CVE version: 20061101 ====================================================== Name: CVE-1999-0002 Status: Entry Reference: SGI:19981006-01-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19981006-01-I Reference: CERT:CA-98.12.mountd Reference: CIAC:J-006 Reference: URL:http://www.ciac.org/ciac/bulletins/j-006.shtml Reference: BID:121 Reference: URL:http://www.securityfocus.com/bid/121 Reference: XF:linux-mountd-bo Buffer overflow in NFS mountd gives root access to remote attackers, mostly in Linux systems. ====================================================== Name: CVE-1999-0003 Status: Entry Reference: NAI:NAI-29 Reference: CERT:CA-98.11.tooltalk Reference: SGI:19981101-01-A Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19981101-01-A Reference: SGI:19981101-01-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19981101-01-PX Reference: XF:aix-ttdbserver Reference: XF:tooltalk Reference: BID:122 Reference: URL:http://www.securityfocus.com/bid/122 Execute commands as root via buffer overflow in Tooltalk database server (rpc.ttdbserverd). ====================================================== Name: CVE-1999-0005 Status: Entry Reference: CERT:CA-98.09.imapd Reference: SUN:00177 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/177 Reference: BID:130 Reference: URL:http://www.securityfocus.com/bid/130 Reference: XF:imap-authenticate-bo Arbitrary command execution via IMAP buffer overflow in authenticate command. ====================================================== Name: CVE-1999-0006 Status: Entry Reference: CERT:CA-98.08.qpopper_vul Reference: SGI:19980801-01-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980801-01-I Reference: AUSCERT:AA-98.01 Reference: XF:qpopper-pass-overflow Reference: BID:133 Reference: URL:http://www.securityfocus.com/bid/133 Buffer overflow in POP servers based on BSD/Qualcomm's qpopper allows remote attackers to gain root access using a long PASS command. ====================================================== Name: CVE-1999-0007 Status: Entry Reference: CERT:CA-98.07.PKCS Reference: MS:MS98-002 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms98-002.mspx Reference: XF:nt-ssl-fix Information from SSL-encrypted sessions via PKCS #1. ====================================================== Name: CVE-1999-0008 Status: Entry Reference: CERT:CA-98.06.nisd Reference: SUN:00170 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/170 Reference: ISS:June10,1998 Reference: XF:nisd-bo-check Buffer overflow in NIS+, in Sun's rpc.nisd program. ====================================================== Name: CVE-1999-0009 Status: Entry Reference: SGI:19980603-01-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980603-01-PX Reference: HP:HPSBUX9808-083 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9808-083 Reference: SUN:00180 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/180 Reference: CERT:CA-98.05.bind_problems Reference: XF:bind-bo Reference: BID:134 Reference: URL:http://www.securityfocus.com/bid/134 Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases. ====================================================== Name: CVE-1999-0010 Status: Entry Reference: CERT:CA-98.05.bind_problems Reference: SGI:19980603-01-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980603-01-PX Reference: HP:HPSBUX9808-083 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9808-083 Reference: XF:bind-dos Denial of Service vulnerability in BIND 8 Releases via maliciously formatted DNS messages. ====================================================== Name: CVE-1999-0011 Status: Entry Reference: CERT:CA-98.05.bind_problems Reference: SGI:19980603-01-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980603-01-PX Reference: HP:HPSBUX9808-083 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9808-083 Reference: SUN:00180 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/180 Reference: XF:bind-axfr-dos Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases via CNAME record and zone transfer. ====================================================== Name: CVE-1999-0012 Status: Entry Reference: CERT:CA-98.04.Win32.WebServers Reference: XF:nt-web8.3 Some web servers under Microsoft Windows allow remote attackers to bypass access restrictions for files with long file names. ====================================================== Name: CVE-1999-0013 Status: Entry Reference: CERT:CA-98.03.ssh-agent Reference: NAI:NAI-24 Reference: XF:ssh-agent Stolen credentials from SSH clients via ssh-agent program, allowing other local users to access remote accounts belonging to the ssh-agent user. ====================================================== Name: CVE-1999-0014 Status: Entry Reference: HP:HPSBUX9801-075 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9801-075 Reference: SUN:00185 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/185 Reference: CERT:CA-98.02.CDE Unauthorized privileged access or denial of service via dtappgather program in CDE. ====================================================== Name: CVE-1999-0016 Status: Entry Reference: CERT:CA-97.28.Teardrop_Land Reference: FREEBSD:FreeBSD-SA-98:01 Reference: HP:HPSBUX9801-076 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9801-076 Reference: CISCO:http://www.cisco.com/warp/public/770/land-pub.shtml Reference: XF:cisco-land Reference: XF:land Reference: XF:95-verv-tcp Reference: XF:land-patch Reference: XF:ver-tcpip-sys Land IP denial of service. ====================================================== Name: CVE-1999-0017 Status: Entry Reference: CERT:CA-97.27.FTP_bounce Reference: XF:ftp-bounce Reference: XF:ftp-privileged-port FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce. ====================================================== Name: CVE-1999-0018 Status: Entry Reference: CERT:CA-97.26.statd Reference: AUSCERT:AA-97.29 Reference: XF:statd Reference: BID:127 Reference: URL:http://www.securityfocus.com/bid/127 Buffer overflow in statd allows root privileges. ====================================================== Name: CVE-1999-0019 Status: Entry Reference: CERT:CA-96.09.rpc.statd Reference: XF:rpc-stat Reference: SUN:00135 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/135 Delete or create a file via rpc.statd, due to invalid information. ====================================================== Name: CVE-1999-0021 Status: Entry Reference: BUGTRAQ:19971010 Security flaw in Count.cgi (wwwcount) Reference: CERT:CA-97.24.Count_cgi Reference: XF:http-cgi-count Reference: BID:128 Reference: URL:http://www.securityfocus.com/bid/128 Arbitrary command execution via buffer overflow in Count.cgi (wwwcount) cgi-bin program. ====================================================== Name: CVE-1999-0022 Status: Entry Reference: CERT:CA-97.23.rdist Reference: SUN:00179 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/179 Reference: XF:rdist-bo3 Reference: XF:rdist-sept97 Local user gains root privileges via buffer overflow in rdist, via expstr() function. ====================================================== Name: CVE-1999-0023 Status: Entry Reference: CERT:CA-96.14.rdist_vul Reference: XF:rdist-bo Reference: XF:rdist-bo2 Local user gains root privileges via buffer overflow in rdist, via lookup() function. ====================================================== Name: CVE-1999-0024 Status: Entry Reference: CERT:CA-97.22.bind Reference: XF:bind Reference: NAI:NAI-11 DNS cache poisoning via BIND, by predictable query IDs. ====================================================== Name: CVE-1999-0025 Status: Entry Reference: CERT:CA-1997-21 Reference: URL:http://www.cert.org/advisories/CA-1997-21.html Reference: AUSCERT:AA-97.19.IRIX.df.buffer.overflow.vul Reference: SGI:SGI:19970505-01-A Reference: SGI:SGI:19970505-02-PX Reference: CERT-VN:VU#20851 Reference: URL:http://www.kb.cert.org/vuls/id/20851 Reference: BID:346 Reference: URL:http://www.securityfocus.com/bid/346 Reference: XF:df-bo(440) Reference: URL:http://xforce.iss.net/xforce/xfdb/440 root privileges via buffer overflow in df command on SGI IRIX systems. ====================================================== Name: CVE-1999-0026 Status: Entry Reference: CERT:CA-97.21.sgi_buffer_overflow Reference: AUSCERT:AA-97.20.IRIX.pset.buffer.overflow.vul Reference: XF:pset-bo root privileges via buffer overflow in pset command on SGI IRIX systems. ====================================================== Name: CVE-1999-0027 Status: Entry Reference: CERT:CA-97.21.sgi_buffer_overflow Reference: AUSCERT:AA-97.21.IRIX.eject.buffer.overflow.vul Reference: XF:eject-bo root privileges via buffer overflow in eject command on SGI IRIX systems. ====================================================== Name: CVE-1999-0028 Status: Entry Reference: CERT:CA-97.21.sgi_buffer_overflow Reference: AUSCERT:AA-97.22.IRIX.login.scheme.buffer.overflow.vul Reference: XF:sgi-schemebo root privileges via buffer overflow in login/scheme command on SGI IRIX systems. ====================================================== Name: CVE-1999-0029 Status: Entry Reference: CERT:CA-97.21.sgi_buffer_overflow Reference: AUSCERT:AA-97.23-IRIX.ordist.buffer.overflow.vul Reference: XF:ordist-bo root privileges via buffer overflow in ordist command on SGI IRIX systems. ====================================================== Name: CVE-1999-0031 Status: Entry Reference: CERT:CA-97.20.javascript Reference: HP:HPSBUX9707-065 Reference: URL:http://www.codetalker.com/advisories/vendor/hp/hpsbux9707-065.html JavaScript in Internet Explorer 3.x and 4.x, and Netscape 2.x, 3.x and 4.x, allows remote attackers to monitor a user's web activities, aka the Bell Labs vulnerability. ====================================================== Name: CVE-1999-0032 Status: Entry Reference: BUGTRAQ:19960813 Possible bufferoverflow condition in lpr, xterm and xload Reference: BUGTRAQ:19961025 Linux & BSD's lpr exploit Reference: MLIST:[freebsd-security] 19961025 Vadim Kolontsov: BoS: Linux & BSD's lpr exploit Reference: MLIST:[linux-security] 19961122 LSF Update#14: Vulnerability of the lpr program. Reference: CERT:CA-97.19.bsdlp Reference: AUSCERT:AA-96.12 Reference: CIAC:H-08 Reference: CIAC:I-042 Reference: URL:http://www.ciac.org/ciac/bulletins/i-042.shtml Reference: SGI:19980402-01-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980402-01-PX Reference: BID:707 Reference: URL:http://www.securityfocus.com/bid/707 Reference: XF:bsd-lprbo2 Reference: XF:bsd-lprbo Reference: XF:lpr-bo Buffer overflow in lpr, as used in BSD-based systems including Linux, allows local users to execute arbitrary code as root via a long -C (classification) command line option. ====================================================== Name: CVE-1999-0034 Status: Entry Reference: CERT:CA-97.17.sperl Reference: XF:perl-suid Buffer overflow in suidperl (sperl), Perl 4.x and 5.x. ====================================================== Name: CVE-1999-0035 Status: Entry Reference: XF:ftp-ftpd Reference: CERT:CA-97.16.ftpd Reference: AUSCERT:AA-97.03 Race condition in signal handling routine in ftpd, allowing read/write arbitrary files. ====================================================== Name: CVE-1999-0036 Status: Entry Reference: CERT:CA-97.15.sgi_login Reference: AUSCERT:AA-97.12 Reference: CIAC:H-106 Reference: URL:http://www.ciac.org/ciac/bulletins/h-106.shtml Reference: SGI:19970508-02-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19970508-02-PX Reference: OSVDB:990 Reference: URL:http://www.osvdb.org/990 Reference: XF:sgi-lockout(557) Reference: URL:http://xforce.iss.net/xforce/xfdb/557 IRIX login program with a nonzero LOCKOUT parameter allows creation or damage to files. ====================================================== Name: CVE-1999-0037 Status: Entry Reference: CERT:CA-97.14.metamail Reference: XF:metamail-header-commands Arbitrary command execution via metamail package using message headers, when user processes attacker's message using metamail. ====================================================== Name: CVE-1999-0038 Status: Entry Reference: CERT:CA-97.13.xlock Reference: XF:xlock-bo Buffer overflow in xlock program allows local users to execute commands as root. ====================================================== Name: CVE-1999-0039 Status: Entry Reference: BUGTRAQ:19970507 Re: SGI Security Advisory 19970501-01-A - Vulnerability in Reference: BUGTRAQ:19970507 Re: SGI Advisory: webdist.cgi Reference: CERT:CA-1997-12 Reference: URL:http://www.cert.org/advisories/CA-1997-12.html Reference: AUSCERT:AA-97.14 Reference: SGI:19970501-02-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19970501-02-PX Reference: BID:374 Reference: URL:http://www.securityfocus.com/bid/374 Reference: OSVDB:235 Reference: URL:http://www.osvdb.org/235 Reference: XF:http-sgi-webdist(333) Reference: URL:http://xforce.iss.net/xforce/xfdb/333 webdist CGI program (webdist.cgi) in SGI IRIX allows remote attackers to execute arbitrary commands via shell metacharacters in the distloc parameter. ====================================================== Name: CVE-1999-0040 Status: Entry Reference: CERT:CA-97.11.libXt Reference: XF:libXt-bo Buffer overflow in Xt library of X Windowing System allows local users to execute commands with root privileges. ====================================================== Name: CVE-1999-0041 Status: Entry Reference: CERT:CA-97.10.nls Reference: XF:nls-bo Buffer overflow in NLS (Natural Language Service). ====================================================== Name: CVE-1999-0042 Status: Entry Reference: NAI:NAI-21 Reference: CERT:CA-97.09.imap_pop Reference: XF:popimap-bo Buffer overflow in University of Washington's implementation of IMAP and POP servers. ====================================================== Name: CVE-1999-0043 Status: Entry Reference: CERT:CA-97.08.innd Reference: XF:inn-controlmsg Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others. ====================================================== Name: CVE-1999-0044 Status: Entry Reference: SGI:19970301-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19970301-01-P Reference: XF:sgi-fsdump fsdump command in IRIX allows local users to obtain root access by modifying sensitive files. ====================================================== Name: CVE-1999-0045 Status: Entry Reference: CERT:CA-97.07.nph-test-cgi_script Reference: XF:http-cgi-nph List of arbitrary files on Web host via nph-test-cgi script. ====================================================== Name: CVE-1999-0046 Status: Entry Reference: CERT:CA-97.06.rlogin-term Reference: XF:rlogin-termbo Buffer overflow of rlogin program using TERM environmental variable. ====================================================== Name: CVE-1999-0047 Status: Entry Reference: CERT:CA-97.05.sendmail Reference: BID:685 Reference: URL:http://www.securityfocus.com/bid/685 Reference: XF:sendmail-mime-bo2 MIME conversion buffer overflow in sendmail versions 8.8.3 and 8.8.4. ====================================================== Name: CVE-1999-0048 Status: Entry Reference: CERT:CA-97.04.talkd Reference: FREEBSD:FreeBSD-SA-96:21 Reference: AUSCERT:AA-97.01 Reference: SUN:00147 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/147 Reference: XF:talkd-bo Reference: XF:netkit-talkd Talkd, when given corrupt DNS information, can be used to execute arbitrary commands with root privileges. ====================================================== Name: CVE-1999-0049 Status: Entry Reference: XF:sgi-csetup Reference: CERT:CA-97.03.csetup Csetup under IRIX allows arbitrary file creation or overwriting. ====================================================== Name: CVE-1999-0050 Status: Entry Reference: CERT:CA-97.02.hp_newgrp Reference: AUSCERT:AA-96.16.HP-UX.newgrp.Buffer.Overrun.Vulnerability Reference: XF:hp-newgrpbo Buffer overflow in HP-UX newgrp program. ====================================================== Name: CVE-1999-0051 Status: Entry Reference: XF:sgi-licensemanager Reference: CERT:CA-97.01.flex_lm Reference: AUSCERT:AA-96.03 Arbitrary file creation and program execution using FLEXlm LicenseManager, from versions 4.0 to 5.0, in IRIX. ====================================================== Name: CVE-1999-0052 Status: Entry Reference: FREEBSD:FreeBSD-SA-98:08 Reference: OSVDB:908 Reference: URL:http://www.osvdb.org/908 Reference: XF:freebsd-ip-frag-dos(1389) Reference: URL:http://xforce.iss.net/xforce/xfdb/1389 IP fragmentation denial of service in FreeBSD allows a remote attacker to cause a crash. ====================================================== Name: CVE-1999-0053 Status: Entry Reference: FREEBSD:FreeBSD-SA-98:07 Reference: OSVDB:6094 Reference: URL:http://www.osvdb.org/6094 TCP RST denial of service in FreeBSD. ====================================================== Name: CVE-1999-0054 Status: Entry Reference: SUN:00171 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/171 Reference: XF:sun-ftpd Sun's ftpd daemon can be subjected to a denial of service. ====================================================== Name: CVE-1999-0055 Status: Entry Reference: SUN:00172 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/172 Reference: AIXAPAR:IX80543 Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IX80543&apar=only Reference: RSI:RSI.0005.05-14-98.SUN.LIBNSL Reference: XF:sun-libnsl Buffer overflows in Sun libnsl allow root access. ====================================================== Name: CVE-1999-0056 Status: Entry Reference: SUN:00174 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/174 Reference: XF:sun-ping Buffer overflow in Sun's ping program can give root access to local users. ====================================================== Name: CVE-1999-0057 Status: Entry Reference: NAI:NAI-19 Reference: XF:vacation Reference: HP:HPSBUX9811-087 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9811-087 Vacation program allows command execution by remote users through a sendmail command. ====================================================== Name: CVE-1999-0058 Status: Entry Reference: NAI:NAI-12 Reference: BID:712 Reference: URL:http://www.securityfocus.com/bid/712 Reference: XF:http-cgi-phpbo Buffer overflow in PHP cgi program, php.cgi allows shell access. ====================================================== Name: CVE-1999-0059 Status: Entry Reference: NAI:NAI-16 Reference: BID:353 Reference: URL:http://www.securityfocus.com/bid/353 Reference: OSVDB:164 Reference: URL:http://www.osvdb.org/164 Reference: XF:irix-fam(325) Reference: URL:http://xforce.iss.net/xforce/xfdb/325 IRIX fam service allows an attacker to obtain a list of all files on the server. ====================================================== Name: CVE-1999-0060 Status: Entry Reference: NAI:NAI-26 Reference: XF:ascend-config-kill Reference: ASCEND:http://www.ascend.com/2695.html Attackers can cause a denial of service in Ascend MAX and Pipeline routers with a malformed packet to the discard port, which is used by the Java Configurator tool. ====================================================== Name: CVE-1999-0062 Status: Entry Reference: XF:openbsd-chpass Reference: NAI:NAI-28 Reference: OSVDB:7559 Reference: URL:http://www.osvdb.org/7559 The chpass command in OpenBSD allows a local user to gain root access through file descriptor leakage. ====================================================== Name: CVE-1999-0063 Status: Entry Reference: AUSCERT:ESB-98.197 Reference: CISCO:http://www.cisco.com/warp/public/770/iossyslog-pub.shtml Reference: XF:cisco-syslog-crash Cisco IOS 12.0 and other versions can be crashed by malicious UDP packets to the syslog port. ====================================================== Name: CVE-1999-0064 Status: Entry Reference: BUGTRAQ:May28,1997 Reference: XF:lquerylv-bo Buffer overflow in AIX lquerylv program gives root access to local users. ====================================================== Name: CVE-1999-0065 Status: Entry Reference: SUN:00181 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/181 Reference: XF:hp-dtmail Multiple buffer overflows in how dtmail handles attachments allows a remote attacker to execute commands. ====================================================== Name: CVE-1999-0066 Status: Entry Reference: BUGTRAQ:19950731 SECURITY HOLE: "AnyForm" CGI Reference: BID:719 Reference: URL:http://www.securityfocus.com/bid/719 Reference: XF:http-cgi-anyform AnyForm CGI remote execution. ====================================================== Name: CVE-1999-0067 Status: Entry Reference: BUGTRAQ:19960923 PHF Attacks - Fun and games for the whole family Reference: CERT:CA-1996-06 Reference: URL:http://www.cert.org/advisories/CA-1996-06.html Reference: AUSCERT:AA-96.01 Reference: BID:629 Reference: URL:http://www.securityfocus.com/bid/629 Reference: OSVDB:136 Reference: URL:http://www.osvdb.org/136 Reference: XF:http-cgi-phf phf CGI program allows remote command execution through shell metacharacters. ====================================================== Name: CVE-1999-0068 Status: Entry Reference: BUGTRAQ:19971019 Vulnerability in PHP Example Logging Scripts Reference: XF:http-cgi-php-mylog Reference: BID:713 Reference: URL:http://www.securityfocus.com/bid/713 Reference: OSVDB:3396 Reference: URL:http://www.osvdb.org/3396 CGI PHP mylog script allows an attacker to read any file on the target server. ====================================================== Name: CVE-1999-0069 Status: Entry Reference: SUN:00169 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/169 Reference: XF:sun-ufsrestore Reference: OSVDB:8158 Reference: URL:http://www.osvdb.org/8158 Solaris ufsrestore buffer overflow. ====================================================== Name: CVE-1999-0070 Status: Entry Reference: XF:http-cgi-test test-cgi program allows an attacker to list files on the server. ====================================================== Name: CVE-1999-0071 Status: Entry Reference: XF:http-apache-cookie Reference: NAI:NAI-2 Apache httpd cookie buffer overflow for versions 1.1.1 and earlier. ====================================================== Name: CVE-1999-0072 Status: Entry Reference: ERS:ERS-SVA-E01-1997:004.1 Reference: XF:ibm-xdat Buffer overflow in AIX xdat gives root access to local users. ====================================================== Name: CVE-1999-0073 Status: Entry Reference: CERT:CA-95:14.Telnetd_Environment_Vulnerability Reference: XF:linkerbug Telnet allows a remote client to specify environment variables including LD_LIBRARY_PATH, allowing an attacker to bypass the normal system libraries and gain root access. ====================================================== Name: CVE-1999-0074 Status: Entry Reference: XF:seqport Listening TCP ports are sequentially allocated, allowing spoofing attacks. ====================================================== Name: CVE-1999-0075 Status: Entry Reference: BUGTRAQ:19961016 Re: ftpd bug? Was: bin/1805: Bug in ftpd Reference: XF:ftp-pasvcore Reference: OSVDB:5742 Reference: URL:http://www.osvdb.org/5742 PASV core dump in wu-ftpd daemon when attacker uses a QUOTE PASV command after specifying a username and password. ====================================================== Name: CVE-1999-0077 Status: Entry Reference: XF:tcp-seq-predict(139) Reference: URL:http://xforce.iss.net/static/139.php Predictable TCP sequence numbers allow spoofing. ====================================================== Name: CVE-1999-0079 Status: Entry Reference: XF:ftp-pasv-dos Reference: XF:ftp-pasvdos Remote attackers can cause a denial of service in FTP by issuing multiple PASV commands, causing the server to run out of available ports. ====================================================== Name: CVE-1999-0080 Status: Entry Reference: BUGTRAQ:19950531 SECURITY: problem with some wu-ftpd-2.4 binaries (fwd) Reference: CERT:CA-95:16.wu-ftpd.vul Reference: XF:ftp-execdotdot Certain configurations of wu-ftp FTP server 2.4 use a _PATH_EXECPATH setting to a directory with dangerous commands, such as /bin, which allows remote authenticated users to gain root access via the "site exec" command. ====================================================== Name: CVE-1999-0081 Status: Entry Reference: XF:ftp-rnfr wu-ftp allows files to be overwritten via the rnfr command. ====================================================== Name: CVE-1999-0082 Status: Entry Reference: XF:ftp-cwd Reference: FarmerVenema:Improving the Security of Your Site by Breaking Into it Reference: URL:http://www.alw.nih.gov/Security/Docs/admin-guide-to-cracking.101.html CWD ~root command in ftpd allows root access. ====================================================== Name: CVE-1999-0083 Status: Entry Reference: XF:cwdleak getcwd() file descriptor leak in FTP. ====================================================== Name: CVE-1999-0084 Status: Entry Reference: XF:nfs-mknod(78) Reference: URL:http://xforce.iss.net/xforce/xfdb/78 Certain NFS servers allow users to use mknod to gain privileges by creating a writable kmem device and setting the UID to 0. ====================================================== Name: CVE-1999-0085 Status: Entry Reference: BUGTRAQ:19960821 rwhod buffer overflow Reference: XF:rwhod(119) Reference: URL:http://xforce.iss.net/xforce/xfdb/119 Reference: XF:rwhod-vuln(118) Reference: URL:http://xforce.iss.net/xforce/xfdb/118 Buffer overflow in rwhod on AIX and other operating systems allows remote attackers to execute arbitrary code via a UDP packet with a long hostname. ====================================================== Name: CVE-1999-0087 Status: Entry Reference: XF:ibm-telnetdos Reference: ERS:ERS-SVA-E01-1998:003.1 Reference: OSVDB:7992 Reference: URL:http://www.osvdb.org/7992 Denial of service in AIX telnet can freeze a system and prevent users from accessing the server. ====================================================== Name: CVE-1999-0090 Status: Entry Reference: ERS:ERS-SVA-E01-1997:005.1 Reference: XF:ibm-rcp Buffer overflow in AIX rcp command allows local users to obtain root access. ====================================================== Name: CVE-1999-0091 Status: Entry Reference: ERS:ERS-SVA-E01-1997:005.1 Reference: XF:ibm-writesrv Buffer overflow in AIX writesrv command allows local users to obtain root access. ====================================================== Name: CVE-1999-0093 Status: Entry Reference: ERS:ERS-SVA-E01-1997:008.1 Reference: XF:ibm-nslookup AIX nslookup command allows local users to obtain root access by not dropping privileges correctly. ====================================================== Name: CVE-1999-0094 Status: Entry Reference: ERS:ERS-SVA-E01-1997:007.1 Reference: XF:ibm-piodmgrsu AIX piodmgrsu command allows local users to gain additional group privileges. ====================================================== Name: CVE-1999-0095 Status: Entry Reference: CERT:CA-88.01 Reference: CERT:CA-93.14 Reference: BID:1 Reference: URL:http://www.securityfocus.com/bid/1 Reference: OSVDB:195 Reference: URL:http://www.osvdb.org/195 Reference: XF:smtp-debug The debug command in Sendmail is enabled, allowing attackers to execute commands as root. ====================================================== Name: CVE-1999-0096 Status: Entry Reference: CERT:CA-93.16 Reference: CERT:CA-95.05 Reference: CIAC:A-13 Reference: CIAC:A-14 Reference: SUN:00122 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/122&type=0&nav=sec.sba Reference: XF:smtp-dcod Sendmail decode alias can be used to overwrite sensitive files. ====================================================== Name: CVE-1999-0097 Status: Entry Reference: ERS:ERS-SVA-E01-1997:009.1 Reference: XF:ibm-ftp The AIX FTP client can be forced to execute commands from a malicious server through shell metacharacters (e.g. a pipe character). ====================================================== Name: CVE-1999-0099 Status: Entry Reference: CERT:CA-95.13.syslog.vul Reference: XF:smtp-syslog Buffer overflow in syslog utility allows local or remote attackers to gain root privileges. ====================================================== Name: CVE-1999-0100 Status: Entry Reference: ERS:ERS-SVA-E01-1997:002.1 Reference: XF:inn-controlmsg Remote access in AIX innd 1.5.1, using control messages. ====================================================== Name: CVE-1999-0101 Status: Entry Reference: ERS:ERS-SVA-E01-1997:001.1 Reference: ERS:ERS-SVA-E01-1996:007.1 Reference: SUN:00137a Reference: CIAC:H-13 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/h-13.shtml Reference: NAI:NAI-1 Reference: XF:ghbn-bo Buffer overflow in AIX and Solaris "gethostbyname" library call allows root access through corrupt DNS host names. ====================================================== Name: CVE-1999-0102 Status: Entry Reference: XF:slmail-fromheader-overflow Buffer overflow in SLmail 3.x allows attackers to execute commands using a large FROM line. ====================================================== Name: CVE-1999-0103 Status: Entry Reference: CERT:CA-96.01.UDP_service_denial Reference: XF:echo Reference: XF:chargen Reference: XF:chargen-patch Echo and chargen, or other combinations of UDP services, can be used in tandem to flood the server, a.k.a. UDP bomb or UDP packet storm. ====================================================== Name: CVE-1999-0108 Status: Entry Reference: BUGTRAQ:another day, another buffer overflow... Reference: XF:printers-bo The printers program in IRIX has a buffer overflow that gives root access to local users. ====================================================== Name: CVE-1999-0109 Status: Entry Reference: SUN:00140 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/140 Reference: AUSCERT:AA-97.06 Reference: XF:ffbconfig-bo Buffer overflow in ffbconfig in Solaris 2.5.1. ====================================================== Name: CVE-1999-0111 Status: Entry Reference: XF:rip RIP v1 is susceptible to spoofing. ====================================================== Name: CVE-1999-0112 Status: Entry Reference: BUGTRAQ:19970520 AIX 4.2 dtterm exploit Reference: XF:dtterm-bo(878) Reference: URL:http://xforce.iss.net/xforce/xfdb/878 Buffer overflow in AIX dtterm program for the CDE. ====================================================== Name: CVE-1999-0113 Status: Entry Reference: BUGTRAQ:19940729 -froot??? (AIX rlogin bug) Reference: CERT:CA-94.09.bin.login.vulnerability Reference: CIAC:E-26 Reference: BID:458 Reference: URL:http://www.securityfocus.com/bid/458 Reference: XF:rlogin-froot Some implementations of rlogin allow root access if given a -froot parameter. ====================================================== Name: CVE-1999-0115 Status: Entry Reference: BUGTRAQ:19970909 AIX bugfiler Reference: XF:ibm-bugfiler Reference: BID:1800 Reference: URL:http://www.securityfocus.com/bid/1800 AIX bugfiler program allows local users to gain root access. ====================================================== Name: CVE-1999-0116 Status: Entry Reference: CERT:CA-96.21.tcp_syn.flooding Reference: SGI:19961202-01-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19961202-01-PX Reference: SUN:00136 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/136 Denial of service when an attacker sends many SYN packets to create multiple connections without ever sending an ACK to complete the connection, aka SYN flood. ====================================================== Name: CVE-1999-0117 Status: Entry Reference: XF:ibm-passwd Reference: CERT:CA-92:07.AIX.passwd.vulnerability AIX passwd allows local users to gain root access. ====================================================== Name: CVE-1999-0118 Status: Entry Reference: BUGTRAQ:19981119 RSI.0011.11-09-98.AIX.INFOD Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91158980826979&w=2 Reference: XF:aix-infod AIX infod allows local users to gain root access through an X display. ====================================================== Name: CVE-1999-0120 Status: Entry Reference: SUN:00126 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/126 Reference: CERT:CA-94.06.utmp.vulnerability Reference: XF:utmp-write Sun/Solaris utmp file allows local users to gain root access if it is writable by users other than root. ====================================================== Name: CVE-1999-0122 Status: Entry Reference: BUGTRAQ:Jul21,1999 Reference: XF:lchangelv-bo Buffer overflow in AIX lchangelv gives root access. ====================================================== Name: CVE-1999-0124 Status: Entry Reference: CERT:CA-93:11.UMN.UNIX.gopher.vulnerability Reference: XF:gopher-vuln Vulnerabilities in UMN gopher and gopher+ versions 1.12 and 2.0x allow an intruder to read any files that can be accessed by the gopher daemon. ====================================================== Name: CVE-1999-0125 Status: Entry Reference: XF:sgi-mailx-bo Reference: SGI:19980605-01-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980605-01-PX Buffer overflow in SGI IRIX mailx program. ====================================================== Name: CVE-1999-0126 Status: Entry Reference: CERT:VB-98.04.xterm.Xaw Reference: CIAC:J-010 Reference: URL:http://www.ciac.org/ciac/bulletins/j-010.shtml Reference: XF:xfree86-xterm-xaw Reference: XF:xfree86-xaw SGI IRIX buffer overflow in xterm and Xaw allows root access. ====================================================== Name: CVE-1999-0128 Status: Entry Reference: XF:ping-death Reference: CERT:CA-96.26.ping Oversized ICMP ping packets can result in a denial of service, aka Ping o' Death. ====================================================== Name: CVE-1999-0129 Status: Entry Reference: CERT:CA-96.25.sendmail_groups Sendmail allows local users to write to a file and gain group permissions via a .forward or :include: file. ====================================================== Name: CVE-1999-0130 Status: Entry Reference: CERT:CA-96.24.sendmail.daemon.mode Reference: BID:716 Reference: URL:http://www.securityfocus.com/bid/716 Reference: XF:sendmail-daemon-mode Local users can start Sendmail in daemon mode and gain root privileges. ====================================================== Name: CVE-1999-0131 Status: Entry Reference: CERT:CA-96.20.sendmail_vul Reference: XF:smtp-875bo Reference: BID:717 Reference: URL:http://www.securityfocus.com/bid/717 Buffer overflow and denial of service in Sendmail 8.7.5 and earlier through GECOS field gives root access to local users. ====================================================== Name: CVE-1999-0132 Status: Entry Reference: CERT:CA-1996-19 Reference: URL:http://www.cert.org/advisories/CA-1996-19.html Reference: OSVDB:11723 Reference: URL:http://www.osvdb.org/11723 Reference: XF:expreserve(401) Reference: URL:http://xforce.iss.net/xforce/xfdb/401 Expreserve, as used in vi and ex, allows local users to overwrite arbitrary files and gain root access. ====================================================== Name: CVE-1999-0133 Status: Entry Reference: CERT:CA-96.18.fm_fls Reference: XF:fmaker-logfile fm_fls license server for Adobe Framemaker allows local users to overwrite arbitrary files and gain root access. ====================================================== Name: CVE-1999-0134 Status: Entry Reference: XF:sol-voldtmp Reference: CERT:CA-96.17.Solaris_vold_vul Reference: AUSCERT:AL-96.04 Reference: OSVDB:8159 Reference: URL:http://www.osvdb.org/8159 vold in Solaris 2.x allows local users to gain root access. ====================================================== Name: CVE-1999-0135 Status: Entry Reference: XF:sun-admintool Reference: CERT:CA-96.16.Solaris_admintool_vul Reference: AUSCERT:AL-96.03 admintool in Solaris allows a local user to write to arbitrary files and gain root access. ====================================================== Name: CVE-1999-0136 Status: Entry Reference: XF:sol-KCMSvuln Reference: AUSCERT:AL-96.02 Reference: CERT:CA-96.15.Solaris_KCMS_vul Kodak Color Management System (KCMS) on Solaris allows a local user to write to arbitrary files and gain root access. ====================================================== Name: CVE-1999-0137 Status: Entry Reference: XF:linux-dipbo Reference: CERT:CA-96.13.dip_vul Reference: XF:dip-bo The dip program on many Linux systems allows local users to gain root access via a buffer overflow. ====================================================== Name: CVE-1999-0138 Status: Entry Reference: CERT:CA-96.12.suidperl_vul Reference: XF:sperl-suid The suidperl and sperl program do not give up root privileges when changing UIDs back to the original users, allowing root access. ====================================================== Name: CVE-1999-0139 Status: Entry Reference: XF:sol-mkcookie Reference: RSI:RSI.0012.12-03-98.SOLARIS.MKCOOKIE Reference: OSVDB:8205 Reference: URL:http://www.osvdb.org/8205 Buffer overflow in Solaris x86 mkcookie allows local users to obtain root access. ====================================================== Name: CVE-1999-0141 Status: Entry Reference: XF:http-java-applet Reference: CERT:CA-96.07.java_bytecode_verifier Reference: SUN:00134 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/134 Java Bytecode Verifier allows malicious applets to execute arbitrary commands as the user of the applet. ====================================================== Name: CVE-1999-0142 Status: Entry Reference: CERT:CA-96.05.java_applet_security_mgr Reference: XF:http-java-appletsecmgr The Java Applet Security Manager implementation in Netscape Navigator 2.0 and Java Developer's Kit 1.0 allows an applet to connect to arbitrary hosts. ====================================================== Name: CVE-1999-0143 Status: Entry Reference: CERT:CA-96.03.kerberos_4_key_server Reference: XF:kerberos-bf Kerberos 4 key servers allow a user to masquerade as another by breaking and generating session keys. ====================================================== Name: CVE-1999-0145 Status: Entry Reference: CERT:CA-1990-11 Reference: URL:http://www.cert.org/advisories/CA-1990-11.html Reference: CERT:CA-1993-14 Reference: URL:http://www.cert.org/advisories/CA-1993-14.html Reference: BUGTRAQ:19950206 sendmail wizard thing... Reference: URL:http://www2.dataguard.no/bugtraq/1995_1/0332.html Reference: FarmerVenema:Improving the Security of Your Site by Breaking Into it Reference: URL:http://www.alw.nih.gov/Security/Docs/admin-guide-to-cracking.101.html Sendmail WIZ command enabled, allowing root access. ====================================================== Name: CVE-1999-0146 Status: Entry Reference: BUGTRAQ:19970715 Bug CGI campas Reference: BID:1975 Reference: URL:http://www.securityfocus.com/bid/1975 Reference: XF:http-cgi-campas(298) Reference: URL:http://xforce.iss.net/xforce/xfdb/298 The campas CGI program provided with some NCSA web servers allows an attacker to execute arbitrary commands via encoded carriage return characters in the query string, as demonstrated by reading the password file. ====================================================== Name: CVE-1999-0147 Status: Entry Reference: XF:http-cgi-glimpse Reference: AUSCERT:AA-97.28 The aglimpse CGI program of the Glimpse package allows remote execution of arbitrary commands. ====================================================== Name: CVE-1999-0148 Status: Entry Reference: SGI:19970501-02-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19970501-02-PX Reference: BID:380 Reference: URL:http://www.securityfocus.com/bid/380 Reference: XF:http-sgi-handler The handler CGI program in IRIX allows arbitrary command execution. ====================================================== Name: CVE-1999-0149 Status: Entry Reference: BUGTRAQ:19970420 IRIX 6.x /cgi-bin/wrap bug Reference: SGI:19970501-02-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19970501-02-PX Reference: BID:373 Reference: URL:http://www.securityfocus.com/bid/373 Reference: OSVDB:247 Reference: URL:http://www.osvdb.org/247 Reference: XF:http-sgi-wrap(290) Reference: URL:http://xforce.iss.net/xforce/xfdb/290 The wrap CGI program in IRIX allows remote attackers to view arbitrary directory listings via a .. (dot dot) attack. ====================================================== Name: CVE-1999-0150 Status: Entry Reference: XF:perl-fingerd The Perl fingerd program allows arbitrary command execution from remote users. ====================================================== Name: CVE-1999-0151 Status: Entry Reference: CERT:CA-95.07a.REVISED.satan.vul Reference: CERT:CA-95.06.satan.vul The SATAN session key may be disclosed if the user points the web browser to other sites, possibly allowing root access. ====================================================== Name: CVE-1999-0152 Status: Entry Reference: BUGTRAQ:19970811 dgux in.fingerd vulnerability Reference: XF:dgux-fingerd The DG/UX finger daemon allows remote command execution through shell metacharacters. ====================================================== Name: CVE-1999-0153 Status: Entry Reference: XF:win-oob Reference: OSVDB:1666 Reference: URL:http://www.osvdb.org/1666 Windows 95/NT out of band (OOB) data denial of service through NETBIOS port, aka WinNuke. ====================================================== Name: CVE-1999-0155 Status: Entry Reference: XF:gscript-dsafer Reference: CERT:CA-95.10.ghostscript The ghostscript command with the -dSAFER option allows remote attackers to execute commands. ====================================================== Name: CVE-1999-0157 Status: Entry Reference: CISCO:http://www.cisco.com/warp/public/770/nifrag.shtml Reference: XF:cisco-fragmented-attacks Reference: OSVDB:1097 Reference: URL:http://www.osvdb.org/1097 Cisco PIX firewall and CBAC IP fragmentation attack results in a denial of service. ====================================================== Name: CVE-1999-0158 Status: Entry Reference: CISCO:20010913 Cisco PIX Firewall Manager File Exposure Reference: URL:http://www.cisco.com/warp/public/770/pixmgrfile-pub.shtml Reference: XF:cisco-pix-file-exposure Reference: OSVDB:685 Reference: URL:http://www.osvdb.org/685 Cisco PIX firewall manager (PFM) on Windows NT allows attackers to connect to port 8080 on the PFM server and retrieve any file whose name and location is known. ====================================================== Name: CVE-1999-0159 Status: Entry Reference: CISCO:http://www.cisco.com/warp/public/770/ioslogin-pub.shtml Reference: XF:cisco-ios-crash Attackers can crash a Cisco IOS router or device, provided they can get to an interactive prompt (such as a login). This applies to some IOS 9.x, 10.x, and 11.x releases. ====================================================== Name: CVE-1999-0160 Status: Entry Reference: CISCO:19971001 Vulnerabilities in Cisco CHAP Authentication Reference: CIAC:I-002A Reference: OSVDB:1099 Reference: URL:http://www.osvdb.org/1099 Reference: XF:cisco-chap Some classic Cisco IOS devices have a vulnerability in the PPP CHAP authentication to establish unauthorized PPP connections. ====================================================== Name: CVE-1999-0161 Status: Entry Reference: CISCO:http://www.cisco.com/warp/public/707/1.html Reference: XF:cisco-acl-tacacs Reference: OSVDB:797 Reference: URL:http://www.osvdb.org/797 In Cisco IOS 10.3, with the tacacs-ds or tacacs keyword, an extended IP access control list could bypass filtering. ====================================================== Name: CVE-1999-0162 Status: Entry Reference: CISCO:19950601 "Established" Keyword May Allow Packets to Bypass Filter Reference: XF:cisco-acl-established The "established" keyword in some Cisco IOS software allowed an attacker to bypass filtering. ====================================================== Name: CVE-1999-0164 Status: Entry Reference: XF:sol-pstmprace Reference: AUSCERT:AA-95.07 Reference: CERT:CA-95.09.Solaris.ps.vul Reference: OSVDB:8346 Reference: URL:http://www.osvdb.org/8346 A race condition in the Solaris ps command allows an attacker to overwrite critical files. ====================================================== Name: CVE-1999-0166 Status: Entry Reference: XF:nfs-cd NFS allows users to use a "cd .." command to access other directories besides the exported file system. ====================================================== Name: CVE-1999-0167 Status: Entry Reference: XF:nfs-guess Reference: CERT:CA-91.21.SunOS.NFS.Jumbo.and.fsirand In SunOS, NFS file handles could be guessed, giving unauthorized access to the exported file system. ====================================================== Name: CVE-1999-0168 Status: Entry Reference: XF:nfs-portmap The portmapper may act as a proxy and redirect service requests from an attacker, making the request appear to come from the local host, possibly bypassing authentication that would otherwise have taken place. For example, NFS file systems could be mounted through the portmapper despite export restrictions. ====================================================== Name: CVE-1999-0170 Status: Entry Reference: XF:nfs-ultrix Remote attackers can mount an NFS file system in Ultrix or OSF, even if it is denied on the access list. ====================================================== Name: CVE-1999-0172 Status: Entry Reference: XF:http-cgi-formmail-exe Reference: BUGTRAQ:Aug02,1995 FormMail CGI program allows remote execution of commands. ====================================================== Name: CVE-1999-0173 Status: Entry Reference: XF:http-cgi-formmail-use FormMail CGI program can be used by web servers other than the host server that the program resides on. ====================================================== Name: CVE-1999-0174 Status: Entry Reference: BUGTRAQ:19970208 view-source Reference: XF:http-cgi-viewsrc The view-source CGI program allows remote attackers to read arbitrary files via a .. (dot dot) attack. ====================================================== Name: CVE-1999-0175 Status: Entry Reference: XF:http-nov-convert The convert.bas program in the Novell web server allows a remote attackers to read any file on the system that is internally accessible by the web server. ====================================================== Name: CVE-1999-0176 Status: Entry Reference: BUGTRAQ:Jul10,1997 Reference: XF:http-webgais-query The Webgais program allows a remote user to execute arbitrary commands. ====================================================== Name: CVE-1999-0177 Status: Entry Reference: NTBUGTRAQ:19970904 [Alert] Website's uploader.exe (from demo) vulnerable Reference: NTBUGTRAQ:19970905 Re: FW: [Alert] Website's uploader.exe (from demo) vulnerable Reference: BUGTRAQ:19970904 [Alert] Website's uploader.exe (from demo) vulnerable Reference: XF:http-website-uploader The uploader program in the WebSite web server allows a remote attacker to execute arbitrary programs. ====================================================== Name: CVE-1999-0178 Status: Entry Reference: BUGTRAQ:19970106 Re: signal handling Reference: URL:http://archives.neohapsis.com/archives/bugtraq/1997_1/0021.html Reference: BID:2078 Reference: URL:http://www.securityfocus.com/bid/2078 Reference: OSVDB:8 Reference: URL:http://www.osvdb.org/8 Reference: XF:http-website-winsample(295) Reference: URL:http://xforce.iss.net/xforce/xfdb/295 Buffer overflow in the win-c-sample program (win-c-sample.exe) in the WebSite web server 1.1e allows remote attackers to execute arbitrary code via a long query string. ====================================================== Name: CVE-1999-0179 Status: Entry Reference: MSKB:Q140818 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q140818 Reference: XF:nt-samba-dotdot Reference: XF:nt-351 Reference: XF:nt-35 Windows NT crashes or locks up when a Samba client executes a "cd .." command on a file share. ====================================================== Name: CVE-1999-0180 Status: Entry Reference: XF:rsh-null in.rshd allows users to login with a NULL username and execute commands. ====================================================== Name: CVE-1999-0181 Status: Entry Reference: XF:walld The wall daemon can be used for denial of service, social engineering attacks, or to execute remote commands. ====================================================== Name: CVE-1999-0182 Status: Entry Reference: CIAC:H-110 Reference: URL:http://www.ciac.org/ciac/bulletins/h-110.shtml Reference: CERT:VB-97.10.samba Reference: XF:nt-samba-bo Samba has a buffer overflow which allows a remote attacker to obtain root access by specifying a long password. ====================================================== Name: CVE-1999-0183 Status: Entry Reference: XF:linux-tftp Linux implementations of TFTP would allow access to files outside the restricted directory. ====================================================== Name: CVE-1999-0184 Status: Entry Reference: XF:dns-updates When compiled with the -DALLOW_UPDATES option, bind allows dynamic updates to the DNS server, allowing for malicious modification of DNS records. ====================================================== Name: CVE-1999-0185 Status: Entry Reference: SUN:00156 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/156 Reference: XF:sun-ftpd/logind In SunOS or Solaris, a remote user could connect from an FTP server's data port to an rlogin server on a host that trusts the FTP server, allowing remote command execution. ====================================================== Name: CVE-1999-0188 Status: Entry Reference: SUN:00182 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/182 Reference: XF:sun-passwd-dos The passwd command in Solaris can be subjected to a denial of service. ====================================================== Name: CVE-1999-0189 Status: Entry Reference: NAI:NAI-15 Reference: SUN:00142 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/142 Reference: XF:rpc-32771 Solaris rpcbind listens on a high numbered UDP port, which may not be filtered since the standard port number is 111. ====================================================== Name: CVE-1999-0190 Status: Entry Reference: SUN:00167 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/167 Reference: XF:sun-rpcbind Solaris rpcbind can be exploited to overwrite arbitrary files and gain root access. ====================================================== Name: CVE-1999-0191 Status: Entry Reference: XF:http-cgi-newdsn Reference: OSVDB:275 Reference: URL:http://www.osvdb.org/275 IIS newdsn.exe CGI script allows remote users to overwrite files. ====================================================== Name: CVE-1999-0192 Status: Entry Reference: SNI:SNI-20 Reference: XF:bsd-tel-tgetent Buffer overflow in telnet daemon tgetent routing allows remote attackers to gain root access via the TERMCAP environmental variable. ====================================================== Name: CVE-1999-0194 Status: Entry Reference: XF:comsat Denial of service in in.comsat allows attackers to generate messages. ====================================================== Name: CVE-1999-0196 Status: Entry Reference: BUGTRAQ:19970704 Vulnerability in websendmail Reference: BID:2077 Reference: URL:http://www.securityfocus.com/bid/2077 Reference: OSVDB:237 Reference: URL:http://www.osvdb.org/237 Reference: XF:http-webgais-smail websendmail in Webgais 1.0 allows a remote user to access arbitrary files and execute arbitrary code via the receiver parameter ($VAR_receiver variable). ====================================================== Name: CVE-1999-0201 Status: Entry Reference: XF:ftp-home A quote cwd command on FTP servers can reveal the full path of the home directory of the "ftp" user. ====================================================== Name: CVE-1999-0202 Status: Entry Reference: XF:ftp-exectar The GNU tar command, when used in FTP sessions, may allow an attacker to execute arbitrary commands. ====================================================== Name: CVE-1999-0203 Status: Entry Reference: CERT:CA-95.08 Reference: CIAC:E-03 Reference: XF:smtp-sendmail-version5 In Sendmail, attackers can gain root privileges via SMTP by specifying an improper "mail from" address and an invalid "rcpt to" address that would cause the mail to bounce to a program. ====================================================== Name: CVE-1999-0204 Status: Entry Reference: XF:ident-bo Reference: CIAC:F-13 Sendmail 8.6.9 allows remote attackers to execute root commands, using ident. ====================================================== Name: CVE-1999-0206 Status: Entry Reference: XF:sendmail-mime-bo Reference: AUSCERT:AA-96.06a MIME buffer overflow in Sendmail 8.8.0 and 8.8.1 gives root access. ====================================================== Name: CVE-1999-0207 Status: Entry Reference: XF:majordomo-exe Reference: CERT:CA-94.11.majordomo.vulnerabilities Remote attacker can execute commands through Majordomo using the Reply-To field and a "lists" command. ====================================================== Name: CVE-1999-0208 Status: Entry Reference: XF:rpc-update Reference: CERT:CA-95.17.rpc.ypupdated.vul rpc.ypupdated (NIS) allows remote users to execute arbitrary commands. ====================================================== Name: CVE-1999-0209 Status: Entry Reference: CERT:CA-90.05.sunselection.vulnerability Reference: BID:8 Reference: URL:http://www.securityfocus.com/bid/8 Reference: XF:selsvc The SunView (SunTools) selection_svc facility allows remote users to read files. ====================================================== Name: CVE-1999-0210 Status: Entry Reference: BUGTRAQ:19971126 Solaris 2.5.1 automountd exploit (fwd) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88053459921223&w=2 Reference: BUGTRAQ:19990103 SUN almost has a clue! (automountd) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91547759121289&w=2 Reference: HP:HPSBUX9910-104 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9910-104 Reference: CERT:CA-99-05 Reference: URL:http://www.cert.org/advisories/CA-99-05-statd-automountd.html Reference: BID:235 Reference: URL:http://www.securityfocus.com/bid/235 Automount daemon automountd allows local or remote users to gain privileges via shell metacharacters. ====================================================== Name: CVE-1999-0211 Status: Entry Reference: CERT:CA-94.02.REVISED.SunOS.rpc.mountd.vulnerability Reference: BID:24 Reference: URL:http://www.securityfocus.com/bid/24 Extra long export lists over 256 characters in some mount daemons allows NFS directories to be mounted by anyone. ====================================================== Name: CVE-1999-0212 Status: Entry Reference: SUN:00168 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/168 Reference: CIAC:I-048 Reference: URL:http://www.ciac.org/ciac/bulletins/i-048.shtml Reference: XF:sun-mountd Solaris rpc.mountd generates error messages that allow a remote attacker to determine what files are on the server. ====================================================== Name: CVE-1999-0214 Status: Entry Reference: XF:icmp-unreachable Denial of service by sending forged ICMP unreachable packets. ====================================================== Name: CVE-1999-0215 Status: Entry Reference: SGI:19981004-01-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19981004-01-PX Reference: CIAC:J-012 Reference: URL:http://www.ciac.org/ciac/bulletins/j-012.shtml Reference: XF:ripapp Routed allows attackers to append data to files. ====================================================== Name: CVE-1999-0217 Status: Entry Reference: XF:udp-bomb Malicious option settings in UDP packets could force a reboot in SunOS 4.1.3 systems. ====================================================== Name: CVE-1999-0218 Status: Entry Reference: XF:portmaster-reboot Livingston portmaster machines could be rebooted via a series of commands. ====================================================== Name: CVE-1999-0219 Status: Entry Reference: NTBUGTRAQ:19990503 Buffer overflows in FTP Serv-U 2.5 Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92574916930144&w=2 Reference: NTBUGTRAQ:19990504 Re: Buffer overflows in FTP Serv-U 2.5 Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92582581330282&w=2 Reference: BUGTRAQ:19990909 Exploit: Serv-U Ver2.5 FTPd Win9x/NT Reference: BID:269 Reference: URL:http://www.securityfocus.com/bid/269 Reference: XF:ftp-servu(205) Reference: URL:http://xforce.iss.net/xforce/xfdb/205 Buffer overflow in FTP Serv-U 2.5 allows remote authenticated users to cause a denial of service (crash) via a long (1) CWD or (2) LS (list) command. ====================================================== Name: CVE-1999-0221 Status: Entry Reference: XF:ascend-150-kill Denial of service of Ascend routers through port 150 (remote administration). ====================================================== Name: CVE-1999-0223 Status: Entry Reference: BUGTRAQ:19961109 Syslogd and Solaris 2.4 Reference: SUNBUG:1249320 Reference: CONFIRM:http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?patchid=103291&collection=fpatches Reference: XF:sol-syslogd-crash Reference: BID:1878 Reference: URL:http://www.securityfocus.com/bid/1878 Solaris syslogd crashes when receiving a message from a host that doesn't have an inverse DNS entry. ====================================================== Name: CVE-1999-0224 Status: Entry Reference: XF:nt-messenger Denial of service in Windows NT messenger service through a long username. ====================================================== Name: CVE-1999-0225 Status: Entry Reference: NAI:19980214 Windows NT Logon Denial of Service Reference: URL:http://www.nai.com/nai_labs/asp_set/advisory/25_windows_nt_dos_adv.asp Reference: MSKB:Q180963 Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=180963 Reference: XF:nt-logondos Windows NT 4.0 allows remote attackers to cause a denial of service via a malformed SMB logon request in which the actual data size does not match the specified size. ====================================================== Name: CVE-1999-0227 Status: Entry Reference: MSKB:Q154087 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q154087 Reference: XF:nt-lsass-crash Access violation in LSASS.EXE (LSA/LSARPC) program in Windows NT allows a denial of service. ====================================================== Name: CVE-1999-0228 Status: Entry Reference: XF:nt-rpc-ver Reference: MSKB:Q162567 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q162567 Denial of service in RPCSS.EXE program (RPC Locator) in Windows NT. ====================================================== Name: CVE-1999-0230 Status: Entry Reference: CISCO:http://www.cisco.com/warp/public/770/pwbuf-pub.shtml Reference: OSVDB:1102 Reference: URL:http://www.osvdb.org/1102 Buffer overflow in Cisco 7xx routers through the telnet service. ====================================================== Name: CVE-1999-0233 Status: Entry Reference: MSKB:Q148188 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q148188 Reference: MSKB:Q155056 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q155056 Reference: XF:http-iis-cmd IIS 1.0 allows users to execute arbitrary commands using .bat or .cmd files. ====================================================== Name: CVE-1999-0234 Status: Entry Reference: XF:bash-cmd Reference: CERT:CA-96.22.bash_vuls Bash treats any character with a value of 255 as a command separator. ====================================================== Name: CVE-1999-0236 Status: Entry Reference: XF:http-scriptalias ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs. ====================================================== Name: CVE-1999-0237 Status: Entry Reference: XF:http-cgi-guestbook Reference: CERT:VB-97.02 Remote execution of arbitrary commands through Guestbook CGI program. ====================================================== Name: CVE-1999-0239 Status: Entry Reference: XF:fastrack-get-directory-list Reference: OSVDB:122 Reference: URL:http://www.osvdb.org/122 Netscape FastTrack Web server lists files when a lowercase "get" command is used instead of an uppercase GET. ====================================================== Name: CVE-1999-0244 Status: Entry Reference: NAI:NAI-23 Reference: XF:radius-accounting-overflow Livingston RADIUS code has a buffer overflow which can allow remote execution of commands as root. ====================================================== Name: CVE-1999-0245 Status: Entry Reference: BUGTRAQ:19950907 Linux NIS security problem hole and fix Reference: XF:linux-plus Some configurations of NIS+ in Linux allowed attackers to log in as the user "+". ====================================================== Name: CVE-1999-0247 Status: Entry Reference: NAI:19970721 INN news server vulnerabilities Reference: URL:http://www.nai.com/nai_labs/asp_set/advisory/17_inn_avd.asp Reference: BID:1443 Reference: URL:http://www.securityfocus.com/bid/1443 Reference: XF:inn-bo Buffer overflow in nnrpd program in INN up to version 1.6 allows remote users to execute arbitrary commands. ====================================================== Name: CVE-1999-0248 Status: Entry Reference: MISC:http://oliver.efri.hr/~crv/security/bugs/mUNIXes/ssh2.html Reference: CONFIRM:http://www.uni-karlsruhe.de/~ig25/ssh-faq/ssh-faq-6.html#ss6.1 A race condition in the authentication agent mechanism of sshd 1.2.17 allows an attacker to steal another user's credentials. ====================================================== Name: CVE-1999-0251 Status: Entry Reference: XF:talkd-flash Denial of service in talk program allows remote attackers to disrupt a user's display. ====================================================== Name: CVE-1999-0252 Status: Entry Reference: XF:smtp-listserv Buffer overflow in listserv allows arbitrary command execution. ====================================================== Name: CVE-1999-0256 Status: Entry Reference: XF:war-ftpd Reference: OSVDB:875 Reference: URL:http://www.osvdb.org/875 Buffer overflow in War FTP allows remote execution of commands. ====================================================== Name: CVE-1999-0259 Status: Entry Reference: BUGTRAQ:19970523 cfingerd vulnerability Reference: XF:cfinger-user-enumeration cfingerd lists all users on a system via search.**@target. ====================================================== Name: CVE-1999-0260 Status: Entry Reference: BUGTRAQ:19961224 jj cgi Reference: XF:http-cgi-jj The jj CGI program allows command execution via shell metacharacters. ====================================================== Name: CVE-1999-0262 Status: Entry Reference: BUGTRAQ:19980804 remote exploit in faxsurvey cgi-script Reference: BUGTRAQ:19980804 PATCH: faxsurvey Reference: BID:2056 Reference: URL:http://www.securityfocus.com/bid/2056 Reference: XF:http-cgi-faxsurvey(1532) Reference: URL:http://xforce.iss.net/xforce/xfdb/1532 Hylafax faxsurvey CGI script on Linux allows remote attackers to execute arbitrary commands via shell metacharacters in the query string. ====================================================== Name: CVE-1999-0263 Status: Entry Reference: SUN:00173 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/173 Reference: XF:sun-sunwadmap Solaris SUNWadmap can be exploited to obtain root access. ====================================================== Name: CVE-1999-0264 Status: Entry Reference: XF:http-htmlscript-file-access Reference: BUGTRAQ:Jan27,1998 htmlscript CGI program allows remote read access to files. ====================================================== Name: CVE-1999-0265 Status: Entry Reference: MSKB:Q154174 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q154174 Reference: ISS:ICMP Redirects Against Embedded Controllers Reference: XF:icmp-redirect ICMP redirect messages may crash or lock up a host. ====================================================== Name: CVE-1999-0266 Status: Entry Reference: BUGTRAQ:19980303 Vulnerabilites in some versions of info2www CGI Reference: BID:1995 Reference: URL:http://www.securityfocus.com/bid/1995 Reference: XF:http-cgi-info2www The info2www CGI script allows remote file access or remote command execution. ====================================================== Name: CVE-1999-0267 Status: Entry Reference: XF:http-port Reference: CERT:CA-95.04.NCSA.http.daemon.for.unix.vulnerability Buffer overflow in NCSA HTTP daemon v1.3 allows remote command execution. ====================================================== Name: CVE-1999-0268 Status: Entry Reference: BUGTRAQ:19980630 Security vulnerabilities in MetaInfo products Reference: BUGTRAQ:19980703 Followup to MetaInfo vulnerabilities Reference: OSVDB:110 Reference: URL:http://www.osvdb.org/110 Reference: OSVDB:3969 Reference: URL:http://www.osvdb.org/3969 Reference: XF:metaweb-server-dot-attack MetaInfo MetaWeb web server allows users to upload, execute, and read scripts. ====================================================== Name: CVE-1999-0269 Status: Entry Reference: XF:netscape-server-pageservices Netscape Enterprise servers may list files through the PageServices query. ====================================================== Name: CVE-1999-0270 Status: Entry Reference: BUGTRAQ:19980317 IRIX performer_tools bug Reference: SGI:19980401-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980401-01-P Reference: CIAC:I-041 Reference: URL:http://www.ciac.org/ciac/bulletins/i-041.shtml Reference: BID:64 Reference: URL:http://www.securityfocus.com/bid/64 Reference: OSVDB:134 Reference: URL:http://www.osvdb.org/134 Reference: XF:sgi-pfdispaly(810) Reference: URL:http://xforce.iss.net/xforce/xfdb/810 Directory traversal vulnerability in pfdispaly.cgi program (sometimes referred to as "pfdisplay") for SGI's Performer API Search Tool (performer_tools) allows remote attackers to read arbitrary files. ====================================================== Name: CVE-1999-0272 Status: Entry Reference: XF:slmail-username-bo Denial of service in Slmail v2.5 through the POP3 port. ====================================================== Name: CVE-1999-0273 Status: Entry Reference: XF:sun-telnet-kill Denial of service through Solaris 2.5.1 telnet by sending ^D characters. ====================================================== Name: CVE-1999-0274 Status: Entry Reference: NAI:NAI-5 Reference: XF:nt-dns-dos Denial of service in Windows NT DNS servers through malicious packet which contains a response to a query that wasn't made. ====================================================== Name: CVE-1999-0275 Status: Entry Reference: XF:nt-dnscrash Reference: XF:nt-dnsver Reference: MS:Q169461 Denial of service in Windows NT DNS servers by flooding port 53 with too many characters. ====================================================== Name: CVE-1999-0276 Status: Entry Reference: XF:msql-debug-bo Reference: SEKURE:sekure.01-99.msql mSQL v2.0.1 and below allows remote execution through a buffer overflow. ====================================================== Name: CVE-1999-0277 Status: Entry Reference: XF:workman Reference: CERT:CA-96.23.workman_vul The WorkMan program can be used to overwrite any file to get root access. ====================================================== Name: CVE-1999-0278 Status: Entry Reference: MS:MS98-003 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms98-003.mspx Reference: XF:iis-asp-data-check Reference: OVAL:oval:org.mitre.oval:def:913 Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:913 In IIS, remote attackers can obtain source code for ASP files by appending "::$DATA" to the URL. ====================================================== Name: CVE-1999-0279 Status: Entry Reference: BUGTRAQ:19971217 CGI security hole in EWS (Excite for Web Servers) Reference: BUGTRAQ:19980115 Excite announcement Reference: CERT:VB-98.01.excite Reference: XF:excite-cgi-search-vuln Excite for Web Servers (EWS) allows remote command execution via shell metacharacters. ====================================================== Name: CVE-1999-0280 Status: Entry Reference: NTBUGTRAQ:19970317 Internet Explorer Bug #4 Reference: CIAC:H-38 Reference: XF:http-ie-lnkurl Remote command execution in Microsoft Internet Explorer using .lnk and .url files. ====================================================== Name: CVE-1999-0281 Status: Entry Reference: XF:http-iis-longurl Denial of service in IIS using long URLs. ====================================================== Name: CVE-1999-0288 Status: Entry Reference: NTBUGTRAQ:19970801 WINS flooding Reference: BUGTRAQ:19970801 WINS flooding Reference: BUGTRAQ:19970815 Re: WINS flooding Reference: MISC:http://safenetworks.com/Windows/wins.html Reference: MSKB:155701 Reference: XF:nt-winsupd-fix(1233) Reference: URL:http://xforce.iss.net/xforce/xfdb/1233 The WINS server in Microsoft Windows NT 4.0 before SP4 allows remote attackers to cause a denial of service (process termination) via invalid UDP frames to port 137 (NETBIOS Name Service), as demonstrated via a flood of random packets. ====================================================== Name: CVE-1999-0289 Status: Entry The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL. ====================================================== Name: CVE-1999-0290 Status: Entry Reference: BUGTRAQ:19980221 WinGate DoS Reference: BUGTRAQ:19980326 WinGate Intermediary Fix/Update Reference: XF:wingate-dos The WinGate telnet proxy allows remote attackers to cause a denial of service via a large number of connections to localhost. ====================================================== Name: CVE-1999-0291 Status: Entry Reference: XF:wingate-unpassworded The WinGate proxy is installed without a password, which allows remote attackers to redirect connections without authentication. ====================================================== Name: CVE-1999-0292 Status: Entry Reference: XF:nt-winpopup Denial of service through Winpopup using large user names. ====================================================== Name: CVE-1999-0293 Status: Entry Reference: CISCO:http://www.cisco.com/warp/public/770/aaapair-pub.shtml Reference: XF:cisco-ios-aaa-auth AAA authentication on Cisco systems allows attackers to execute commands without authorization. ====================================================== Name: CVE-1999-0294 Status: Entry Reference: XF:nt-wins-snmp2 All records in a WINS database can be deleted through SNMP for a denial of service. ====================================================== Name: CVE-1999-0295 Status: Entry Reference: XF:sun-sysdef Reference: SUN:00157 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/157 Solaris sysdef command allows local users to read kernel memory, potentially leading to root privileges. ====================================================== Name: CVE-1999-0296 Status: Entry Reference: SUN:00162 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/162 Reference: XF:sun-volrmmount Solaris volrmmount program allows attackers to read any file. ====================================================== Name: CVE-1999-0297 Status: Entry Reference: NAI:NAI-3 Reference: AUSCERT:AA-96.21 Reference: CIAC:H-17 Reference: XF:vixie-cron Buffer overflow in Vixie Cron library up to version 3.0 allows local users to obtain root access via a long environmental variable. ====================================================== Name: CVE-1999-0299 Status: Entry Reference: NAI:NAI-9 Reference: OSVDB:6093 Reference: URL:http://www.osvdb.org/6093 Buffer overflow in FreeBSD lpd through long DNS hostnames. ====================================================== Name: CVE-1999-0300 Status: Entry Reference: SUN:00155 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/155 Reference: XF:sun-niscache nis_cachemgr for Solaris NIS+ allows attackers to add malicious NIS+ servers. ====================================================== Name: CVE-1999-0301 Status: Entry Reference: SUN:00149 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/149 Reference: AUSCERT:AUSCERT-97.17 Reference: XF:sun-ps2bo Buffer overflow in SunOS/Solaris ps command. ====================================================== Name: CVE-1999-0302 Status: Entry Reference: SUN:00176 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/176 Reference: XF:sun-ftp-server SunOS/Solaris FTP clients can be forced to execute arbitrary commands from a malicious FTP server. ====================================================== Name: CVE-1999-0303 Status: Entry Reference: XF:bnu-uucpd-bo Reference: RSI:RSI.0002.05-18-98.BNU.UUCPD Buffer overflow in BNU UUCP daemon (uucpd) through long hostnames. ====================================================== Name: CVE-1999-0304 Status: Entry Reference: XF:bsd-mmap Reference: FREEBSD:FreeBSD-SA-98:02 mmap function in BSD allows local attackers in the kmem group to modify memory through devices. ====================================================== Name: CVE-1999-0305 Status: Entry Reference: OPENBSD:Feb15,1998 "IP Source Routing Problem" Reference: MISC:http://www.openbsd.org/advisories/sourceroute.txt Reference: OSVDB:11502 Reference: URL:http://www.osvdb.org/11502 Reference: XF:bsd-sourceroute(736) Reference: URL:http://xforce.iss.net/xforce/xfdb/736 The system configuration control (sysctl) facility in BSD based operating systems OpenBSD 2.2 and earlier, and FreeBSD 2.2.5 and earlier, does not properly restrict source routed packets even when the (1) dosourceroute or (2) forwarding variables are set, which allows remote attackers to spoof TCP connections. ====================================================== Name: CVE-1999-0308 Status: Entry Reference: HP:HPSBUX9410-018 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9410-018 Reference: XF:hpux-gwind-overwrite Reference: CIAC:H-03: HP-UX suid Vulnerabilities HP-UX gwind program allows users to modify arbitrary files. ====================================================== Name: CVE-1999-0309 Status: Entry Reference: HP:HPSBUX9702-056 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9702-056 Reference: XF:hpux-vgdisplay Reference: CIAC:H-27: HP-UX vgdisplay Buffer Overrun Vulnerability HP-UX vgdisplay program gives root access to local users. ====================================================== Name: CVE-1999-0310 Status: Entry Reference: XF:ssh-1225 SSH 1.2.25 on HP-UX allows access to new user accounts. ====================================================== Name: CVE-1999-0311 Status: Entry Reference: XF:hpux-fpkg2swpk Reference: HP:HPSBUX9612-042 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9612-042 fpkg2swpk in HP-UX allows local users to gain root access. ====================================================== Name: CVE-1999-0312 Status: Entry Reference: XF:nis-ypbind Reference: CERT:CA-93:01.REVISED.HP.NIS.ypbind.vulnerability HP ypbind allows attackers with root privileges to modify NIS data. ====================================================== Name: CVE-1999-0313 Status: Entry Reference: MISC:http://www.securityfocus.com/bid/213/exploit Reference: SGI:19980701-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980701-01-P Reference: BID:214 Reference: URL:http://www.securityfocus.com/bid/214 Reference: OSVDB:936 Reference: URL:http://www.osvdb.org/936 Reference: XF:sgi-disk-bandwidth(1441) Reference: URL:http://xforce.iss.net/xforce/xfdb/1441 disk_bandwidth on SGI IRIX 6.4 S2MP for Origin/Onyx2 allows local users to gain root access using relative pathnames. ====================================================== Name: CVE-1999-0314 Status: Entry Reference: MISC:http://www.securityfocus.com/bid/213/exploit Reference: SGI:19980701-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980701-01-P Reference: BID:213 Reference: URL:http://www.securityfocus.com/bid/213 Reference: OSVDB:6788 Reference: URL:http://www.osvdb.org/6788 Reference: XF:sgi-ioconfig(1199) Reference: URL:http://xforce.iss.net/xforce/xfdb/1199 ioconfig on SGI IRIX 6.4 S2MP for Origin/Onyx2 allows local users to gain root access using relative pathnames. ====================================================== Name: CVE-1999-0315 Status: Entry Reference: XF:fdformat-bo Reference: SUN:00138 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/138 Buffer overflow in Solaris fdformat command gives root access to local users. ====================================================== Name: CVE-1999-0316 Status: Entry Reference: XF:linux-splitvt Reference: CIAC:G-08 Buffer overflow in Linux splitvt command gives root access to local users. ====================================================== Name: CVE-1999-0318 Status: Entry Reference: BUGTRAQ:19961125 Security Problems in XMCD Reference: BUGTRAQ:19961125 XMCD v2.1 released (was: Security Problems in XMCD) Reference: XF:xmcd-envbo Buffer overflow in xmcd 2.0p12 allows local users to gain access through an environmental variable. ====================================================== Name: CVE-1999-0320 Status: Entry Reference: SUN:00166 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/166 Reference: XF:sun-rpc.cmsd SunOS rpc.cmsd allows attackers to obtain root access by overwriting arbitrary files. ====================================================== Name: CVE-1999-0321 Status: Entry Reference: XF:sun-kcms-configure-bo Buffer overflow in Solaris kcms_configure command allows local users to gain root access. ====================================================== Name: CVE-1999-0322 Status: Entry Reference: FREEBSD:FreeBSD-SA-97:05 Reference: XF:freebsd-open Reference: OSVDB:6092 Reference: URL:http://www.osvdb.org/6092 The open() function in FreeBSD allows local attackers to write to arbitrary files. ====================================================== Name: CVE-1999-0323 Status: Entry Reference: FREEBSD:FreeBSD-SA-98:04 Reference: NETBSD:1998-003 Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA1998-003.txt.asc Reference: XF:bsd-mmap FreeBSD mmap function allows users to modify append-only or immutable files. ====================================================== Name: CVE-1999-0324 Status: Entry Reference: HP:HPSBUX9702-053 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9702-053 Reference: CIAC:H-31 Reference: XF:hp-ppllog ppl program in HP-UX allows local users to create root files through symlinks. ====================================================== Name: CVE-1999-0325 Status: Entry Reference: XF:hp-vhe Reference: HP:HPSBUX9406-013 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9406-013 vhe_u_mnt program in HP-UX allows local users to create root files through symlinks. ====================================================== Name: CVE-1999-0326 Status: Entry Reference: HP:HPSBUX9710-071 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9710-071 Reference: XF:hp-mediainit Vulnerability in HP-UX mediainit program. ====================================================== Name: CVE-1999-0327 Status: Entry Reference: SGI:19971103-01-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19971103-01-PX Reference: XF:sgi-syserr SGI syserr program allows local users to corrupt files. ====================================================== Name: CVE-1999-0328 Status: Entry Reference: SGI:19971103-01-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19971103-01-PX Reference: XF:sgi-permtool SGI permissions program allows local users to gain root privileges. ====================================================== Name: CVE-1999-0329 Status: Entry Reference: SGI:19980602-01-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980602-01-PX Reference: XF:sgi-mediad SGI mediad program allows local users to gain root access. ====================================================== Name: CVE-1999-0332 Status: Entry Reference: XF:nt-netmeeting Reference: MSKB:Q184346 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q184346 Buffer overflow in NetMeeting allows denial of service and remote command execution. ====================================================== Name: CVE-1999-0334 Status: Entry Reference: XF:sol-startup Reference: CERT:CA-93.19.Solaris.Startup.vulnerability In Solaris 2.2 and 2.3, when fsck fails on startup, it allows a local user with physical access to obtain root access. ====================================================== Name: CVE-1999-0335 Status: Entry DEPRECATED. This entry has been deprecated. It is a duplicate of CVE-1999-0032. ====================================================== Name: CVE-1999-0337 Status: Entry Reference: CERT:CA-94.10.IBM.AIX.bsh.vulnerability.html Reference: XF:ibm-bsh AIX batch queue (bsh) allows local and remote users to gain additional privileges when network printing is enabled. ====================================================== Name: CVE-1999-0338 Status: Entry Reference: XF:ibm-perf-tools Reference: CERT:CA-94.03.AIX.performance.tools AIX Licensed Program Product performance tools allow local users to gain root access. ====================================================== Name: CVE-1999-0339 Status: Entry Reference: XF:sol-sun-libauth Reference: RSI:RSI.0007.05-26-98 Buffer overflow in the libauth library in Solaris allows local users to gain additional privileges, possibly root access. ====================================================== Name: CVE-1999-0340 Status: Entry Reference: KSRT:005 Reference: XF:linux-crond Buffer overflow in Linux Slackware crond program allows local users to gain root access. ====================================================== Name: CVE-1999-0341 Status: Entry Reference: KSRT:006 Reference: XF:linux-deliver Buffer overflow in the Linux mail program "deliver" allows local users to gain root access. ====================================================== Name: CVE-1999-0342 Status: Entry Reference: REDHAT:http://www.redhat.com/corp/support/errata/rh42-errata-general.html#pam Reference: XF:linux-pam-passwd-tmprace Linux PAM modules allow local users to gain root access using temporary files. ====================================================== Name: CVE-1999-0343 Status: Entry Reference: BUGTRAQ:19981002 Announcements from The Palace (fwd) Reference: XF:palace-malicious-servers-vuln A malicious Palace server can force a client to execute arbitrary programs. ====================================================== Name: CVE-1999-0344 Status: Entry Reference: MS:MS98-009 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms98-009.mspx Reference: MSKB:Q190288 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q190288 Reference: XF:nt-priv-fix NT users can gain debug-level access on a system process using the Sechole exploit. ====================================================== Name: CVE-1999-0346 Status: Entry Reference: BUGTRAQ:19971019 Vulnerability in PHP Example Logging Scripts Reference: BID:713 Reference: URL:http://www.securityfocus.com/bid/713 Reference: XF:http-cgi-php-mlog Reference: OSVDB:3397 Reference: URL:http://www.osvdb.org/3397 CGI PHP mlog script allows an attacker to read any file on the target server. ====================================================== Name: CVE-1999-0348 Status: Entry Reference: NTBUGTRAQ:Jan27,1999 Reference: MSKB:Q197003 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q197003 Reference: OSVDB:930 Reference: URL:http://www.osvdb.org/930 IIS ASP caching problem releases sensitive information when two virtual servers share the same physical directory. ====================================================== Name: CVE-1999-0349 Status: Entry Reference: EEYE:IIS Remote FTP Exploit/DoS Attack Reference: URL:http://www.eeye.com/html/Research/Advisories/IIS Remote FTP Exploit/DoS Attack.html Reference: MS:MS99-003 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-003.mspx Reference: MSKB:Q188348 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q188348 Reference: BUGTRAQ:Jan27,1999 Reference: XF:iis-remote-ftp A buffer overflow in the FTP list (ls) command in IIS allows remote attackers to conduct a denial of service and, in some cases, execute arbitrary commands. ====================================================== Name: CVE-1999-0350 Status: Entry Reference: L0PHT:Feb8,1999 Reference: XF:clearcase-temp-race Race condition in the db_loader program in ClearCase gives local users root access by setting SUID bits. ====================================================== Name: CVE-1999-0351 Status: Entry Reference: INFOWAR:01 Reference: MISC:http://attrition.org/security/advisory/misc/infowar/iw_sec_01.txt Reference: XF:pasv-pizza-thief-dos(3389) Reference: URL:http://xforce.iss.net/xforce/xfdb/3389 FTP PASV "Pizza Thief" denial of service and unauthorized data access. Attackers can steal data by connecting to a port that was intended for use by a client. ====================================================== Name: CVE-1999-0353 Status: Entry Reference: HP:HPSBUX9902-091 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9902-091 Reference: CIAC:J-026 Reference: URL:http://www.ciac.org/ciac/bulletins/j-026.shtml Reference: XF:pcnfsd-world-write rpc.pcnfsd in HP gives remote root access by changing the permissions on the main printer spool directory. ====================================================== Name: CVE-1999-0355 Status: Entry Reference: ISS:Multiple vulnerabilities in ControlIT(tm) (formerly Remotely Possible/32) enterprise management software Reference: XF:controlit-reboot Local or remote users can force ControlIT 4.5 to reboot or force a user to log out, resulting in a denial of service. ====================================================== Name: CVE-1999-0357 Status: Entry Reference: BUGTRAQ:19990125 Win98 crash? Reference: XF:win98-oshare-dos Windows 98 and other operating systems allows remote attackers to cause a denial of service via crafted "oshare" packets, possibly involving invalid fragmentation offsets. ====================================================== Name: CVE-1999-0358 Status: Entry Reference: BUGTRAQ:19990125 Digital Unix 4.0 exploitable buffer overflows Reference: URL:http://www.securityfocus.com/archive/1/12121 Reference: COMPAQ:SSRT0583U Reference: XF:du-inc Reference: CIAC:J-027 Reference: URL:http://www.ciac.org/ciac/bulletins/j-027.shtml Digital Unix 4.0 has a buffer overflow in the inc program of the mh package. ====================================================== Name: CVE-1999-0362 Status: Entry Reference: EEYE:AD02021999 Reference: URL:http://www.eeye.com/html/Research/Advisories/AD02021999.html Reference: XF:wsftp-remote-dos Reference: BID:217 Reference: URL:http://www.securityfocus.com/bid/217 WS_FTP server remote denial of service through cwd command. ====================================================== Name: CVE-1999-0363 Status: Entry Reference: BUGTRAQ:Feb02,1999 Reference: XF:plp-lpc-bo Reference: BID:328 Reference: URL:http://www.securityfocus.com/bid/328 SuSE 5.2 PLP lpc program has a buffer overflow that leads to root compromise. ====================================================== Name: CVE-1999-0365 Status: Entry Reference: BUGTRAQ:Feb04,1999 Reference: XF:metamail-header-commands The metamail package allows remote command execution using shell metacharacters that are not quoted in a mailcap entry. ====================================================== Name: CVE-1999-0366 Status: Entry Reference: MS:MS99-004 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-004.mspx Reference: MSKB:Q214840 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q214840 Reference: XF:nt-sp4-auth-error In some cases, Service Pack 4 for Windows NT 4.0 can allow access to network shares using a blank password, through a problem with a null NT hash value. ====================================================== Name: CVE-1999-0367 Status: Entry Reference: NETBSD:1999-002 Reference: OSVDB:7571 Reference: URL:http://www.osvdb.org/7571 NetBSD netstat command allows local users to access kernel memory. ====================================================== Name: CVE-1999-0368 Status: Entry Reference: NETECT:palmetto.ftpd Reference: CERT:CA-99.03 Reference: XF:palmetto-ftpd-bo Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto. ====================================================== Name: CVE-1999-0369 Status: Entry Reference: SUN:00183 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/183 Reference: XF:sun-sdtcm-convert-bo The Sun sdtcm_convert calendar utility for OpenWindows has a buffer overflow which can gain root access. ====================================================== Name: CVE-1999-0371 Status: Entry Reference: BUGTRAQ:19990211 Lynx /tmp problem Reference: CERT:VB-97.05.lynx Reference: XF:lynx-temp-files-race Lynx allows a local user to overwrite sensitive files through /tmp symlinks. ====================================================== Name: CVE-1999-0372 Status: Entry Reference: MS:MS99-005 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-005.mspx Reference: XF:nt-backoffice-setup Reference: MSKB:Q217004 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q217004 The installer for BackOffice Server includes account names and passwords in a setup file (reboot.ini) which is not deleted. ====================================================== Name: CVE-1999-0373 Status: Entry Reference: ISS:Buffer Overflow in "Super" package in Debian Linux Reference: XF:linux-super-bo Reference: XF:linux-super-logging-bo Buffer overflow in the "Super" utility in Debian GNU/Linux, and other operating systems, allows local users to execute commands as root. ====================================================== Name: CVE-1999-0374 Status: Entry Reference: DEBIAN:19990215 Reference: BUGTRAQ:Feb16,1999 Reference: XF:linux-cfengine-symlinks Debian GNU/Linux cfengine package is susceptible to a symlink attack. ====================================================== Name: CVE-1999-0375 Status: Entry Reference: NAI:February 16, 1999 Reference: BUGTRAQ:Feb16,1999 Reference: XF:nfr-webd-overflow Buffer overflow in webd in Network Flight Recorder (NFR) 2.0.2-Research allows remote attackers to execute commands. ====================================================== Name: CVE-1999-0376 Status: Entry Reference: MS:MS99-006 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-006.mspx Reference: BUGTRAQ:Feb20,1999 Reference: L0PHT:Feb18,1999 Reference: XF:nt-knowndlls-list Local users in Windows NT can obtain administrator privileges by changing the KnownDLLs list to reference malicious programs. ====================================================== Name: CVE-1999-0377 Status: Entry Reference: BUGTRAQ:Feb22,1999 Process table attack in Unix systems allows a remote attacker to perform a denial of service by filling a machine's process tables through multiple connections to network services. ====================================================== Name: CVE-1999-0378 Status: Entry Reference: BUGTRAQ:19990222 BlackHats Advisory -- InterScan VirusWall Reference: BUGTRAQ:19990225 Patch for InterScan VirusWall for Unix now available Reference: XF:viruswall-http-request Reference: OSVDB:6167 Reference: URL:http://www.osvdb.org/6167 InterScan VirusWall for Solaris doesn't scan files for viruses when a single HTTP request includes two GET commands. ====================================================== Name: CVE-1999-0379 Status: Entry Reference: MS:MS99-007 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-007.mspx Reference: BUGTRAQ:19990223 Microsoft Security Bulletin (MS99-007) Reference: BID:498 Reference: URL:http://www.securityfocus.com/bid/498 Reference: OSVDB:1019 Reference: URL:http://www.osvdb.org/1019 Reference: XF:win-resourcekit-taskpads Microsoft Taskpads allows remote web sites to execute commands on the visiting user's machine via certain methods that are marked as Safe for Scripting. ====================================================== Name: CVE-1999-0380 Status: Entry Reference: NTBUGTRAQ:199902225 ALERT: SLMail 3.2 (and 3.1) with the Remote Administration Service Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=91999015212415&w=2 Reference: BUGTRAQ:19990225 ALERT: SLMail 3.2 (and 3.1) with the Remote Administration Service Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91996412724720&w=2 Reference: NTBUGTRAQ:SLmail 3.2 Build 3113 (Web Administration Security Fix) Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92110501504997&w=2 Reference: BID:497 Reference: URL:http://www.securityfocus.com/bid/497 Reference: XF:slmail-ras-ntfs-bypass(5392) Reference: URL:http://xforce.iss.net/static/5392.php SLMail 3.1 and 3.2 allows local users to access any file in the NTFS file system when the Remote Administration Service (RAS) is enabled by setting a user's Finger File to point to the target file, then running finger on the user. ====================================================== Name: CVE-1999-0382 Status: Entry Reference: MS:MS99-008 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-008.mspx Reference: XF:nt-screen-saver The screen saver in Windows NT does not verify that its security context has been changed properly, allowing attackers to run programs with elevated privileges. ====================================================== Name: CVE-1999-0383 Status: Entry Reference: BUGTRAQ:19990103 Tigris vulnerability Reference: BID:183 Reference: URL:http://www.securityfocus.com/bid/183 Reference: OSVDB:267 Reference: URL:http://www.osvdb.org/267 Reference: XF:acc-tigris-login ACC Tigris allows public access without a login. ====================================================== Name: CVE-1999-0384 Status: Entry Reference: XF:forms-vuln-patch Reference: MS:MS99-001 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-001.mspx The Forms 2.0 ActiveX control (included with Visual Basic for Applications 5.0) can be used to read text from a user's clipboard when the user accesses documents with ActiveX content. ====================================================== Name: CVE-1999-0385 Status: Entry Reference: MS:MS99-009 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-009.mspx Reference: ISS:LDAP Buffer overflow against Microsoft Directory Services Reference: XF:ldap-exchange-overflow Reference: XF:ldap-mds-dos The LDAP bind function in Exchange 5.5 has a buffer overflow that allows a remote attacker to conduct a denial of service or execute commands. ====================================================== Name: CVE-1999-0386 Status: Entry Reference: MS:MS99-010 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-010.mspx Reference: XF:pws-file-access Reference: OSVDB:111 Reference: URL:http://www.osvdb.org/111 Microsoft Personal Web Server and FrontPage Personal Web Server in some Windows systems allows a remote attacker to read files on the server by using a nonstandard URL. ====================================================== Name: CVE-1999-0387 Status: Entry Reference: MS:MS99-052 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-052.asp Reference: MSKB:Q168115 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q168115 Reference: BID:829 Reference: URL:http://www.securityfocus.com/bid/829 Reference: XF:9x-plaintext-pwd A legacy credential caching mechanism used in Windows 95 and Windows 98 systems allows attackers to read plaintext network passwords. ====================================================== Name: CVE-1999-0388 Status: Entry Reference: XF:datalynx-suguard-relative-paths Reference: L0PHT:Jan3,1999 Reference: OSVDB:3186 Reference: URL:http://www.osvdb.org/3186 DataLynx suGuard trusts the PATH environment variable to execute the ps command, allowing local users to execute commands as root. ====================================================== Name: CVE-1999-0390 Status: Entry Reference: BUGTRAQ:19990104 Dosemu/S-Lang Overflow + sploit Reference: CALDERA:CSSA-1999-006.1 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-1999-006.1.txt Reference: BID:187 Reference: URL:http://www.securityfocus.com/bid/187 Buffer overflow in Dosemu Slang library in Linux. ====================================================== Name: CVE-1999-0391 Status: Entry Reference: L0PHT:Jan. 5, 1999 The cryptographic challenge of SMB authentication in Windows 95 and Windows 98 can be reused, allowing an attacker to replay the response and impersonate a user. ====================================================== Name: CVE-1999-0392 Status: Entry Reference: BUGTRAQ:Jan10,1999 Reference: XF:http-cgic-library-bo Buffer overflow in Thomas Boutell's cgic library version up to 1.05. ====================================================== Name: CVE-1999-0393 Status: Entry Reference: BUGTRAQ:19981212 ** Sendmail 8.9.2 DoS - exploit ** get what you want! Reference: BUGTRAQ:19990121 Sendmail 8.8.x/8.9.x bugware Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91694391227372&w=2 Reference: XF:sendmail-parsing-redirection Remote attackers can cause a denial of service in Sendmail 8.8.x and 8.9.2 by sending messages with a large number of headers. ====================================================== Name: CVE-1999-0395 Status: Entry Reference: ISS:19990118 Vulnerability in the BackWeb Polite Agent Protocol Reference: URL:http://xforce.iss.net/alerts/advise17.php Reference: XF:backweb-polite-agent-protocol A race condition in the BackWeb Polite Agent Protocol allows an attacker to spoof a BackWeb server. ====================================================== Name: CVE-1999-0396 Status: Entry Reference: NETBSD:1999-001 Reference: OPENBSD:Feb17,1999 Reference: XF:netbsd-tcp-race A race condition between the select() and accept() calls in NetBSD TCP servers allows remote attackers to cause a denial of service. ====================================================== Name: CVE-1999-0402 Status: Entry Reference: BUGTRAQ:Feb2,1999 Reference: XF:wget-permissions Reference: DEBIAN:19990220 wget 1.5.3 follows symlinks to change permissions of the target file instead of the symlink itself. ====================================================== Name: CVE-1999-0403 Status: Entry Reference: BUGTRAQ:19990204 Cyrix bug: freeze in hell, badboy Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91821080015725&w=2 Reference: XF:cyrix-hang A bug in Cyrix CPUs on Linux allows local users to perform a denial of service. ====================================================== Name: CVE-1999-0404 Status: Entry Reference: BUGTRAQ:Feb14,1999 Reference: XF:mailmax-bo Buffer overflow in the Mail-Max SMTP server for Windows systems allows remote command execution. ====================================================== Name: CVE-1999-0405 Status: Entry Reference: HERT:002 Reference: BUGTRAQ:Feb18,1999 Reference: DEBIAN:19990220a Reference: XF:lsof-bo Reference: OSVDB:3163 Reference: URL:http://www.osvdb.org/3163 A buffer overflow in lsof allows local users to obtain root privilege. ====================================================== Name: CVE-1999-0407 Status: Entry Reference: BUGTRAQ:19990209 ALERT: IIS4 allows proxied password attacks over NetBIOS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91983486431506&w=2 Reference: BUGTRAQ:19990209 Re: IIS4 allows proxied password attacks over NetBIOS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92000623021036&w=2 Reference: XF:iis-iisadmpwd By default, IIS 4.0 has a virtual directory /IISADMPWD which contains files that can be used as proxies for brute force password attacks, or to identify valid users on the system. ====================================================== Name: CVE-1999-0408 Status: Entry Reference: BUGTRAQ:19990225 Cobalt root exploit Reference: XF:cobalt-raq-history-exposure Reference: BID:337 Reference: URL:http://www.securityfocus.com/bid/337 Files created from interactive shell sessions in Cobalt RaQ microservers (e.g. .bash_history) are world readable, and thus are accessible from the web server. ====================================================== Name: CVE-1999-0409 Status: Entry Reference: BUGTRAQ:19990304 Linux /usr/bin/gnuplot overflow Reference: XF:gnuplot-home-overflow Reference: BID:319 Reference: URL:http://www.securityfocus.com/bid/319 Buffer overflow in gnuplot in Linux version 3.5 allows local users to obtain root access. ====================================================== Name: CVE-1999-0410 Status: Entry Reference: BUGTRAQ:Mar5,1999 Reference: XF:sol-cancel Reference: BID:293 Reference: URL:http://www.securityfocus.com/bid/293 The cancel command in Solaris 2.6 (i386) has a buffer overflow that allows local users to obtain root access. ====================================================== Name: CVE-1999-0412 Status: Entry Reference: BUGTRAQ:Feb19,1999 Reference: XF:iis-isapi-execute Reference: BID:501 Reference: URL:http://www.securityfocus.com/bid/501 In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension. ====================================================== Name: CVE-1999-0413 Status: Entry Reference: SGI:19990301-01-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19990301-01-PX Reference: XF:irix-font-path-overflow A buffer overflow in the SGI X server allows local users to gain root access through the X server font path. ====================================================== Name: CVE-1999-0414 Status: Entry Reference: NAI:Linux Blind TCP Spoofing Reference: XF:linux-blind-spoof In Linux before version 2.0.36, remote attackers can spoof a TCP connection and pass data to the application layer before fully establishing the connection. ====================================================== Name: CVE-1999-0415 Status: Entry Reference: ISS:19990311 Remote Reconfiguration and Denial of Service Vulnerabilities in Cisco 700 ISDN Routers Reference: CISCO:19990311 Cisco 7xx TCP and HTTP Vulnerabilities Reference: URL:http://www.cisco.com/warp/public/770/7xxconn-pub.shtml Reference: CIAC:J-034 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/j-034.shtml Reference: XF:cisco-router-commands Reference: XF:cisco-web-config The HTTP server in Cisco 7xx series routers 3.2 through 4.2 is enabled by default, which allows remote attackers to change the router's configuration. ====================================================== Name: CVE-1999-0416 Status: Entry Reference: ISS:19990311 Remote Reconfiguration and Denial of Service Vulnerabilities in Cisco 700 ISDN Routers Reference: CISCO:19990311 Cisco 7xx TCP and HTTP Vulnerabilities Reference: URL:http://www.cisco.com/warp/public/770/7xxconn-pub.shtml Reference: CIAC:J-034 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/j-034.shtml Reference: XF:cisco-web-crash Vulnerability in Cisco 7xx series routers allows a remote attacker to cause a system reload via a TCP connection to the router's TELNET port. ====================================================== Name: CVE-1999-0417 Status: Entry Reference: BUGTRAQ:Mar9,1999 Reference: XF:solaris-psinfo-crash Reference: BID:448 Reference: URL:http://www.securityfocus.com/bid/448 Reference: OSVDB:1001 Reference: URL:http://www.osvdb.org/1001 64 bit Solaris 7 procfs allows local users to perform a denial of service. ====================================================== Name: CVE-1999-0420 Status: Entry Reference: NETBSD:1999-006 umapfs allows local users to gain root privileges by changing their uid through a malicious mount_umap program. ====================================================== Name: CVE-1999-0421 Status: Entry Reference: ISS:Short-Term High-Risk Vulnerability During Slackware 3.6 Network Installations Reference: XF:linux-slackware-install Reference: BID:338 Reference: URL:http://www.securityfocus.com/bid/338 Reference: OSVDB:981 Reference: URL:http://www.osvdb.org/981 During a reboot after an installation of Linux Slackware 3.6, a remote attacker can obtain root access by logging in to the root account without a password. ====================================================== Name: CVE-1999-0422 Status: Entry Reference: NETBSD:1999-007 In some cases, NetBSD 1.3.3 mount allows local users to execute programs in some file systems that have the "noexec" flag set. ====================================================== Name: CVE-1999-0423 Status: Entry Reference: HP:HPSBUX9903-093 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9903-093 Reference: XF:hp-hpterm-files Vulnerability in hpterm on HP-UX 10.20 allows local users to gain additional privileges. ====================================================== Name: CVE-1999-0424 Status: Entry Reference: SUSE:Mar18,1999 Reference: XF:netscape-talkback-overwrite talkback in Netscape 4.5 allows a local user to overwrite arbitrary files of another user whose Netscape crashes. ====================================================== Name: CVE-1999-0425 Status: Entry Reference: SUSE:Mar18,1999 Reference: XF:netscape-talkback-kill talkback in Netscape 4.5 allows a local user to kill an arbitrary process of another user whose Netscape crashes. ====================================================== Name: CVE-1999-0428 Status: Entry Reference: BUGTRAQ:19990322 OpenSSL/SSLeay Security Alert Reference: XF:ssl-session-reuse Reference: OSVDB:3936 Reference: URL:http://www.osvdb.org/3936 OpenSSL and SSLeay allow remote attackers to reuse SSL sessions and bypass access controls. ====================================================== Name: CVE-1999-0429 Status: Entry Reference: BUGTRAQ:19990323 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92221437025743&w=2 Reference: BUGTRAQ:19990324 Re: LNotes encryption Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92241547418689&w=2 Reference: BUGTRAQ:19990326 Lotus Notes Encryption Bug Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92246997917866&w=2 Reference: BUGTRAQ:19990326 Re: Lotus Notes security advisory Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92249282302994&w=2 Reference: XF:lotus-client-encryption The Lotus Notes 4.5 client may send a copy of encrypted mail in the clear across the network if the user does not set the "Encrypt Saved Mail" preference. ====================================================== Name: CVE-1999-0430 Status: Entry Reference: ISS:Remote Denial of Service Vulnerability in Cisco Catalyst Series Ethernet Switches Reference: CISCO:Cisco Catalyst Supervisor Remote Reload Reference: XF:cisco-catalyst-crash Reference: OSVDB:1103 Reference: URL:http://www.osvdb.org/1103 Cisco Catalyst LAN switches running Catalyst 5000 supervisor software allows remote attackers to perform a denial of service by forcing the supervisor module to reload. ====================================================== Name: CVE-1999-0432 Status: Entry Reference: HP:HPSBUX9903-094 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9903-094 Reference: XF:hp-ftp ftp on HP-UX 11.00 allows local users to gain privileges. ====================================================== Name: CVE-1999-0433 Status: Entry Reference: SUSE:Mar28,1999 Reference: BUGTRAQ:19990321 X11R6 NetBSD Security Problem Reference: XF:xfree86-temp-directories XFree86 startx command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service. ====================================================== Name: CVE-1999-0436 Status: Entry Reference: HP:HPSBUX9903-095 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9903-095 Reference: XF:hp-desms-servers Domain Enterprise Server Management System (DESMS) in HP-UX allows local users to gain privileges. ====================================================== Name: CVE-1999-0437 Status: Entry Reference: ISS:WebRamp Denial of Service Attacks Reference: XF:webramp-device-crash Remote attackers can perform a denial of service in WebRamp systems by sending a malicious string to the HTTP port. ====================================================== Name: CVE-1999-0438 Status: Entry Reference: ISS:WebRamp Denial of Service Attacks Reference: XF:webramp-ipchange Remote attackers can perform a denial of service in WebRamp systems by sending a malicious UDP packet to port 5353, changing its IP address. ====================================================== Name: CVE-1999-0439 Status: Entry Reference: BUGTRAQ:19990405 Re: [SECURITY] new version of procmail with security fixes Reference: DEBIAN:19990422 Reference: CALDERA:CSSA-1999:007 Reference: XF:procmail-overflow Buffer overflow in procmail before version 3.12 allows remote or local attackers to execute commands via expansions in the procmailrc configuration file. ====================================================== Name: CVE-1999-0440 Status: Entry Reference: BUGTRAQ:19990405 Security Hole in Java 2 (and JDK 1.1.x) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92333596624452&w=2 Reference: CONFIRM:http://java.sun.com/pr/1999/03/pr990329-01.html Reference: BID:1939 Reference: URL:http://www.securityfocus.com/bid/1939 Reference: XF:java-unverified-code The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages. ====================================================== Name: CVE-1999-0441 Status: Entry Reference: EEYE:AD02221999 Reference: URL:http://www.eeye.com/html/Research/Advisories/AD02221999.html Reference: XF:wingate-redirector-dos Reference: BID:509 Reference: URL:http://www.securityfocus.com/bid/509 Remote attackers can perform a denial of service in WinGate machines using a buffer overflow in the Winsock Redirector Service. ====================================================== Name: CVE-1999-0442 Status: Entry Reference: BUGTRAQ:19990107 really silly ff.core exploit for Solaris Reference: BUGTRAQ:19990108 ff.core exploit on Solaris (2.)7 Reference: BUGTRAQ:19990408 Solaris7 and ff.core Reference: BID:327 Reference: URL:http://www.securityfocus.com/bid/327 Solaris ff.core allows local users to modify files. ====================================================== Name: CVE-1999-0445 Status: Entry Reference: CISCO:Cisco IOS(R) Software Input Access List Leakage with NAT Reference: XF:cisco-natacl-leakage Reference: OSVDB:1104 Reference: URL:http://www.osvdb.org/1104 In Cisco routers under some versions of IOS 12.0 running NAT, some packets may not be filtered by input access list filters. ====================================================== Name: CVE-1999-0446 Status: Entry Reference: NETBSD:1999-008 Reference: XF:netbsd-vfslocking-panic Reference: OSVDB:7051 Reference: URL:http://www.osvdb.org/7051 Local users can perform a denial of service in NetBSD 1.3.3 and earlier versions by creating an unusual symbolic link with the ln command, triggering a bug in VFS. ====================================================== Name: CVE-1999-0447 Status: Entry Reference: HP:HPSBMP9904-006 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBMP9904-006 Reference: XF:mpeix-debug Local users can gain privileges using the debug utility in the MPE/iX operating system. ====================================================== Name: CVE-1999-0448 Status: Entry Reference: BUGTRAQ:19990121 IIS 4 Request Logging Security Advisory Reference: XF:iis-http-request-logging IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request. ====================================================== Name: CVE-1999-0449 Status: Entry Reference: BUGTRAQ:19990126 IIS 4 Advisory - ExAir sample site DoS Reference: NTBUGTRAQ:19990126 IIS 4 Advisory - ExAir sample site DoS Reference: BUGTRAQ:19990125 Re: [NTSEC] IIS 4 Advisory - ExAir sample site DoS Reference: BID:193 Reference: URL:http://www.securityfocus.com/bid/193 Reference: OSVDB:2 Reference: URL:http://www.osvdb.org/2 Reference: OSVDB:3 Reference: URL:http://www.osvdb.org/3 Reference: OSVDB:4 Reference: URL:http://www.osvdb.org/4 Reference: XF:iis-exair-dos The ExAir sample site in IIS 4 allows remote attackers to cause a denial of service (CPU consumption) via a direct request to the (1) advsearch.asp, (2) query.asp, or (3) search.asp scripts. ====================================================== Name: CVE-1999-0457 Status: Entry Reference: BUGTRAQ:Jan17,1999 Reference: DEBIAN:19990117 Reference: XF:ftpwatch-vuln Reference: BID:317 Reference: URL:http://www.securityfocus.com/bid/317 Linux ftpwatch program allows local users to gain root privileges. ====================================================== Name: CVE-1999-0458 Status: Entry Reference: BUGTRAQ:Jan6,1999 Reference: XF:l0phtcrack-temp-files Reference: OSVDB:915 Reference: URL:http://www.osvdb.org/915 L0phtcrack 2.5 used temporary files in the system TEMP directory which could contain password information. ====================================================== Name: CVE-1999-0463 Status: Entry Reference: SGI:19981201-01-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19981201-01-PX Reference: XF:sgi-fcagent-dos Remote attackers can perform a denial of service using IRIX fcagent. ====================================================== Name: CVE-1999-0464 Status: Entry Reference: BUGTRAQ:19990104 Tripwire mess.. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91553066310826&w=2 Reference: CONFIRM:http://marc.theaimsgroup.com/?l=bugtraq&m=91592136122066&w=2 Reference: OSVDB:6609 Reference: URL:http://www.osvdb.org/6609 Local users can perform a denial of service in Tripwire 1.2 and earlier using long filenames. ====================================================== Name: CVE-1999-0466 Status: Entry Reference: NETBSD:1999-009 Reference: OSVDB:905 Reference: URL:http://www.osvdb.org/905 The SVR4 /dev/wabi special device file in NetBSD 1.3.3 and earlier allows a local user to read or write arbitrary files on the disk associated with that device. ====================================================== Name: CVE-1999-0468 Status: Entry Reference: MS:MS99-012 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-012.asp Reference: XF:ie-scriplet-fileread Reference: BUGTRAQ:Apr9,1999 Internet Explorer 5.0 allows a remote server to read arbitrary files on the client's file system using the Microsoft Scriptlet Component. ====================================================== Name: CVE-1999-0470 Status: Entry Reference: BUGTRAQ:19990409 New Novell Remote.NLM Password Decryption Algorithm with Exploit Reference: BID:482 Reference: URL:http://www.securityfocus.com/bid/482 Reference: XF:netware-remotenlm-passwords A weak encryption algorithm is used for passwords in Novell Remote.NLM, allowing them to be easily decrypted. ====================================================== Name: CVE-1999-0471 Status: Entry Reference: XF:winroute-config Reference: BUGTRAQ:Apr9,1999 The remote proxy server in Winroute allows a remote attacker to reconfigure the proxy without authentication through the "cancel" button. ====================================================== Name: CVE-1999-0472 Status: Entry Reference: XF:netcache-snmp Reference: BUGTRAQ:Apr7,1999 The SNMP default community name "public" is not properly removed in NetApps C630 Netcache, even if the administrator tries to disable it. ====================================================== Name: CVE-1999-0473 Status: Entry Reference: BUGTRAQ:19990407 rsync 2.3.1 release - security fix Reference: CALDERA:CSSA-1999:010.0 Reference: DEBIAN:19990823 Reference: BID:145 Reference: URL:http://www.securityfocus.com/bid/145 Reference: XF:rsync-permissions The rsync command before rsync 2.3.1 may inadvertently change the permissions of the client's working directory to the permissions of the directory being transferred. ====================================================== Name: CVE-1999-0474 Status: Entry Reference: XF:icq-webserver-read Reference: BUGTRAQ:Apr5,1999 The ICQ Webserver allows remote attackers to use .. to access arbitrary files outside of the user's personal directory. ====================================================== Name: CVE-1999-0475 Status: Entry Reference: XF:procmail-race Reference: BUGTRAQ:Apr5,1999 A race condition in how procmail handles .procmailrc files allows a local user to read arbitrary files available to the user who is running procmail. ====================================================== Name: CVE-1999-0478 Status: Entry Reference: HP:HPSBUX9904-097 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9904-097 Reference: XF:sendmail-headers-dos Denial of service in HP-UX sendmail 8.8.6 related to accepting connections. ====================================================== Name: CVE-1999-0479 Status: Entry Reference: HP:HPSBUX9903-092 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9903-092 Reference: XF:netscape-server-dos Denial of service Netscape Enterprise Server with VirtualVault on HP-UX VVOS systems. ====================================================== Name: CVE-1999-0481 Status: Entry Reference: OPENBSD:Mar22,1999 Reference: OSVDB:7556 Reference: URL:http://www.osvdb.org/7556 Denial of service in "poll" in OpenBSD. ====================================================== Name: CVE-1999-0482 Status: Entry Reference: OPENBSD:Mar21,1999 Reference: OSVDB:7557 Reference: URL:http://www.osvdb.org/7557 OpenBSD kernel crash through TSS handling, as caused by the crashme program. ====================================================== Name: CVE-1999-0483 Status: Entry Reference: OPENBSD:Feb25,1999 Reference: OSVDB:6129 Reference: URL:http://www.osvdb.org/6129 OpenBSD crash using nlink value in FFS and EXT2FS filesystems. ====================================================== Name: CVE-1999-0484 Status: Entry Reference: OPENBSD:Feb23,1999 Reference: OSVDB:6130 Reference: URL:http://www.osvdb.org/6130 Buffer overflow in OpenBSD ping. ====================================================== Name: CVE-1999-0485 Status: Entry Reference: OPENBSD:Feb19,1999 Reference: XF:openbsd-ipintr-race Reference: OSVDB:7558 Reference: URL:http://www.osvdb.org/7558 Remote attackers can cause a system crash through ipintr() in ipq in OpenBSD. ====================================================== Name: CVE-1999-0487 Status: Entry Reference: MS:MS99-011 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-011.mspx Reference: XF:ie-dhtml-control The DHTML Edit ActiveX control in Internet Explorer allows remote attackers to read arbitrary files. ====================================================== Name: CVE-1999-0491 Status: Entry Reference: BUGTRAQ:19990420 Bash Bug Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.9904202114070.6623-100000@smooth.Operator.org Reference: CALDERA:CSSA-1999-008.0 Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-008.0.txt Reference: BID:119 Reference: URL:http://www.securityfocus.com/bid/119 The prompt parsing in bash allows a local user to execute commands as another user by creating a directory with the name of the command to execute. ====================================================== Name: CVE-1999-0493 Status: Entry Reference: CERT:CA-99-05 Reference: URL:http://www.cert.org/advisories/CA-99-05-statd-automountd.html Reference: SUN:00186 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/186&type=0&nav=sec.sba Reference: CIAC:J-045 Reference: URL:http://www.ciac.org/ciac/bulletins/j-045.shtml Reference: BUGTRAQ:19990103 SUN almost has a clue! (automountd) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91547759121289&w=2 Reference: BID:450 Reference: URL:http://www.securityfocus.com/bid/450 rpc.statd allows remote attackers to forward RPC calls to the local operating system via the SM_MON and SM_NOTIFY commands, which in turn could be used to remotely exploit other bugs such as in automountd. ====================================================== Name: CVE-1999-0494 Status: Entry Reference: XF:wingate-pop3-user-bo Denial of service in WinGate proxy through a buffer overflow in POP3. ====================================================== Name: CVE-1999-0496 Status: Entry Reference: MSKB:Q146965 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q146965 Reference: XF:nt-getadmin Reference: XF:nt-getadmin-present A Windows NT 4.0 user can gain administrative rights by forcing NtOpenProcessToken to succeed regardless of the user's permissions, aka GetAdmin. ====================================================== Name: CVE-1999-0513 Status: Entry Reference: CERT:CA-98.01.smurf Reference: FREEBSD:FreeBSD-SA-98:06 Reference: XF:smurf ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack that can cause a denial of service. ====================================================== Name: CVE-1999-0514 Status: Entry Reference: XF:fraggle UDP messages to broadcast addresses are allowed, allowing for a Fraggle attack that can cause a denial of service by flooding the target. ====================================================== Name: CVE-1999-0526 Status: Entry Reference: XF:xcheck-keystroke Reference: CERT-VN:VU#704969 Reference: URL:http://www.kb.cert.org/vuls/id/704969 An X server's access control is disabled (e.g. through an "xhost +" command) and allows anyone to connect to the server. ====================================================== Name: CVE-1999-0551 Status: Entry Reference: HP:HPSBUX9804-078 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9804-078 Reference: XF:hp-openmail HP OpenMail can be misconfigured to allow users to run arbitrary commands using malicious print requests. ====================================================== Name: CVE-1999-0566 Status: Entry Reference: XF:ibm-syslogd Reference: XF:syslog-flood An attacker can write to syslog files from any location, causing a denial of service by filling up the logs, and hiding activities. ====================================================== Name: CVE-1999-0608 Status: Entry Reference: BUGTRAQ:19990420 Shopping Carts exposing CC data Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92462991805485&w=2 Reference: CONFIRM:http://www.pdgsoft.com/Security/security.html. Reference: XF:pdgsoftcart-misconfig(3857) Reference: URL:http://xforce.iss.net/xforce/xfdb/3857 An incorrect configuration of the PDG Shopping Cart CGI program "shopper.cgi" could disclose private information. ====================================================== Name: CVE-1999-0612 Status: Entry Reference: XF:finger-out Reference: XF:finger-running A version of finger is running that exposes valid user information to any entity on the network. ====================================================== Name: CVE-1999-0626 Status: Entry Reference: XF:rusersd Reference: XF:ruser A version of rusers is running that exposes valid user information to any entity on the network. ====================================================== Name: CVE-1999-0627 Status: Entry Reference: XF:rexd The rexd service is running, which uses weak authentication that can allow an attacker to execute commands. ====================================================== Name: CVE-1999-0628 Status: Entry Reference: XF:rwhod The rwho/rwhod service is running, which exposes machine status and user information. ====================================================== Name: CVE-1999-0668 Status: Entry Reference: BUGTRAQ:19990821 IE 5.0 allows executing programs Reference: MS:MS99-032 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-032.asp Reference: CIAC:J-064 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/j-064.shtml Reference: BID:598 Reference: URL:http://www.securityfocus.com/bid/598 Reference: XF:ms-scriptlet-eyedog-unsafe Reference: MSKB:Q240308 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q240308 The scriptlet.typelib ActiveX control is marked as "safe for scripting" for Internet Explorer, which allows a remote attacker to execute arbitrary commands as demonstrated by Bubbleboy. ====================================================== Name: CVE-1999-0671 Status: Entry Reference: BID:572 Reference: URL:http://www.securityfocus.com/bid/572 Reference: XF:toxsoft-nextftp-cwd-bo Buffer overflow in ToxSoft NextFTP client through CWD command. ====================================================== Name: CVE-1999-0672 Status: Entry Reference: XF:fujitsu-topic-bo Reference: BID:573 Reference: URL:http://www.securityfocus.com/bid/573 Buffer overflow in Fujitsu Chocoa IRC client via IRC channel topics. ====================================================== Name: CVE-1999-0674 Status: Entry Reference: NETBSD:1999-011 Reference: OPENBSD:Aug 9,1999 Reference: FREEBSD:FreeBSD-SA-99:02 Reference: BUGTRAQ:19990809 profil(2) bug, a simple test program Reference: BID:570 Reference: URL:http://www.securityfocus.com/bid/570 Reference: CIAC:J-067 Reference: URL:http://www.ciac.org/ciac/bulletins/j-067.shtml Reference: XF:netbsd-profil The BSD profil system call allows a local user to modify the internal data space of a program via profiling and execve. ====================================================== Name: CVE-1999-0675 Status: Entry Reference: BUGTRAQ:19990809 FW1 UDP Port 0 DoS Reference: URL:http://www.securityfocus.com/archive/1/23615 Reference: BID:576 Reference: URL:http://www.securityfocus.com/bid/576 Reference: XF:checkpoint-port Reference: OSVDB:1038 Reference: URL:http://www.osvdb.org/1038 Check Point FireWall-1 can be subjected to a denial of service via UDP packets that are sent through VPN-1 to port 0 of a host. ====================================================== Name: CVE-1999-0676 Status: Entry Reference: BUGTRAQ:19990808 sdtcm_convert Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=19990809134220.A1191@hades.chaoz.org Reference: XF:sun-sdtcm-convert Reference: BID:575 Reference: URL:http://www.securityfocus.com/bid/575 sdtcm_convert in Solaris 2.6 allows a local user to overwrite sensitive files via a symlink attack. ====================================================== Name: CVE-1999-0678 Status: Entry Reference: XF:apache-debian-usrdoc Reference: BUGTRAQ:19990405 An issue with Apache on Debian Reference: BID:318 Reference: URL:http://www.securityfocus.com/bid/318 A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server. ====================================================== Name: CVE-1999-0679 Status: Entry Reference: BUGTRAQ:19990813 w00w00's efnet ircd advisory (exploit included) Reference: CONFIRM:http://www.efnet.org/archive/servers/hybrid/ChangeLog Reference: BID:581 Reference: URL:http://www.securityfocus.com/bid/581 Reference: XF:hybrid-ircd-minvite-bo Buffer overflow in hybrid-6 IRC server commonly used on EFnet allows remote attackers to execute commands via m_invite invite option. ====================================================== Name: CVE-1999-0680 Status: Entry Reference: MS:MS99-028 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-028.mspx Reference: MSKB:Q238600 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q238600 Reference: CIAC:J-057 Reference: URL:http://www.ciac.org/ciac/bulletins/j-057.shtml Reference: BID:571 Reference: URL:http://www.securityfocus.com/bid/571 Reference: XF:nt-terminal-dos Windows NT Terminal Server performs extra work when a client opens a new connection but before it is authenticated, allowing for a denial of service. ====================================================== Name: CVE-1999-0681 Status: Entry Reference: BUGTRAQ:19990807 Crash FrontPage Remotely... Reference: URL:http://archives.neohapsis.com/archives/bugtraq/1999-q3/0381.html Reference: XF:frontpage-pws-dos Reference: URL:http://xforce.iss.net/static/3117.php Reference: BID:568 Reference: URL:http://www.securityfocus.com/bid/568 Buffer overflow in Microsoft FrontPage Server Extensions (PWS) 3.0.2.926 on Windows 95, and possibly other versions, allows remote attackers to cause a denial of service via a long URL. ====================================================== Name: CVE-1999-0682 Status: Entry Reference: MS:MS99-027 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-027.mspx Reference: MSKB:Q237927 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q237927 Reference: BID:567 Reference: URL:http://www.securityfocus.com/bid/567 Reference: CIAC:J-056 Reference: URL:http://www.ciac.org/ciac/bulletins/j-056.shtml Reference: XF:exchange-relay Microsoft Exchange 5.5 allows a remote attacker to relay email (i.e. spam) using encapsulated SMTP addresses, even if the anti-relaying features are enabled. ====================================================== Name: CVE-1999-0683 Status: Entry Reference: XF:gauntlet-dos Reference: BUGTRAQ:19990729 Remotely Lock Up Gauntlet 5.0 Reference: BID:556 Reference: URL:http://www.securityfocus.com/bid/556 Reference: OSVDB:1029 Reference: URL:http://www.osvdb.org/1029 Denial of service in Gauntlet Firewall via a malformed ICMP packet. ====================================================== Name: CVE-1999-0685 Status: Entry Reference: BUGTRAQ:19991209 Netscape communicator 4.06J, 4.5J-4.6J, 4.61e Buffer Overflow Reference: BID:618 Reference: URL:http://www.securityfocus.com/bid/618 Buffer overflow in Netscape Communicator via EMBED tags in the pluginspage option. ====================================================== Name: CVE-1999-0686 Status: Entry Reference: BUGTRAQ:19990514 TGAD DoS Reference: BUGTRAQ:19990610 Re: VVOS/Netscape Bug Reference: HP:HPSBUX9906-098 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9906-098 Reference: CIAC:J-046 Reference: URL:http://www.ciac.org/ciac/bulletins/j-046.shtml Reference: XF:hp-tgad-dos Denial of service in Netscape Enterprise Server (NES) in HP Virtual Vault (VVOS) via a long URL. ====================================================== Name: CVE-1999-0687 Status: Entry Reference: BUGTRAQ:19990913 Vulnerability in ttsession Reference: SUN:00192 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/192 Reference: HP:HPSBUX9909-103 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9909-103 Reference: COMPAQ:SSRT0617U_TTSESSION Reference: CIAC:K-001 Reference: URL:http://www.ciac.org/ciac/bulletins/k-001.shtml Reference: CERT:CA-99-11 Reference: BID:637 Reference: URL:http://www.securityfocus.com/bid/637 Reference: XF:cde-ttsession-rpc-auth The ToolTalk ttsession daemon uses weak RPC authentication, which allows a remote attacker to execute commands. ====================================================== Name: CVE-1999-0688 Status: Entry Reference: HP:HPSBUX9907-101 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9907-101 Reference: BID:545 Reference: URL:http://www.securityfocus.com/bid/545 Reference: XF:hp-sd-bo Buffer overflows in HP Software Distributor (SD) for HPUX 10.x and 11.x. ====================================================== Name: CVE-1999-0689 Status: Entry Reference: BUGTRAQ:19990913 Vulnerability in dtspcd Reference: SUN:00192 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/192 Reference: HP:HPSBUX9909-103 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9909-103 Reference: CERT:CA-99-11 Reference: OVAL:oval:org.mitre.oval:def:1880 Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1880 Reference: XF:cde-dtspcd-file-auth Reference: BID:636 Reference: URL:http://www.securityfocus.com/bid/636 The CDE dtspcd daemon allows local users to execute arbitrary commands via a symlink attack. ====================================================== Name: CVE-1999-0690 Status: Entry Reference: HP:HPSBUX9907-100 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9907-100 Reference: CIAC:J-053 Reference: URL:http://www.ciac.org/ciac/bulletins/j-053.shtml Reference: XF:hp-cde-directory HP CDE program includes the current directory in root's PATH variable. ====================================================== Name: CVE-1999-0691 Status: Entry Reference: BUGTRAQ:19990913 Vulnerability in dtaction Reference: SUN:00192 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/192 Reference: HP:HPSBUX9909-103 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9909-103 Reference: COMPAQ:SSRTO615U_DTACTION Reference: CERT:CA-99-11 Reference: BID:635 Reference: URL:http://www.securityfocus.com/bid/635 Reference: OVAL:oval:org.mitre.oval:def:3078 Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:3078 Reference: XF:cde-dtaction-username-bo Buffer overflow in the AddSuLog function of the CDE dtaction utility allows local users to gain root privileges via a long user name. ====================================================== Name: CVE-1999-0692 Status: Entry Reference: CERT:CA-99-09 Reference: CIAC:J-052 Reference: URL:http://www.ciac.org/ciac/bulletins/j-052.shtml Reference: SGI:19990701-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19990701-01-P Reference: XF:sgi-arrayd The default configuration of the Array Services daemon (arrayd) disables authentication, allowing remote users to gain root privileges. ====================================================== Name: CVE-1999-0693 Status: Entry Reference: CERT:CA-99-11 Reference: SUN:00192 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/192 Reference: HP:HPSBUX9909-103 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9909-103 Reference: BID:641 Reference: URL:http://www.securityfocus.com/bid/641 Reference: OVAL:oval:org.mitre.oval:def:4374 Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4374 Reference: XF:cde-dtsession-env-bo Buffer overflow in TT_SESSION environment variable in ToolTalk shared library allows local users to gain root privileges. ====================================================== Name: CVE-1999-0694 Status: Entry Reference: CIAC:J-055 Reference: URL:http://www.ciac.org/ciac/bulletins/j-055.shtml Reference: IBM:ERS-SVA-E01-1999:002.1 Reference: XF:aix-ptrace-halt Denial of service in AIX ptrace system call allows local users to crash the system. ====================================================== Name: CVE-1999-0695 Status: Entry Reference: BUGTRAQ:19990904 [Sybase] software vendors do not think about old bugs Reference: XF:http-powerdynamo-dotdotslash Reference: BID:620 Reference: URL:http://www.securityfocus.com/bid/620 Reference: OSVDB:1064 Reference: URL:http://www.osvdb.org/1064 The Sybase PowerDynamo personal web server allows attackers to read arbitrary files through a .. (dot dot) attack. ====================================================== Name: CVE-1999-0696 Status: Entry Reference: BUGTRAQ:19990709 Exploit of rpc.cmsd Reference: SCO:SB-99.12 Reference: SUN:00188 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/188 Reference: SUNBUG:4230754 Reference: HP:HPSBUX9908-102 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9908-102 Reference: COMPAQ:SSRT0614U_RPC_CMSD Reference: CERT:CA-99-08 Reference: CIAC:J-051 Reference: URL:http://www.ciac.org/ciac/bulletins/j-051.shtml Reference: XF:sun-cmsd-bo Buffer overflow in CDE Calendar Manager Service Daemon (rpc.cmsd). ====================================================== Name: CVE-1999-0697 Status: Entry Reference: BUGTRAQ:19990908 SCO 5.0.5 /bin/doctor nightmare Reference: BID:621 Reference: URL:http://www.securityfocus.com/bid/621 Reference: XF:sco-doctor-execute SCO Doctor allows local users to gain root privileges through a Tools option. ====================================================== Name: CVE-1999-0699 Status: Entry Reference: BUGTRAQ:19990908 [Security] Spoofed Id in Bluestone Sapphire/Web Reference: BID:623 Reference: URL:http://www.securityfocus.com/bid/623 The Bluestone Sapphire web server allows session hijacking via easily guessable session IDs. ====================================================== Name: CVE-1999-0700 Status: Entry Reference: MSKB:Q237185 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q237185 Reference: MS:MS99-026 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-026.mspx Reference: XF:nt-malformed-dialer Buffer overflow in Microsoft Phone Dialer (dialer.exe), via a malformed dialer entry in the dialer.ini file. ====================================================== Name: CVE-1999-0701 Status: Entry Reference: MS:MS99-036 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-036.mspx Reference: MSKB:Q173039 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q173039 Reference: BID:626 Reference: URL:http://www.securityfocus.com/bid/626 Reference: XF:nt-install-unattend-file After an unattended installation of Windows NT 4.0, an installation file could include sensitive information such as the local Administrator password. ====================================================== Name: CVE-1999-0702 Status: Entry Reference: BUGTRAQ:19990909 IE 5.0 security vulnerabilities - ImportExportFavorites - at least creating and overwriting files, probably executing programs Reference: MS:MS99-037 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-037.mspx Reference: MSKB:Q241361 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q241361 Reference: XF:ie5-import-export-favorites Reference: BID:627 Reference: URL:http://www.securityfocus.com/bid/627 Internet Explorer 5.0 and 5.01 allows remote attackers to modify or execute files via the Import/Export Favorites feature, aka the "ImportExportFavorites" vulnerability. ====================================================== Name: CVE-1999-0703 Status: Entry Reference: BUGTRAQ:19990805 4.4 BSD issue -- chflags Reference: OPENBSD:Jul30,1999 Reference: FREEBSD:FreeBSD-SA-99:01 Reference: CIAC:J-066 Reference: URL:http://www.ciac.org/ciac/bulletins/j-066.shtml Reference: XF:openbsd-chflags-fchflags-permitted OpenBSD, BSDI, and other Unix operating systems allow users to set chflags and fchflags on character and block devices. ====================================================== Name: CVE-1999-0704 Status: Entry Reference: REDHAT:RHSA-1999:032-01 Reference: CALDERA:CSSA-1999:024.0 Reference: FREEBSD:SA-99:06 Reference: DEBIAN:19991018 Reference: BID:614 Reference: URL:http://www.securityfocus.com/bid/614 Reference: CERT:CA-99-12 Reference: XF:amd-bo Buffer overflow in Berkeley automounter daemon (amd) logging facility provided in the Linux am-utils package and others. ====================================================== Name: CVE-1999-0705 Status: Entry Reference: XF:inn-inews-bo Reference: REDHAT:RHSA1999033_01 Reference: CALDERA:CSSA-1999-026 Reference: SUSE:19990831 Security hole in INN Reference: DEBIAN:19990907 Reference: BID:616 Reference: URL:http://www.securityfocus.com/bid/616 Buffer overflow in INN inews program. ====================================================== Name: CVE-1999-0706 Status: Entry Reference: DEBIAN:19990807 Reference: SUSE:19990817 Security hole in i4l (xmonisdn) Reference: BID:583 Reference: URL:http://www.securityfocus.com/bid/583 Linux xmonisdn package allows local users to gain root privileges by modifying the IFS or PATH environmental variables. ====================================================== Name: CVE-1999-0707 Status: Entry Reference: HP:HPSBUX9906-099 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9906-099 Reference: CIAC:J-050 Reference: URL:http://www.ciac.org/ciac/bulletins/j-050.shtml Reference: BID:493 Reference: URL:http://www.securityfocus.com/bid/493 Reference: XF:hp-visualize-conference-ftp The default FTP configuration in HP Visualize Conference allows conference users to send a file to other participants without authorization. ====================================================== Name: CVE-1999-0708 Status: Entry Reference: BUGTRAQ:19990921 BP9909-00: cfingerd local buffer overflow Reference: BID:651 Reference: URL:http://www.securityfocus.com/bid/651 Buffer overflow in cfingerd allows local users to gain root privileges via a long GECOS field. ====================================================== Name: CVE-1999-0710 Status: Entry Reference: BUGTRAQ:19990725 Redhat 6.0 cachemgr.cgi lameness Reference: CONFIRM:http://www.redhat.com/support/errata/archives/rh52-errata-general.html#squid Reference: DEBIAN:DSA-576 Reference: URL:http://www.debian.org/security/2004/dsa-576 Reference: FEDORA:FEDORA-2005-373 Reference: URL:http://www.redhat.com/archives/fedora-announce-list/2005-May/msg00025.html Reference: FEDORA:FLSA-2006:152809 Reference: URL:http://fedoranews.org/updates/FEDORA--.shtml Reference: REDHAT:RHSA-1999:025 Reference: URL:http://www.redhat.com/support/errata/RHSA-1999-025.html Reference: REDHAT:RHSA-2005:489 Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-489.html Reference: BID:2059 Reference: URL:http://www.securityfocus.com/bid/2059 Reference: XF:http-cgi-cachemgr(2385) Reference: URL:http://xforce.iss.net/xforce/xfdb/2385 The Squid package in Red Hat Linux 5.2 and 6.0, and other distributions, installs cachemgr.cgi in a public web directory, which allows remote attackers to use it as an intermediary to connect to other systems. ====================================================== Name: CVE-1999-0711 Status: Entry Reference: BUGTRAQ:19990430 *Huge* security hole in Oracle 8.0.5 with Intellegent agent installed Reference: URL:http://marc.theaimsgroup.com/?t=92550157100002&w=2&r=1 Reference: BUGTRAQ:19990506 Oracle Security Followup, patch and FAQ: setuid on oratclsh Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92609807906778&w=2 Reference: XF:oracle-oratclsh The oratclsh interpreter in Oracle 8.x Intelligent Agent for Unix allows local users to execute Tcl commands as root. ====================================================== Name: CVE-1999-0713 Status: Entry Reference: BUGTRAQ:19990404 Digital Unix 4.0E /var permission Reference: CIAC:J-044 Reference: URL:http://www.ciac.org/ciac/bulletins/j-044.shtml Reference: XF:cde-dtlogin Reference: COMPAQ:SSRT0600U The dtlogin program in Compaq Tru64 UNIX allows local users to gain root privileges. ====================================================== Name: CVE-1999-0714 Status: Entry Reference: COMPAQ:SSRT0588U Reference: XF:du-edauth Vulnerability in Compaq Tru64 UNIX edauth command. ====================================================== Name: CVE-1999-0715 Status: Entry Reference: BUGTRAQ:19990519 Buffer Overruns in RAS allows execution of arbitary code as system Reference: MS:MS99-016 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-016.mspx Reference: MSKB:Q230677 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q230677 Reference: XF:nt-ras-bo Buffer overflow in Remote Access Service (RAS) client allows an attacker to execute commands or cause a denial of service via a malformed phonebook entry. ====================================================== Name: CVE-1999-0716 Status: Entry Reference: XF:nt-helpfile-bo Reference: MSKB:Q231605 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q231605 Reference: MS:MS99-015 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-015.asp Buffer overflow in Windows NT 4.0 help file utility via a malformed help file. ====================================================== Name: CVE-1999-0717 Status: Entry Reference: MS:MS99-014 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-014.mspx Reference: MSKB:Q231304 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q231304 Reference: XF:excel-virus-warning A remote attacker can disable the virus warning mechanism in Microsoft Excel 97. ====================================================== Name: CVE-1999-0718 Status: Entry Reference: NTBUGTRAQ:19990823 IBM Gina security warning Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind9908&L=ntbugtraq&F=&S=&P=5534 Reference: BID:608 Reference: URL:http://www.securityfocus.com/bid/608 Reference: XF:ibm-gina-group-add Reference: URL:http://xforce.iss.net/static/3166.php IBM GINA, when used for OS/2 domain authentication of Windows NT users, allows local users to gain administrator privileges by changing the GroupMapping registry key. ====================================================== Name: CVE-1999-0719 Status: Entry Reference: BUGTRAQ:19990802 Gnumeric potential security hole. Reference: REDHAT:RHSA-1999:023-01 Reference: XF:gnu-guile-plugin-export Reference: BID:563 Reference: URL:http://www.securityfocus.com/bid/563 The Guile plugin for the Gnumeric spreadsheet package allows attackers to execute arbitrary code. ====================================================== Name: CVE-1999-0720 Status: Entry Reference: BUGTRAQ:19990823 [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=lcamtuf.4.05.9907041223290.355-300000@nimue.ids.pl Reference: BID:597 Reference: URL:http://www.securityfocus.com/bid/597 Reference: XF:linux-pt-chown The pt_chown command in Linux allows local users to modify TTY terminal devices that belong to other users. ====================================================== Name: CVE-1999-0721 Status: Entry Reference: BINDVIEW:Phantom Technical Advisory Reference: MSKB:Q231457 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q231457 Reference: MS:MS99-020 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-020.mspx Reference: CIAC:J-049 Reference: URL:http://www.ciac.org/ciac/bulletins/j-049.shtml Reference: XF:msrpc-lsa-lookupnames-dos Denial of service in Windows NT Local Security Authority (LSA) through a malformed LSA request. ====================================================== Name: CVE-1999-0722 Status: Entry Reference: CERT:CA-99-10 Reference: BID:558 Reference: URL:http://www.securityfocus.com/bid/558 Reference: XF:cobalt-raq2-default-config The default configuration of Cobalt RaQ2 servers allows remote users to install arbitrary software packages. ====================================================== Name: CVE-1999-0723 Status: Entry Reference: NTBUGTRAQ:19990411 Death by MessageBox Reference: MS:MS99-021 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-021.mspx Reference: MSKB:Q233323 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q233323 Reference: CIAC:J-049 Reference: URL:http://www.ciac.org/ciac/bulletins/j-049.shtml Reference: BID:478 Reference: URL:http://www.securityfocus.com/bid/478 Reference: XF:nt-csrss-dos The Windows NT Client Server Runtime Subsystem (CSRSS) can be subjected to a denial of service when all worker threads are waiting for user input. ====================================================== Name: CVE-1999-0724 Status: Entry Reference: OPENBSD:Aug12,1999 Reference: XF:openbsd-uio_offset-bo Reference: OSVDB:6128 Reference: URL:http://www.osvdb.org/6128 Buffer overflow in OpenBSD procfs and fdescfs file systems via uio_offset in the readdir() function. ====================================================== Name: CVE-1999-0725 Status: Entry Reference: MSKB:Q233335 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q233335 Reference: MS:MS99-022 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-022.mspx Reference: BID:477 Reference: URL:http://www.securityfocus.com/bid/477 Reference: XF:iis-double-byte-code-page(2302) Reference: URL:http://xforce.iss.net/xforce/xfdb/2302 When IIS is run with a default language of Chinese, Korean, or Japanese, it allows a remote attacker to view the source code of certain files, a.k.a. "Double Byte Code Page". ====================================================== Name: CVE-1999-0726 Status: Entry Reference: MS:MS99-023 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-023.mspx Reference: MSKB:Q234557 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q234557 Reference: BID:499 Reference: URL:http://www.securityfocus.com/bid/499 Reference: XF:nt-malformed-image-header An attacker can conduct a denial of service in Windows NT by executing a program with a malformed file image header. ====================================================== Name: CVE-1999-0727 Status: Entry Reference: OPENBSD:19990608 Packets that should have been handled by IPsec may be transmitted as cleartext Reference: XF:openbsd-ipsec-cleartext Reference: OSVDB:6127 Reference: URL:http://www.osvdb.org/6127 A kernel leak in the OpenBSD kernel allows IPsec packets to be sent unencrypted. ====================================================== Name: CVE-1999-0728 Status: Entry Reference: MS:MS99-024 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-024.mspx Reference: MSKB:Q236359 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q236359 Reference: XF:nt-ioctl-dos A Windows NT user can disable the keyboard or mouse by directly calling the IOCTLs which control them. ====================================================== Name: CVE-1999-0729 Status: Entry Reference: ISS:19990823 Denial of Service Attack against Lotus Notes Domino Server 4.6 Reference: URL:http://xforce.iss.net/alerts/advise34.php Reference: CIAC:J-061 Reference: URL:http://www.ciac.org/ciac/bulletins/j-061.shtml Reference: BID:601 Reference: URL:http://www.securityfocus.com/bid/601 Reference: XF:lotus-ldap-bo Reference: OSVDB:1057 Reference: URL:http://www.osvdb.org/1057 Buffer overflow in Lotus Notes LDAP (NLDAP) allows an attacker to conduct a denial of service through the ldap_search request. ====================================================== Name: CVE-1999-0730 Status: Entry Reference: DEBIAN:19990612 The zsoelim program in the Debian man-db package allows local users to overwrite files via a symlink attack. ====================================================== Name: CVE-1999-0731 Status: Entry Reference: BUGTRAQ:19990623 Security flaw in klock Reference: CALDERA:CSSA-1999:017 Reference: SUSE:19990629 Security hole in Klock Reference: BID:489 Reference: URL:http://www.securityfocus.com/bid/489 The KDE klock program allows local users to unlock a session using malformed input. ====================================================== Name: CVE-1999-0732 Status: Entry Reference: DEBIAN:19990823b Reference: XF:smtp-refuser-tmp The logging facilitity of the Debian smtp-refuser package allows local users to delete arbitrary files using symbolic links. ====================================================== Name: CVE-1999-0733 Status: Entry Reference: BUGTRAQ:19990626 VMWare Advisory - buffer overflows Reference: BUGTRAQ:19990626 VMware Security Alert Reference: BUGTRAQ:19990705 Re: VMWare Advisory.. - exploit Reference: BID:490 Reference: URL:http://www.securityfocus.com/bid/490 Reference: XF:vmware-bo Buffer overflow in VMWare 1.0.1 for Linux via a long HOME environmental variable. ====================================================== Name: CVE-1999-0734 Status: Entry Reference: CISCO: CiscoSecure Access Control Server for UNIX Remote Administration Vulnerability Reference: XF:ciscosecure-read-write A default configuration of CiscoSecure Access Control Server (ACS) allows remote users to modify the server database without authentication. ====================================================== Name: CVE-1999-0735 Status: Entry Reference: ISS:KDE K-Mail File Creation Vulnerability Reference: CALDERA:CSSA-1999:016 Reference: REDHAT:RHSA-1999:015-01 Reference: URL:http://www.redhat.com/support/errata/RHSA1999015_01.html Reference: BID:300 Reference: URL:http://www.securityfocus.com/bid/300 KDE K-Mail allows local users to gain privileges via a symlink attack in temporary user directories. ====================================================== Name: CVE-1999-0740 Status: Entry Reference: BID:594 Reference: URL:http://www.securityfocus.com/bid/594 Reference: XF:linux-telnetd-term Reference: CALDERA:CSSA-1999:022 Reference: REDHAT:RHSA1999029_01 Remote attackers can cause a denial of service on Linux in.telnetd telnet daemon through a malformed TERM environmental variable. ====================================================== Name: CVE-1999-0742 Status: Entry Reference: DEBIAN:19990623 Reference: BID:480 Reference: URL:http://www.securityfocus.com/bid/480 The Debian mailman package uses weak authentication, which allows attackers to gain privileges. ====================================================== Name: CVE-1999-0743 Status: Entry Reference: BUGTRAQ:19990819 Insecure use of file in /tmp by trn Reference: DEBIAN:19990823c Reference: SUSE:19990824 Security hole in trn Reference: XF:trn-symlinks(3144) Reference: URL:http://xforce.iss.net/xforce/xfdb/3144 Trn allows local users to overwrite other users' files via symlinks. ====================================================== Name: CVE-1999-0744 Status: Entry Reference: ISS:Buffer Overflow in Netscape Enterprise and FastTrack Web Servers Reference: BID:603 Reference: URL:http://www.securityfocus.com/bid/603 Buffer overflow in Netscape Enterprise Server and FastTrask Server allows remote attackers to gain privileges via a long HTTP GET request. ====================================================== Name: CVE-1999-0745 Status: Entry Reference: IBM:ERS-SVA-E01-1999:003.1 Reference: CIAC:J-059 Reference: URL:http://www.ciac.org/ciac/bulletins/j-059.shtml Reference: BID:590 Reference: URL:http://www.securityfocus.com/bid/590 Reference: XF:aix-pdnsd-bo Buffer overflow in Source Code Browser Program Database Name Server Daemon (pdnsd) for the IBM AIX C Set ++ compiler. ====================================================== Name: CVE-1999-0746 Status: Entry Reference: BUGTRAQ:19990814 DOS against SuSE's identd Reference: SUSE:19990824 Security hole in netcfg Reference: BID:587 Reference: URL:http://www.securityfocus.com/bid/587 Reference: XF:suse-identd-dos A default configuration of in.identd in SuSE Linux waits 120 seconds between requests, allowing a remote attacker to conduct a denial of service. ====================================================== Name: CVE-1999-0747 Status: Entry Reference: BUGTRAQ:19990816 Symmetric Multiprocessing (SMP) Vulnerbility in BSDi 4.0.1 Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.BSI.4.10.9908170253560.19291-100000@saturn.psn.net Reference: BID:589 Reference: URL:http://www.securityfocus.com/bid/589 Reference: XF:bsdi-smp-dos Denial of service in BSDi Symmetric Multiprocessing (SMP) when an fstat call is made when the system has a high CPU load. ====================================================== Name: CVE-1999-0749 Status: Entry Reference: BUGTRAQ:19990815 telnet.exe heap overflow - remotely exploitable Reference: MS:MS99-033 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-033.mspx Reference: XF:win-ie5-telnet-heap-overflow Reference: BID:586 Reference: URL:http://www.securityfocus.com/bid/586 Buffer overflow in Microsoft Telnet client in Windows 95 and Windows 98 via a malformed Telnet argument. ====================================================== Name: CVE-1999-0751 Status: Entry Reference: BUGTRAQ:19990913 Accept overflow on Netscape Enterprise Server 3.6 SP2 Reference: BID:631 Reference: URL:http://www.securityfocus.com/bid/631 Reference: XF:netscape-accept-bo(3256) Reference: URL:http://xforce.iss.net/xforce/xfdb/3256 Buffer overflow in Accept command in Netscape Enterprise Server 3.6 with the SSL Handshake Patch. ====================================================== Name: CVE-1999-0752 Status: Entry Reference: BUGTRAQ:19990706 Netscape Enterprise Server SSL Handshake Bug Denial of service in Netscape Enterprise Server via a buffer overflow in the SSL handshake. ====================================================== Name: CVE-1999-0753 Status: Entry Reference: BUGTRAQ:19990817 Stupid bug in W3-msql Reference: XF:mini-sql-w3-msql-cgi Reference: BID:591 Reference: URL:http://www.securityfocus.com/bid/591 The w3-msql CGI script provided with Mini SQL allows remote attackers to view restricted directories. ====================================================== Name: CVE-1999-0754 Status: Entry Reference: BUGTRAQ:19990511 INN 2.0 and higher. Root compromise potential Reference: CALDERA:CSSA-1999-011.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-1999-011.0.txt Reference: SUSE:19990518 Security hole in INN Reference: MISC:http://www.redhat.com/corp/support/errata/inn99_05_22.html Reference: BID:255 Reference: URL:http://www.securityfocus.com/bid/255 Reference: XF:inn-innconf-env The INN inndstart program allows local users to gain privileges by specifying an alternate configuration file using the INNCONF environmental variable. ====================================================== Name: CVE-1999-0755 Status: Entry Reference: XF:nt-ras-pwcache Reference: MSKB:Q230681 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q230681 Reference: MS:MS99-017 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-017.mspx Windows NT RRAS and RAS clients cache a user's password even if the user has not selected the "Save password" option. ====================================================== Name: CVE-1999-0756 Status: Entry Reference: ALLAIRE:ASB99-07 Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=10968&Method=Full Reference: XF:coldfusion-admin-dos(2207) Reference: URL:http://xforce.iss.net/static/2207.php ColdFusion Administrator with Advanced Security enabled allows remote users to stop the ColdFusion server via the Start/Stop utility. ====================================================== Name: CVE-1999-0758 Status: Entry Reference: ALLAIRE:ASB99-06 Reference: XF:netscape-space-view Netscape Enterprise 3.5.1 and FastTrack 3.01 servers allow a remote attacker to view source code to scripts by appending a %20 to the script's URL. ====================================================== Name: CVE-1999-0759 Status: Entry Reference: BUGTRAQ:19990913 Many kind of POP3/SMTP server softwares for Windows have buffer overflow bug Reference: CONFIRM:http://www.crosswinds.net/~fuseware/faq.html#8 Reference: BID:634 Reference: URL:http://www.securityfocus.com/bid/634 Reference: XF:fuseware-popmail-bo Buffer overflow in FuseMAIL POP service via long USER and PASS commands. ====================================================== Name: CVE-1999-0760 Status: Entry Reference: ALLAIRE:ASB99-10 Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=11714&Method=Full Reference: BID:550 Reference: URL:http://www.securityfocus.com/bid/550 Reference: XF:coldfusion-server-cfml-tags Reference: URL:http://xforce.iss.net/static/3288.php Undocumented ColdFusion Markup Language (CFML) tags and functions in the ColdFusion Administrator allow users to gain additional privileges. ====================================================== Name: CVE-1999-0761 Status: Entry Reference: FREEBSD:FreeBSD-SA-99:05 Reference: XF:freebsd-fts-lib-bo Reference: BID:644 Reference: URL:http://www.securityfocus.com/bid/644 Reference: OSVDB:1074 Reference: URL:http://www.osvdb.org/1074 Buffer overflow in FreeBSD fts library routines allows local user to modify arbitrary files via the periodic program. ====================================================== Name: CVE-1999-0762 Status: Entry Reference: XF:netscape-title Reference: BUGTRAQ:19990524 Netscape Communicator JavaScript in security vulnerability When Javascript is embedded within the TITLE tag, Netscape Communicator allows a remote attacker to use the "about" protocol to gain access to browser information. ====================================================== Name: CVE-1999-0763 Status: Entry Reference: NETBSD:1999-010 Reference: XF:netbsd-arp Reference: OSVDB:6540 Reference: URL:http://www.osvdb.org/6540 NetBSD on a multi-homed host allows ARP packets on one network to modify ARP entries on another connected network. ====================================================== Name: CVE-1999-0764 Status: Entry Reference: NETBSD:1999-010 Reference: XF:netbsd-arp Reference: OSVDB:6539 Reference: URL:http://www.osvdb.org/6539 NetBSD allows ARP packets to overwrite static ARP entries. ====================================================== Name: CVE-1999-0765 Status: Entry Reference: BUGTRAQ:19990619 IRIX midikeys root exploit. Reference: SGI:19990501-01-A Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19990501-01-A Reference: BID:262 Reference: URL:http://www.securityfocus.com/bid/262 Reference: XF:irix-midikeys SGI IRIX midikeys program allows local users to modify arbitrary files via a text editor. ====================================================== Name: CVE-1999-0766 Status: Entry Reference: MS:MS99-031 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-031.mspx Reference: MSKB:Q240346 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q240346 Reference: BID:600 Reference: URL:http://www.securityfocus.com/bid/600 Reference: XF:msvm-verifier-java The Microsoft Java Virtual Machine allows a malicious Java applet to execute arbitrary commands outside of the sandbox environment. ====================================================== Name: CVE-1999-0768 Status: Entry Reference: BID:602 Reference: URL:http://www.securityfocus.com/bid/602 Reference: REDHAT:RHSA-1999:030-02 Reference: SUSE:19990829 Security hole in cron Buffer overflow in Vixie Cron on Red Hat systems via the MAILTO environmental variable. ====================================================== Name: CVE-1999-0769 Status: Entry Reference: REDHAT:RHSA-1999:030-02 Reference: CALDERA:CSSA-1999:023.0 Reference: SUSE:19990829 Security hole in cron Reference: DEBIAN:19990830 cron Reference: BID:611 Reference: URL:http://www.securityfocus.com/bid/611 Vixie Cron on Linux systems allows local users to set parameters of sendmail commands via the MAILTO environmental variable. ====================================================== Name: CVE-1999-0770 Status: Entry Reference: BUGTRAQ:19990729 Simple DOS attack on FW-1 Reference: BID:549 Reference: URL:http://www.securityfocus.com/bid/549 Reference: CHECKPOINT:ACK DOS ATTACK Reference: OSVDB:1027 Reference: URL:http://www.osvdb.org/1027 Firewall-1 sets a long timeout for connections that begin with ACK or other packets except SYN, allowing an attacker to conduct a denial of service via a large number of connection attempts to unresponsive systems. ====================================================== Name: CVE-1999-0771 Status: Entry Reference: BUGTRAQ:19990526 Infosec.19990526.compaq-im.a Reference: COMPAQ:SSRT0612U Reference: XF:management-agent-file-read The web components of Compaq Management Agents and the Compaq Survey Utility allow a remote attacker to read arbitrary files via a .. (dot dot) attack. ====================================================== Name: CVE-1999-0772 Status: Entry Reference: BUGTRAQ:19990527 Re: Infosec.19990526.compaq-im.a (New DoS and correction to my previous post) Reference: COMPAQ:SSRT0612U Reference: XF:management-agent-dos Denial of service in Compaq Management Agents and the Compaq Survey Utility via a long string sent to port 2301. ====================================================== Name: CVE-1999-0773 Status: Entry Reference: BUGTRAQ:19990511 Solaris2.6 and 2.7 lpset overflow Reference: URL:http://www.netspace.org/cgi-bin/wa?A2=ind9905B&L=bugtraq&P=R2017 Reference: XF:sol-lpset-bo Buffer overflow in Solaris lpset program allows local users to gain root access. ====================================================== Name: CVE-1999-0774 Status: Entry Reference: BUGTRAQ:19990830 Babcia Padlina Ltd. security advisory: mars_nwe buffer overf Reference: REDHAT:RHSA1999037_01 Reference: SUSE:19990916 Security hole in mars nwe Reference: BID:617 Reference: URL:http://www.securityfocus.com/bid/617 Buffer overflows in Mars NetWare Emulation (NWE, mars_nwe) package via long directory names. ====================================================== Name: CVE-1999-0775 Status: Entry Reference: CISCO:19990610 Cisco IOS Software established Access List Keyword Error Reference: XF:cisco-gigaswitch Cisco Gigabit Switch routers running IOS allow remote attackers to forward unauthorized packets due to improper handling of the "established" keyword in an access list. ====================================================== Name: CVE-1999-0777 Status: Entry Reference: MS:MS99-039 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-039.asp Reference: MSKB:Q241407 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q241407 Reference: MSKB:Q242559 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q242559 Reference: XF:iis-ftp-no-access-files Reference: BID:658 Reference: URL:http://www.securityfocus.com/bid/658 IIS FTP servers may allow a remote attacker to read or delete files on the server, even if they have "No Access" permissions. ====================================================== Name: CVE-1999-0778 Status: Entry Reference: BUGTRAQ:19990626 KSR[T] #011: Accelerated-X Reference: KSRT:011 Reference: BID:488 Reference: URL:http://www.securityfocus.com/bid/488 Reference: XF:accelx-display-bo Buffer overflow in Xi Graphics Accelerated-X server allows local users to gain root access via a long display or query parameter. ====================================================== Name: CVE-1999-0779 Status: Entry Reference: HP:HPSBUX9810-086 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9810-086 Reference: XF:hp-sharedx Denial of service in HP-UX SharedX recserv program. ====================================================== Name: CVE-1999-0780 Status: Entry Reference: BUGTRAQ:19981118 Multiple KDE security vulnerabilities (root compromise) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91141486301691&w=2 Reference: XF:kde-klock-process-kill KDE klock allows local users to kill arbitrary processes by specifying an arbitrary PID in the .kss.pid file. ====================================================== Name: CVE-1999-0781 Status: Entry Reference: BUGTRAQ:19981118 Multiple KDE security vulnerabilities (root compromise) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91141486301691&w=2 Reference: XF:kde-klock-bindir-trojans KDE allows local users to execute arbitrary commands by setting the KDEDIR environmental variable to modify the search path that KDE uses to locate its executables. ====================================================== Name: CVE-1999-0782 Status: Entry Reference: BUGTRAQ:19981118 Multiple KDE security vulnerabilities (root compromise) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91141486301691&w=2 Reference: XF:kde-kppp-directory-create KDE kppp allows local users to create a directory in an arbitrary location via the HOME environmental variable. ====================================================== Name: CVE-1999-0783 Status: Entry Reference: FREEBSD:FreeBSD-SA-98:05 Reference: CIAC:I-057 Reference: URL:http://www.ciac.org/ciac/bulletins/i-057.shtml Reference: XF:freebsd-nfs-link-dos Reference: OSVDB:6090 Reference: URL:http://www.osvdb.org/6090 FreeBSD allows local users to conduct a denial of service by creating a hard link from a device special file to a file on an NFS file system. ====================================================== Name: CVE-1999-0785 Status: Entry Reference: BUGTRAQ:19990511 INN 2.0 and higher. Root compromise potential Reference: SUSE:19990518 Security hole in INN Reference: XF:inn-pathrun Reference: BID:254 Reference: URL:http://www.securityfocus.com/bid/254 The INN inndstart program allows local users to gain root privileges via the "pathrun" parameter in the inn.conf file. ====================================================== Name: CVE-1999-0786 Status: Entry Reference: BUGTRAQ:19990922 LD_PROFILE local root exploit for solaris 2.6 Reference: BID:659 Reference: URL:http://www.securityfocus.com/bid/659 The dynamic linker in Solaris allows a local user to create arbitrary files via the LD_PROFILE environmental variable and a symlink attack. ====================================================== Name: CVE-1999-0787 Status: Entry Reference: BUGTRAQ:19990917 A few bugs... Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93760201002154&w=2 Reference: BUGTRAQ:19990924 [Fwd: Truth about ssh 1.2.27 vulnerability] Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93832856804415&w=2 Reference: XF:ssh-socket-auth-symlink-dos Reference: BID:660 Reference: URL:http://www.securityfocus.com/bid/660 The SSH authentication agent follows symlinks via a UNIX domain socket. ====================================================== Name: CVE-1999-0788 Status: Entry Reference: BUGTRAQ:19990924 Multiple vendor Knox Arkiea local root/remote DoS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93837184228248&w=2 Reference: BID:662 Reference: URL:http://www.securityfocus.com/bid/662 Reference: XF:arkiea-backup-nlserverd-remote-dos Arkiea nlservd allows remote attackers to conduct a denial of service. ====================================================== Name: CVE-1999-0789 Status: Entry Reference: BUGTRAQ:19990928 Remote bufferoverflow exploit for ftpd from AIX 4.3.2 running on an RS6000 Reference: IBM:ERS-SVA-E01-1999:004.1 Reference: CIAC:J-072 Reference: URL:http://www.ciac.org/ciac/bulletins/j-072.shtml Reference: XF:aix-ftpd-bo Reference: BID:679 Reference: URL:http://www.securityfocus.com/bid/679 Buffer overflow in AIX ftpd in the libc library. ====================================================== Name: CVE-1999-0790 Status: Entry Reference: MISC:http://home.netscape.com/security/notes/jscachebrowsing.html Reference: XF:netscape-javascript A remote attacker can read information from a Netscape user's cache via JavaScript. ====================================================== Name: CVE-1999-0791 Status: Entry Reference: BUGTRAQ:19991006 KSR[T] Advisories #012: Hybrid Network's Cable Modems Reference: KSRT:012 Reference: BID:695 Reference: URL:http://www.securityfocus.com/bid/695 Reference: XF:hybrid-anon-cable-modem-reconfig Hybrid Network cable modems do not include an authentication mechanism for administration, allowing remote attackers to compromise the system through the HSMP protocol. ====================================================== Name: CVE-1999-0793 Status: Entry Reference: MS:MS99-043 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-043.mspx Reference: XF:ie-java-redirect Internet Explorer allows remote attackers to read files by redirecting data to a Javascript applet. ====================================================== Name: CVE-1999-0794 Status: Entry Reference: MS:MS99-044 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-044.mspx Reference: XF:excel-sylk Reference: MSKB:Q241900 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q241900 Reference: MSKB:Q241901 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q241901 Reference: MSKB:Q241902 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q241902 Microsoft Excel does not warn a user when a macro is present in a Symbolic Link (SYLK) format file. ====================================================== Name: CVE-1999-0796 Status: Entry Reference: FREEBSD:SA-98.03 Reference: XF:freebsd-ttcp-spoof Reference: OSVDB:6089 Reference: URL:http://www.osvdb.org/6089 FreeBSD T/TCP Extensions for Transactions can be subjected to spoofing attacks. ====================================================== Name: CVE-1999-0797 Status: Entry Reference: ISS:19980629 Distributed DoS attack against NIS/NIS+ based networks. Reference: CIAC:I-070 Reference: URL:http://www.ciac.org/ciac/bulletins/i-070.shtml Reference: XF:sun-nis-nisplus NIS finger allows an attacker to conduct a denial of service via a large number of finger requests, resulting in a large number of NIS queries. ====================================================== Name: CVE-1999-0799 Status: Entry Reference: BUGTRAQ:19970725 Exploitable buffer overflow in bootpd (most unices) Reference: XF:bootpd-bo Buffer overflow in bootpd 2.4.3 and earlier via a long boot file location. ====================================================== Name: CVE-1999-0800 Status: Entry Reference: ALLAIRE:ASB99-05 Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=9602&Method=Full Reference: NTBUGTRAQ:19990211 ACFUG List: Alert: Allaire Forums GetFile bug Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/1998-1999/msg00332.html Reference: XF:allaire-forums-file-read(1748) Reference: URL:http://xforce.iss.net/xforce/xfdb/1748 Reference: OSVDB:944 Reference: URL:http://www.osvdb.org/944 The GetFile.cfm file in Allaire Forums allows remote attackers to read files through a parameter to GetFile.cfm. ====================================================== Name: CVE-1999-0801 Status: Entry Reference: BUGTRAQ:19990409 Patrol security bugs Reference: URL:http://www.securityfocus.com/archive/1/13204 Reference: XF:bmc-patrol-frames(2075) Reference: URL:http://www.iss.net/security_center/static/2075.php BMC Patrol allows remote attackers to gain access to an agent by spoofing frames. ====================================================== Name: CVE-1999-0802 Status: Entry Reference: BUGTRAQ:19990503 MSIE 5 FAVICON BUG Reference: MS:MS99-018 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-018.mspx Reference: MSKB:Q231450 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q231450 Reference: XF:ie-favicon Buffer overflow in Internet Explorer 5 allows remote attackers to execute commands via a malformed Favorites icon. ====================================================== Name: CVE-1999-0803 Status: Entry Reference: BUGTRAQ:19990525 IBM eNetwork Firewall for AIX Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92765973207648&w=2 Reference: XF:ibm-enfirewall-tmpfiles Reference: OSVDB:962 Reference: URL:http://www.osvdb.org/962 The fwluser script in AIX eNetwork Firewall allows local users to write to arbitrary files via a symlink attack. ====================================================== Name: CVE-1999-0804 Status: Entry Reference: BUGTRAQ:19990601 Linux kernel 2.2.x vulnerability/exploit Reference: DEBIAN:19990607 Reference: CALDERA:CSSA-1999:013 Reference: SUSE:19990602 Denial of Service on the 2.2 kernel Reference: REDHAT:19990603 Kernel Update Reference: BID:302 Reference: URL:http://www.securityfocus.com/bid/302 Denial of service in Linux 2.2.x kernels via malformed ICMP packets containing unusual types, codes, and IP header lengths. ====================================================== Name: CVE-1999-0806 Status: Entry Reference: BUGTRAQ:19990510 Solaris2.6,2.7 dtprintinfo exploits Reference: XF:cde-dtprintinfo Reference: OSVDB:6552 Reference: URL:http://www.osvdb.org/6552 Buffer overflow in Solaris dtprintinfo program. ====================================================== Name: CVE-1999-0807 Status: Entry Reference: XF:netscape-dirsvc-password The Netscape Directory Server installation procedure leaves sensitive information in a file that is accessible to local users. ====================================================== Name: CVE-1999-0809 Status: Entry Reference: BUGTRAQ:19990709 Communicator 4.[56]x, JavaScript used to bypass cookie settings Netscape Communicator 4.x with Javascript enabled does not warn a user of cookie settings, even if they have selected the option to "Only accept cookies originating from the same server as the page being viewed". ====================================================== Name: CVE-1999-0810 Status: Entry Reference: BUGTRAQ:19990721 Samba 2.0.5 security fixes Reference: CALDERA:CSSA-1999:018.0 Reference: DEBIAN:19990731 Reference: DEBIAN:19990804 Reference: REDHAT:RHSA-1999:022-02 Reference: SUSE:19990816 Security hole in Samba Denial of service in Samba NETBIOS name service daemon (nmbd). ====================================================== Name: CVE-1999-0811 Status: Entry Reference: BUGTRAQ:19990721 Samba 2.0.5 security fixes Reference: REDHAT:RHSA-1999:022-02 Reference: CALDERA:CSSA-1999:018.0 Reference: SUSE:19990816 Security hole in Samba Reference: DEBIAN:19990731 Samba Reference: XF:samba-message-bo Reference: BID:536 Reference: URL:http://www.securityfocus.com/bid/536 Buffer overflow in Samba smbd program via a malformed message command. ====================================================== Name: CVE-1999-0812 Status: Entry Reference: BUGTRAQ:19990721 Samba 2.0.5 security fixes Reference: DEBIAN:19990731 Reference: DEBIAN:19990804 Reference: CALDERA:CSSA-1999:018.0 Reference: REDHAT:RHSA-1999:022-02 Reference: SUSE:19990816 Security hole in Samba Race condition in Samba smbmnt allows local users to mount file systems in arbitrary locations. ====================================================== Name: CVE-1999-0813 Status: Entry Reference: BUGTRAQ:19990810 Severe bug in cfingerd before 1.4.0 Reference: BUGTRAQ:19980724 CFINGERD root security hole Reference: DEBIAN:19990814 Reference: XF:cfingerd-privileges Cfingerd with ALLOW_EXECUTION enabled does not properly drop privileges when it executes a program on behalf of the user, allowing local users to gain root privileges. ====================================================== Name: CVE-1999-0814 Status: Entry Reference: REDHAT:RHSA-1999:027 Reference: URL:http://www.redhat.com/support/errata/RHSA-1999-027.html Red Hat pump DHCP client allows remote attackers to gain root access in some configurations. ====================================================== Name: CVE-1999-0815 Status: Entry Reference: MSKB:Q196270 Reference: URL:http://support.microsoft.com/support/kb/articles/q196/2/70.asp Reference: XF:nt-snmpagent-leak(1974) Reference: URL:http://xforce.iss.net/static/1974.php Reference: OVAL:oval:org.mitre.oval:def:952 Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:952 Memory leak in SNMP agent in Windows NT 4.0 before SP5 allows remote attackers to conduct a denial of service (memory exhaustion) via a large number of queries. ====================================================== Name: CVE-1999-0817 Status: Entry Reference: SUSE:19990915 Security hole in lynx Lynx WWW client allows a remote attacker to specify command-line parameters which Lynx uses when calling external programs to handle certain protocols, e.g. telnet. ====================================================== Name: CVE-1999-0819 Status: Entry Reference: NTBUGTRAQ:19991130 NTmail and VRFY Reference: BUGTRAQ:19991130 NTmail and VRFY Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94398141118586&w=2 Reference: XF:nt-mail-vrfy NTMail does not disable the VRFY command, even if the administrator has explicitly disabled it. ====================================================== Name: CVE-1999-0820 Status: Entry Reference: BUGTRAQ:19991130 Several FreeBSD-3.3 vulnerabilities Reference: BID:838 Reference: URL:http://www.securityfocus.com/bid/838 Reference: XF:freebsd-seyon-dir-add Reference: OSVDB:5996 Reference: URL:http://www.osvdb.org/5996 FreeBSD seyon allows users to gain privileges via a modified PATH variable for finding the xterm and seyon-emu commands. ====================================================== Name: CVE-1999-0823 Status: Entry Reference: BUGTRAQ:19991130 Several FreeBSD-3.3 vulnerabilities Reference: BID:839 Reference: URL:http://www.securityfocus.com/bid/839 Reference: XF:freebsd-xmindpath Reference: OSVDB:1150 Reference: URL:http://www.osvdb.org/1150 Buffer overflow in FreeBSD xmindpath allows local users to gain privileges via -f argument. ====================================================== Name: CVE-1999-0824 Status: Entry Reference: BID:833 Reference: URL:http://www.securityfocus.com/bid/833 Reference: NTBUGTRAQ:19991130 SUBST problem Reference: BUGTRAQ:19991130 Subst.exe carelessness (fwd) A Windows NT user can use SUBST to map a drive letter to a folder, which is not unmapped after the user logs off, potentially allowing that user to modify the location of folders accessed by later users. ====================================================== Name: CVE-1999-0826 Status: Entry Reference: BUGTRAQ:19991130 Several FreeBSD-3.3 vulnerabilities Reference: BID:840 Reference: URL:http://www.securityfocus.com/bid/840 Reference: XF:angband-bo Reference: OSVDB:1151 Reference: URL:http://www.osvdb.org/1151 Buffer overflow in FreeBSD angband allows local users to gain privileges. ====================================================== Name: CVE-1999-0831 Status: Entry Reference: CALDERA:CSSA-1999-035.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-1999-035.0.txt Reference: REDHAT:RHSA1999055-01 Reference: SUSE:19991118 syslogd-1.3.33 (a1) Reference: BUGTRAQ:19991130 [david@slackware.com: New Patches for Slackware 4.0 Available] Reference: BID:809 Reference: URL:http://www.securityfocus.com/bid/809 Reference: XF:slackware-syslogd-dos Denial of service in Linux syslogd via a large number of connections. ====================================================== Name: CVE-1999-0832 Status: Entry Reference: BUGTRAQ:19991109 undocumented bugs - nfsd Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.20.9911091058140.12964-100000@mail.zigzag.pl Reference: DEBIAN:19991111 buffer overflow in nfs server Reference: URL:http://www.debian.org/security/1999/19991111 Reference: SUSE:19991110 Security hole in nfs-server < 2.2beta47 within nkita Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_29.html Reference: CALDERA:CSSA-1999-033.0 Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-033.0.txt Reference: REDHAT:RHSA-1999:053-01 Reference: URL:http://www.redhat.com/support/errata/rh42-errata-general.html#NFS Reference: BUGTRAQ:19991130 [david@slackware.com: New Patches for Slackware 4.0 Available] Reference: XF:linux-nfs-maxpath-bo Reference: BID:782 Reference: URL:http://www.securityfocus.com/bid/782 Buffer overflow in NFS server on Linux allows attackers to execute commands via a long pathname. ====================================================== Name: CVE-1999-0833 Status: Entry Reference: SUSE:19991111 Security hole in bind8 < 8.2.2p2 and bind4 < 4.9.7-REL Reference: DEBIAN:19991116 Denial of service vulnerabilities in bind Reference: CALDERA:CSSA-1999-034.1 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-1999-034.1.txt Reference: REDHAT:RHSA-1999:054-01 Reference: CERT:CA-99-14 Reference: BID:788 Reference: URL:http://www.securityfocus.com/bid/788 Reference: XF:bind-nxt-bo Buffer overflow in BIND 8.2 via NXT records. ====================================================== Name: CVE-1999-0834 Status: Entry Reference: BUGTRAQ:19991201 Security Advisory: Buffer overflow in RSAREF2 Reference: BUGTRAQ:19991202 OpenBSD sslUSA26 advisory (Re: CORE-SDI: Buffer overflow in RSAREF2) Reference: CERT:CA-99-15 Reference: BID:843 Reference: URL:http://www.securityfocus.com/bid/843 Reference: XF:rsaref-bo Buffer overflow in RSAREF2 via the encryption and decryption functions in the RSAREF library. ====================================================== Name: CVE-1999-0835 Status: Entry Reference: SUSE:19991111 Security hole in bind8 < 8.2.2p2 and bind4 < 4.9.7-REL Reference: DEBIAN:19991116 Denial of service vulnerabilities in bind Reference: CALDERA:CSSA-1999-034.1 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-1999-034.1.txt Reference: REDHAT:RHSA-1999:054-01 Reference: CERT:CA-99-14 Reference: XF:bind-sigrecord-dos Reference: BID:788 Reference: URL:http://www.securityfocus.com/bid/788 Denial of service in BIND named via malformed SIG records. ====================================================== Name: CVE-1999-0836 Status: Entry Reference: BUGTRAQ:19991202 UnixWare 7 uidadmin exploit + discussion Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=19991202160111.20553.qmail@nwcst282.netaddress.usa.net Reference: SCO:SB-99.22a Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-99.22a Reference: BID:842 Reference: URL:http://www.securityfocus.com/bid/842 Reference: XF:unixware-uid-admin UnixWare uidadmin allows local users to modify arbitrary files via a symlink attack. ====================================================== Name: CVE-1999-0837 Status: Entry Reference: SUSE:19991111 Security hole in bind8 < 8.2.2p2 and bind4 < 4.9.7-REL Reference: DEBIAN:19991116 Denial of service vulnerabilities in bind Reference: CALDERA:CSSA-1999-034.1 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-1999-034.1.txt Reference: REDHAT:RHSA-1999:054-01 Reference: SUN:00194 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/194 Reference: CERT:CA-99-14 Reference: XF:bind-solinger-dos Reference: BID:788 Reference: URL:http://www.securityfocus.com/bid/788 Denial of service in BIND by improperly closing TCP sessions via so_linger. ====================================================== Name: CVE-1999-0838 Status: Entry Reference: BUGTRAQ:19991202 Remote DoS Attack in Serv-U FTP-Server v2.5a Vulnerability Reference: BID:859 Reference: URL:http://www.securityfocus.com/bid/859 Reference: XF:servu-ftp-site-bo Buffer overflow in Serv-U FTP 2.5 allows remote users to conduct a denial of service via the SITE command. ====================================================== Name: CVE-1999-0839 Status: Entry Reference: NTBUGTRAQ:19991130 Windows NT Task Scheduler vulnerability allows user to administrator elevation Reference: MS:MS99-051 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-051.mspx Reference: MSKB:Q246972 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q246972 Reference: XF:ie-task-scheduler-privs Reference: BID:828 Reference: URL:http://www.securityfocus.com/bid/828 Windows NT Task Scheduler installed with Internet Explorer 5 allows a user to gain privileges by modifying the job after it has been scheduled. ====================================================== Name: CVE-1999-0842 Status: Entry Reference: NTBUGTRAQ:19991129 Symantec Mail-Gear 1.0 Web interface Server Directory Traversal Vulnerability Reference: BUGTRAQ:19991129 Symantec Mail-Gear 1.0 Web interface Server Directory Traversal Vulnerability Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NCBBKFKDOLAGKIAPMILPCEAFCBAA.labs@ussrback.com Reference: BID:827 Reference: URL:http://www.securityfocus.com/bid/827 Reference: XF:symantec-mail-dir-traversal Reference: OSVDB:1144 Reference: URL:http://www.osvdb.org/1144 Symantec Mail-Gear 1.0 web interface server allows remote users to read arbitrary files via a .. (dot dot) attack. ====================================================== Name: CVE-1999-0847 Status: Entry Reference: BUGTRAQ:19991129 FICS buffer overflow Reference: XF:fics-board-bo Buffer overflow in free internet chess server (FICS) program, xboard. ====================================================== Name: CVE-1999-0848 Status: Entry Reference: SUSE:19991111 Security hole in bind8 < 8.2.2p2 and bind4 < 4.9.7-REL Reference: DEBIAN:19991116 Denial of service vulnerabilities in bind Reference: CALDERA:CSSA-1999-034.1 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-1999-034.1.txt Reference: REDHAT:RHSA-1999:054-01 Reference: SUN:00194 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/194 Reference: CERT:CA-99-14 Reference: BID:788 Reference: URL:http://www.securityfocus.com/bid/788 Reference: XF:bind-fdmax-dos Denial of service in BIND named via consuming more than "fdmax" file descriptors. ====================================================== Name: CVE-1999-0849 Status: Entry Reference: SUSE:19991111 Security hole in bind8 < 8.2.2p2 and bind4 < 4.9.7-REL Reference: DEBIAN:19991116 Denial of service vulnerabilities in bind Reference: CALDERA:CSSA-1999-034.1 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-1999-034.1.txt Reference: REDHAT:RHSA-1999:054-01 Reference: SUN:00194 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/194 Reference: CERT:CA-99-14 Reference: BID:788 Reference: URL:http://www.securityfocus.com/bid/788 Reference: XF:bind-maxdname-bo Denial of service in BIND named via maxdname. ====================================================== Name: CVE-1999-0851 Status: Entry Reference: SUSE:19991111 Security hole in bind8 < 8.2.2p2 and bind4 < 4.9.7-REL Reference: DEBIAN:19991116 Denial of service vulnerabilities in bind Reference: CALDERA:CSSA-1999-034.1 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-1999-034.1.txt Reference: REDHAT:RHSA-1999:054-01 Reference: SUN:00194 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/194 Reference: CERT:CA-99-14 Reference: BID:788 Reference: URL:http://www.securityfocus.com/bid/788 Reference: XF:bind-naptr-dos Denial of service in BIND named via naptr. ====================================================== Name: CVE-1999-0853 Status: Entry Reference: BID:847 Reference: URL:http://www.securityfocus.com/bid/847 Reference: ISS:19991201 Buffer Overflow in Netscape Enterprise and FastTrack Authentication Procedure Reference: XF:netscape-fasttrack-auth-bo Buffer overflow in Netscape Enterprise Server and Netscape FastTrack Server allows remote attackers to gain privileges via the HTTP Basic Authentication procedure. ====================================================== Name: CVE-1999-0854 Status: Entry Reference: BUGTRAQ:19991130 Ultimate Bulletin Board v5.3x? Bug Reference: BUGTRAQ:20000225 FW: Important UBB News For Licensed Users Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-22&msg=NDBBLKOPOLNKELHPDEFKIEPGCAAA.renzo.toma@veronica.nl Reference: CONFIRM:http://www.ultimatebb.com/home/versions.shtml Reference: XF:http-ultimate-bbs Ultimate Bulletin Board stores data files in the cgi-bin directory, allowing remote attackers to view the data if an error occurs when the HTTP server attempts to execute the file. ====================================================== Name: CVE-1999-0856 Status: Entry Reference: BUGTRAQ:19991202 Slackware 7.0 - login bug Reference: XF:slackware-remote-login login in Slackware 7.0 allows remote attackers to identify valid users on the system by reporting an encryption error when an account is locked or does not exist. ====================================================== Name: CVE-1999-0858 Status: Entry Reference: MS:MS99-054 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-054.mspx Reference: MSKB:Q247333 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q247333 Reference: BID:846 Reference: URL:http://www.securityfocus.com/bid/846 Reference: XF:ie-wpad-proxy-settings Internet Explorer 5 allows a remote attacker to modify the IE client's proxy configuration via a malicious Web Proxy Auto-Discovery (WPAD) server. ====================================================== Name: CVE-1999-0859 Status: Entry Reference: BUGTRAQ:19991130 Solaris 2.x chkperm/arp vulnerabilities Reference: SUNBUG:4296166 Reference: BID:837 Reference: URL:http://www.securityfocus.com/bid/837 Reference: XF:sol-arp-parse Reference: OSVDB:6994 Reference: URL:http://www.osvdb.org/6994 Solaris arp allows local users to read files via the -f parameter, which lists lines in the file that do not parse properly. ====================================================== Name: CVE-1999-0861 Status: Entry Reference: MS:MS99-053 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-053.mspx Reference: MSKB:Q244613 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q244613 Reference: XF:iis-ssl-isapi-filter Race condition in the SSL ISAPI filter in IIS and other servers may leak information in plaintext. ====================================================== Name: CVE-1999-0864 Status: Entry Reference: BUGTRAQ:19991202 UnixWare coredumps follow symlinks Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=19991203020720.13115.qmail@nwcst289.netaddress.usa.net Reference: BUGTRAQ:19991215 Recent postings about SCO UnixWare 7 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94530783815434&w=2 Reference: BUGTRAQ:19991223 FYI, SCO Security patches available. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94606167110764&w=2 Reference: BUGTRAQ:19991220 SCO OpenServer Security Status Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94581379905584&w=2 Reference: XF:sco-coredump-symlink Reference: BID:851 Reference: URL:http://www.securityfocus.com/bid/851 UnixWare programs that dump core allow a local user to modify files via a symlink attack on the ./core.pid file. ====================================================== Name: CVE-1999-0865 Status: Entry Reference: BUGTRAQ:19991203 CommuniGatePro 3.1 for NT DoS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94426440413027&w=2 Reference: NTBUGTRAQ:19991203 CommuniGatePro 3.1 for NT Buffer Overflow Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=94454565726775&w=2 Reference: BID:860 Reference: URL:http://www.securityfocus.com/bid/860 Reference: XF:communigate-pro-bo Buffer overflow in CommuniGatePro via a long string to the HTTP configuration port. ====================================================== Name: CVE-1999-0866 Status: Entry Reference: BUGTRAQ:19991203 UnixWare gain root with non-su/gid binaries Reference: BUGTRAQ:19991215 Recent postings about SCO UnixWare 7 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94530783815434&w=2 Reference: BUGTRAQ:19991223 FYI, SCO Security patches available. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94606167110764&w=2 Reference: BUGTRAQ:19991220 SCO OpenServer Security Status Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94581379905584&w=2 Reference: SCO:SB-99.24a Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-99.24a Reference: XF:sco-xauto-bo Reference: BID:848 Reference: URL:http://www.securityfocus.com/bid/848 Buffer overflow in UnixWare xauto program allows local users to gain root privilege. ====================================================== Name: CVE-1999-0867 Status: Entry Reference: MS:MS99-029 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-029.mspx Reference: MSKB:Q238349 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q238349 Reference: CIAC:J-058 Reference: URL:http://www.ciac.org/ciac/bulletins/j-058.shtml Reference: XF:http-iis-malformed-header Reference: BID:579 Reference: URL:http://www.securityfocus.com/bid/579 Denial of service in IIS 4.0 via a flood of HTTP requests with malformed headers. ====================================================== Name: CVE-1999-0868 Status: Entry Reference: CERT:CA-97.08 Reference: XF:inn-ucbmail-shell-meta ucbmail allows remote attackers to execute commands via shell metacharacters that are passed to it from INN. ====================================================== Name: CVE-1999-0869 Status: Entry Reference: MS:MS98-020 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms98-020.mspx Reference: MSKB:167614 Reference: XF:http-frame-spoof Internet Explorer 3.x to 4.01 allows a remote attacker to insert malicious content into a frame of another web site, aka frame spoofing. ====================================================== Name: CVE-1999-0870 Status: Entry Reference: MS:MS98-015 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms98-015.mspx Reference: MSKB:169245 Reference: XF:ie-usp-cuartango Internet Explorer 4.01 allows remote attackers to read arbitrary files by pasting a file name into the file upload control, aka untrusted scripted paste. ====================================================== Name: CVE-1999-0871 Status: Entry Reference: MS:MS98-013 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms98-013.mspx Reference: OSVDB:7837 Reference: URL:http://www.osvdb.org/7837 Reference: XF:ie-crossframe-file-read(3668) Reference: URL:http://xforce.iss.net/xforce/xfdb/3668 Internet Explorer 4.0 and 4.01 allow a remote attacker to read files via IE's cross frame security, aka the "Cross Frame Navigate" vulnerability. ====================================================== Name: CVE-1999-0873 Status: Entry Reference: BID:759 Reference: URL:http://www.securityfocus.com/bid/759 Reference: XF:skyfull-mail-from-bo Buffer overflow in Skyfull mail server via MAIL FROM command. ====================================================== Name: CVE-1999-0874 Status: Entry Reference: MS:MS99-019 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-019.asp Reference: MSKB:Q234905 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q234905 Reference: EEYE:AD06081999 Reference: URL:http://www.eeye.com/html/Research/Advisories/AD06081999.html Reference: CERT:CA-99-07 Reference: CIAC:J-048 Reference: URL:http://www.ciac.org/ciac/bulletins/j-048.shtml Reference: XF:iis-htr-overflow Reference: OVAL:oval:org.mitre.oval:def:915 Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:915 Buffer overflow in IIS 4.0 allows remote attackers to cause a denial of service via a malformed request for files with .HTR, .IDC, or .STM extensions. ====================================================== Name: CVE-1999-0875 Status: Entry Reference: L0PHT:19990811 Reference: MSKB:Q216141 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q216141 Reference: BID:578 Reference: URL:http://www.securityfocus.com/bid/578 Reference: XF:irdp-gateway-spoof DHCP clients with ICMP Router Discovery Protocol (IRDP) enabled allow remote attackers to modify their default routes. ====================================================== Name: CVE-1999-0876 Status: Entry Reference: MSKB:Q185959 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q185959 Reference: MSKB:Q176697 Reference: URL:http://support.microsoft.com/support/kb/articles/q176/6/97.asp Buffer overflow in Internet Explorer 4.0 via EMBED tag. ====================================================== Name: CVE-1999-0877 Status: Entry Reference: MSKB:Q243638 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q243638 Reference: MS:MS99-042 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-042.mspx Reference: XF:ie-iframe-exec Internet Explorer 5 allows remote attackers to read files via an ExecCommand method called on an IFRAME. ====================================================== Name: CVE-1999-0878 Status: Entry Reference: COMPAQ:SSRT0622 Reference: REDHAT:RHSA1999031_01 Reference: AUSCERT:AA-1999.01 Reference: CERT:CA-99-13 Reference: BID:599 Reference: URL:http://www.securityfocus.com/bid/599 Reference: XF:wu-ftpd-dir-name Buffer overflow in WU-FTPD and related FTP servers allows remote attackers to gain root privileges via MAPPING_CHDIR. ====================================================== Name: CVE-1999-0879 Status: Entry Reference: CERT:CA-99-13 Reference: XF:wuftp-message-file-root Buffer overflow in WU-FTPD and related FTP servers allows remote attackers to gain root privileges via macro variables in a message file. ====================================================== Name: CVE-1999-0880 Status: Entry Reference: CERT:CA-99-13 Reference: XF:wuftp-site-newer-dos Denial of service in WU-FTPD via the SITE NEWER command, which does not free memory properly. ====================================================== Name: CVE-1999-0881 Status: Entry Reference: BUGTRAQ:19991025 Falcon Web Server Reference: BINDVIEW:Falcon Web Server Reference: BID:743 Reference: URL:http://www.securityfocus.com/bid/743 Reference: XF:falcon-path-parsing Reference: OSVDB:1127 Reference: URL:http://www.osvdb.org/1127 Falcon web server allows remote attackers to read arbitrary files via a .. (dot dot) attack. ====================================================== Name: CVE-1999-0883 Status: Entry Reference: BUGTRAQ:19991024 RFP9905: Zeus webserver remote root compromise Reference: BID:742 Reference: URL:http://www.securityfocus.com/bid/742 Reference: OSVDB:1126 Reference: URL:http://www.osvdb.org/1126 Reference: XF:zeus-remote-root(3380) Reference: URL:http://xforce.iss.net/xforce/xfdb/3380 Zeus web server allows remote attackers to read arbitrary files by specifying the file name in an option to the search engine. ====================================================== Name: CVE-1999-0884 Status: Entry Reference: BUGTRAQ:19991024 RFP9905: Zeus webserver remote root compromise Reference: BID:742 Reference: URL:http://www.securityfocus.com/bid/742 Reference: OSVDB:8186 Reference: URL:http://www.osvdb.org/8186 Reference: XF:zeus-weak-password(3833) Reference: URL:http://xforce.iss.net/xforce/xfdb/3833 The Zeus web server administrative interface uses weak encryption for its passwords. ====================================================== Name: CVE-1999-0886 Status: Entry Reference: MSKB:Q242294 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q242294 Reference: MS:MS99-041 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-041.mspx Reference: BID:645 Reference: URL:http://www.securityfocus.com/bid/645 Reference: XF:nt-rasman-pathname The security descriptor for RASMAN allows users to point to an alternate location via the Windows NT Service Control Manager. ====================================================== Name: CVE-1999-0887 Status: Entry Reference: BUGTRAQ:19991104 FTGate Version 2.1 Web interface Server Directory Traversal Vulnerability Reference: EEYE:AD05261999 Reference: URL:http://www.eeye.com/html/Research/Advisories/AD05261999.html Reference: OSVDB:1137 Reference: URL:http://www.osvdb.org/1137 FTGate web interface server allows remote attackers to read files via a .. (dot dot) attack. ====================================================== Name: CVE-1999-0888 Status: Entry Reference: BUGTRAQ:19990817 Security Bug in Oracle Reference: XF:oracle-dbsnmp Reference: BID:585 Reference: URL:http://www.securityfocus.com/bid/585 dbsnmp in Oracle Intelligent Agent allows local users to gain privileges by setting the ORACLE_HOME environmental variable, which dbsnmp uses to find the nmiconf.tcl script. ====================================================== Name: CVE-1999-0889 Status: Entry Reference: BUGTRAQ:19990810 Cisco 675 password nonsense Reference: XF:cisco-cbos-telnet Reference: OSVDB:39 Reference: URL:http://www.osvdb.org/39 Cisco 675 routers running CBOS allow remote attackers to establish telnet sessions if an exec or superuser password has not been set. ====================================================== Name: CVE-1999-0890 Status: Entry Reference: BUGTRAQ:19990928 Team Asylum: iHTML Merchant Vulnerabilities Reference: CONFIRM:http://www.ihtmlmerchant.com/support_patches_feedback.htm Reference: BID:694 Reference: URL:http://www.securityfocus.com/bid/694 Reference: XF:ihtml-merchant-file-access iHTML Merchant allows remote attackers to obtain sensitive information or execute commands via a code parsing error. ====================================================== Name: CVE-1999-0891 Status: Entry Reference: MS:MS99-040 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-040.mspx Reference: MSKB:Q242542 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q242542 Reference: CERT-VN:VU#37828 Reference: URL:http://www.kb.cert.org/vuls/id/37828 Reference: CIAC:K-002 Reference: URL:http://www.ciac.org/ciac/bulletins/k-002.shtml Reference: BID:674 Reference: URL:http://www.securityfocus.com/bid/674 Reference: OSVDB:11274 Reference: URL:http://www.osvdb.org/11274 Reference: XF:ie-download-behavior The "download behavior" in Internet Explorer 5 allows remote attackers to read arbitrary files via a server-side redirect. ====================================================== Name: CVE-1999-0892 Status: Entry Reference: BUGTRAQ:19991018 Netscape 4.x buffer overflow Buffer overflow in Netscape Communicator before 4.7 via a dynamic font whose length field is less than the size of the font. ====================================================== Name: CVE-1999-0893 Status: Entry Reference: BUGTRAQ:19991011 SCO OpenServer 5.0.5 overwrite /etc/shadow Reference: XF:sco-openserver-userosa-script userOsa in SCO OpenServer allows local users to corrupt files via a symlink attack. ====================================================== Name: CVE-1999-0894 Status: Entry Reference: REDHAT:RHSA1999042-01 Red Hat Linux screen program does not use Unix98 ptys, allowing local users to write to other terminals. ====================================================== Name: CVE-1999-0895 Status: Entry Reference: BUGTRAQ:19991020 Checkpoint FireWall-1 V4.0: possible bug in LDAP authentication Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=19991020150002.21047.qmail@tarjan.mediaways.net Reference: BID:725 Reference: URL:http://www.securityfocus.com/bid/725 Reference: XF:checkpoint-ldap-auth Reference: OSVDB:1117 Reference: URL:http://www.osvdb.org/1117 Firewall-1 does not properly restrict access to LDAP attributes. ====================================================== Name: CVE-1999-0896 Status: Entry Reference: BUGTRAQ:19991109 RealNetworks RealServer G2 buffer overflow. Reference: MISC:http://service.real.com/help/faq/servg260.html Reference: XF:realserver-g2-pw-bo Reference: BID:767 Reference: URL:http://www.securityfocus.com/bid/767 Buffer overflow in RealNetworks RealServer administration utility allows remote attackers to execute arbitrary commands via a long username and password. ====================================================== Name: CVE-1999-0897 Status: Entry Reference: BUGTRAQ:19980908 bug in iChat 3.0 (maybe others) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90538488231977&w=2 Reference: XF:ichat-file-read-vuln iChat ROOMS Webserver allows remote attackers to read arbitrary files via a .. (dot dot) attack. ====================================================== Name: CVE-1999-0898 Status: Entry Reference: MS:MS99-047 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-047.mspx Reference: MSKB:Q243649 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q243649 Reference: XF:nt-printer-spooler-bo Reference: BID:768 Reference: URL:http://www.securityfocus.com/bid/768 Buffer overflows in Windows NT 4.0 print spooler allow remote attackers to gain privileges or cause a denial of service via a malformed spooler request. ====================================================== Name: CVE-1999-0899 Status: Entry Reference: MS:MS99-047 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-047.mspx Reference: MSKB:Q243649 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q243649 Reference: BID:769 Reference: URL:http://www.securityfocus.com/bid/769 Reference: XF:nt-printer-spooler-bo The Windows NT 4.0 print spooler allows a local user to execute arbitrary commands due to inappropriate permissions that allow the user to specify an alternate print provider. ====================================================== Name: CVE-1999-0900 Status: Entry Reference: REDHAT:RHSA1999046-01 Reference: SUSE:19991023 Security hole in ypserv < 1.3.9 Reference: DEBIAN:19991027 nis Buffer overflow in rpc.yppasswdd allows a local user to gain privileges via MD5 hash generation. ====================================================== Name: CVE-1999-0901 Status: Entry Reference: REDHAT:RHSA1999046-01 Reference: SUSE:19991023 Security hole in ypserv < 1.3.9 Reference: DEBIAN:19991027 nis ypserv allows a local user to modify the GECOS and login shells of other users. ====================================================== Name: CVE-1999-0902 Status: Entry Reference: REDHAT:RHSA1999046-01 Reference: SUSE:19991023 Security hole in ypserv < 1.3.9 Reference: DEBIAN:19991027 nis ypserv allows local administrators to modify password tables. ====================================================== Name: CVE-1999-0903 Status: Entry Reference: BUGTRAQ:19991025 IBM AIX Packet Filter module Reference: BUGTRAQ:19991027 Re: IBM AIX Packet Filter module (followup) Reference: XF:aix-genfilt-filtering genfilt in the AIX Packet Filtering Module does not properly filter traffic to destination ports greater than 32767. ====================================================== Name: CVE-1999-0904 Status: Entry Reference: BUGTRAQ:19991103 Remote DoS Attack in BFTelnet Server v1.1 for Windows NT Reference: XF:bftelnet-username-dos Reference: BID:771 Reference: URL:http://www.securityfocus.com/bid/771 Buffer overflow in BFTelnet allows remote attackers to cause a denial of service via a long username. ====================================================== Name: CVE-1999-0905 Status: Entry Reference: BUGTRAQ:19991020 Remote DoS in Axent's Raptor 6.0 Reference: BID:736 Reference: URL:http://www.securityfocus.com/bid/736 Reference: XF:raptor-ipoptions-dos Reference: OSVDB:1121 Reference: URL:http://www.osvdb.org/1121 Denial of service in Axent Raptor firewall via malformed zero-length IP options. ====================================================== Name: CVE-1999-0906 Status: Entry Reference: BUGTRAQ:19990923 SuSE 6.2 sccw overflow exploit Reference: SUSE:19990926 Security hole in sccw (Part II) Reference: BID:656 Reference: URL:http://www.securityfocus.com/bid/656 Reference: XF:linux-sccw-bo Buffer overflow in sccw allows local users to gain root access via the HOME environmental variable. ====================================================== Name: CVE-1999-0907 Status: Entry Reference: BUGTRAQ:19990916 SuSE 6.2 /usr/bin/sccw read any file Reference: SUSE:19990921 Security Hole in sccw-1.1 and earlier sccw allows local users to read arbitrary files. ====================================================== Name: CVE-1999-0908 Status: Entry Reference: BUGTRAQ:19990921 solaris DoS Reference: BID:655 Reference: URL:http://www.securityfocus.com/bid/655 Reference: XF:sun-tcp-mutex-enter-dos Denial of service in Solaris TCP streams driver via a malicious connection that causes the server to panic as a result of recursive calls to mutex_enter. ====================================================== Name: CVE-1999-0909 Status: Entry Reference: NAI:Windows IP Source Routing Vulnerability Reference: MS:MS99-038 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-038.mspx Reference: MSKB:Q238453 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q238453 Reference: BID:646 Reference: URL:http://www.securityfocus.com/bid/646 Reference: XF:nt-ip-source-route Multihomed Windows systems allow a remote attacker to bypass IP source routing restrictions via a malformed packet with IP options, aka the "Spoofed Route Pointer" vulnerability. ====================================================== Name: CVE-1999-0912 Status: Entry Reference: BUGTRAQ:19990921 FreeBSD-specific denial of service Reference: BID:653 Reference: URL:http://www.securityfocus.com/bid/653 Reference: XF:freebsd-vfscache-dos Reference: OSVDB:1079 Reference: URL:http://www.osvdb.org/1079 FreeBSD VFS cache (vfs_cache) allows local users to cause a denial of service by opening a large number of files. ====================================================== Name: CVE-1999-0914 Status: Entry Reference: DEBIAN:19990104 Reference: BUGTRAQ:19990103 [SECURITY] New versions of netstd fixes buffer overflows Reference: BID:324 Reference: URL:http://www.securityfocus.com/bid/324 Buffer overflow in the FTP client in the Debian GNU/Linux netstd package. ====================================================== Name: CVE-1999-0915 Status: Entry Reference: BUGTRAQ:19991028 URL Live! 1.0 WebServer Reference: BID:746 Reference: URL:http://www.securityfocus.com/bid/746 Reference: OSVDB:1129 Reference: URL:http://www.osvdb.org/1129 URL Live! web server allows remote attackers to read arbitrary files via a .. (dot dot) attack. ====================================================== Name: CVE-1999-0916 Status: Entry Reference: ISS:19990629 Bad Permissions on Passwords Stored by WebTrends Software WebTrends software stores account names and passwords in a file which does not have restricted access permissions. ====================================================== Name: CVE-1999-0917 Status: Entry Reference: MS:MS99-018 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-018.mspx Reference: MSKB:Q231452 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q231452 Reference: XF:legacy-activex-local-drive The Preloader ActiveX control used by Internet Explorer allows remote attackers to read arbitrary files. ====================================================== Name: CVE-1999-0918 Status: Entry Reference: BUGTRAQ:19990703 IGMP fragmentation bug in Windows 98/2000 Reference: MSKB:Q238329 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q238329 Reference: MS:MS99-034 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-034.mspx Reference: XF:igmp-dos Reference: BID:514 Reference: URL:http://www.securityfocus.com/bid/514 Denial of service in various Windows systems via malformed, fragmented IGMP packets. ====================================================== Name: CVE-1999-0920 Status: Entry Reference: BUGTRAQ:19990526 Remote vulnerability in pop2d Reference: DEBIAN:19990607a Reference: BID:283 Reference: URL:http://www.securityfocus.com/bid/283 Reference: XF:pop2-fold-bo Buffer overflow in the pop-2d POP daemon in the IMAP package allows remote attackers to gain privileges via the FOLD command. ====================================================== Name: CVE-1999-0921 Status: Entry Reference: BUGTRAQ:19990409 Patrol security bugs Reference: URL:http://www.securityfocus.com/archive/1/13204 Reference: XF:bmc-patrol-udp-dos(4291) Reference: URL:http://www.iss.net/security_center/static/4291.php Reference: BID:1879 Reference: URL:http://www.securityfocus.com/bid/1879 BMC Patrol allows any remote attacker to flood its UDP port, causing a denial of service. ====================================================== Name: CVE-1999-0922 Status: Entry Reference: ALLAIRE:ASB99-02 Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=8739&Method=Full Reference: XF:coldfusion-sourcewindow An example application in ColdFusion Server 4.0 allows remote attackers to view source code via the sourcewindow.cfm file. ====================================================== Name: CVE-1999-0924 Status: Entry Reference: ALLAIRE:ASB99-02 Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=8739&Method=Full Reference: XF:coldfusion-syntax-checker(1742) Reference: URL:http://xforce.iss.net/xforce/xfdb/1742 Reference: OSVDB:3236 Reference: URL:http://www.osvdb.org/3236 The Syntax Checker in ColdFusion Server 4.0 allows remote attackers to conduct a denial of service. ====================================================== Name: CVE-1999-0927 Status: Entry Reference: EEYE:AD05261999 Reference: URL:http://www.eeye.com/html/Research/Advisories/AD05261999.html Reference: BID:279 Reference: URL:http://www.securityfocus.com/bid/279 Reference: XF:ntmail-fileread NTMail allows remote attackers to read arbitrary files via a .. (dot dot) attack. ====================================================== Name: CVE-1999-0928 Status: Entry Reference: BUGTRAQ:19990525 Buffer overflow in SmartDesk WebSuite v2.1 Reference: XF:websuite-dos Reference: BID:278 Reference: URL:http://www.securityfocus.com/bid/278 Buffer overflow in SmartDesk WebSuite allows remote attackers to cause a denial of service via a long URL. ====================================================== Name: CVE-1999-0930 Status: Entry Reference: BUGTRAQ:19980903 wwwboard.pl vulnerability Reference: CONFIRM:http://www.worldwidemart.com/scripts/faq/wwwboard/q5.shtml Reference: XF:http-cgi-wwwboard(2344) Reference: URL:http://xforce.iss.net/static/2344.php Reference: BID:1795 Reference: URL:http://www.securityfocus.com/bid/1795 wwwboard allows a remote attacker to delete message board articles via a malformed argument. ====================================================== Name: CVE-1999-0931 Status: Entry Reference: BUGTRAQ:19990930 Security flaw in Mediahouse Statistics Server v4.28 & 5.01 Reference: BID:734 Reference: URL:http://www.securityfocus.com/bid/734 Reference: XF:mediahouse-stats-login-bo Buffer overflow in Mediahouse Statistics Server allows remote attackers to execute commands. ====================================================== Name: CVE-1999-0932 Status: Entry Reference: BUGTRAQ:19990930 Security flaw in Mediahouse Statistics Server v4.28 & 5.01 Reference: BID:735 Reference: URL:http://www.securityfocus.com/bid/735 Reference: XF:mediahouse-stats-adminpw-cleartext Mediahouse Statistics Server allows remote attackers to read the administrator password, which is stored in cleartext in the ss.cfg file. ====================================================== Name: CVE-1999-0933 Status: Entry Reference: BUGTRAQ:19991001 RFP9904: TeamTrack webserver vulnerability Reference: BID:689 Reference: URL:http://www.securityfocus.com/bid/689 Reference: OSVDB:1096 Reference: URL:http://www.osvdb.org/1096 TeamTrack web server allows remote attackers to read arbitrary files via a .. (dot dot) attack. ====================================================== Name: CVE-1999-0934 Status: Entry Reference: EL8:19991215 Classifieds (classifieds.cgi) Reference: BID:2020 Reference: URL:http://www.securityfocus.com/bid/2020 Reference: XF:http-cgi-classifieds-read(3102) Reference: URL:http://xforce.iss.net/xforce/xfdb/3102 classifieds.cgi allows remote attackers to read arbitrary files via shell metacharacters. ====================================================== Name: CVE-1999-0935 Status: Entry Reference: EL8:19991215 Classifieds (classifieds.cgi) classifieds.cgi allows remote attackers to execute arbitrary commands by specifying them in a hidden variable in a CGI form. ====================================================== Name: CVE-1999-0936 Status: Entry Reference: EL8:19981203 BNBSurvey (survey.cgi) BNBSurvey survey.cgi program allows remote attackers to execute commands via shell metacharacters. ====================================================== Name: CVE-1999-0937 Status: Entry Reference: EL8:19981203 BNBForm (bnbform.cgi) BNBForm allows remote attackers to read arbitrary files via the automessage hidden form variable. ====================================================== Name: CVE-1999-0938 Status: Entry Reference: CERT:VN-99-03 Reference: XF:sdr-execute MBone SDR Package allows remote attackers to execute commands via shell metacharacters in Sesion Initiation Protocol (SIP) messages. ====================================================== Name: CVE-1999-0939 Status: Entry Reference: BUGTRAQ:19990826 [SECURITY] New versions of epic4 fixes possible DoS vulnerability Reference: DEBIAN:19990826 Reference: BID:605 Reference: URL:http://www.securityfocus.com/bid/605 Denial of service in Debian IRC Epic/epic4 client via a long string. ====================================================== Name: CVE-1999-0940 Status: Entry Reference: CALDERA:CSSA-1999-031 Reference: SUSE:19990927 Security hole in mutt Buffer overflow in mutt mail client allows remote attackers to execute commands via malformed MIME messages. ====================================================== Name: CVE-1999-0942 Status: Entry Reference: BUGTRAQ:19991005 SCO UnixWare 7.1 local root exploit Reference: XF:sco-unixware-dos7utils-root-privs UnixWare dos7utils allows a local user to gain root privileges by using the STATICMERGE environmental variable to find a script which it executes. ====================================================== Name: CVE-1999-0943 Status: Entry Reference: BUGTRAQ:19991015 OpenLink 3.2 Advisory Reference: BID:720 Reference: URL:http://www.securityfocus.com/bid/720 Buffer overflow in OpenLink 3.2 allows remote attackers to gain privileges via a long GET request to the web configurator. ====================================================== Name: CVE-1999-0945 Status: Entry Reference: ISS:19980724 Denial of Service attacks against Microsoft Exchange 5.0 to 5.5 Reference: URL:http://xforce.iss.net/alerts/advise4.php Reference: CIAC:I-080 Reference: URL:http://www.ciac.org/ciac/bulletins/i-080.shtml Reference: MSKB:Q169174 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q169174 Reference: XF:exchange-dos(1223) Reference: URL:http://xforce.iss.net/xforce/xfdb/1223 Buffer overflow in Internet Mail Service (IMS) for Microsoft Exchange 5.5 and 5.0 allows remote attackers to conduct a denial of service via AUTH or AUTHINFO commands. ====================================================== Name: CVE-1999-0946 Status: Entry Reference: BUGTRAQ:19991102 Some holes for Win/UNIX softwares Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94157187815629&w=2 Reference: XF:yamaha-midiplug-embed Reference: BID:760 Reference: URL:http://www.securityfocus.com/bid/760 Buffer overflow in Yamaha MidiPlug via a Text variable in an EMBED tag. ====================================================== Name: CVE-1999-0947 Status: Entry Reference: BUGTRAQ:19991102 Some holes for Win/UNIX softwares Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94157187815629&w=2 Reference: BID:762 Reference: URL:http://www.securityfocus.com/bid/762 AN-HTTPd provides example CGI scripts test.bat, input.bat, input2.bat, and envout.bat, which allow remote attackers to execute commands via shell metacharacters. ====================================================== Name: CVE-1999-0950 Status: Entry Reference: BUGTRAQ:19991027 WFTPD v2.40 FTPServer remotely exploitable buffer overflow vulnerability Reference: BID:747 Reference: URL:http://www.securityfocus.com/bid/747 Reference: XF:wftpd-mkd-bo Buffer overflow in WFTPD FTP server allows remote attackers to gain root access via a series of MKD and CWD commands that create nested directories. ====================================================== Name: CVE-1999-0951 Status: Entry Reference: BUGTRAQ:19991022 Imagemap CGI overflow exploit Reference: BID:739 Reference: URL:http://www.securityfocus.com/bid/739 Reference: XF:http-cgi-imagemap-bo Reference: OSVDB:3380 Reference: URL:http://www.osvdb.org/3380 Buffer overflow in OmniHTTPd CGI program imagemap.exe allows remote attackers to execute commands. ====================================================== Name: CVE-1999-0953 Status: Entry Reference: BUGTRAQ:19980903 wwwboard.pl vulnerability Reference: BUGTRAQ:19990916 More fun with WWWBoard WWWBoard stores encrypted passwords in a password file that is under the web root and thus accessible by remote attackers. ====================================================== Name: CVE-1999-0954 Status: Entry Reference: BUGTRAQ:19990916 More fun with WWWBoard Reference: BID:649 Reference: URL:http://www.securityfocus.com/bid/649 WWWBoard has a default username and default password. ====================================================== Name: CVE-1999-0955 Status: Entry Reference: CERT:CA-94.08 Reference: CIAC:E-17 Reference: XF:ftp-exec Race condition in wu-ftpd and BSDI ftpd allows remote attackers gain root access via the SITE EXEC command. ====================================================== Name: CVE-1999-0956 Status: Entry Reference: CERT:CA-93.02a Reference: XF:next-netinfo The NeXT NetInfo _writers property allows local users to gain root privileges or conduct a denial of service. ====================================================== Name: CVE-1999-0957 Status: Entry Reference: BUGTRAQ:19970618 Security hole in MajorCool 1.0.3 Reference: XF:majorcool-file-overwrite-vuln MajorCool