and modify sensitive configuration information.

Status: Entry
Reference: ALLAIRE:ASB00-23
Reference: URL:http://archives.neohapsis.com/archives/vendor/2000-q3/0059.html
Reference: XF:allaire-spectra-admin-access
Reference: URL:http://xforce.iss.net/static/5466.php


Name: CVE-2000-0863

Description:
Buffer overflow in listmanager earlier than 2.105.1 allows local users to gain additional privileges.

Status: Entry
Reference: FREEBSD:FreeBSD-SA-00:50
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-09/0111.html
Reference: XF:listmanager-port-bo
Reference: URL:http://xforce.iss.net/static/5503.php


Name: CVE-2000-0864

Description:
Race condition in the creation of a Unix domain socket in GNOME esound 0.2.19 and earlier allows a local user to change the permissions of arbitrary files and directories, and gain additional privileges, via a symlink attack.

Status: Entry
Reference: FREEBSD:FreeBSD-SA-00:45
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-08/0365.html
Reference: BUGTRAQ:20000911 Patch for esound-0.2.19
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0095.html
Reference: MANDRAKE:MDKSA-2000:051
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0328.htm
Reference: REDHAT:RHSA-2000:077
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-077.html
Reference: DEBIAN:20001008 esound: race condition
Reference: URL:http://www.debian.org/security/2000/20001008
Reference: BUGTRAQ:20001006 Immunix OS Security Update for esound
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0118.html
Reference: SUSE:20001012 esound daemon race condition
Reference: URL:http://www.novell.com/linux/security/advisories/esound_daemon_race_condition.html
Reference: BID:1659
Reference: URL:http://www.securityfocus.com/bid/1659
Reference: XF:gnome-esound-symlink
Reference: URL:http://xforce.iss.net/static/5213.php


Name: CVE-2000-0865

Description:
Buffer overflow in dvtermtype in Tridia Double Vision 3.07.00 allows local users to gain root privileges via a long terminal type argument.

Status: Entry
Reference: BUGTRAQ:20000916 Advisory: Tridia DoubleVision / SCO UnixWare
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0185.html
Reference: BID:1697
Reference: URL:http://www.securityfocus.com/bid/1697
Reference: XF:doublevision-dvtermtype-bo
Reference: URL:http://xforce.iss.net/static/5261.php


Name: CVE-2000-0867

Description:
Kernel logging daemon (klogd) in Linux does not properly cleanse user-injected format strings, which allows local users to gain root privileges by triggering malformed kernel messages.

Status: Entry
Reference: BUGTRAQ:20000917 klogd format bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0193.html
Reference: REDHAT:RHSA-2000:061
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-061.html
Reference: DEBIAN:20000919
Reference: MANDRAKE:MDKSA-2000:050
Reference: URL:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2000:050
Reference: CALDERA:CSSA-2000-032.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2000-032.0.txt
Reference: TURBO:TLSA2000022-2
Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2000-September/000023.html
Reference: SUSE:20000920 syslogd + klogd format string parsing error
Reference: URL:http://www.novell.com/linux/security/advisories/adv9_draht_syslogd_txt.html
Reference: BUGTRAQ:20000918 Conectiva Linux Security Announcement - sysklogd
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97726239017741&w=2
Reference: XF:klogd-format-string
Reference: URL:http://xforce.iss.net/static/5259.php
Reference: OSVDB:5824
Reference: URL:http://www.osvdb.org/5824


Name: CVE-2000-0868

Description:
The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.

Status: Entry
Reference: ATSTAKE:A090700-2
Reference: URL:http://www.atstake.com/research/advisories/2000/a090700-2.txt
Reference: SUSE:20000907
Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2000-q3/0906.html
Reference: BID:1658
Reference: URL:http://www.securityfocus.com/bid/1658
Reference: XF:suse-apache-cgi-source-code
Reference: URL:http://xforce.iss.net/static/5197.php


Name: CVE-2000-0869

Description:
The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.

Status: Entry
Reference: ATSTAKE:A090700-3
Reference: URL:http://www.atstake.com/research/advisories/2000/a090700-3.txt
Reference: SUSE:20000907
Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2000-q3/0906.html
Reference: BID:1656
Reference: URL:http://www.securityfocus.com/bid/1656
Reference: XF:apache-webdav-directory-listings
Reference: URL:http://xforce.iss.net/static/5204.php


Name: CVE-2000-0870

Description:
Buffer overflow in EFTP allows remote attackers to cause a denial of service via a long string.

Status: Entry
Reference: BUGTRAQ:20000911[EXPL] EFTP vulnerable to two DoS attacks
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0089.html
Reference: BID:1675
Reference: URL:http://www.securityfocus.com/bid/1675
Reference: XF:eftp-bo
Reference: URL:http://xforce.iss.net/static/5219.php
Reference: OSVDB:1555
Reference: URL:http://www.osvdb.org/1555


Name: CVE-2000-0871

Description:
Buffer overflow in EFTP allows remote attackers to cause a denial of service by sending a string that does not contain a newline, then disconnecting from the server.

Status: Entry
Reference: BUGTRAQ:20000911[EXPL] EFTP vulnerable to two DoS attacks
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0089.html
Reference: BID:1677
Reference: URL:http://www.securityfocus.com/bid/1677
Reference: XF:eftp-newline-dos
Reference: URL:http://xforce.iss.net/static/5220.php
Reference: OSVDB:409
Reference: URL:http://www.osvdb.org/409


Name: CVE-2000-0873

Description:
netstat in AIX 4.x.x does not properly restrict access to the -Zi option, which allows local users to clear network interface statistics and possibly hide evidence of unusual network activities.

Status: Entry
Reference: BUGTRAQ:20000903 aix allows clearing the interface stats
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0454.html
Reference: BID:1660
Reference: URL:http://www.securityfocus.com/bid/1660
Reference: XF:aix-clear-netstat
Reference: URL:http://xforce.iss.net/static/5214.php


Name: CVE-2000-0874

Description:
Eudora mail client includes the absolute path of the sender's host within a virtual card (VCF).

Status: Entry
Reference: BUGTRAQ:20000907 Eudora disclosure
Reference: URL:http://www.securityfocus.com/archive/1/80888
Reference: BID:1653
Reference: URL:http://www.securityfocus.com/bid/1653
Reference: XF:eudora-path-disclosure
Reference: URL:http://xforce.iss.net/static/5206.php
Reference: OSVDB:1545
Reference: URL:http://www.osvdb.org/1545


Name: CVE-2000-0875

Description:
WFTPD and WFTPD Pro 2.41 RC12 allows remote attackers to cause a denial of service by sending a long string of unprintable characters.

Status: Entry
Reference: BUGTRAQ:20000905 WFTPD/WFTPD Pro 2.41 RC12 vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0488.html
Reference: CONFIRM:http://www.wftpd.com/bug_gpf.htm
Reference: XF:wftpd-long-string-dos
Reference: URL:http://xforce.iss.net/static/5194.php


Name: CVE-2000-0876

Description:
WFTPD and WFTPD Pro 2.41 RC12 allows remote attackers to obtain the full pathname of the server via a "%C" command, which generates an error message that includes the pathname.

Status: Entry
Reference: BUGTRAQ:20000905 WFTPD/WFTPD Pro 2.41 RC12 vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0488.html
Reference: XF:wftpd-path-disclosure
Reference: URL:http://xforce.iss.net/static/5196.php
Reference: OSVDB:5829
Reference: URL:http://www.osvdb.org/5829


Name: CVE-2000-0877

Description:
mailform.pl CGI script in MailForm 2.0 allows remote attackers to read arbitrary files by specifying the file name in the XX-attach_file parameter, which MailForm then sends to the attacker.

Status: Entry
Reference: BUGTRAQ:20000911 Unsafe passing of variables to mailform.pl in MailForm V2.0
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0092.html
Reference: BID:1670
Reference: URL:http://www.securityfocus.com/bid/1670
Reference: XF:mailform-attach-file
Reference: URL:http://xforce.iss.net/static/5224.php


Name: CVE-2000-0878

Description:
The mailto CGI script allows remote attacker to execute arbitrary commands via shell metacharacters in the emailadd form field.

Status: Entry
Reference: BUGTRAQ:20000911 Fwd: Poor variable checking in mailto.cgi
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0088.html
Reference: BID:1669
Reference: URL:http://www.securityfocus.com/bid/1669
Reference: XF:mailto-piped-address
Reference: URL:http://xforce.iss.net/static/5241.php


Name: CVE-2000-0883

Description:
The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.

Status: Entry
Reference: MANDRAKE:MDKSA-2000:046
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0111.html
Reference: BID:1678
Reference: URL:http://www.securityfocus.com/bid/1678
Reference: XF:linux-mod-perl
Reference: URL:http://xforce.iss.net/static/5257.php


Name: CVE-2000-0884

Description:
IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the "Web Server Folder Traversal" vulnerability.

Status: Entry
Reference: BUGTRAQ:20001017 IIS %c1%1c remote command execution
Reference: MS:MS00-078
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-078.asp
Reference: BID:1806
Reference: URL:http://www.securityfocus.com/bid/1806
Reference: XF:iis-unicode-translation
Reference: URL:http://xforce.iss.net/static/5377.php
Reference: OSVDB:436
Reference: URL:http://www.osvdb.org/436
Reference: OVAL:oval:org.mitre.oval:def:44
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:44


Name: CVE-2000-0886

Description:
IIS 5.0 allows remote attackers to execute arbitrary commands via a malformed request for an executable file whose name is appended with operating system commands, aka the "Web Server File Request Parsing" vulnerability.

Status: Entry
Reference: BUGTRAQ:20001107 NSFOCUS SA2000-07 : Microsoft IIS 4.0/5.0 CGI File Name Inspection Vulnerability
Reference: URL:http://www.securityfocus.com/templates/archive.pike?mid=143604&list=1&fromthread=0&end=2000-11-11&threads=0&start=2000-11-05&
Reference: MS:MS00-086
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-086.asp
Reference: BID:1912
Reference: URL:http://www.securityfocus.com/bid/1912
Reference: XF:iis-invalid-filename-passing(5470)
Reference: URL:http://xforce.iss.net/xforce/xfdb/5470
Reference: OVAL:oval:org.mitre.oval:def:191
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:191


Name: CVE-2000-0887

Description:
named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a denial of service by making a compressed zone transfer (ZXFR) request and performing a name service query on an authoritative record that is not cached, aka the "zxfr bug."

Status: Entry
Reference: BUGTRAQ:20001107 BIND 8.2.2-P5 Possible DOS
Reference: URL:http://www.securityfocus.com/archive/1/143843
Reference: VULN-DEV:20001107 Possible DOS in Bind 8.2.2-P5
Reference: VULN-DEV:20001109 Re: Possible DOS in Bind 8.2.2-P5
Reference: CERT:CA-2000-20
Reference: URL:http://www.cert.org/advisories/CA-2000-20.html
Reference: REDHAT:RHSA-2000:107
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-107.html
Reference: DEBIAN:20001112 bind: remote Denial of Service
Reference: URL:http://www.debian.org/security/2000/20001112
Reference: BUGTRAQ:20001115 Trustix Security Advisory - bind and openssh (and modutils)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0217.html
Reference: SUSE:SuSE-SA:2000:45
Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2000-q4/0657.html
Reference: IBM:ERS-SVA-E01-2000:005.1
Reference: MANDRAKE:MDKSA-2000:067
Reference: URL:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2000:067
Reference: CONECTIVA:CLSA-2000:338
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000338
Reference: CONECTIVA:CLSA-2000:339
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000339
Reference: BID:1923
Reference: URL:http://www.securityfocus.com/bid/1923
Reference: XF:bind-zxfr-dos(5540)
Reference: URL:http://xforce.iss.net/xforce/xfdb/5540


Name: CVE-2000-0888

Description:
named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a denial of service by sending an SRV record to the server, aka the "srv bug."

Status: Entry
Reference: CERT:CA-2000-20
Reference: URL:http://www.cert.org/advisories/CA-2000-20.html
Reference: REDHAT:RHSA-2000:107
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-107.html
Reference: MANDRAKE:MDKSA-2000:067
Reference: URL:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2000:067
Reference: CONECTIVA:CLSA-2000:338
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000338
Reference: CONECTIVA:CLSA-2000:339
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000339
Reference: DEBIAN:20001112 bind: remote Denial of Service
Reference: URL:http://www.debian.org/security/2000/20001112
Reference: IBM:ERS-SVA-E01-2000:005.1
Reference: SUSE:SuSE-SA:2000:45
Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2000-q4/0657.html
Reference: XF:bind-srv-dos(5814)
Reference: URL:http://xforce.iss.net/xforce/xfdb/5814


Name: CVE-2000-0890

Description:
periodic in FreeBSD 4.1.1 and earlier, and possibly other operating systems, allows local users to overwrite arbitrary files via a symlink attack.

Status: Entry
Reference: CERT-VN:VU#626919
Reference: URL:http://www.kb.cert.org/vuls/id/626919
Reference: FREEBSD:FreeBSD-SA-01:12
Reference: XF:periodic-temp-file-symlink(6047)
Reference: URL:http://xforce.iss.net/xforce/xfdb/6047
Reference: BID:2325
Reference: URL:http://www.securityfocus.com/bid/2325
Reference: OSVDB:1754
Reference: URL:http://www.osvdb.org/1754


Name: CVE-2000-0891

Description:
A default ECL in Lotus Notes before 5.02 allows remote attackers to execute arbitrary commands by attaching a malicious program in an email message that is automatically executed when the user opens the email.

Status: Entry
Reference: CERT-VN:VU#5962
Reference: URL:http://www.kb.cert.org/vuls/id/5962
Reference: CONFIRM:http://www.notes.net/R5FixList.nsf/Search!SearchView&Query=CBAT45TU9S
Reference: XF:lotus-notes-bypass-ecl(5045)
Reference: URL:http://xforce.iss.net/static/5045.php


Name: CVE-2000-0892

Description:
Some telnet clients allow remote telnet servers to request environment variables from the client that may contain sensitive information, or remote web servers to obtain the information via a telnet: URL.

Status: Entry
Reference: CERT-VN:VU#22404
Reference: URL:http://www.kb.cert.org/vuls/id/22404
Reference: XF:telnet-obtain-env-variable(6644)
Reference: URL:http://xforce.iss.net/static/6644.php


Name: CVE-2000-0894

Description:
HTTP server on the WatchGuard SOHO firewall does not properly restrict access to administrative functions such as password resets or rebooting, which allows attackers to cause a denial of service or conduct unauthorized activities.

Status: Entry
Reference: ISS:20001214 Multiple vulnerabilities in the WatchGuard SOHO Firewall
Reference: URL:http://xforce.iss.net/alerts/advise70.php
Reference: XF:watchguard-soho-web-auth(5554)
Reference: URL:http://xforce.iss.net/xforce/xfdb/5554
Reference: BID:2119
Reference: URL:http://www.securityfocus.com/bid/2119
Reference: OSVDB:4404
Reference: URL:http://www.osvdb.org/4404


Name: CVE-2000-0895

Description:
Buffer overflow in HTTP server on the WatchGuard SOHO firewall allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long GET request.

Status: Entry
Reference: ISS:20001214 Multiple vulnerabilities in the WatchGuard SOHO Firewall
Reference: URL:http://xforce.iss.net/alerts/advise70.php
Reference: BID:2114
Reference: URL:http://www.securityfocus.com/bid/2114
Reference: XF:watchguard-soho-web-dos(5218)
Reference: URL:http://xforce.iss.net/xforce/xfdb/5218
Reference: OSVDB:4403
Reference: URL:http://www.osvdb.org/4403


Name: CVE-2000-0896

Description:
WatchGuard SOHO firewall allows remote attackers to cause a denial of service via a flood of fragmented IP packets, which causes the firewall to drop connections and stop forwarding packets.

Status: Entry
Reference: ISS:20001214 Multiple vulnerabilities in the WatchGuard SOHO Firewall
Reference: URL:http://xforce.iss.net/alerts/advise70.php
Reference: XF:watchguard-soho-fragmented-packets
Reference: URL:http://xforce.iss.net/static/5749.php
Reference: BID:2113
Reference: URL:http://www.securityfocus.com/bid/2113
Reference: OSVDB:1690
Reference: URL:http://www.osvdb.org/1690


Name: CVE-2000-0897

Description:
Small HTTP Server 2.03 and earlier allows remote attackers to cause a denial of service by repeatedly requesting a URL that references a directory that does not contain an index.html file, which consumes memory that is not released after the request is completed.

Status: Entry
Reference: BUGTRAQ:20001114 Vulnerabilites in SmallHTTP Server
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97421834001092&w=2
Reference: CONFIRM:http://home.lanck.net/mf/srv/index.htm
Reference: BID:1941
Reference: URL:http://www.securityfocus.com/bid/1941
Reference: XF:small-http-nofile-dos(5524)
Reference: URL:http://xforce.iss.net/static/5524.php


Name: CVE-2000-0900

Description:
Directory traversal vulnerability in ssi CGI program in thttpd 2.19 and earlier allows remote attackers to read arbitrary files via a "%2e%2e" string, a variation of the .. (dot dot) attack.

Status: Entry
Reference: BUGTRAQ:20001002 thttpd ssi: retrieval of arbitrary world-readable files
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0025.html
Reference: FREEBSD:FreeBSD-SA-00:73
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:73.thttpd.asc
Reference: XF:acme-thttpd-ssi
Reference: URL:http://xforce.iss.net/static/5313.php
Reference: BID:1737
Reference: URL:http://www.securityfocus.com/bid/1737


Name: CVE-2000-0901

Description:
Format string vulnerability in screen 3.9.5 and earlier allows local users to gain root privileges via format characters in the vbell_msg initialization variable.

Status: Entry
Reference: BUGTRAQ:20000906 Screen-3.7.6 local compromise
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0530.html
Reference: BUGTRAQ:20000905 screen 3.9.5 root vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/80178
Reference: DEBIAN:20000902a
Reference: MANDRAKE:MDKSA-2000:044
Reference: URL:http://www.linux-mandrake.com/en/updates/MDKSA-2000-044.php3
Reference: SUSE:20000906 screen format string parsing security problem
Reference: URL:http://www.novell.com/linux/security/advisories/adv6_draht_screen_txt.html
Reference: REDHAT:RHSA-2000:058
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-058.html
Reference: FREEBSD:FreeBSD-SA-00:46
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:46.screen.asc
Reference: BID:1641
Reference: URL:http://www.securityfocus.com/bid/1641
Reference: XF:screen-format-string
Reference: URL:http://xforce.iss.net/static/5188.php


Name: CVE-2000-0908

Description:
BrowseGate 2.80 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via long Authorization or Referer MIME headers in the HTTP request.

Status: Entry
Reference: BUGTRAQ:20000921 DST2K0031: DoS in BrowseGate(Home) v2.80(H)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96956211605302&w=2
Reference: WIN2KSEC:20000921 DST2K0031: DoS in BrowseGate(Home) v2.80(H)
Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q3/0128.html
Reference: CONFIRM:http://www.netcplus.com/browsegate.htm#BGLatest
Reference: XF:browsegate-http-dos
Reference: URL:http://xforce.iss.net/static/5270.php
Reference: BID:1702
Reference: URL:http://www.securityfocus.com/bid/1702


Name: CVE-2000-0909

Description:
Buffer overflow in the automatic mail checking component of Pine 4.21 and earlier allows remote attackers to execute arbitrary commands via a long From: header.

Status: Entry
Reference: BUGTRAQ:20000922 [ no subject ]
Reference: URL:http://www.securityfocus.com/archive/1/84901
Reference: BUGTRAQ:20001031 FW: Pine 4.30 now available
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0441.html
Reference: FREEBSD:FreeBSD-SA-00:59
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:59.pine.asc
Reference: REDHAT:RHSA-2000:102
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-102.html
Reference: MANDRAKE:MDKSA-2000:073
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-073.php3
Reference: BID:1709
Reference: URL:http://www.securityfocus.com/bid/1709
Reference: XF:pine-check-mail-bo
Reference: URL:http://xforce.iss.net/static/5283.php


Name: CVE-2000-0910

Description:
Horde library 1.02 allows attackers to execute arbitrary commands via shell metacharacters in the "from" address.

Status: Entry
Reference: BUGTRAQ:20000908 horde library bug - unchecked from-address
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0051.html
Reference: DEBIAN:20000910 imp: remote compromise
Reference: URL:http://www.debian.org/security/2000/20000910
Reference: CONFIRM:http://ssl.coc-ag.de/sec/hordelib-1.2.0.frombug.patch
Reference: BID:1674
Reference: URL:http://www.securityfocus.com/bid/1674
Reference: XF:horde-imp-sendmail-command
Reference: URL:http://xforce.iss.net/static/5278.php


Name: CVE-2000-0911

Description:
IMP 2.2 and earlier allows attackers to read and delete arbitrary files by modifying the attachment_name hidden form variable, which causes IMP to send the file to the attacker as an attachment.

Status: Entry
Reference: BUGTRAQ:20000912 (SRADV00003) Arbitrary file disclosure through IMP
Reference: URL:http://www.securityfocus.com/archive/1/82088
Reference: BID:1679
Reference: URL:http://www.securityfocus.com/bid/1679
Reference: XF:imp-attach-file
Reference: URL:http://xforce.iss.net/static/5227.php


Name: CVE-2000-0912

Description:
MultiHTML CGI script allows remote attackers to read arbitrary files and possibly execute arbitrary commands by specifying the file name to the "multi" parameter.

Status: Entry
Reference: BUGTRAQ:20000913 MultiHTML vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0146.html
Reference: XF:http-cgi-multihtml
Reference: URL:http://xforce.iss.net/static/5285.php


Name: CVE-2000-0913

Description:
mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.

Status: Entry
Reference: BUGTRAQ:20000929 Security vulnerability in Apache mod_rewrite
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0352.html
Reference: MANDRAKE:MDKSA-2000:060
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-060-2.php3?dis=7.1
Reference: REDHAT:RHSA-2000:088
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-088.html
Reference: REDHAT:RHSA-2000:095
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-095.html
Reference: CALDERA:CSSA-2000-035.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-035.0.txt
Reference: HP:HPSBUX0010-126
Reference: URL:http://archives.neohapsis.com/archives/hp/2000-q4/0021.html
Reference: BUGTRAQ:20001011 Conectiva Linux Security Announcement - apache
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0174.html
Reference: BID:1728
Reference: URL:http://www.securityfocus.com/bid/1728
Reference: XF:apache-rewrite-view-files
Reference: URL:http://xforce.iss.net/static/5310.php


Name: CVE-2000-0914

Description:
OpenBSD 2.6 and earlier allows remote attackers to cause a denial of service by flooding the server with ARP requests.

Status: Entry
Reference: BUGTRAQ:20001005 obsd_fun.c
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0078.html
Reference: BID:1759
Reference: URL:http://www.securityfocus.com/bid/1759
Reference: XF:bsd-arp-request-dos
Reference: URL:http://xforce.iss.net/static/5340.php
Reference: OSVDB:1592
Reference: URL:http://www.osvdb.org/1592


Name: CVE-2000-0915

Description:
fingerd in FreeBSD 4.1.1 allows remote attackers to read arbitrary files by specifying the target file name instead of a regular user name.

Status: Entry
Reference: BUGTRAQ:20001002 [sa2c@and.or.jp: bin/21704: enabling fingerd makes files world readable]
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0017.html
Reference: FREEBSD:FreeBSD-SA-00:54
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:54.fingerd.asc
Reference: BID:1803
Reference: URL:http://www.securityfocus.com/bid/1803
Reference: XF:freebsd-fingerd-files
Reference: URL:http://xforce.iss.net/static/5385.php
Reference: OSVDB:433
Reference: URL:http://www.osvdb.org/433


Name: CVE-2000-0917

Description:
Format string vulnerability in use_syslog() function in LPRng 3.6.24 allows remote attackers to execute arbitrary commands.

Status: Entry
Reference: BUGTRAQ:20000925 Format strings: bug #2: LPRng
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0293.html
Reference: CERT:CA-2000-22
Reference: URL:http://www.cert.org/advisories/CA-2000-22.html
Reference: CALDERA:CSSA-2000-033.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-033.0.txt
Reference: REDHAT:RHSA-2000:065
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-065.html
Reference: FREEBSD:FreeBSD-SA-00:56
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:56.lprng.asc
Reference: XF:lprng-format-string
Reference: URL:http://xforce.iss.net/static/5287.php
Reference: BID:1712
Reference: URL:http://www.securityfocus.com/bid/1712


Name: CVE-2000-0919

Description:
Directory traversal vulnerability in PHPix Photo Album 1.0.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack.

Status: Entry
Reference: BUGTRAQ:20001007 PHPix advisory
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0117.html
Reference: BID:1773
Reference: URL:http://www.securityfocus.com/bid/1773
Reference: XF:phpix-dir-traversal
Reference: URL:http://xforce.iss.net/static/5331.php
Reference: OSVDB:472
Reference: URL:http://www.osvdb.org/472


Name: CVE-2000-0920

Description:
Directory traversal vulnerability in BOA web server 0.94.8.2 and earlier allows remote attackers to read arbitrary files via a modified .. (dot dot) attack in the GET HTTP request that uses a "%2E" instead of a "."

Status: Entry
Reference: BUGTRAQ:20001006 Vulnerability in BOA web server v0.94.8.2
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0092.html
Reference: FREEBSD:FreeBSD-SA-00:60
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:60.boa.asc
Reference: DEBIAN:20001009 boa: exposes contents of local files
Reference: URL:http://www.debian.org/security/2000/20001009
Reference: BID:1770
Reference: URL:http://www.securityfocus.com/bid/1770
Reference: XF:boa-webserver-get-dir-traversal
Reference: URL:http://xforce.iss.net/static/5330.php


Name: CVE-2000-0921

Description:
Directory traversal vulnerability in Hassan Consulting shop.cgi shopping cart program allows remote attackers to read arbitrary files via a .. (dot dot) attack on the page parameter.

Status: Entry
Reference: BUGTRAQ:20001007 Security Advisory: Hassan Consulting's shop.cgi Directory Traversal Vulnerability.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0115.html
Reference: BID:1777
Reference: URL:http://www.securityfocus.com/bid/1777
Reference: XF:hassan-shopping-cart-dir-traversal
Reference: URL:http://xforce.iss.net/static/5342.php
Reference: OSVDB:1596
Reference: URL:http://www.osvdb.org/1596


Name: CVE-2000-0922

Description:
Directory traversal vulnerability in Bytes Interactive Web Shopper shopping cart program (shopper.cgi) 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack on the newpage parameter.

Status: Entry
Reference: BUGTRAQ:20001008 Security Advisory: Bytes Interactive's Web Shopper (shopper.cgi) Directory Traversal Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0120.html
Reference: BID:1776
Reference: URL:http://www.securityfocus.com/bid/1776
Reference: XF:web-shopper-directory-traversal
Reference: URL:http://xforce.iss.net/static/5351.php


Name: CVE-2000-0923

Description:
authenticate.cgi CGI program in Aplio PRO allows remote attackers to execute arbitrary commands via shell metacharacters in the password parameter.

Status: Entry
Reference: BUGTRAQ:20001006 Fwd: APlio PRO web shell
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0107.html
Reference: XF:uclinux-apliophone-bin-execute
Reference: URL:http://xforce.iss.net/static/5333.php
Reference: BID:1784
Reference: URL:http://www.securityfocus.com/bid/1784


Name: CVE-2000-0924

Description:
Directory traversal vulnerability in search.cgi CGI script in Armada Master Index allows remote attackers to read arbitrary files via a .. (dot dot) attack in the "catigory" parameter.

Status: Entry
Reference: BUGTRAQ:20001009 Master Index traverse advisory
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0141.html
Reference: BID:1772
Reference: URL:http://www.securityfocus.com/bid/1772
Reference: XF:master-index-directory-traversal
Reference: URL:http://xforce.iss.net/static/5355.php
Reference: OSVDB:461
Reference: URL:http://www.osvdb.org/461


Name: CVE-2000-0925

Description:
The default installation of SmartWin CyberOffice Shopping Cart 2 (aka CyberShop) installs the _private directory with world readable permissions, which allows remote attackers to obtain sensitive information.

Status: Entry
Reference: BUGTRAQ:20001002 DST2K0035: Credit card (customer) details exposed within CyberOff ice Shopping Cart v2
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97050819812055&w=2
Reference: WIN2KSEC:20001002 DST2K0035: Credit card (customer) details exposed within CyberOff ice Shopping Cart v2
Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q4/0001.html
Reference: BID:1734
Reference: URL:http://www.securityfocus.com/bid/1734
Reference: XF:cyberoffice-world-readable-directory
Reference: URL:http://xforce.iss.net/static/5318.php


Name: CVE-2000-0926

Description:
SmartWin CyberOffice Shopping Cart 2 (aka CyberShop) allows remote attackers to modify price information by changing the "Price" hidden form variable.

Status: Entry
Reference: BUGTRAQ:20001002 DST2K0036: Price modification possible in CyberOffice Shopping Cart
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97050627707128&w=2
Reference: WIN2KSEC:20001002 DST2K0036: Price modification possible in CyberOffice Shopping Ca rt
Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q4/0000.html
Reference: BID:1733
Reference: URL:http://www.securityfocus.com/bid/1733
Reference: XF:cyberoffice-price-modification
Reference: URL:http://xforce.iss.net/static/5319.php


Name: CVE-2000-0927

Description:
WQuinn QuotaAdvisor 4.1 does not properly record file sizes if they are stored in alternative data streams, which allows users to bypass quota restrictions.

Status: Entry
Reference: NTBUGTRAQ:20000928 DST2K0037: QuotaAdvisor 4.1 by WQuinn is susceptible to alternati ve datastreams to bypass quotas.
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0173.html
Reference: BUGTRAQ:20000928 DST2K0037: QuotaAdvisor 4.1 by WQuinn is susceptible to alternati ve datastreams to bypass quotas.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09//0331.html
Reference: BID:1724
Reference: URL:http://www.securityfocus.com/bid/1724
Reference: XF:quotaadvisor-quota-bypass
Reference: URL:http://xforce.iss.net/static/5302.php


Name: CVE-2000-0928

Description:
WQuinn QuotaAdvisor 4.1 allows users to list directories and files by running a report on the targeted shares.

Status: Entry
Reference: BUGTRAQ:20001006 DST2K0040: QuotaAdvisor 4.1 by WQuinn susceptible to any user bei ng able to list (not read) all files on any server running QuotaAdvisor.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0091.html
Reference: BID:1765
Reference: URL:http://www.securityfocus.com/bid/1765
Reference: XF:quotaadvisor-list-files
Reference: URL:http://xforce.iss.net/static/5327.php


Name: CVE-2000-0929

Description:
Microsoft Windows Media Player 7 allows attackers to cause a denial of service in RTF-enabled email clients via an embedded OCX control that is not closed properly, aka the "OCX Attachment" vulnerability.

Status: Entry
Reference: BUGTRAQ:20000929 Malformed Embedded Windows Media Player 7 "OCX Attachment"
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97024839222747&w=2
Reference: MS:MS00-068
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-068.asp
Reference: BID:1714
Reference: URL:http://www.securityfocus.com/bid/1714
Reference: XF:mediaplayer-outlook-dos
Reference: URL:http://xforce.iss.net/static/5309.php


Name: CVE-2000-0930

Description:
Pegasus Mail 3.12 allows remote attackers to read arbitrary files via an embedded URL that calls the mailto: protocol with a -F switch.

Status: Entry
Reference: BUGTRAQ:20001003 Pegasus mail file reading vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0039.html
Reference: BUGTRAQ:20001030 Pegasus Mail file reading vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0436.html
Reference: BID:1738
Reference: URL:http://www.securityfocus.com/bid/1738
Reference: XF:pegasus-file-forwarding
Reference: URL:http://xforce.iss.net/static/5326.php


Name: CVE-2000-0932

Description:
MAILsweeper for SMTP 3.x does not properly handle corrupt CDA documents in a ZIP file and hangs, which allows remote attackers to cause a denial of service.

Status: Entry
Reference: NTBUGTRAQ:20000926 FW: DOS for Content Technologies' MAILsweeper for SMTP.
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0181.html
Reference: XF:mailsweeper-smtp-dos
Reference: URL:http://xforce.iss.net/static/5641.php


Name: CVE-2000-0933

Description:
The Input Method Editor (IME) in the Simplified Chinese version of Windows 2000 does not disable access to privileged functionality that should normally be restricted, which allows local users to gain privileges, aka the "Simplified Chinese IME State Recognition" vulnerability.

Status: Entry
Reference: MS:MS00-069
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-069.asp
Reference: BID:1729
Reference: URL:http://www.securityfocus.com/bid/1729
Reference: XF:win2k-simplified-chinese-ime
Reference: URL:http://xforce.iss.net/static/5301.php


Name: CVE-2000-0934

Description:
Glint in Red Hat Linux 5.2 allows local users to overwrite arbitrary files and cause a denial of service via a symlink attack.

Status: Entry
Reference: REDHAT:RHSA-2000:062
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-062.html
Reference: BID:1703
Reference: URL:http://www.securityfocus.com/bid/1703
Reference: XF:glint-symlink
Reference: URL:http://xforce.iss.net/static/5271.php


Name: CVE-2000-0935

Description:
Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows local users to overwrite arbitrary files via a symlink attack on the cgi.log file.

Status: Entry
Reference: BUGTRAQ:20001030 Samba 2.0.7 SWAT vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0430.html
Reference: BID:1872
Reference: URL:http://www.securityfocus.com/bid/1872
Reference: XF:samba-swat-logging-sym-link
Reference: URL:http://xforce.iss.net/static/5443.php


Name: CVE-2000-0936

Description:
Samba Web Administration Tool (SWAT) in Samba 2.0.7 installs the cgi.log logging file with world readable permissions, which allows local users to read sensitive information such as user names and passwords.

Status: Entry
Reference: BUGTRAQ:20001030 Samba 2.0.7 SWAT vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0430.html
Reference: BID:1874
Reference: URL:http://www.securityfocus.com/bid/1874
Reference: XF:samba-swat-logfile-info
Reference: URL:http://xforce.iss.net/static/5445.php


Name: CVE-2000-0937

Description:
Samba Web Administration Tool (SWAT) in Samba 2.0.7 does not log login attempts in which the username is correct but the password is wrong, which allows remote attackers to conduct brute force password guessing attacks.

Status: Entry
Reference: BUGTRAQ:20001030 Samba 2.0.7 SWAT vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0430.html
Reference: BID:1873
Reference: URL:http://www.securityfocus.com/bid/1873
Reference: XF:samba-swat-brute-force
Reference: URL:http://xforce.iss.net/static/5442.php


Name: CVE-2000-0938

Description:
Samba Web Administration Tool (SWAT) in Samba 2.0.7 supplies a different error message when a valid username is provided versus an invalid name, which allows remote attackers to identify valid users on the server.

Status: Entry
Reference: BUGTRAQ:20001030 Samba 2.0.7 SWAT vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0430.html
Reference: XF:samba-swat-brute-force(5442)
Reference: URL:http://xforce.iss.net/xforce/xfdb/5442


Name: CVE-2000-0941

Description:
Kootenay Web KW Whois 1.0 CGI program allows remote attackers to execute arbitrary commands via shell metacharacters in the "whois" parameter.

Status: Entry
Reference: BUGTRAQ:20001029 Remote command execution via KW Whois 1.0
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0419.html
Reference: BUGTRAQ:20001029 Re: Remote command execution via KW Whois 1.0 (addition)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0420.html
Reference: MISC:http://www.kootenayweb.bc.ca/scripts/whois.txt
Reference: BID:1883
Reference: URL:http://www.securityfocus.com/bid/1883
Reference: XF:kw-whois-meta
Reference: URL:http://xforce.iss.net/static/5438.php


Name: CVE-2000-0942

Description:
The CiWebHitsFile component in Microsoft Indexing Services for Windows 2000 allows remote attackers to conduct a cross site scripting (CSS) attack via a CiRestriction parameter in a .htw request, aka the "Indexing Services Cross Site Scripting" vulnerability.

Status: Entry
Reference: BUGTRAQ:20001028 IIS 5.0 cross site scripting vulnerability - using .htw
Reference: URL:http://www.securityfocus.com/archive/1/141903
Reference: MS:MS00-084
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-084.asp
Reference: BID:1861
Reference: URL:http://www.securityfocus.com/bid/1861
Reference: XF:iis-htw-cross-scripting
Reference: URL:http://xforce.iss.net/static/5441.php


Name: CVE-2000-0943

Description:
Buffer overflow in bftp daemon (bftpd) 1.0.11 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long USER command.

Status: Entry
Reference: BUGTRAQ:20001027 Potential Security Problem in bftpd-1.0.11
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0397.html
Reference: BID:1858
Reference: URL:http://www.securityfocus.com/bid/1858
Reference: XF:bftpd-user-bo
Reference: URL:http://xforce.iss.net/static/5426.php


Name: CVE-2000-0944

Description:
CGI Script Center News Update 1.1 does not properly validate the original news administration password during a password change operation, which allows remote attackers to modify the password without knowing the original password.

Status: Entry
Reference: BUGTRAQ:20001027 CGI-Bug: News Update 1.1 administration password bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0402.html
Reference: BID:1881
Reference: URL:http://www.securityfocus.com/bid/1881
Reference: XF:news-update-bypass-password
Reference: URL:http://xforce.iss.net/static/5433.php


Name: CVE-2000-0945

Description:
The web configuration interface for Catalyst 3500 XL switches allows remote attackers to execute arbitrary commands without authentication when the enable password is not set, via a URL containing the /exec/ directory.

Status: Entry
Reference: BUGTRAQ:20001026 Advisory def-2000-02: Cisco Catalyst remote command execution
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0380.html
Reference: BUGTRAQ:20001113 Re: 3500XL
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0194.html
Reference: XF:cisco-catalyst-remote-commands(5415)
Reference: URL:http://xforce.iss.net/static/5415.php
Reference: BID:1846
Reference: URL:http://www.securityfocus.com/bid/1846
Reference: OSVDB:444
Reference: URL:http://www.osvdb.org/444


Name: CVE-2000-0946

Description:
Compaq Easy Access Keyboard software 1.3 does not properly disable access to custom buttons when the screen is locked, which could allow an attacker to gain privileges or execute programs without authorization.

Status: Entry
Reference: NTBUGTRAQ:20001012 Security issue with Compaq Easy Access Keyboard software
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q4/0023.html
Reference: CONFIRM:http://www5.compaq.com/support/files/desktops/us/revision/1723.html
Reference: XF:compaq-ea-elevate-privileges
Reference: URL:http://xforce.iss.net/static/5718.php
Reference: OSVDB:5831
Reference: URL:http://www.osvdb.org/5831


Name: CVE-2000-0947

Description:
Format string vulnerability in cfd daemon in GNU CFEngine before 1.6.0a11 allows attackers to execute arbitrary commands via format characters in the CAUTH command.

Status: Entry
Reference: BUGTRAQ:20001002 Very probable remote root vulnerability in cfengine
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0004.html
Reference: MANDRAKE:MDKSA-2000:061
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-061.php3?dis=7.1
Reference: NETBSD:NetBSD-SA2000-013
Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-013.txt.asc
Reference: BID:1757
Reference: URL:http://www.securityfocus.com/bid/1757
Reference: XF:cfengine-cfd-format-string
Reference: URL:http://xforce.iss.net/static/5630.php


Name: CVE-2000-0948

Description:
GnoRPM before 0.95 allows local users to modify arbitrary files via a symlink attack.

Status: Entry
Reference: BUGTRAQ:20001002 GnoRPM local /tmp vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/136866
Reference: BUGTRAQ:20001003 Conectiva Linux Security Announcement - gnorpm
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0043.html
Reference: MANDRAKE:MDKSA-2000:055
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-055.php3?dis=7.0
Reference: REDHAT:RHSA-2000:072
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-072.html
Reference: BUGTRAQ:20001011 Immunix OS Security Update for gnorpm package
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0184.html
Reference: BID:1761
Reference: URL:http://www.securityfocus.com/bid/1761
Reference: XF:gnorpm-temp-symlink
Reference: URL:http://xforce.iss.net/static/5317.php


Name: CVE-2000-0949

Description:
Heap overflow in savestr function in LBNL traceroute 1.4a5 and earlier allows a local user to execute arbitrary commands via the -g option.

Status: Entry
Reference: BUGTRAQ:20000928 Very interesting traceroute flaw
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0344.html
Reference: CALDERA:CSSA-2000-034.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-034.0.txt
Reference: MANDRAKE:MDKSA-2000:053
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-053.php3?dis=7.1
Reference: REDHAT:RHSA-2000:078
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-078.html
Reference: DEBIAN:20001013 traceroute: local root exploit
Reference: URL:http://www.debian.org/security/2000/20001013
Reference: TURBO:TLSA2000023-1
Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2000-October/000025.html
Reference: BUGTRAQ:20000930 Conectiva Linux Security Announcement - traceroute
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0357.html
Reference: BID:1739
Reference: URL:http://www.securityfocus.com/bid/1739
Reference: XF:traceroute-heap-overflow
Reference: URL:http://xforce.iss.net/static/5311.php


Name: CVE-2000-0951

Description:
A misconfiguration in IIS 5.0 with Index Server enabled and the Index property set allows remote attackers to list directories in the web root via a Web Distributed Authoring and Versioning (WebDAV) search.

Status: Entry
Reference: ATSTAKE:A100400-1
Reference: URL:http://www.atstake.com/research/advisories/2000/a100400-1.txt
Reference: MSKB:Q272079
Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=272079
Reference: BID:1756
Reference: URL:http://www.securityfocus.com/bid/1756
Reference: XF:iis-index-dir-traverse
Reference: URL:http://xforce.iss.net/static/5335.php


Name: CVE-2000-0952

Description:
global.cgi CGI program in Global 3.55 and earlier on NetBSD allows remote attackers to execute arbitrary commands via shell metacharacters.

Status: Entry
Reference: FREEBSD:FreeBSD-SA-00:64
Reference: NETBSD:NetBSD-SA2000-014
Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-014.txt.asc
Reference: OSVDB:6486
Reference: URL:http://www.osvdb.org/6486
Reference: XF:global-execute-remote-commands
Reference: URL:http://xforce.iss.net/static/5424.php


Name: CVE-2000-0953

Description:
Shambala Server 4.5 allows remote attackers to cause a denial of service by opening then closing a connection.

Status: Entry
Reference: BUGTRAQ:20001009 Shambala 4.5 vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0134.html
Reference: BID:1778
Reference: URL:http://www.securityfocus.com/bid/1778
Reference: XF:shambala-connection-dos
Reference: URL:http://xforce.iss.net/static/5345.php


Name: CVE-2000-0956

Description:
cyrus-sasl before 1.5.24 in Red Hat Linux 7.0 does not properly verify the authorization for a local user, which could allow the users to bypass specified access restrictions.

Status: Entry
Reference: REDHAT:RHSA-2000:094
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-094.html
Reference: BID:1875
Reference: URL:http://www.securityfocus.com/bid/1875
Reference: XF:cyrus-sasl-gain-access
Reference: URL:http://xforce.iss.net/static/5427.php


Name: CVE-2000-0957

Description:
The pluggable authentication module for mysql (pam_mysql) before 0.4.7 does not properly cleanse user input when constructing SQL statements, which allows attackers to obtain plaintext passwords or hashes.

Status: Entry
Reference: BUGTRAQ:20001026 (SRADV00004) Remote and local vulnerabilities in pam_mysql
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0374.html
Reference: XF:pammysql-auth-input
Reference: URL:http://xforce.iss.net/static/5447.php


Name: CVE-2000-0958

Description:
HotJava Browser 3.0 allows remote attackers to access the DOM of a web page by opening a javascript: URL in a named window.

Status: Entry
Reference: BUGTRAQ:20001025 HotJava Browser 3.0 JavaScript security vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0349.html
Reference: XF:hotjava-browser-dom-access
Reference: URL:http://xforce.iss.net/static/5428.php


Name: CVE-2000-0959

Description:
glibc2 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG environmental variables when a program is spawned from a setuid program, which could allow local users to overwrite files via a symlink attack.

Status: Entry
Reference: BUGTRAQ:20000926 ld.so bug - LD_DEBUG_OUTPUT follows symlinks
Reference: URL:http://www.securityfocus.com/archive/1/85028
Reference: BID:1719
Reference: URL:http://www.securityfocus.com/bid/1719
Reference: XF:glibc-unset-symlink
Reference: URL:http://xforce.iss.net/static/5299.php


Name: CVE-2000-0960

Description:
The POP3 server in Netscape Messaging Server 4.15p1 generates different error messages for incorrect user names versus incorrect passwords, which allows remote attackers to determine valid users on the system and harvest email addresses for spam abuse.

Status: Entry
Reference: BUGTRAQ:20001011 Netscape Messaging server 4.15 poor error strings
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97138100426121&w=2
Reference: BID:1787
Reference: URL:http://www.securityfocus.com/bid/1787
Reference: XF:netscape-messaging-email-verify
Reference: URL:http://xforce.iss.net/static/5364.php


Name: CVE-2000-0961

Description:
Buffer overflow in IMAP server in Netscape Messaging Server 4.15 Patch 2 allows local users to execute arbitrary commands via a long LIST command.

Status: Entry
Reference: BUGTRAQ:20000928 commercial products and security [ + new bug ]
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0334.html
Reference: BID:1721
Reference: URL:http://www.securityfocus.com/bid/1721
Reference: XF:netscape-messaging-list-dos
Reference: URL:http://xforce.iss.net/static/5292.php


Name: CVE-2000-0962

Description:
The IPSEC implementation in OpenBSD 2.7 does not properly handle empty AH/ESP packets, which allows remote attackers to cause a denial of service.

Status: Entry
Reference: BUGTRAQ:20000925 Nmap Protocol Scanning DoS against OpenBSD IPSEC
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0299.html
Reference: OPENBSD:20000918 Bad ESP/AH packets could cause a crash under certain conditions.
Reference: BID:1723
Reference: URL:http://www.securityfocus.com/bid/1723
Reference: XF:openbsd-nmap-dos
Reference: URL:http://xforce.iss.net/static/5634.php
Reference: OSVDB:1574
Reference: URL:http://www.osvdb.org/1574


Name: CVE-2000-0964

Description:
Buffer overflow in the web administration service for the HiNet LP5100 IP-phone allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.

Status: Entry
Reference: BUGTRAQ:20000928 Another thingy.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0336.html
Reference: BID:1727
Reference: URL:http://www.securityfocus.com/bid/1727
Reference: XF:hinet-ipphone-get-bo
Reference: URL:http://xforce.iss.net/static/5298.php


Name: CVE-2000-0965

Description:
The NSAPI plugins for TGA and the Java Servlet proxy in HP-UX VVOS 10.24 and 11.04 allows an attacker to cause a denial of service (high CPU utilization).

Status: Entry
Reference: XF:hp-virtualvault-nsapi-dos
Reference: URL:http://xforce.iss.net/static/5361.php
Reference: HP:HPSBUX0010-124
Reference: URL:http://archives.neohapsis.com/archives/hp/2000-q4/0012.html


Name: CVE-2000-0966

Description:
Buffer overflows in lpspooler in the fileset PrinterMgmt.LP-SPOOL of HP-UX 11.0 and earlier allows local users to gain privileges.

Status: Entry
Reference: HP:HPSBUX0010-125
Reference: URL:http://archives.neohapsis.com/archives/hp/2000-q4/0020.html
Reference: XF:hp-lpspooler-bo
Reference: URL:http://xforce.iss.net/static/5379.php
Reference: OSVDB:7244
Reference: URL:http://www.osvdb.org/7244


Name: CVE-2000-0967

Description:
PHP 3 and 4 do not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands by triggering error messages that are improperly written to the error logs.

Status: Entry
Reference: ATSTAKE:A101200-1
Reference: URL:http://www.atstake.com/research/advisories/2000/a101200-1.txt
Reference: MANDRAKE:MDKSA-2000:062
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-062.php3?dis=7.1
Reference: DEBIAN:20001014a
Reference: DEBIAN:20001014b
Reference: CALDERA:CSSA-2000-037.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-037.0.txt
Reference: FREEBSD:FreeBSD-SA-00:75
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:75.php.asc
Reference: REDHAT:RHSA-2000:088
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-088.html
Reference: REDHAT:RHSA-2000:095
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-095.html
Reference: BUGTRAQ:20001012 Conectiva Linux Security Announcement - mod_php3
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0204.html
Reference: BID:1786
Reference: URL:http://www.securityfocus.com/bid/1786
Reference: XF:php-logging-format-string
Reference: URL:http://xforce.iss.net/static/5359.php


Name: CVE-2000-0968

Description:
Buffer overflow in Half Life dedicated server before build 3104 allows remote attackers to execute arbitrary commands via a long rcon command.

Status: Entry
Reference: BUGTRAQ:20001016 Half-Life Dedicated Server Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0254.html
Reference: BUGTRAQ:20001024 Tamandua Sekure Labs Security Advisory 2000-01
Reference: URL:http://www.securityfocus.com/archive/1/141060
Reference: BUGTRAQ:20001027 Re: Half Life dedicated server Patch
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0409.html
Reference: BID:1799
Reference: URL:http://www.securityfocus.com/bid/1799
Reference: XF:halflife-server-changelevel-bo
Reference: URL:http://xforce.iss.net/static/5375.php


Name: CVE-2000-0969

Description:
Format string vulnerability in Half Life dedicated server build 3104 and earlier allows remote attackers to execute arbitrary commands by injecting format strings into the changelevel command, via the system console or rcon.

Status: Entry
Reference: BUGTRAQ:20001016 Half-Life Dedicated Server Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0254.html
Reference: BUGTRAQ:20001024 Tamandua Sekure Labs Security Advisory 2000-01
Reference: URL:http://www.securityfocus.com/archive/1/141060
Reference: BUGTRAQ:20001027 Re: Half Life dedicated server Patch
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0409.html
Reference: XF:halflife-rcon-format-string
Reference: URL:http://xforce.iss.net/static/5413.php
Reference: OSVDB:6983
Reference: URL:http://www.osvdb.org/6983


Name: CVE-2000-0970

Description:
IIS 4.0 and 5.0 .ASP pages send the same Session ID cookie for secure and insecure web sessions, which could allow remote attackers to hijack the secure web session of the user if that user moves to an insecure session, aka the "Session ID Cookie Marking" vulnerability.

Status: Entry
Reference: MISC:http://www.acrossecurity.com/aspr/ASPR-2000-07-22-1-PUB.txt
Reference: MS:MS00-080
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-080.asp
Reference: XF:session-cookie-remote-retrieval
Reference: URL:http://xforce.iss.net/static/5396.php
Reference: OSVDB:7265
Reference: URL:http://www.osvdb.org/7265


Name: CVE-2000-0972

Description:
HP-UX 11.00 crontab allows local users to read arbitrary files via the -e option by creating a symlink to the target file during the crontab session, quitting the session, and reading the error messages that crontab generates.

Status: Entry
Reference: BUGTRAQ:20001020 [ Hackerslab bug_paper ] HP-UX crontab temporary file symbolic link vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0317.html
Reference: XF:hp-crontab-read-files
Reference: URL:http://xforce.iss.net/static/5410.php


Name: CVE-2000-0973

Description:
Buffer overflow in curl earlier than 6.0-1.1, and curl-ssl earlier than 6.0-1.2, allows remote attackers to execute arbitrary commands by forcing a long error message to be generated.

Status: Entry
Reference: DEBIAN:20001013a
Reference: REDHAT:RHBA-2000:092-01
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0331.html
Reference: FREEBSD:FreeBSD-SA-00:72
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:72.curl.asc
Reference: BID:1804
Reference: URL:http://www.securityfocus.com/bid/1804
Reference: XF:curl-error-bo
Reference: URL:http://xforce.iss.net/static/5374.php


Name: CVE-2000-0974

Description:
GnuPG (gpg) 1.0.3 does not properly check all signatures of a file containing multiple documents, which allows an attacker to modify contents of all documents but the first without detection.

Status: Entry
Reference: BUGTRAQ:20001011 GPG 1.0.3 doesn't detect modifications to files with multiple signatures
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0201.html
Reference: DEBIAN:20001111 gnupg: incorrect signature verification
Reference: URL:http://www.debian.org/security/2000/20001111
Reference: FREEBSD:FreeBSD-SA-00:67
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:67.gnupg.asc
Reference: REDHAT:RHSA-2000:089
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-089.html
Reference: CALDERA:CSSA-2000-038.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2000-038.0.txt
Reference: MANDRAKE:MDKSA-2000:063-1
Reference: CONECTIVA:CLSA-2000:334
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000334
Reference: BUGTRAQ:20001025 Immunix OS Security Update for gnupg package
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0361.html
Reference: XF:gnupg-message-modify
Reference: URL:http://xforce.iss.net/static/5386.php
Reference: BID:1797
Reference: URL:http://www.securityfocus.com/bid/1797
Reference: OSVDB:1608
Reference: URL:http://www.osvdb.org/1608


Name: CVE-2000-0975

Description:
Directory traversal vulnerability in apexec.pl in Anaconda Foundation Directory allows remote attackers to read arbitrary files via a .. (dot dot) attack.

Status: Entry
Reference: BUGTRAQ:20001012 Anaconda Advisory
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0210.html
Reference: XF:anaconda-apexec-directory-traversal
Reference: URL:http://xforce.iss.net/static/5750.php
Reference: OSVDB:435
Reference: URL:http://www.osvdb.org/435


Name: CVE-2000-0976

Description:
Buffer overflow in xlib in XFree 3.3.x possibly allows local users to execute arbitrary commands via a long DISPLAY environment variable or a -display command line parameter.

Status: Entry
Reference: BUGTRAQ:20001012 another Xlib buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0211.html
Reference: SGI:20020502-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020502-01-I
Reference: BID:1805
Reference: URL:http://www.securityfocus.com/bid/1805
Reference: XF:xfree-xlib-bo(5751)
Reference: URL:http://www.iss.net/security_center/static/5751.php


Name: CVE-2000-0977

Description:
mailfile.cgi CGI program in MailFile 1.10 allows remote attackers to read arbitrary files by specifying the target file name in the "filename" parameter in a POST request, which is then sent by email to the address specified in the "email" parameter.

Status: Entry
Reference: BUGTRAQ:20001011 Mail File POST Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0172.html
Reference: BID:1807
Reference: URL:http://www.securityfocus.com/bid/1807
Reference: XF:mailfile-post-file-read
Reference: URL:http://xforce.iss.net/static/5358.php


Name: CVE-2000-0978

Description:
bbd server in Big Brother System and Network Monitor before 1.5c2 allows remote attackers to execute arbitrary commands via the "&" shell metacharacter.

Status: Entry
Reference: BUGTRAQ:20001010 Big Brother Systems and Network Monitor vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0162.html
Reference: BID:1779
Reference: URL:http://www.securityfocus.com/bid/1779
Reference: XF:bb4-netmon-execute-commands
Reference: URL:http://xforce.iss.net/static/5719.php


Name: CVE-2000-0979

Description:
File and Print Sharing service in Windows 95, Windows 98, and Windows Me does not properly check the password for a file share, which allows remote attackers to bypass share access controls by sending a 1-byte password that matches the first character of the real password, aka the "Share Level Password" vulnerability.

Status: Entry
Reference: BUGTRAQ:20001012 NSFOCUS SA2000-05: Microsoft Windows 9x NETBIOS password
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97147777618139&w=2
Reference: MS:MS00-072
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-072.asp
Reference: BID:1780
Reference: URL:http://www.securityfocus.com/bid/1780
Reference: XF:win9x-share-level-password
Reference: URL:http://xforce.iss.net/static/5395.php
Reference: OVAL:oval:org.mitre.oval:def:996
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:996


Name: CVE-2000-0980

Description:
NMPI (Name Management Protocol on IPX) listener in Microsoft NWLink does not properly filter packets from a broadcast address, which allows remote attackers to cause a broadcast storm and flood the network.

Status: Entry
Reference: MS:MS00-073
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-073.asp
Reference: BID:1781
Reference: URL:http://www.securityfocus.com/bid/1781
Reference: XF:win-nmpi-packet-dos
Reference: URL:http://xforce.iss.net/static/5357.php


Name: CVE-2000-0981

Description:
MySQL Database Engine uses a weak authentication method which leaks information that could be used by a remote attacker to recover the password.

Status: Entry
Reference: BUGTRAQ:20001023 [CORE SDI ADVISORY] MySQL weak authentication
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0318.html
Reference: CONFIRM:http://www.mysql.com/documentation/mysql/commented/manual.php?section=Security
Reference: XF:mysql-authentication
Reference: URL:http://xforce.iss.net/static/5409.php


Name: CVE-2000-0982

Description:
Internet Explorer before 5.5 forwards cached user credentials for a secure web site to insecure pages on the same web site, which could allow remote attackers to obtain the credentials by monitoring connections to the web server, aka the "Cached Web Credentials" vulnerability.

Status: Entry
Reference: MISC:http://www.acrossecurity.com/aspr/ASPR-2000-07-22-2-PUB.txt
Reference: MS:MS00-076
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-076.asp
Reference: BID:1793
Reference: URL:http://www.securityfocus.com/bid/1793
Reference: XF:ie-cache-info
Reference: URL:http://xforce.iss.net/static/5367.php


Name: CVE-2000-0983

Description:
Microsoft NetMeeting with Remote Desktop Sharing enabled allows remote attackers to cause a denial of service (CPU utilization) via a sequence of null bytes to the NetMeeting port, aka the "NetMeeting Desktop Sharing" vulnerability.

Status: Entry
Reference: BUGTRAQ:20001018 Denial of Service attack against computers running Microsoft NetMeeting
Reference: URL:http://www.securityfocus.com/archive/1/140341
Reference: MS:MS00-077
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-077.asp
Reference: MSKB:Q273854
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q273854
Reference: BID:1798
Reference: URL:http://www.securityfocus.com/bid/1798
Reference: XF:netmeeting-desktop-sharing-dos
Reference: URL:http://xforce.iss.net/static/5368.php


Name: CVE-2000-0984

Description:
The HTTP server in Cisco IOS 12.0 through 12.1 allows local users to cause a denial of service (crash and reload) via a URL containing a "?/" string.

Status: Entry
Reference: BUGTRAQ:20001026 [CORE SDI ADVISORY] Cisco IOS HTTP server DoS
Reference: CISCO:20001025 Cisco IOS HTTP Server Query Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/ioshttpserverquery-pub.shtml
Reference: BID:1838
Reference: URL:http://www.securityfocus.com/bid/1838
Reference: XF:cisco-ios-query-dos(5412)
Reference: URL:http://xforce.iss.net/xforce/xfdb/5412


Name: CVE-2000-0989

Description:
Buffer overflow in Intel InBusiness eMail Station 1.04.87 POP service allows remote attackers to cause a denial of service and possibly execute commands via a long username.

Status: Entry
Reference: BUGTRAQ:20001020 DoS in Intel corporation 'InBusiness eMail Station'
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0293.html
Reference: XF:intel-email-username-bo
Reference: URL:http://xforce.iss.net/static/5414.php
Reference: OSVDB:6488
Reference: URL:http://www.osvdb.org/6488


Name: CVE-2000-0990

Description:
cmd5checkpw 0.21 and earlier allows remote attackers to cause a denial of service via an "SMTP AUTH" command with an unknown username.

Status: Entry
Reference: BUGTRAQ:20001016 Authentication failure in cmd5checkpw 0.21
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0258.html
Reference: CONFIRM:http://members.elysium.pl/brush/cmd5checkpw/changes.html
Reference: BID:1809
Reference: URL:http://www.securityfocus.com/bid/1809
Reference: XF:cmd5checkpw-qmail-bypass-authentication
Reference: URL:http://xforce.iss.net/static/5382.php


Name: CVE-2000-0991

Description:
Buffer overflow in Hilgraeve, Inc. HyperTerminal client on Windows 98, ME, and 2000 allows remote attackers to execute arbitrary commands via a long telnet URL, aka the "HyperTerminal Buffer Overflow" vulnerability.

Status: Entry
Reference: MS:MS00-079
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-079.asp
Reference: BID:1815
Reference: URL:http://www.securityfocus.com/bid/1815
Reference: XF:win-hyperterminal-telnet-bo
Reference: URL:http://xforce.iss.net/static/5387.php


Name: CVE-2000-0992

Description:
Directory traversal vulnerability in scp in sshd 1.2.xx allows a remote malicious scp server to overwrite arbitrary files via a .. (dot dot) attack.

Status: Entry
Reference: BUGTRAQ:20000930 scp file transfer hole
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0359.html
Reference: BUGTRAQ:20001001 openssh2.2.p1 - Re: scp file transfer hole
Reference: MANDRAKE:MDKSA-2000:057
Reference: URL:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2000:057
Reference: BID:1742
Reference: URL:http://www.securityfocus.com/bid/1742
Reference: XF:scp-overwrite-files
Reference: URL:http://xforce.iss.net/static/5312.php


Name: CVE-2000-0993

Description:
Format string vulnerability in pw_error function in BSD libutil library allows local users to gain root privileges via a malformed password in commands such as chpass or passwd.

Status: Entry
Reference: OPENBSD:20001003 A format string vulnerability exists in the pw_error(3) function.
Reference: URL:http://www.openbsd.org/errata27.html#pw_error
Reference: NETBSD:NetBSD-SA2000-015
Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-015.txt.asc
Reference: FREEBSD:FreeBSD-SA-00:58
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:58.chpass.asc
Reference: BUGTRAQ:20001004 Re: OpenBSD Security Advisory
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97068555106135&w=2
Reference: BID:1744
Reference: URL:http://www.securityfocus.com/bid/1744
Reference: XF:bsd-libutil-format
Reference: URL:http://xforce.iss.net/static/5339.php


Name: CVE-2000-0994

Description:
Format string vulnerability in OpenBSD fstat program (and possibly other BSD-based operating systems) allows local users to gain root privileges via the PWD environmental variable.

Status: Entry
Reference: BUGTRAQ:20001004 Re: OpenBSD Security Advisory
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97068555106135&w=2
Reference: OPENBSD:20001006 There are printf-style format string bugs in several privileged programs.
Reference: MISC:ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/028_format_strings.patch
Reference: BID:1746
Reference: URL:http://www.securityfocus.com/bid/1746
Reference: XF:bsd-fstat-format
Reference: URL:http://xforce.iss.net/static/5338.php


Name: CVE-2000-0995

Description:
Format string vulnerability in OpenBSD yp_passwd program (and possibly other BSD-based operating systems) allows attackers to gain root privileges a malformed name.

Status: Entry
Reference: OPENBSD:20001006 There are printf-style format string bugs in several privileged programs.
Reference: MISC:ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/028_format_strings.patch
Reference: XF:bsd-yp-passwd-format
Reference: URL:http://xforce.iss.net/static/5635.php
Reference: OSVDB:6125
Reference: URL:http://www.osvdb.org/6125


Name: CVE-2000-0996

Description:
Format string vulnerability in OpenBSD su program (and possibly other BSD-based operating systems) allows local attackers to gain root privileges via a malformed shell.

Status: Entry
Reference: OPENBSD:20001006 There are printf-style format string bugs in several privileged programs.
Reference: MISC:ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/028_format_strings.patch
Reference: XF:bsd-su-format
Reference: URL:http://xforce.iss.net/static/5636.php
Reference: OSVDB:6124
Reference: URL:http://www.osvdb.org/6124


Name: CVE-2000-1000

Description:
Format string vulnerability in AOL Instant Messenger (AIM) 4.1.2010 allows remote attackers to cause a denial of service and possibly execute arbitrary commands by transferring a file whose name includes format characters.

Status: Entry
Reference: BUGTRAQ:20001003 AOL Instant Messenger DoS
Reference: URL:http://www.securityfocus.com/archive/1/137374
Reference: BID:1747
Reference: URL:http://www.securityfocus.com/bid/1747
Reference: XF:aim-file-transfer-dos
Reference: URL:http://xforce.iss.net/static/5314.php


Name: CVE-2000-1001

Description:
add_2_basket.asp in Element InstantShop allows remote attackers to modify price information via the "price" hidden form variable.

Status: Entry
Reference: BUGTRAQ:20001024 Price modification in Element InstantShop
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97240616129614&w=2
Reference: XF:instantshop-modify-price
Reference: URL:http://xforce.iss.net/static/5402.php
Reference: OSVDB:6487
Reference: URL:http://www.osvdb.org/6487


Name: CVE-2000-1002

Description:
POP3 daemon in Stalker CommuniGate Pro 3.3.2 generates different error messages for invalid usernames versus invalid passwords, which allows remote attackers to determine valid email addresses on the server for SPAM attacks.

Status: Entry
Reference: BUGTRAQ:20001012 Re: Netscape Messaging server 4.15 poor error strings
Reference: URL:http://www.securityfocus.com/archive/1/139523
Reference: XF:communigate-email-verify
Reference: URL:http://xforce.iss.net/static/5363.php
Reference: BID:1792
Reference: URL:http://www.securityfocus.com/bid/1792


Name: CVE-2000-1003

Description:
NETBIOS client in Windows 95 and Windows 98 allows a remote attacker to cause a denial of service by changing a file sharing service to return an unknown driver type, which causes the client to crash.

Status: Entry
Reference: BUGTRAQ:20001012 NSFOCUS SA2000-04: Microsoft Win9x client driver type comparing vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/139511
Reference: BID:1794
Reference: URL:http://www.securityfocus.com/bid/1794
Reference: XF:win-netbios-driver-type-dos
Reference: URL:http://xforce.iss.net/static/5370.php


Name: CVE-2000-1004

Description:
Format string vulnerability in OpenBSD photurisd allows local users to execute arbitrary commands via a configuration file directory name that contains formatting characters.

Status: Entry
Reference: BUGTRAQ:20001004 Re: OpenBSD Security Advisory
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97068555106135&w=2
Reference: XF:bsd-photurisd-format
Reference: URL:http://xforce.iss.net/static/5336.php
Reference: OSVDB:6123
Reference: URL:http://www.osvdb.org/6123


Name: CVE-2000-1005

Description:
Directory traversal vulnerability in html_web_store.cgi and web_store.cgi CGI programs in eXtropia WebStore allows remote attackers to read arbitrary files via a .. (dot dot) attack on the page parameter.

Status: Entry
Reference: BUGTRAQ:20001009 Security Advisory : eXtropia WebStore (web_store.cgi) Directory Traversal Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/138495
Reference: BID:1774
Reference: URL:http://www.securityfocus.com/bid/1774
Reference: XF:extropia-webstore-fileread
Reference: URL:http://xforce.iss.net/static/5347.php


Name: CVE-2000-1006

Description:
Microsoft Exchange Server 5.5 does not properly handle a MIME header with a blank charset specified, which allows remote attackers to cause a denial of service via a charset="" command, aka the "Malformed MIME Header" vulnerability.

Status: Entry
Reference: MS:MS00-082
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-082.asp
Reference: XF:ms-exchange-mime-dos
Reference: URL:http://xforce.iss.net/static/5448.php
Reference: BID:1869
Reference: URL:http://www.securityfocus.com/bid/1869


Name: CVE-2000-1007

Description:
I-gear 3.5.7 and earlier does not properly process log entries in which a URL is longer than 255 characters, which allows an attacker to cause reporting errors.

Status: Entry
Reference: NTBUGTRAQ:20001025 I-gear 3.5.x for Microsoft Proxy logging vulnerability + temporary fix.
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q4/0048.html
Reference: XF:igear-invalid-log(5791)
Reference: URL:http://xforce.iss.net/static/5791.php


Name: CVE-2000-1010

Description:
Format string vulnerability in talkd in OpenBSD and possibly other BSD-based OSes allows remote attackers to execute arbitrary commands via a user name that contains format characters.

Status: Entry
Reference: BUGTRAQ:20001006 talkd [WAS: Re: OpenBSD Security Advisory]
Reference: URL:http://www.securityfocus.com/archive/1/137890
Reference: BID:1764
Reference: URL:http://www.securityfocus.com/bid/1764
Reference: XF:linux-talkd-overwrite-root
Reference: URL:http://xforce.iss.net/static/5344.php


Name: CVE-2000-1011

Description:
Buffer overflow in catopen() function in FreeBSD 5.0 and earlier, and possibly other OSes, allows local users to gain root privileges via a long environmental variable.

Status: Entry
Reference: FREEBSD:FreeBSD-SA-00:53
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:53.catopen.asc
Reference: XF:freebsd-catopen-bo
Reference: URL:http://xforce.iss.net/static/5638.php
Reference: OSVDB:6070
Reference: URL:http://www.osvdb.org/6070


Name: CVE-2000-1014

Description:
Format string vulnerability in the search97.cgi CGI script in SCO help http server for Unixware 7 allows remote attackers to execute arbitrary commands via format characters in the queryText parameter.

Status: Entry
Reference: BUGTRAQ:20000927 Unixware SCOhelp http server format string vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0325.html
Reference: BID:1717
Reference: URL:http://www.securityfocus.com/bid/1717
Reference: XF:unixware-scohelp-format
Reference: URL:http://xforce.iss.net/static/5291.php
Reference: OSVDB:3240
Reference: URL:http://www.osvdb.org/3240


Name: CVE-2000-1016

Description:
The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.

Status: Entry
Reference: BUGTRAQ:20000921 httpd.conf in Suse 6.4
Reference: URL:http://www.securityfocus.com/archive/1/84360
Reference: BID:1707
Reference: URL:http://www.securityfocus.com/bid/1707
Reference: XF:suse-installed-packages-exposed
Reference: URL:http://xforce.iss.net/static/5276.php


Name: CVE-2000-1018

Description:
shred 1.0 file wiping utility does not properly open a file for overwriting or flush its buffers, which prevents shred from properly replacing the file's data and allows local users to recover the file.

Status: Entry
Reference: BUGTRAQ:20001010 Shred 1.0 Bug Report
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97119799515246&w=2
Reference: BUGTRAQ:20001011 Shred v1.0 Fix
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97131166004145&w=2
Reference: BID:1788
Reference: URL:http://www.securityfocus.com/bid/1788
Reference: XF:shred-recover-files
Reference: URL:http://xforce.iss.net/static/5722.php


Name: CVE-2000-1019

Description:
Search engine in Ultraseek 3.1 and 3.1.10 (aka Inktomi Search) allows remote attackers to cause a denial of service via a malformed URL.

Status: Entry
Reference: BUGTRAQ:20001030 Ultraseek 3.1.x Remote DoS Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97301487015664&w=2
Reference: BID:1866
Reference: URL:http://www.securityfocus.com/bid/1866
Reference: XF:ultraseek-malformed-url-dos
Reference: URL:http://xforce.iss.net/static/5439.php


Name: CVE-2000-1022

Description:
The mailguard feature in Cisco Secure PIX Firewall 5.2(2) and earlier does not properly restrict access to SMTP commands, which allows remote attackers to execute restricted commands by sending a DATA command before sending the restricted commands.

Status: Entry
Reference: BUGTRAQ:20000919 Cisco PIX Firewall (smtp content filtering hack)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0222.html
Reference: BUGTRAQ:20000920 Re: Cisco PIX Firewall (smtp content filtering hack) - Version 4.2(1) not exploitable
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0241.html
Reference: CISCO:20001005 Cisco Secure PIX Firewall Mailguard Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/PIXfirewallSMTPfilter-pub.shtml
Reference: BID:1698
Reference: URL:http://www.securityfocus.com/bid/1698
Reference: XF:cisco-pix-smtp-filtering
Reference: URL:http://xforce.iss.net/static/5277.php


Name: CVE-2000-1024

Description:
eWave ServletExec 3.0C and earlier does not restrict access to the UploadServlet Java/JSP servlet, which allows remote attackers to upload files and execute arbitrary commands.

Status: Entry
Reference: BUGTRAQ:20001101 Unify eWave ServletExec upload
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97306581513537&w=2
Reference: BID:1876
Reference: URL:http://www.securityfocus.com/bid/1876
Reference: XF:ewave-servletexec-file-upload
Reference: URL:http://xforce.iss.net/static/5450.php


Name: CVE-2000-1026

Description:
Multiple buffer overflows in LBNL tcpdump allow remote attackers to execute arbitrary commands.

Status: Entry
Reference: FREEBSD:FreeBSD-SA-00:61
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:61.tcpdump.v1.1.asc
Reference: SUSE:SuSE-SA:2000:46
Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2000-q4/0681.html
Reference: DEBIAN:20001120a
Reference: BID:1870
Reference: URL:http://www.securityfocus.com/bid/1870
Reference: XF:tcpdump-afs-packet-overflow(5480)
Reference: URL:http://xforce.iss.net/xforce/xfdb/5480


Name: CVE-2000-1027

Description:
Cisco Secure PIX Firewall 5.2(2) allows remote attackers to determine the real IP address of a target FTP server by flooding the server with PASV requests, which includes the real IP address in the response when passive mode is established.

Status: Entry
Reference: BUGTRAQ:20001003 Cisco PIX Firewall allow external users to discover internal IPs
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97059440000367&w=2
Reference: BID:1877
Reference: URL:http://www.securityfocus.com/bid/1877
Reference: XF:cisco-pix-reveal-address
Reference: URL:http://xforce.iss.net/static/5646.php
Reference: OSVDB:1623
Reference: URL:http://www.osvdb.org/1623


Name: CVE-2000-1031

Description:
Buffer overflow in dtterm in HP-UX 11.0 and HP Tru64 UNIX 4.0f through 5.1a allows local users to execute arbitrary code via a long -tn option.

Status: Entry
Reference: BUGTRAQ:20000810 Re: Possible vulnerability in HPUX ( Add vulnerability List )
Reference: URL:http://www.securityfocus.com/archive/1/75188
Reference: BUGTRAQ:20020902 Happy Labor Day from Snosoft
Reference: URL:http://www.securityfocus.com/archive/1/290115
Reference: FULLDISC:20020919 iDEFENSE OSF1/Tru64 3.x vuln clarification
Reference: URL:http://archives.neohapsis.com/archives/fulldisclosure/2002-q3/1203.html
Reference: BUGTRAQ:20020919 iDEFENSE OSF1/Tru64 3.x vuln clarification
Reference: URL:http://archives.neohapsis.com/archives/fulldisclosure/2002-q3/1203.html
Reference: HP:HPSBUX0011-128
Reference: URL:http://archives.neohapsis.com/archives/hp/2000-q4/0034.html
Reference: HP:SSRT2275
Reference: URL:http://wwss1pro.compaq.com/support/reference_library/viewdocument.asp?source=SRB0039W.xml&dt=11
Reference: HP:SSRT2280
Reference: CERT-VN:VU#320067
Reference: URL:http://www.kb.cert.org/vuls/id/320067
Reference: BID:1889
Reference: URL:http://www.securityfocus.com/bid/1889
Reference: XF:hp-dtterm(5461)
Reference: URL:http://xforce.iss.net/xforce/xfdb/5461


Name: CVE-2000-1032

Description:
The client authentication interface for Check Point Firewall-1 4.0 and earlier generates different error messages for invalid usernames versus invalid passwords, which allows remote attackers to identify valid usernames on the firewall.

Status: Entry
Reference: BUGTRAQ:20001101 Re: Samba 2.0.7 SWAT vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/142808
Reference: BID:1890
Reference: URL:http://www.securityfocus.com/bid/1890
Reference: XF:fw1-login-response(5816)
Reference: URL:http://xforce.iss.net/xforce/xfdb/5816
Reference: OSVDB:1632
Reference: URL:http://www.osvdb.org/1632


Name: CVE-2000-1034

Description:
Buffer overflow in the System Monitor ActiveX control in Windows 2000 allows remote attackers to execute arbitrary commands via a long LogFileName parameter in HTML source code, aka the "ActiveX Parameter Validation" vulnerability.

Status: Entry
Reference: BUGTRAQ:20001106 System Monitor ActiveX Buffer Overflow Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97349782305448&w=2
Reference: MS:MS00-085
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-085.asp
Reference: BID:1899
Reference: URL:http://www.securityfocus.com/bid/1899
Reference: XF:system-monitor-activex-bo(5467)
Reference: URL:http://xforce.iss.net/xforce/xfdb/5467


Name: CVE-2000-1036

Description:
Directory traversal vulnerability in Extent RBS ISP web server allows remote attackers to read sensitive information via a .. (dot dot) attack on the Image parameter.

Status: Entry
Reference: BUGTRAQ:20000920 Extent RBS directory Transversal.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0252.html
Reference: BID:1704
Reference: URL:http://www.securityfocus.com/bid/1704
Reference: XF:rbs-isp-directory-traversal
Reference: URL:http://xforce.iss.net/static/5275.php


Name: CVE-2000-1038

Description:
The web administration interface for IBM AS/400 Firewall allows remote attackers to cause a denial of service via an empty GET request.

Status: Entry
Reference: AIXAPAR:SA90544
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=SA90544&apar=only
Reference: CONFIRM:http://as400service.rochester.ibm.com/n_dir/nas4apar.NSF/5ec6cdc6ab42894a862568f90073c74a/9ce636030a58807186256955003d128d?OpenDocument
Reference: XF:as400-firewall-dos
Reference: URL:http://xforce.iss.net/static/5266.php


Name: CVE-2000-1040

Description:
Format string vulnerability in logging function of ypbind 3.3, while running in debug mode, leaks file descriptors and allows an attacker to cause a denial of service.

Status: Entry
Reference: DEBIAN:20001014 nis: local exploit
Reference: URL:http://www.debian.org/security/2000/20001014
Reference: MANDRAKE:MDKSA-2000:064
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-064.php3?dis=7.1
Reference: SUSE:SuSE-SA:2000:042
Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2000-q4/0262.html
Reference: REDHAT:RHSA-2000:086
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-086.html
Reference: CALDERA:CSSA-2000-039.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-039.0.txt
Reference: BUGTRAQ:20001025 Immunix OS Security Update for ypbind package
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0356.html
Reference: BUGTRAQ:20001030 Trustix Security Advisory - ping gnupg ypbind
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0429.html
Reference: XF:ypbind-printf-format-string
Reference: URL:http://xforce.iss.net/static/5394.php
Reference: BID:1820
Reference: URL:http://www.securityfocus.com/bid/1820


Name: CVE-2000-1041

Description:
Buffer overflow in ypbind 3.3 possibly allows an attacker to gain root privileges.

Status: Entry
Reference: MANDRAKE:MDKSA-2000:064
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-064.php3?dis=7.1
Reference: SUSE:SuSE-SA:2000:042
Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2000-q4/0262.html
Reference: CALDERA:CSSA-2000-039.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-039.0.txt
Reference: XF:ypbind-remote-bo
Reference: URL:http://xforce.iss.net/static/5759.php


Name: CVE-2000-1042

Description:
Buffer overflow in ypserv in Mandrake Linux 7.1 and earlier, and possibly other Linux operating systems, allows an attacker to gain root privileges when ypserv is built without a vsyslog() function.

Status: Entry
Reference: MANDRAKE:MDKSA-2000:064
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-064.php3?dis=7.1
Reference: XF:linux-ypserv-bo
Reference: URL:http://xforce.iss.net/static/5730.php


Name: CVE-2000-1043

Description:
Format string vulnerability in ypserv in Mandrake Linux 7.1 and earlier, and possibly other Linux operating systems, allows an attacker to gain root privileges when ypserv is built without a vsyslog() function.

Status: Entry
Reference: MANDRAKE:MDKSA-2000:064
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-064.php3?dis=7.1
Reference: XF:linux-ypserv-format-string
Reference: URL:http://xforce.iss.net/static/5731.php


Name: CVE-2000-1044

Description:
Format string vulnerability in ypbind-mt in SuSE SuSE-6.2, and possibly other Linux operating systems, allows an attacker to gain root privileges.

Status: Entry
Reference: SUSE:SuSE-SA:2000:042
Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2000-q4/0262.html
Reference: BID:1820
Reference: URL:http://www.securityfocus.com/bid/1820
Reference: XF:ypbind-printf-format-string
Reference: URL:http://xforce.iss.net/static/5394.php


Name: CVE-2000-1045

Description:
nss_ldap earlier than 121, when run with nscd (name service caching daemon), allows remote attackers to cause a denial of service via a flood of LDAP requests.

Status: Entry
Reference: REDHAT:RHSA-2000:024
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-024.html
Reference: MANDRAKE:MDKSA-2000-066
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-066-1.php3
Reference: BID:1863
Reference: URL:http://www.securityfocus.com/bid/1863
Reference: XF:nssldap-nscd-dos
Reference: URL:http://xforce.iss.net/static/5449.php


Name: CVE-2000-1047

Description:
Buffer overflow in SMTP service of Lotus Domino 5.0.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long ENVID keyword in the "MAIL FROM" command.

Status: Entry
Reference: BUGTRAQ:20001103 [SAFER] Buffer overflow in Lotus Domino SMTP Server
Reference: URL:http://www.securityfocus.com/archive/1/143071
Reference: XF:lotus-domino-smtp-envid(5488)
Reference: URL:http://xforce.iss.net/static/5488.php
Reference: BID:1905
Reference: URL:http://www.securityfocus.com/bid/1905
Reference: OSVDB:442
Reference: URL:http://www.osvdb.org/442


Name: CVE-2000-1049

Description:
Allaire JRun 3.0 http servlet server allows remote attackers to cause a denial of service via a URL that contains a long string of "." characters.

Status: Entry
Reference: BUGTRAQ:20001101 Allaire's JRUN DoS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97310314724964&w=2
Reference: ALLAIRE:ASB00-030
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=18085&Method=Full
Reference: XF:allaire-jrun-servlet-dos
Reference: URL:http://xforce.iss.net/static/5452.php


Name: CVE-2000-1050

Description:
Allaire JRun 3.0 http servlet server allows remote attackers to directly access the WEB-INF directory via a URL request that contains an extra "/" in the beginning of the request (aka the "extra leading slash").

Status: Entry
Reference: BUGTRAQ:20001023 Allaire's JRUN Unauthenticated Access to WEB-INF directory
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97236316510117&w=2
Reference: ALLAIRE:ASB00-027
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=17966&Method=Full
Reference: XF:allaire-jrun-webinf-access
Reference: URL:http://xforce.iss.net/static/5407.php
Reference: OSVDB:500
Reference: URL:http://www.osvdb.org/500


Name: CVE-2000-1051

Description:
Directory traversal vulnerability in Allaire JRun 2.3 server allows remote attackers to read arbitrary files via the SSIFilter servlet.

Status: Entry
Reference: BUGTRAQ:20001023 Allaire JRUN 2.3 Arbitrary File Retrieval
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97236692714978&w=2
Reference: ALLAIRE:ASB00-028
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=17968&Method=Full
Reference: XF:allaire-jrun-ssifilter-url
Reference: URL:http://xforce.iss.net/static/5405.php


Name: CVE-2000-1054

Description:
Buffer overflow in CSAdmin module in CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large packet.

Status: Entry
Reference: CISCO:20000921 Multiple Vulnerabilities in CiscoSecure ACS for Windows NT Server
Reference: URL:http://www.cisco.com/warp/public/707/csecureacsnt-pub.shtml
Reference: BID:1705
Reference: URL:http://www.securityfocus.com/bid/1705
Reference: XF:ciscosecure-csadmin-bo
Reference: URL:http://xforce.iss.net/static/5272.php


Name: CVE-2000-1055

Description:
Buffer overflow in CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large TACACS+ packet.

Status: Entry
Reference: CISCO:20000921 Multiple Vulnerabilities in CiscoSecure ACS for Windows NT Server
Reference: URL:http://www.cisco.com/warp/public/707/csecureacsnt-pub.shtml
Reference: BID:1706
Reference: URL:http://www.securityfocus.com/bid/1706
Reference: XF:ciscosecure-tacacs-dos
Reference: URL:http://xforce.iss.net/static/5273.php
Reference: OSVDB:1569
Reference: URL:http://www.osvdb.org/1569


Name: CVE-2000-1056

Description:
CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to bypass LDAP authentication on the server if the LDAP server allows null passwords.

Status: Entry
Reference: CISCO:20000921 Multiple Vulnerabilities in CiscoSecure ACS for Windows NT Server
Reference: URL:http://www.cisco.com/warp/public/707/csecureacsnt-pub.shtml
Reference: BID:1708
Reference: URL:http://www.securityfocus.com/bid/1708
Reference: XF:ciscosecure-ldap-bypass-authentication
Reference: URL:http://xforce.iss.net/static/5274.php


Name: CVE-2000-1057

Description:
Vulnerabilities in database configuration scripts in HP OpenView Network Node Manager (NNM) 6.1 and earlier allows local users to gain privileges, possibly via insecure permissions.

Status: Entry
Reference: HP:HPSBUX0009-120
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0140.html
Reference: BID:1682
Reference: URL:http://www.securityfocus.com/bid/1682
Reference: XF:hp-openview-nnm-scripts
Reference: URL:http://xforce.iss.net/static/5229.php


Name: CVE-2000-1058

Description:
Buffer overflow in OverView5 CGI program in HP OpenView Network Node Manager (NNM) 6.1 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, in the SNMP service (snmp.exe), aka the "Java SNMP MIB Browser Object ID parsing problem."

Status: Entry
Reference: BUGTRAQ:20000926 DST2K0014: BufferOverrun in HP Openview Network Node Manager v6.1 (Round2)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97004856403173&w=2
Reference: HP:HPSBUX0009-121
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0274.html
Reference: XF:openview-nmm-snmp-bo
Reference: URL:http://xforce.iss.net/static/5282.php


Name: CVE-2000-1059

Description:
The default configuration of the Xsession file in Mandrake Linux 7.1 and 7.0 bypasses the Xauthority access control mechanism with an "xhost + localhost" command, which allows local users to sniff X Windows events and gain privileges.

Status: Entry
Reference: BUGTRAQ:20000929 Mandrake 7.1 bypasses Xauthority X session security.
Reference: URL:http://www.securityfocus.com/archive/1/136495
Reference: MANDRAKE:MDKSA-2000:052
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-052.php3
Reference: BID:1735
Reference: URL:http://www.securityfocus.com/bid/1735
Reference: XF:xinitrc-bypass-xauthority
Reference: URL:http://xforce.iss.net/static/5305.php


Name: CVE-2000-1060

Description:
The default configuration of XFCE 3.5.1 bypasses the Xauthority access control mechanism with an "xhost + localhost" command in the xinitrc program, which allows local users to sniff X Windows traffic and gain privileges.

Status: Entry
Reference: BUGTRAQ:20001002 Local vulnerability in XFCE 3.5.1
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0022.html
Reference: FREEBSD:FreeBSD-SA-00:65
Reference: BID:1736
Reference: URL:http://www.securityfocus.com/bid/1736
Reference: XF:xinitrc-bypass-xauthority
Reference: URL:http://xforce.iss.net/static/5305.php


Name: CVE-2000-1061

Description:
Microsoft Virtual Machine (VM) in Internet Explorer 4.x and 5.x allows an unsigned applet to create and use ActiveX controls, which allows a remote attacker to bypass Internet Explorer's security settings and execute arbitrary commands via a malicious web page or email, aka the "Microsoft VM ActiveX Component" vulnerability.

Status: Entry
Reference: MS:MS00-075
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-075.asp
Reference: XF:java-vm-applet
Reference: URL:http://xforce.iss.net/static/5127.php


Name: CVE-2000-1068

Description:
pollit.cgi in Poll It 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the poll_options parameter.

Status: Entry
Reference: BUGTRAQ:20001023 Re: Poll It v2.0 cgi (again)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97236719315352&w=2
Reference: CONFIRM:http://www.cgi-world.com/pollit.html
Reference: XF:pollit-polloptions-execute-commands
Reference: URL:http://xforce.iss.net/static/5792.php


Name: CVE-2000-1069

Description:
pollit.cgi in Poll It 2.01 and earlier allows remote attackers to access administrative functions without knowing the real password by specifying the same value to the entered_password and admin_password parameters.

Status: Entry
Reference: BUGTRAQ:20001023 Re: Poll It v2.0 cgi (again)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97236719315352&w=2
Reference: XF:pollit-admin-password-var
Reference: URL:http://xforce.iss.net/static/5419.php


Name: CVE-2000-1070

Description:
pollit.cgi in Poll It 2.01 and earlier uses data files that are located under the web document root, which allows remote attackers to access sensitive or private information.

Status: Entry
Reference: BUGTRAQ:20001023 Re: Poll It v2.0 cgi (again)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97236719315352&w=2
Reference: XF:pollit-webroot-gain-access
Reference: URL:http://xforce.iss.net/static/5794.php


Name: CVE-2000-1071

Description:
The GUI installation for iCal 2.1 Patch 2 disables access control for the X server using an "xhost +" command, which allows remote attackers to monitor X Windows events and gain privileges.

Status: Entry
Reference: ATSTAKE:A100900-1
Reference: URL:http://www.atstake.com/research/advisories/2000/a100900-1.txt
Reference: BID:1767
Reference: URL:http://www.securityfocus.com/bid/1767
Reference: XF:ical-xhost-gain-privileges
Reference: URL:http://xforce.iss.net/static/5752.php
Reference: OSVDB:7213
Reference: URL:http://www.osvdb.org/7213


Name: CVE-2000-1072

Description:
iCal 2.1 Patch 2 installs many files with world-writeable permissions, which allows local users to modify the iCal configuration and execute arbitrary commands by replacing the iplncal.sh program with a Trojan horse.

Status: Entry
Reference: ATSTAKE:A100900-1
Reference: URL:http://www.atstake.com/research/advisories/2000/a100900-1.txt
Reference: BID:1768
Reference: URL:http://www.securityfocus.com/bid/1768
Reference: XF:ical-iplncal-gain-access
Reference: URL:http://xforce.iss.net/static/5756.php
Reference: OSVDB:7212
Reference: URL:http://www.osvdb.org/7212


Name: CVE-2000-1073

Description:
csstart program in iCal 2.1 Patch 2 searches for the cshttpd program in the current working directory, which allows local users to gain root privileges by creating a Trojan Horse cshttpd program in a directory and calling csstart from that directory.

Status: Entry
Reference: ATSTAKE:A100900-1
Reference: URL:http://www.atstake.com/research/advisories/2000/a100900-1.txt
Reference: BID:1769
Reference: URL:http://www.securityfocus.com/bid/1769
Reference: XF:ical-csstart-gain-access
Reference: URL:http://xforce.iss.net/static/5757.php
Reference: OSVDB:7210
Reference: URL:http://www.osvdb.org/7210


Name: CVE-2000-1074

Description:
csstart program in iCal 2.1 Patch 2 uses relative pathnames to install the libsocket and libnsl libraries, which could allow the icsuser account to gain root privileges by creating a Trojan Horse library in the current or parent directory.

Status: Entry
Reference: ATSTAKE:A100900-1
Reference: URL:http://www.atstake.com/research/advisories/2000/a100900-1.txt
Reference: BID:1769
Reference: URL:http://www.securityfocus.com/bid/1769
Reference: XF:ical-csstart-gain-access
Reference: URL:http://xforce.iss.net/static/5757.php
Reference: OSVDB:7209
Reference: URL:http://www.osvdb.org/7209


Name: CVE-2000-1075

Description:
Directory traversal vulnerability in iPlanet Certificate Management System 4.2 and Directory Server 4.12 allows remote attackers to read arbitrary files via a .. (dot dot) attack in the Agent, End Entity, or Administrator services.

Status: Entry
Reference: BUGTRAQ:20001026 [CORE SDI ADVISORY] iPlanet Certificate Management System 4.2 path traversal bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0383.html
Reference: CONFIRM:http://www.iplanet.com/downloads/patches/0122.html
Reference: BID:1839
Reference: URL:http://www.securityfocus.com/bid/1839
Reference: XF:iplanet-netscape-directory-traversal
Reference: URL:http://xforce.iss.net/static/5421.php
Reference: OSVDB:4086
Reference: URL:http://www.osvdb.org/4086
Reference: OSVDB:486
Reference: URL:http://www.osvdb.org/486


Name: CVE-2000-1077

Description:
Buffer overflow in the SHTML logging functionality of iPlanet Web Server 4.x allows remote attackers to execute arbitrary commands via a long filename with a .shtml extension.

Status: Entry
Reference: BUGTRAQ:20001026 Buffer overflow in iPlanet Web Server 4 server side SHTML parsing module
Reference: URL:http://www.securityfocus.com/archive/1/141435
Reference: XF:iplanet-web-server-shtml-bo
Reference: URL:http://xforce.iss.net/static/5446.php


Name: CVE-2000-1080

Description:
Quake 1 (quake1) and ProQuake 1.01 and earlier allow remote attackers to cause a denial of service via a malformed (empty) UDP packet.

Status: Entry
Reference: BUGTRAQ:20001102 dos on quake1 servers
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97318797630246&w=2
Reference: CONFIRM:http://proquake.ai.mit.edu/
Reference: BID:1900
Reference: URL:http://www.securityfocus.com/bid/1900
Reference: XF:quake-empty-udp-dos(5527)
Reference: URL:http://xforce.iss.net/xforce/xfdb/5527


Name: CVE-2000-1089

Description:
Buffer overflow in Microsoft Phone Book Service allows local users to execute arbitrary commands, aka the "Phone Book Service Buffer Overflow" vulnerability.

Status: Entry
Reference: ATSTAKE:A120400-1
Reference: URL:http://www.stake.com/research/advisories/2000/a120400-1.txt
Reference: MS:MS00-094
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-094.asp
Reference: BID:2048
Reference: URL:http://www.securityfocus.com/bid/2048
Reference: XF:phone-book-service-bo(5623)
Reference: URL:http://xforce.iss.net/xforce/xfdb/5623


Name: CVE-2000-1094

Description:
Buffer overflow in AOL Instant Messenger (AIM) before 4.3.2229 allows remote attackers to execute arbitrary commands via a "buddyicon" command with a long "src" argument.

Status: Entry
Reference: ATSTAKE:A121200-1
Reference: URL:http://www.atstake.com/research/advisories/2000/a121200-1.txt
Reference: BUGTRAQ:20001213 Administrivia & AOL IM Advisory
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97668265628917&w=2
Reference: BUGTRAQ:20001214 Re: AIM & @stake's advisory
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97683774417132&w=2
Reference: XF:aolim-buddyicon-bo
Reference: OSVDB:1692
Reference: URL:http://www.osvdb.org/1692


Name: CVE-2000-1095

Description:
modprobe in the modutils 2.3.x package on Linux systems allows a local user to execute arbitrary commands via shell metacharacters.

Status: Entry
Reference: BUGTRAQ:20001112 RedHat 7.0 (and SuSE): modutils + netkit = root compromise. (fwd)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0179.html
Reference: SUSE:SuSE-SA:2000:44
Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2000-q4/0596.html
Reference: MANDRAKE:MDKSA-2000:071
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-071-1.php3?dis=7.1
Reference: REDHAT:RHSA-2000:108
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-108.html
Reference: DEBIAN:20001120 modutils: local exploit
Reference: URL:http://www.debian.org/security/2000/20001120
Reference: CONECTIVA:CLSA-2000:340
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000340
Reference: BID:1936
Reference: URL:http://www.securityfocus.com/bid/1936
Reference: XF:linux-modprobe-execute-code
Reference: URL:http://xforce.iss.net/static/5516.php


Name: CVE-2000-1096

Description:
crontab by Paul Vixie uses predictable file names for a temporary file and does not properly ensure that the file is owned by the user executing the crontab -e command, which allows local users with write access to the crontab spool directory to execute arbitrary commands by creating world-writeable temporary files and modifying them while the victim is editing the file.

Status: Entry
Reference: BUGTRAQ:20001116 vixie cron...
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0237.html
Reference: DEBIAN:20001118a
Reference: BID:1960
Reference: URL:http://www.securityfocus.com/bid/1960
Reference: XF:vixie-cron-execute-commands(5543)
Reference: URL:http://xforce.iss.net/xforce/xfdb/5543


Name: CVE-2000-1097

Description:
The web server for the SonicWALL SOHO firewall allows remote attackers to cause a denial of service via a long username in the authentication page.

Status: Entry
Reference: BUGTRAQ:20001129 DoS in Sonicwall SOHO firewall
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0406.html
Reference: BUGTRAQ:20001201 FW: SonicWALL SOHO Vulnerability (fwd)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0435.html
Reference: BID:2013
Reference: URL:http://www.securityfocus.com/bid/2013
Reference: XF:sonicwall-soho-dos(5596)
Reference: URL:http://xforce.iss.net/xforce/xfdb/5596
Reference: OSVDB:1667
Reference: URL:http://www.osvdb.org/1667


Name: CVE-2000-1099

Description:
Java Runtime Environment in Java Development Kit (JDK) 1.2.2_05 and earlier can allow an untrusted Java class to call into a disallowed class, which could allow an attacker to escape the Java sandbox and conduct unauthorized activities.

Status: Entry
Reference: SUN:00199
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/199&type=0&nav=sec.sba
Reference: HP:HPSBUX0011-132
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0011-132
Reference: XF:jdk-untrusted-java-class(5605)
Reference: URL:http://xforce.iss.net/xforce/xfdb/5605
Reference: OSVDB:7255
Reference: URL:http://www.osvdb.org/7255


Name: CVE-2000-1101

Description:
Directory traversal vulnerability in Winsock FTPd (WFTPD) 3.00 and 2.41 with the "Restrict to home directory" option enabled allows local users to escape the home directory via a "/../" string, a variation of the .. (dot dot) attack.

Status: Entry
Reference: BUGTRAQ:20001127 Vulnerability in Winsock FTPD 2.41/3.00 (Pro)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0386.html
Reference: BID:2005
Reference: URL:http://www.securityfocus.com/bid/2005
Reference: XF:wftpd-dir-traverse(5608)
Reference: URL:http://www.iss.net/security_center/static/5608.php


Name: CVE-2000-1106

Description:
Trend Micro InterScan VirusWall creates an "Intscan" share to the "InterScan" directory with permissions that grant Full Control permissions to the Everyone group, which allows attackers to gain privileges by modifying the VirusWall programs.

Status: Entry
Reference: BUGTRAQ:20001128 TrendMicro InterScan VirusWall shared folder problem
Reference: URL:http://www.securityfocus.com/archive/1/147563
Reference: BUGTRAQ:20001201 Responding to BugTraq ID 2014 - "Trend Micro InterScan VirusWall Shared Directory Vulnerability"
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0016.html
Reference: BID:2014
Reference: URL:http://www.securityfocus.com/bid/2014
Reference: XF:interscan-viruswall-unauth-access
Reference: URL:http://xforce.iss.net/static/5606.php


Name: CVE-2000-1107

Description:
in.identd ident server in SuSE Linux 6.x and 7.0 allows remote attackers to cause a denial of service via a long request, which causes the server to access a NULL pointer and crash.

Status: Entry
Reference: BUGTRAQ:20001128 SuSE Linux 6.x 7.0 Ident buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0387.html
Reference: BID:2015
Reference: URL:http://www.securityfocus.com/bid/2015
Reference: XF:linux-ident-bo
Reference: URL:http://xforce.iss.net/static/5590.php


Name: CVE-2000-1108

Description:
cons.saver in Midnight Commander (mc) 4.5.42 and earlier does not properly verify if an output file descriptor is a TTY, which allows local users to corrupt files by creating a symbolic link to the target file, calling mc, and specifying that link as a TTY argument.

Status: Entry
Reference: BUGTRAQ:20001113 Problems with cons.saver
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0192.html
Reference: DEBIAN:20001125 mc: local DoS
Reference: URL:http://www.debian.org/security/2000/20001125
Reference: MANDRAKE:MDKSA-2000:078
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-078.php3
Reference: BID:1945
Reference: URL:http://www.securityfocus.com/bid/1945
Reference: XF:midnight-commander-conssaver-symlink(5519)
Reference: URL:http://xforce.iss.net/xforce/xfdb/5519


Name: CVE-2000-1109

Description:
Midnight Commander (mc) 4.5.51 and earlier does not properly process malformed directory names when a user opens a directory, which allows other local users to gain privileges by creating directories that contain special characters followed by the commands to be executed.

Status: Entry
Reference: BUGTRAQ:20001127 Midnight Commander
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0373.html
Reference: DEBIAN:DSA-036
Reference: URL:http://www.debian.org/security/2001/dsa-036
Reference: SUSE:SuSE-SA:2001:11
Reference: URL:http://www.novell.com/linux/security/advisories/2001_011_mc.html
Reference: BID:2016
Reference: URL:http://www.securityfocus.com/bid/2016
Reference: XF:midnight-commander-elevate-privileges(5929)
Reference: URL:http://xforce.iss.net/static/5929.php


Name: CVE-2000-1111

Description:
Telnet Service for Windows 2000 Professional does not properly terminate incomplete connection attempts, which allows remote attackers to cause a denial of service by connecting to the server and not providing any input.

Status: Entry
Reference: BUGTRAQ:20001129 Windows 2000 Telnet Service DoS
Reference: URL:http://www.securityfocus.com/archive/1/147914
Reference: BID:2018
Reference: URL:http://www.securityfocus.com/bid/2018
Reference: XF:win2k-telnet-dos(5598)
Reference: URL:http://xforce.iss.net/static/5598.php


Name: CVE-2000-1112

Description:
Microsoft Windows Media Player 7 executes scripts in custom skin (.WMS) files, which could allow remote attackers to gain privileges via a skin that contains a malicious script, aka the ".WMS Script Execution" vulnerability.

Status: Entry
Reference: MS:MS00-090
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-090.asp
Reference: BID:1976
Reference: URL:http://www.securityfocus.com/bid/1976
Reference: XF:mediaplayer-wms-script-exe
Reference: URL:http://xforce.iss.net/static/5575.php


Name: CVE-2000-1113

Description:
Buffer overflow in Microsoft Windows Media Player allows remote attackers to execute arbitrary commands via a malformed Active Stream Redirector (.ASX) file, aka the ".ASX Buffer Overrun" vulnerability.

Status: Entry
Reference: ATSTAKE:A112300-1
Reference: URL:http://www.atstake.com/research/advisories/2000/a112300-1.txt
Reference: MS:MS00-090
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-090.asp
Reference: BID:1980
Reference: URL:http://www.securityfocus.com/bid/1980
Reference: XF:mediaplayer-asx-bo
Reference: URL:http://xforce.iss.net/static/5574.php


Name: CVE-2000-1115

Description:
Buffer overflow in remote web administration component (webprox.dll) of 602Pro LAN SUITE before 2000.0.1.33 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.

Status: Entry
Reference: BUGTRAQ:20001122 602Pro Lan Suite Web Admin Overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0299.html
Reference: CONFIRM:http://www.software602.com/products/ls/support/newbuild.html
Reference: BID:1979
Reference: URL:http://www.securityfocus.com/bid/1979
Reference: XF:software602-lan-suite-bo
Reference: URL:http://xforce.iss.net/static/5583.php


Name: CVE-2000-1119

Description:
Buffer overflow in setsenv command in IBM AIX 4.3.x and earlier allows local users to execute arbitrary commands via a long "x=" argument.

Status: Entry
Reference: BUGTRAQ:20001201 Fixed local AIX V43 vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97569466809056&w=2
Reference: AIXAPAR:IY08812
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY08812&apar=only
Reference: AIXAPAR:IY10721
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY10721&apar=only
Reference: BID:2032
Reference: URL:http://www.securityfocus.com/bid/2032
Reference: XF:aix-setsenv-bo(5621)
Reference: URL:http://xforce.iss.net/xforce/xfdb/5621
Reference: OSVDB:1676
Reference: URL:http://www.osvdb.org/1676


Name: CVE-2000-1120

Description:
Buffer overflow in digest command in IBM AIX 4.3.x and earlier allows local users to execute arbitrary commands.

Status: Entry
Reference: BUGTRAQ:20001201 Fixed local AIX V43 vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97569466809056&w=2
Reference: AIXAPAR:IY08143
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY08143&apar=only
Reference: AIXAPAR:IY08287
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY08287&apar=only
Reference: BID:2033
Reference: URL:http://www.securityfocus.com/bid/2033
Reference: XF:aix-digest-bo(5620)
Reference: URL:http://xforce.iss.net/xforce/xfdb/5620


Name: CVE-2000-1121

Description:
Buffer overflow in enq command in IBM AIX 4.3.x and earlier may allow local users to execute arbitrary commands via a long -M argument.

Status: Entry
Reference: BUGTRAQ:20001201 Fixed local AIX V43 vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97569466809056&w=2
Reference: AIXAPAR:IY08143
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY08143&apar=only
Reference: AIXAPAR:IY08287
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY08287&apar=only
Reference: BID:2034
Reference: URL:http://www.securityfocus.com/bid/2034
Reference: XF:aix-enq-bo(5619)
Reference: URL:http://xforce.iss.net/xforce/xfdb/5619


Name: CVE-2000-1122

Description:
Buffer overflow in setclock command in IBM AIX 4.3.x and earlier may allow local users to execute arbitrary commands via a long argument.

Status: Entry
Reference: BUGTRAQ:20001201 Fixed local AIX V43 vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97569466809056&w=2
Reference: AIXAPAR:IY07831
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY07831&apar=only
Reference: AIXAPAR:IY07790
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY07790&apar=only
Reference: BID:2035
Reference: URL:http://www.securityfocus.com/bid/2035


Name: CVE-2000-1123

Description:
Buffer overflow in pioout command in IBM AIX 4.3.x and earlier may allow local users to execute arbitrary commands.

Status: Entry
Reference: BUGTRAQ:20001201 Fixed local AIX V43 vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97569466809056&w=2
Reference: AIXAPAR:IY12638
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY12638&apar=only
Reference: BID:2036
Reference: URL:http://www.securityfocus.com/bid/2036
Reference: XF:aix-pioout-bo
Reference: URL:http://xforce.iss.net/static/5617.php


Name: CVE-2000-1124

Description:
Buffer overflow in piobe command in IBM AIX 4.3.x allows local users to gain privileges via long environmental variables.

Status: Entry
Reference: BUGTRAQ:20001201 Fixed local AIX V43 vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97569466809056&w=2
Reference: AIXAPAR:IY12638
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY12638&apar=only
Reference: BID:2037
Reference: URL:http://www.securityfocus.com/bid/2037
Reference: XF:aix-piobe-bo(5616)
Reference: URL:http://xforce.iss.net/static/5616.php


Name: CVE-2000-1131

Description:
Bill Kendrick web site guestbook (GBook) allows remote attackers to execute arbitrary commands via shell metacharacters in the _MAILTO form variable.

Status: Entry
Reference: BUGTRAQ:20001110 [hacksware] gbook.cgi remote command execution vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0144.html
Reference: BID:1940
Reference: URL:http://www.securityfocus.com/bid/1940
Reference: XF:gbook-cgi-remote-execution
Reference: URL:http://xforce.iss.net/static/5509.php


Name: CVE-2000-1132

Description:
DCForum cgforum.cgi CGI script allows remote attackers to read arbitrary files, and delete the program itself, via a malformed "forum" variable.

Status: Entry
Reference: BUGTRAQ:20001114 Cgisecurity.com advisory on dcforum
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0218.html
Reference: BID:1951
Reference: URL:http://www.securityfocus.com/bid/1951
Reference: CONFIRM:http://www.dcscripts.com/dcforum/dcfNews/124.html#1
Reference: XF:dcforum-cgi-view-files(5533)
Reference: URL:http://xforce.iss.net/xforce/xfdb/5533
Reference: OSVDB:1646
Reference: URL:http://www.osvdb.org/1646


Name: CVE-2000-1135

Description:
fshd (fsh daemon) in Debian GNU/Linux allows local users to overwrite files of other users via a symlink attack.

Status: Entry
Reference: DEBIAN:20001130 DSA-002-1 fsh: symlink attack
Reference: URL:http://www.debian.org/security/2000/20001130
Reference: XF:linux-fsh-symlink(5633)
Reference: URL:http://xforce.iss.net/xforce/xfdb/5633
Reference: OSVDB:7208
Reference: URL:http://www.osvdb.org/7208


Name: CVE-2000-1136

Description:
elvis-tiny before 1.4-10 in Debian GNU/Linux, and possibly other Linux operating systems, allows local users to overwrite files of other users via a symlink attack.

Status: Entry
Reference: BUGTRAQ:20001122 New version of elvis-tiny released
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97502995616099&w=2
Reference: BID:1984
Reference: URL:http://www.securityfocus.com/bid/1984
Reference: XF:linux-tinyelvis-tmpfiles
Reference: URL:http://xforce.iss.net/static/5632.php


Name: CVE-2000-1137

Description:
GNU ed before 0.2-18.1 allows local users to overwrite the files of other users via a symlink attack.

Status: Entry
Reference: DEBIAN:20001129 DSA-001-1 ed: symlink attack
Reference: URL:http://www.debian.org/security/2000/20001129
Reference: MANDRAKE:MDKSA-2000:076
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-076.php3
Reference: REDHAT:RHSA-2000:123
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-123.html
Reference: BUGTRAQ:20001211 Immunix OS Security update for ed
Reference: CONECTIVA:CLA-2000:359-2
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000359
Reference: XF:gnu-ed-symlink(5723)
Reference: URL:http://xforce.iss.net/xforce/xfdb/5723
Reference: OSVDB:6491
Reference: URL:http://www.osvdb.org/6491


Name: CVE-2000-1139

Description:
The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known password, which could allow attackers to gain privileges, aka the "Exchange User Account" vulnerability.

Status: Entry
Reference: MS:MS00-088
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-088.asp
Reference: BID:1958
Reference: URL:http://www.securityfocus.com/bid/1958
Reference: XF:ms-exchange-username-pwd(5537)
Reference: URL:http://xforce.iss.net/xforce/xfdb/5537


Name: CVE-2000-1140

Description:
Recourse ManTrap 1.6 does not properly hide processes from attackers, which could allow attackers to determine that they are in a honeypot system by comparing the results from kill commands with the process listing in the /proc filesystem.

Status: Entry
Reference: BUGTRAQ:20001102 Mantrap By Recourse Technologies - Fate Advisory (11-01-00)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0041.html
Reference: BUGTRAQ:20001107 Vendor Response Re: Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0100.html
Reference: BID:1908
Reference: URL:http://www.securityfocus.com/bid/1908
Reference: XF:mantrap-hidden-processes
Reference: URL:http://xforce.iss.net/static/5473.php


Name: CVE-2000-1141

Description:
Recourse ManTrap 1.6 modifies the kernel so that ".." does not appear in the /proc listing, which allows attackers to determine that they are in a honeypot system.

Status: Entry
Reference: BUGTRAQ:20001102 Mantrap By Recourse Technologies - Fate Advisory (11-01-00)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0041.html
Reference: BUGTRAQ:20001107 Vendor Response Re: Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0100.html
Reference: BUGTRAQ:20001105 Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97349791405580&w=2
Reference: XF:mantrap-hidden-processes
Reference: URL:http://xforce.iss.net/static/5473.php


Name: CVE-2000-1142

Description:
Recourse ManTrap 1.6 generates an error when an attacker cd's to /proc/self/cwd and executes the pwd command, which allows attackers to determine that they are in a honeypot system.

Status: Entry
Reference: BUGTRAQ:20001102 Mantrap By Recourse Technologies - Fate Advisory (11-01-00)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0041.html
Reference: BUGTRAQ:20001107 Vendor Response Re: Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0100.html
Reference: BUGTRAQ:20001105 Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97349791405580&w=2
Reference: XF:mantrap-pwd-reveal-information
Reference: URL:http://xforce.iss.net/static/5949.php


Name: CVE-2000-1143

Description:
Recourse ManTrap 1.6 hides the first 4 processes that run on a Solaris system, which allows attackers to determine that they are in a honeypot system.

Status: Entry
Reference: BUGTRAQ:20001102 Mantrap By Recourse Technologies - Fate Advisory (11-01-00)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0041.html
Reference: BUGTRAQ:20001107 Vendor Response Re: Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0100.html
Reference: BUGTRAQ:20001105 Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97349791405580&w=2
Reference: XF:mantrap-hidden-processes
Reference: URL:http://xforce.iss.net/static/5473.php


Name: CVE-2000-1144

Description:
Recourse ManTrap 1.6 sets up a chroot environment to hide the fact that it is running, but the inode number for the resulting "/" file system is higher than normal, which allows attackers to determine that they are in a chroot environment.

Status: Entry
Reference: BUGTRAQ:20001102 Mantrap By Recourse Technologies - Fate Advisory (11-01-00)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0041.html
Reference: BUGTRAQ:20001107 Vendor Response Re: Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0100.html
Reference: BID:1909
Reference: URL:http://www.securityfocus.com/bid/1909
Reference: BUGTRAQ:20001105 Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97349791405580&w=2
Reference: XF:mantrap-inode-disclosure
Reference: URL:http://xforce.iss.net/static/5472.php


Name: CVE-2000-1145

Description:
Recourse ManTrap 1.6 allows attackers who have gained root access to use utilities such as crash or fsdb to read /dev/mem and raw disk devices to identify ManTrap processes or modify arbitrary data files.

Status: Entry
Reference: BUGTRAQ:20001102 Mantrap By Recourse Technologies - Fate Advisory (11-01-00)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0041.html
Reference: BUGTRAQ:20001107 Vendor Response Re: Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0100.html
Reference: BUGTRAQ:20001105 Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97349791405580&w=2
Reference: XF:mantrap-identify-processes
Reference: URL:http://xforce.iss.net/static/5950.php


Name: CVE-2000-1146

Description:
Recourse ManTrap 1.6 allows attackers to cause a denial of service via a sequence of commands that navigate into and out of the /proc/self directory and executing various commands such as ls or pwd.

Status: Entry
Reference: BUGTRAQ:20001102 Mantrap By Recourse Technologies - Fate Advisory (11-01-00)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0041.html
Reference: BUGTRAQ:20001107 Vendor Response Re: Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0100.html
Reference: BID:1913
Reference: URL:http://www.securityfocus.com/bid/1913
Reference: BUGTRAQ:20001105 Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97349791405580&w=2
Reference: XF:mantrap-dir-dos
Reference: URL:http://xforce.iss.net/static/5528.php


Name: CVE-2000-1148

Description:
The installation of VolanoChatPro chat server sets world-readable permissions for its configuration file and stores the server administrator passwords in plaintext, which allows local users to gain privileges on the server.

Status: Entry
Reference: BUGTRAQ:20001104 Filesystem Access + VolanoChat = VChat admin (fwd)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0072.html
Reference: BUGTRAQ:20001106 Re: FW: Filesystem Access + VolanoChat = VChat admin (fwd)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0085.html
Reference: BID:1906
Reference: URL:http://www.securityfocus.com/bid/1906
Reference: XF:volanochatpro-plaintext-password
Reference: URL:http://xforce.iss.net/static/5465.php


Name: CVE-2000-1149

Description:
Buffer overflow in RegAPI.DLL used by Windows NT 4.0 Terminal Server allows remote attackers to execute arbitrary commands via a long username, aka the "Terminal Server Login Buffer Overflow" vulnerability.

Status: Entry
Reference: BUGTRAQ:20001108 [CORE SDI ADVISORY] MS NT4.0 Terminal Server Edition GINA buffer overflow
Reference: URL:http://www.securityfocus.com/archive/1/143991
Reference: MS:MS00-087
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-087.asp
Reference: BID:1924
Reference: URL:http://www.securityfocus.com/bid/1924
Reference: XF:nt-termserv-gina-bo
Reference: URL:http://xforce.iss.net/static/5489.php


Name: CVE-2000-1162

Description:
ghostscript before 5.10-16 allows local users to overwrite files of other users via a symlink attack.

Status: Entry
Reference: CALDERA:CSSA-2000-041
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-041.0.txt
Reference: MANDRAKE:MDKSA-2000:074
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-074.php3
Reference: CONECTIVA:CLSA-2000:343
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000343
Reference: REDHAT:RHSA-2000:114
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-114.html
Reference: DEBIAN:20001123 ghostscript: symlink attack
Reference: URL:http://www.debian.org/security/2000/20001123
Reference: BID:1990
Reference: URL:http://www.securityfocus.com/bid/1990
Reference: XF:ghostscript-sym-link
Reference: URL:http://xforce.iss.net/static/5563.php


Name: CVE-2000-1163

Description:
ghostscript before 5.10-16 uses an empty LD_RUN_PATH environmental variable to find libraries in the current directory, which could allow local users to execute commands as other users by placing a Trojan horse library into a directory from which another user executes ghostscript.

Status: Entry
Reference: CALDERA:CSSA-2000-041
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-041.0.txt
Reference: MANDRAKE:MDKSA-2000:074
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-074.php3
Reference: CONECTIVA:CLSA-2000:343
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000343
Reference: DEBIAN:20001123 ghostscript: symlink attack
Reference: URL:http://www.debian.org/security/2000/20001123
Reference: BID:1991
Reference: URL:http://www.securityfocus.com/bid/1991
Reference: XF:ghostscript-env-variable
Reference: URL:http://xforce.iss.net/static/5564.php


Name: CVE-2000-1164

Description:
WinVNC installs the WinVNC3 registry key with permissions that give Special Access (read and modify) to the Everybody group, which allows users to read and modify sensitive information such as passwords and gain access to the system.

Status: Entry
Reference: BUGTRAQ:20001118 WinVNC 3.3.x
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0253.html
Reference: BID:1961
Reference: URL:http://www.securityfocus.com/bid/1961
Reference: XF:winvnc-modify-registry(5545)
Reference: URL:http://xforce.iss.net/xforce/xfdb/5545


Name: CVE-2000-1165

Description:
Balabit syslog-ng allows remote attackers to cause a denial of service (application crash) via a malformed log message that does not have a closing > in the priority specifier.

Status: Entry
Reference: BUGTRAQ:20001122 DoS possibility in syslog-ng
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0300.html
Reference: FREEBSD:FreeBSD-SA-01:02
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:02.syslog-ng.asc
Reference: CONFIRM:http://www.balabit.hu/products/syslog-ng/
Reference: BID:1981
Reference: URL:http://www.securityfocus.com/bid/1981
Reference: XF:balabit-syslog-ng-dos(5576)
Reference: URL:http://xforce.iss.net/xforce/xfdb/5576


Name: CVE-2000-1166

Description:
Twig webmail system does not properly set the "vhosts" variable if it is not configured on the site, which allows remote attackers to insert arbitrary PHP (PHP3) code by specifying an alternate vhosts as an argument to the index.php3 program.

Status: Entry
Reference: BUGTRAQ:20001124 Security problems with TWIG webmail system
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0351.html
Reference: CONFIRM:http://twig.screwdriver.net/file.php3?file=CHANGELOG
Reference: BID:1998
Reference: URL:http://www.securityfocus.com/bid/1998
Reference: XF:twig-php3-script-execute(5581)
Reference: URL:http://xforce.iss.net/xforce/xfdb/5581


Name: CVE-2000-1167

Description:
ppp utility in FreeBSD 4.1.1 and earlier does not properly restrict access as specified by the "nat deny_incoming" command, which allows remote attackers to connect to the target system.

Status: Entry
Reference: FREEBSD:FreeBSD-SA-00:70
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:70.ppp-nat.asc
Reference: BID:1974
Reference: URL:http://www.securityfocus.com/bid/1974
Reference: XF:freebsd-ppp-bypass-gateway(5584)
Reference: URL:http://xforce.iss.net/xforce/xfdb/5584
Reference: OSVDB:1655
Reference: URL:http://www.osvdb.org/1655


Name: CVE-2000-1169

Description:
OpenSSH SSH client before 2.3.0 does not properly disable X11 or agent forwarding, which could allow a malicious SSH server to gain access to the X11 display and sniff X11 events, or gain access to the ssh-agent.

Status: Entry
Reference: BUGTRAQ:20001123 OpenSSH Security Advisory (adv.fwd)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0195.html
Reference: MANDRAKE:MDKSA-2000:068
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-068.php3
Reference: BUGTRAQ:20001115 Trustix Security Advisory - bind and openssh (and modutils)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0217.html
Reference: DEBIAN:20001118 openssh: possible remote exploit
Reference: URL:http://www.debian.org/security/2000/20001118
Reference: CONECTIVA:CLSA-2000:345
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000345
Reference: REDHAT:RHSA-2000:111
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-111.html
Reference: SUSE:SuSE-SA:2000:47
Reference: URL:http://lists.suse.com/archives/suse-security-announce/2000-Nov/0004.html
Reference: BID:1949
Reference: URL:http://www.securityfocus.com/bid/1949
Reference: XF:openssh-unauthorized-access(5517)
Reference: URL:http://xforce.iss.net/xforce/xfdb/5517
Reference: OSVDB:2114
Reference: URL:http://www.osvdb.org/2114
Reference: OSVDB:6248
Reference: URL:http://www.osvdb.org/6248


Name: CVE-2000-1170

Description:
Buffer overflow in Netsnap webcam HTTP server before 1.2.9 allows remote attackers to execute arbitrary commands via a long GET request.

Status: Entry
Reference: BUGTRAQ:20001115 Netsnap Webcam Software Remote Overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97439536016554&w=2
Reference: CONFIRM:http://www.netsnap.com/new.htm
Reference: BID:1956
Reference: URL:http://www.securityfocus.com/bid/1956
Reference: XF:netsnap-remote-bo(5534)
Reference: URL:http://xforce.iss.net/xforce/xfdb/5534


Name: CVE-2000-1171

Description:
Directory traversal vulnerability in cgiforum.pl script in CGIForum 1.0 allows remote attackers to ready arbitrary files via a .. (dot dot) attack in the "thesection" parameter.

Status: Entry
Reference: BUGTRAQ:20001120 CGIForum 1.0 Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0263.html
Reference: XF:cgiforum-view-files(5553)
Reference: URL:http://xforce.iss.net/xforce/xfdb/5553
Reference: BID:1963
Reference: URL:http://www.securityfocus.com/bid/1963


Name: CVE-2000-1174

Description:
Multiple buffer overflows in AFS ACL parser for Ethereal 0.8.13 and earlier allows remote attackers to execute arbitrary commands via a packet with a long username.

Status: Entry
Reference: BUGTRAQ:20001118 [hacksware] Ethereal 0.8.13 AFS ACL parsing buffer overflow bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0251.html
Reference: DEBIAN:20001121 ethereal: remote exploit
Reference: URL:http://www.debian.org/security/2000/20001122a
Reference: CONECTIVA:CLSA-2000:342
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000342
Reference: REDHAT:RHSA-2000:116
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-116.html
Reference: FREEBSD:FreeBSD-SA-00:81
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:81.ethereal.asc
Reference: XF:ethereal-afs-bo(5557)
Reference: URL:http://xforce.iss.net/xforce/xfdb/5557
Reference: BID:1972
Reference: URL:http://www.securityfocus.com/bid/1972


Name: CVE-2000-1178

Description:
Joe text editor follows symbolic links when creating a rescue copy called DEADJOE during an abnormal exit, which allows local users to overwrite the files of other users whose joe session crashes.

Status: Entry
Reference: BUGTRAQ:20001116 Joe's Own Editor File Link Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0227.html
Reference: REDHAT:RHSA-2000:110
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-110.html
Reference: MANDRAKE:MDKSA-2000:072
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-072.php3
Reference: CONECTIVA:CLA-2000:356
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000356
Reference: DEBIAN:20001122
Reference: DEBIAN:20001201 DSA-003-1 joe: symlink attack
Reference: URL:http://www.debian.org/security/2000/20001201
Reference: BUGTRAQ:20001121 Immunix OS Security update for joe
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97500174210821&w=2
Reference: BID:1959
Reference: URL:http://www.securityfocus.com/bid/1959
Reference: XF:joe-symlink-corruption(5546)
Reference: URL:http://xforce.iss.net/xforce/xfdb/5546


Name: CVE-2000-1179

Description:
Netopia ISDN Router 650-ST before 4.3.5 allows remote attackers to read system logs without authentication by directly connecting to the login screen and typing certain control characters.

Status: Entry
Reference: BUGTRAQ:20001115 Netopia ISDN Router 650-ST: Viewing of all system logs without login
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97440068130051&w=2
Reference: BID:1952
Reference: URL:http://www.securityfocus.com/bid/1952
Reference: XF:netopia-view-system-log(5536)
Reference: URL:http://xforce.iss.net/xforce/xfdb/5536


Name: CVE-2000-1180

Description:
Buffer overflow in cmctl program in Oracle 8.1.5 Connection Manager Control allows local users to gain privileges via a long command line argument.

Status: Entry
Reference: BUGTRAQ:20001120 vulnerability in Connection Manager Control binary in Oracle
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97474521003453&w=2
Reference: BUGTRAQ:20010118 Patch for Potential Security Vulnerability in Oracle Connection Manager Control
Reference: BID:1968
Reference: URL:http://www.securityfocus.com/bid/1968
Reference: XF:oracle-cmctl-bo(5551)
Reference: URL:http://xforce.iss.net/xforce/xfdb/5551


Name: CVE-2000-1181

Description:
Real Networks RealServer 7 and earlier allows remote attackers to obtain portions of RealServer's memory contents, possibly including sensitive information, by accessing the /admin/includes/ URL.

Status: Entry
Reference: BUGTRAQ:20001116 [CORE SDI ADVISORY] RealServer memory contents disclosure
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0236.html
Reference: CONFIRM:http://service.real.com/help/faq/security/memory.html
Reference: BID:1957
Reference: URL:http://www.securityfocus.com/bid/1957
Reference: XF:realserver-gain-access(5538)
Reference: URL:http://xforce.iss.net/xforce/xfdb/5538


Name: CVE-2000-1182

Description:
WatchGuard Firebox II allows remote attackers to cause a denial of service by flooding the Firebox with a large number of FTP or SMTP requests, which disables proxy handling.

Status: Entry
Reference: BUGTRAQ:20001116 Possible Watchguard Firebox II DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0224.html
Reference: CONFIRM:https://www.watchguard.com/support/patches.html
Reference: BID:1953
Reference: URL:http://www.securityfocus.com/bid/1953
Reference: XF:watchguard-firebox-ftp-dos(5535)
Reference: URL:http://xforce.iss.net/xforce/xfdb/5535


Name: CVE-2000-1184

Description:
telnetd in FreeBSD 4.2 and earlier, and possibly other operating systems, allows remote attackers to cause a denial of service by specifying an arbitrary large file in the TERMCAP environmental variable, which consumes resources as the server processes the file.

Status: Entry
Reference: FREEBSD:FreeBSD-SA-00:69
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:69.telnetd.v1.1.asc
Reference: XF:telnetd-termcap-dos(5959)
Reference: URL:http://xforce.iss.net/xforce/xfdb/5959
Reference: OSVDB:6083
Reference: URL:http://www.osvdb.org/6083


Name: CVE-2000-1187

Description:
Buffer overflow in the HTML parser for Netscape 4.75 and earlier allows remote attackers to execute arbitrary commands via a long password value in a form field.

Status: Entry
Reference: REDHAT:RHSA-2000:109
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-109.html
Reference: CONECTIVA:CLSA-2000:344
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000344
Reference: SUSE:SuSE-SA:2000:48
Reference: URL:http://lists.suse.com/archives/suse-security-announce/2000-Nov/0005.html
Reference: FREEBSD:FreeBSD-SA-00:66
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:66.netscape.asc
Reference: BUGTRAQ:20001121 Immunix OS Security update for netscape
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97500270012529&w=2
Reference: XF:netscape-client-html-bo
Reference: URL:http://xforce.iss.net/static/5542.php
Reference: OSVDB:7207
Reference: URL:http://www.osvdb.org/7207


Name: CVE-2000-1189

Description:
Buffer overflow in pam_localuser PAM module in Red Hat Linux 7.x and 6.x allows attackers to gain privileges.

Status: Entry
Reference: REDHAT:RHSA-2000:120
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-120.html
Reference: CONECTIVA:CLA-2000:358
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000358
Reference: MANDRAKE:MDKSA-2000:082-1
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-082.php3
Reference: XF:pam-localuser-bo(5747)
Reference: URL:http://xforce.iss.net/xforce/xfdb/5747


Name: CVE-2000-1190

Description:
imwheel-solo in imwheel package allows local users to modify arbitrary files via a symlink attack from the .imwheelrc file.

Status: Entry
Reference: BUGTRAQ:20000531 Re: strike#2
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95984116811100&w=2
Reference: REDHAT:RHSA-2000:016
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-016.html
Reference: XF:linux-imwheel-symlink(4941)
Reference: URL:http://www.iss.net/security_center/static/4941.php


Name: CVE-2000-1193

Description:
Performance Metrics Collector Daemon (PMCD) in Performance Copilot in IRIX 6.x allows remote attackers to cause a denial of service (resource exhaustion) via an extremely long string to the PMCD port.

Status: Entry
Reference: BUGTRAQ:20000412 Performance Copilot for IRIX 6.5
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0056.html
Reference: XF:irix-pcp-pmcd-dos(4284)
Reference: URL:http://xforce.iss.net/static/4284.php
Reference: SGI:20020407-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020407-01-I


Name: CVE-2000-1195

Description:
telnet daemon (telnetd) from the Linux netkit package before netkit-telnet-0.16 allows remote attackers to bypass authentication when telnetd is running with the -L command line option.

Status: Entry
Reference: CALDERA:CSSA-2000-008.0
Reference: URL:http://www.caldera.com/support/security/advisories/CSSA-2000-008.0.txt
Reference: XF:telnetd-login-bypass(4225)
Reference: URL:http://xforce.iss.net/static/4225.php


Name: CVE-2000-1196

Description:
PSCOErrPage.htm in Netscape PublishingXpert 2.5 before SP2 allows remote attackers to read arbitrary files by specifying the target file in the errPagePath parameter.

Status: Entry
Reference: CONFIRM:http://docs.iplanet.com/docs/manuals/pubx/2.5.2_Relnotes.html
Reference: MISC:http://packetstormsecurity.org/0004-exploits/ooo1.txt
Reference: XF:publishingxpert-pscoerrpage-url(7362)
Reference: URL:http://xforce.iss.net/static/7362.php


Name: CVE-2000-1200

Description:
Windows NT allows remote attackers to list all users in a domain by obtaining the domain SID with the LsaQueryInformationPolicy policy function via a null session and using the SID to list the users.

Status: Entry
Reference: BUGTRAQ:20000201 Windows NT and account list leak ! A new SID usage
Reference: URL:http://www.securityfocus.com/archive/1/44430
Reference: XF:nt-lsa-domain-sid(4015)
Reference: URL:http://xforce.iss.net/static/4015.php
Reference: BID:959
Reference: URL:http://www.securityfocus.com/bid/959


Name: CVE-2000-1203

Description:
Lotus Domino SMTP server 4.63 through 5.08 allows remote attackers to cause a denial of service (CPU consumption) by forging an email message with the sender as bounce@[127.0.0.1] (localhost), which causes Domino to enter a mail loop.

Status: Entry
Reference: VULN-DEV:20000520 Infinite loop in LOTUS NOTE 5.0.3. SMTP SERVER
Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=95886062521327&w=2
Reference: BUGTRAQ:20010820 Lotus Domino DoS
Reference: URL:http://www.securityfocus.com/cgi-bin/archive.pl?id=1&start=2002-01-21&end=2002-01-27&mid=209116&threads=1
Reference: BUGTRAQ:20010823 Lotus Domino DoS solution
Reference: URL:http://www.securityfocus.com/archive/1/209754
Reference: BID:3212
Reference: URL:http://www.securityfocus.com/bid/3212
Reference: XF:lotus-domino-bounced-message-dos(7012)
Reference: URL:http://xforce.iss.net/xforce/xfdb/7012


Name: CVE-2000-1210

Description:
Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.

Status: Entry
Reference: BUGTRAQ:20000322 Security bug in Apache project: Jakarta Tomcat
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95371672300045&w=2
Reference: XF:apache-tomcat-file-contents(4205)
Reference: URL:http://www.iss.net/security_center/static/4205.php


Name: CVE-2000-1211

Description:
Zope 2.2.0 through 2.2.4 does not properly perform security registration for legacy names of object constructors such as DTML method objects, which could allow attackers to perform unauthorized activities.

Status: Entry
Reference: BUGTRAQ:20001222 Zope DTML Role Issue
Reference: REDHAT:RHSA-2000:125
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-125.html
Reference: CONFIRM:http://www.zope.org/Products/Zope/Hotfix_2000-12-08/security_alert
Reference: MANDRAKE:MDKSA-2000:083
Reference: URL:http://www.linux-mandrake.com/en/security/2000/MDKSA-2000-083.php3
Reference: XF:zope-legacy-names(5824)
Reference: URL:http://www.iss.net/security_center/static/5824.php
Reference: OSVDB:6282
Reference: URL:http://www.osvdb.org/6282


Name: CVE-2000-1212

Description:
Zope 2.2.0 through 2.2.4 does not properly protect a data updating method on Image and File objects, which allows attackers with DTML editing privileges to modify the raw data of these objects.

Status: Entry
Reference: MANDRAKE:MDKSA-2000:086
Reference: URL:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2000:086
Reference: CONECTIVA:CLA-2000:365
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000365
Reference: DEBIAN:DSA-007
Reference: URL:http://www.debian.org/security/2001/dsa-007
Reference: CONFIRM:http://www.zope.org/Products/Zope/Hotfix_2000-12-18/security_alert
Reference: REDHAT:RHSA-2000:135
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-135.html
Reference: XF:zope-image-file(5778)
Reference: URL:http://xforce.iss.net/xforce/xfdb/5778
Reference: OSVDB:6283
Reference: URL:http://www.osvdb.org/6283


Name: CVE-2001-0001

Description:
cookiedecode function in PHP-Nuke 4.4 allows users to bypass authentication and gain access to other user accounts by extracting the authentication information from a cookie.

Status: Entry
Reference: BUGTRAQ:20010213 RFP2101: RFPlutonium to fuel your PHP-Nuke
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0257.html
Reference: XF:php-nuke-elevate-privileges(6183)
Reference: URL:http://xforce.iss.net/static/6183.php


Name: CVE-2001-0002

Description:
Internet Explorer 5.5 and earlier allows remote attackers to obtain the physical location of cached content and open the content in the Local Computer Zone, then use compiled HTML help (.chm) files to execute arbitrary programs.

Status: Entry
Reference: MS:MS01-015
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-015.asp
Reference: BUGTRAQ:20001120 IE 5.x/Outlook allows executing arbitrary programs using .chm files and temporary internet files folder
Reference: MISC:http://www.guninski.com/chmtempmain.html
Reference: BID:2456
Reference: URL:http://www.securityfocus.com/bid/2456
Reference: OSVDB:7823
Reference: URL:http://www.osvdb.org/7823
Reference: OVAL:oval:org.mitre.oval:def:920
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:920
Reference: XF:ie-chm-execute-files(5567)
Reference: URL:http://xforce.iss.net/xforce/xfdb/5567


Name: CVE-2001-0003

Description:
Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and Windows Me does not properly process Internet Explorer security settings for NTLM authentication, which allows attackers to obtain NTLM credentials and possibly obtain the password, aka the "Web Client NTLM Authentication" vulnerability.

Status: Entry
Reference: MS:MS01-001
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-001.asp
Reference: XF:wec-ntlm-authentication
Reference: URL:http://xforce.iss.net/static/5920.php
Reference: BID:2199
Reference: URL:http://www.securityfocus.com/bid/2199


Name: CVE-2001-0004

Description:
IIS 5.0 and 4.0 allows remote attackers to read the source code for executable web server programs by appending "%3F+.htr" to the requested URL, which causes the files to be parsed by the .HTR ISAPI extension, aka a variant of the "File Fragment Reading via .HTR" vulnerability.

Status: Entry
Reference: BUGTRAQ:20010108 IIS 5.0 allows viewing files using %3F+.htr
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97897954625305&w=2
Reference: MS:MS01-004
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-004.asp
Reference: BID:2313
Reference: URL:http://www.securityfocus.com/bid/2313
Reference: XF:iis-read-files(5903)
Reference: URL:http://xforce.iss.net/static/5903.php


Name: CVE-2001-0005

Description:
Buffer overflow in the parsing mechanism of the file loader in Microsoft PowerPoint 2000 allows attackers to execute arbitrary commands.

Status: Entry
Reference: ATSTAKE:A012301-1
Reference: URL:http://www.atstake.com/research/advisories/2001/a012301-1.txt
Reference: MS:MS01-002
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-002.asp
Reference: XF:powerpoint-execute-code(5996)
Reference: URL:http://xforce.iss.net/xforce/xfdb/5996


Name: CVE-2001-0006

Description:
The Winsock2ProtocolCatalogMutex mutex in Windows NT 4.0 has inappropriate Everyone/Full Control permissions, which allows local users to modify the permissions to "No Access" and disable Winsock network connectivity to cause a denial of service, aka the "Winsock Mutex" vulnerability.

Status: Entry
Reference: BUGTRAQ:20010126 ntsecurity.nu advisory: Winsock Mutex Vulnerability in Windows NT 4.0 SP6 and below
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98075221915234&w=2
Reference: MS:MS01-003
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-003.asp
Reference: XF:winnt-mutex-dos(6006)
Reference: URL:http://xforce.iss.net/xforce/xfdb/6006


Name: CVE-2001-0007

Description:
Buffer overflow in NetScreen Firewall WebUI allows remote attackers to cause a denial of service via a long URL request to the web administration interface.

Status: Entry
Reference: BUGTRAQ:20010109 NSFOCUS SA2001-01: NetScreen Firewall WebUI Buffer Overflow vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/155149
Reference: BID:2176
Reference: URL:http://www.securityfocus.com/bid/2176
Reference: XF:netscreen-webui-bo(5908)
Reference: URL:http://xforce.iss.net/static/5908.php
Reference: OSVDB:1707
Reference: URL:http://www.osvdb.org/1707


Name: CVE-2001-0008

Description:
Backdoor account in Interbase database server allows remote attackers to overwrite arbitrary files using stored procedures.

Status: Entry
Reference: CERT:CA-2001-01
Reference: URL:http://www.cert.org/advisories/CA-2001-01.html
Reference: BID:2192
Reference: URL:http://www.securityfocus.com/bid/2192
Reference: XF:interbase-backdoor-account(5911)
Reference: URL:http://xforce.iss.net/static/5911.php


Name: CVE-2001-0009

Description:
Directory traversal vulnerability in Lotus Domino 5.0.5 web server allows remote attackers to read arbitrary files via a .. attack.

Status: Entry
Reference: BUGTRAQ:20010105 Lotus Domino 5.0.5 Web Server vulnerability - reading files outside the web root
Reference: URL:http://www.securityfocus.com/archive/1/154537
Reference: BUGTRAQ:20010109 bugtraq id 2173 Lotus Domino Server
Reference: URL:http://www.securityfocus.com/archive/1/155124
Reference: BID:2173
Reference: URL:http://www.securityfocus.com/bid/2173
Reference: XF:lotus-domino-directory-traversal(5899)
Reference: URL:http://xforce.iss.net/static/5899.php
Reference: OSVDB:1703
Reference: URL:http://www.osvdb.org/1703


Name: CVE-2001-0010

Description:
Buffer overflow in transaction signature (TSIG) handling code in BIND 8 allows remote attackers to gain root privileges.

Status: Entry
Reference: NAI:20010129 Vulnerabilities in BIND 4 and 8
Reference: URL:http://www.nai.com/research/covert/advisories/047.asp
Reference: CERT:CA-2001-02
Reference: URL:http://www.cert.org/advisories/CA-2001-02.html
Reference: IBM:ERS-SVA-E01-2001:002.1
Reference: DEBIAN:DSA-026
Reference: URL:http://www.debian.org/security/2001/dsa-026
Reference: MANDRAKE:MDKSA-2001-017
Reference: REDHAT:RHSA-2001:007
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-007.html
Reference: CONECTIVA:000377
Reference: FREEBSD:FreeBSD-SA-01:18
Reference: XF:bind-tsig-bo
Reference: BID:2302
Reference: URL:http://www.securityfocus.com/bid/2302


Name: CVE-2001-0011

Description:
Buffer overflow in nslookupComplain function in BIND 4 allows remote attackers to gain root privileges.

Status: Entry
Reference: NAI:20010129 Vulnerabilities in BIND 4 and 8
Reference: URL:http://www.nai.com/research/covert/advisories/047.asp
Reference: CERT:CA-2001-02
Reference: URL:http://www.cert.org/advisories/CA-2001-02.html
Reference: IBM:ERS-SVA-E01-2001:002.1
Reference: MANDRAKE:MDKSA-2001-017
Reference: REDHAT:RHSA-2001:007
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-007.html
Reference: CONECTIVA:000377
Reference: FREEBSD:FreeBSD-SA-01:18
Reference: XF:bind-complain-bo
Reference: BID:2307
Reference: URL:http://www.securityfocus.com/bid/2307


Name: CVE-2001-0012

Description:
BIND 4 and BIND 8 allow remote attackers to access sensitive information such as environment variables.

Status: Entry
Reference: NAI:20010129 Vulnerabilities in BIND 4 and 8
Reference: URL:http://www.nai.com/research/covert/advisories/047.asp
Reference: CERT:CA-2001-02
Reference: URL:http://www.cert.org/advisories/CA-2001-02.html
Reference: DEBIAN:DSA-026
Reference: URL:http://www.debian.org/security/2001/dsa-026
Reference: IBM:ERS-SVA-E01-2001:002.1
Reference: MANDRAKE:MDKSA-2001-017
Reference: REDHAT:RHSA-2001:007
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-007.html
Reference: CONECTIVA:000377
Reference: FREEBSD:FreeBSD-SA-01:18
Reference: XF:bind-inverse-query-disclosure
Reference: BID:2321
Reference: URL:http://www.securityfocus.com/bid/2321


Name: CVE-2001-0013

Description:
Format string vulnerability in nslookupComplain function in BIND 4 allows remote attackers to gain root privileges.

Status: Entry
Reference: NAI:20010129 Vulnerabilities in BIND 4 and 8
Reference: URL:http://www.nai.com/research/covert/advisories/047.asp
Reference: CERT:CA-2001-02
Reference: URL:http://www.cert.org/advisories/CA-2001-02.html
Reference: IBM:ERS-SVA-E01-2001:002.1
Reference: MANDRAKE:MDKSA-2001-017
Reference: REDHAT:RHSA-2001:007
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-007.html
Reference: CONECTIVA:000377
Reference: FREEBSD:FreeBSD-SA-01:18
Reference: XF:bind-complain-format-string
Reference: BID:2309
Reference: URL:http://www.securityfocus.com/bid/2309


Name: CVE-2001-0014

Description:
Remote Data Protocol (RDP) in Windows 2000 Terminal Service does not properly handle certain malformed packets, which allows remote attackers to cause a denial of service, aka the "Invalid RDP Data" vulnerability.

Status: Entry
Reference: MS:MS01-006
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-006.asp
Reference: XF:win2k-rdp-dos
Reference: BID:2326
Reference: URL:http://www.securityfocus.com/bid/2326


Name: CVE-2001-0015

Description:
Network Dynamic Data Exchange (DDE) in Windows 2000 allows local users to gain SYSTEM privileges via a "WM_COPYDATA" message to an invisible window that is running with the privileges of the WINLOGON process.

Status: Entry
Reference: ATSTAKE:A020501-1
Reference: URL:http://www.atstake.com/research/advisories/2001/a020501-1.txt
Reference: MS:MS01-007
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-007.asp
Reference: BID:2341
Reference: URL:http://www.securityfocus.com/bid/2341
Reference: XF:win-dde-elevate-privileges(6062)
Reference: URL:http://xforce.iss.net/xforce/xfdb/6062


Name: CVE-2001-0016

Description:
NTLM Security Support Provider (NTLMSSP) service does not properly check the function number in an LPC request, which could allow local users to gain administrator level access.

Status: Entry
Reference: BINDVIEW:20010207 Local promotion vulnerability in NT4's NTLM Security Support Provider
Reference: URL:http://razor.bindview.com/publish/advisories/adv_NTLMSSP.html
Reference: MS:MS01-008
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-008.asp
Reference: BID:2348
Reference: URL:http://www.securityfocus.com/bid/2348
Reference: XF:ntlm-ssp-elevate-privileges(6076)
Reference: URL:http://xforce.iss.net/xforce/xfdb/6076


Name: CVE-2001-0017

Description:
Memory leak in PPTP server in Windows NT 4.0 allows remote attackers to cause a denial of service via a malformed data packet, aka the "Malformed PPTP Packet Stream" vulnerability.

Status: Entry
Reference: MS:MS01-009
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-009.asp
Reference: BID:2368
Reference: URL:http://www.securityfocus.com/bid/2368
Reference: XF:winnt-pptp-dos(6103)
Reference: URL:http://xforce.iss.net/xforce/xfdb/6103


Name: CVE-2001-0018

Description:
Windows 2000 domain controller in Windows 2000 Server, Advanced Server, or Datacenter Server allows remote attackers to cause a denial of service via a flood of malformed service requests.

Status: Entry
Reference: VULN-DEV:20001202 UDP Ping-pong in Win2k
Reference: URL:http://online.securityfocus.com/archive/82/148411
Reference: MS:MS01-011
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-011.asp
Reference: XF:win2k-domain-controller-dos(6136)
Reference: URL:http://xforce.iss.net/static/6136.php
Reference: CIAC:L-049
Reference: URL:http://www.ciac.org/ciac/bulletins/l-049.shtml


Name: CVE-2001-0020

Description:
Directory traversal vulnerability in Arrowpoint (aka Cisco Content Services, or CSS) allows local unprivileged users to read arbitrary files via a .. (dot dot) attack.

Status: Entry
Reference: ATSTAKE:A013101-1
Reference: URL:http://www.atstake.com/research/advisories/2001/a013101-1.txt
Reference: CISCO:20010131 Cisco Content Services Switch Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/arrowpoint-cli-filesystem-pub.shtml
Reference: XF:cisco-ccs-file-access(6031)
Reference: URL:http://xforce.iss.net/static/6031.php
Reference: BID:2331
Reference: URL:http://www.securityfocus.com/bid/2331
Reference: OSVDB:1757
Reference: URL:http://www.osvdb.org/1757


Name: CVE-2001-0021

Description:
MailMan Webmail 3.0.25 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the alternate_template parameter.

Status: Entry
Reference: BUGTRAQ:20001206 (SRADV00005) Remote command execution vulnerabilities in MailMan Webmail
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0057.html
Reference: CONFIRM:http://www.endymion.com/products/mailman/history.htm
Reference: BID:2063
Reference: URL:http://www.securityfocus.com/bid/2063
Reference: XF:mailman-alternate-templates
Reference: URL:http://xforce.iss.net/static/5649.php


Name: CVE-2001-0026

Description:
rp-pppoe PPPoE client allows remote attackers to cause a denial of service via the Clamp MSS option and a TCP packet with a zero-length TCP option.

Status: Entry
Reference: BUGTRAQ:20001211 DoS vulnerability in rp-pppoe versions <= 2.4
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0134.html
Reference: CONECTIVA:CLA-2000:357
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000357
Reference: MANDRAKE:MDKSA-2000:084
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-084.php3
Reference: REDHAT:RHSA-2000:130
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-130.html
Reference: BID:2098
Reference: URL:http://www.securityfocus.com/bid/2098
Reference: XF:rppppoe-zero-length-dos
Reference: URL:http://xforce.iss.net/static/5727.php


Name: CVE-2001-0028

Description:
Buffer overflow in the HTML parsing code in oops WWW proxy server 1.5.2 and earlier allows remote attackers to execute arbitrary commands via a large number of " (quotation) characters.

Status: Entry
Reference: BUGTRAQ:20001211 [pkc] remote heap buffer overflow in oops
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0127.html
Reference: FREEBSD:FreeBSD-SA-00:79
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-12/0418.html
Reference: BID:2099
Reference: URL:http://www.securityfocus.com/bid/2099
Reference: XF:oops-ftputils-bo
Reference: URL:http://xforce.iss.net/static/5725.php


Name: CVE-2001-0033

Description:
KTH Kerberos IV allows local users to change the configuration of a Kerberos server running at an elevated privilege by specifying an alternate directory using with the KRBCONFDIR environmental variable, which allows the user to gain additional privileges.

Status: Entry
Reference: BUGTRAQ:20001208 Vulnerabilities in KTH Kerberos IV
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0093.html
Reference: BUGTRAQ:20001210 KTH upgrade and FIX
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0105.html
Reference: XF:kerberos4-user-config
Reference: URL:http://xforce.iss.net/static/5738.php


Name: CVE-2001-0034

Description:
KTH Kerberos IV allows local users to specify an alternate proxy using the krb4_proxy variable, which allows the user to generate false proxy responses and possibly gain privileges.

Status: Entry
Reference: BUGTRAQ:20001208 Vulnerabilities in KTH Kerberos IV
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0093.html
Reference: BUGTRAQ:20001210 KTH upgrade and FIX
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0105.html
Reference: XF:kerberos4-arbitrary-proxy
Reference: URL:http://xforce.iss.net/static/5733.php


Name: CVE-2001-0035

Description:
Buffer overflow in the kdc_reply_cipher function in KTH Kerberos IV allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long authentication request.

Status: Entry
Reference: BUGTRAQ:20001208 Vulnerabilities in KTH Kerberos IV
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0093.html
Reference: BUGTRAQ:20001210 KTH upgrade and FIX
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0105.html
Reference: BUGTRAQ:20010130 Buffer overflow in old ssh-1.2.2x-afs-kerberosv4 patches
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0511.html
Reference: XF:kerberos4-auth-packet-overflow
Reference: URL:http://xforce.iss.net/static/5734.php


Name: CVE-2001-0036

Description:
KTH Kerberos IV allows local users to overwrite arbitrary files via a symlink attack on a ticket file.

Status: Entry
Reference: BUGTRAQ:20001208 Vulnerabilities in KTH Kerberos IV
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0093.html
Reference: BUGTRAQ:20001210 KTH upgrade and FIX
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0105.html
Reference: REDHAT:RHSA-2001:025
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-025.html
Reference: XF:kerberos4-tmpfile-dos
Reference: URL:http://xforce.iss.net/static/5754.php


Name: CVE-2001-0039

Description:
IPSwitch IMail 6.0.5 allows remote attackers to cause a denial of service using the SMTP AUTH command by sending a base64-encoded user password whose length is between 80 and 136 bytes.

Status: Entry
Reference: BUGTRAQ:20001206 DoS by SMTP AUTH command in IPSwitch IMail server
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0071.html
Reference: BID:2083
Reference: URL:http://www.securityfocus.com/bid/2083
Reference: CONFIRM:http://www.ipswitch.com/Support/IMail/news.html
Reference: XF:imail-smtp-auth-dos
Reference: URL:http://xforce.iss.net/static/5674.php


Name: CVE-2001-0040

Description:
APC UPS daemon, apcupsd, saves its process ID in a world-writable file, which allows local users to kill an arbitrary process by specifying the target process ID in the apcupsd.pid file.

Status: Entry
Reference: BUGTRAQ:20001206 apcupsd 3.7.2 Denial of Service
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0066.html
Reference: MANDRAKE:MDKSA-2000:077
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-077.php3
Reference: BID:2070
Reference: URL:http://www.securityfocus.com/bid/2070
Reference: XF:apc-apcupsd-dos
Reference: URL:http://xforce.iss.net/static/5654.php


Name: CVE-2001-0041

Description:
Memory leak in Cisco Catalyst 4000, 5000, and 6000 series switches allows remote attackers to cause a denial of service via a series of failed telnet authentication attempts.

Status: Entry
Reference: CISCO:20001206 Cisco Catalyst Memory Leak Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/catalyst-memleak-pub.shtml
Reference: BID:2072
Reference: URL:http://www.securityfocus.com/bid/2072
Reference: XF:cisco-catalyst-telnet-dos
Reference: URL:http://xforce.iss.net/static/5656.php
Reference: OSVDB:801
Reference: URL:http://www.osvdb.org/801


Name: CVE-2001-0042

Description:
PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.

Status: Entry
Reference: BUGTRAQ:20001206 CHINANSL Security Advisory(CSA-200011)
Reference: URL:http://www.securityfocus.com/archive/1/149210
Reference: BID:2060
Reference: URL:http://www.securityfocus.com/bid/2060
Reference: XF:apache-php-disclose-files
Reference: URL:http://xforce.iss.net/static/5659.php


Name: CVE-2001-0043

Description:
phpGroupWare before 0.9.7 allows remote attackers to execute arbitrary PHP commands by specifying a malicious include file in the phpgw_info parameter of the phpgw.inc.php program.

Status: Entry
Reference: BUGTRAQ:20001206 (SRADV00006) Remote command execution vulnerabilities in phpGroupWare
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0053.html
Reference: MISC:http://sourceforge.net/project/shownotes.php?release_id=17604
Reference: BID:2069
Reference: URL:http://www.securityfocus.com/bid/2069
Reference: XF:phpgroupware-include-files
Reference: URL:http://xforce.iss.net/static/5650.php
Reference: OSVDB:1682
Reference: URL:http://www.osvdb.org/1682


Name: CVE-2001-0050

Description:
Buffer overflow in BitchX IRC client allows remote attackers to cause a denial of service and possibly execute arbitrary commands via an IP address that resolves to a long DNS hostname or domain name.

Status: Entry
Reference: BUGTRAQ:20001207 BitchX DNS Overflow Patch
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0081.html
Reference: BUGTRAQ:20001207 bitchx/ircd DNS overflow demonstration
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0086.html
Reference: REDHAT:RHSA-2000:126
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-126.html
Reference: MANDRAKE:MDKSA-2000:079
Reference: URL:http://www.linux-mandrake.com/en/security/2000/MDKSA-2000-079.php3
Reference: FREEBSD:FreeBSD-SA-00:78
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:78.bitchx.v1.1.asc
Reference: CONECTIVA:CLA-2000:364
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000364
Reference: BID:2087
Reference: URL:http://www.securityfocus.com/bid/2087
Reference: XF:irc-bitchx-dns-bo
Reference: URL:http://xforce.iss.net/static/5701.php


Name: CVE-2001-0053

Description:
One-byte buffer overflow in replydirname function in BSD-based ftpd allows remote attackers to gain root privileges.

Status: Entry
Reference: OPENBSD:20001218
Reference: URL:http://www.openbsd.org/advisories/ftpd_replydirname.txt
Reference: NETBSD:NetBSD-SA2000-018
Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-018.txt.asc
Reference: BUGTRAQ:20001218 Trustix Security Advisory - ed, tcsh, and ftpd-BSD
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0275.html
Reference: BID:2124
Reference: URL:http://www.securityfocus.com/bid/2124
Reference: XF:bsd-ftpd-replydirname-bo
Reference: URL:http://xforce.iss.net/static/5776.php


Name: CVE-2001-0054

Description:
Directory traversal vulnerability in FTP Serv-U before 2.5i allows remote attackers to escape the FTP root and read arbitrary files by appending a string such as "/..%20." to a CD command, a variant of a .. (dot dot) attack.

Status: Entry
Reference: BUGTRAQ:20001205 Serv-U FTP directory traversal vunerability (all versions)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97604119024280&w=2
Reference: BUGTRAQ:20001205 (no subject)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0043.html
Reference: BID:2052
Reference: URL:http://www.securityfocus.com/bid/2052
Reference: XF:ftp-servu-homedir-travers
Reference: URL:http://xforce.iss.net/static/5639.php
Reference: OSVDB:464
Reference: URL:http://www.osvdb.org/464


Name: CVE-2001-0055

Description:
CBOS 2.4.1 and earlier in Cisco 600 routers allows remote attackers to cause a denial of service via a slow stream of TCP SYN packets.

Status: Entry
Reference: CISCO:20001204 Multiple Vulnerabilities in CBOS
Reference: URL:http://www.cisco.com/warp/public/707/CBOS-multiple.shtml
Reference: XF:cisco-cbos-syn-packets
Reference: URL:http://xforce.iss.net/static/5627.php


Name: CVE-2001-0056

Description:
The Cisco Web Management interface in routers running CBOS 2.4.1 and earlier does not log invalid logins, which allows remote attackers to guess passwords without detection.

Status: Entry
Reference: CISCO:20001204 Multiple Vulnerabilities in CBOS
Reference: URL:http://www.cisco.com/warp/public/707/CBOS-multiple.shtml
Reference: XF:cisco-cbos-invalid-login
Referen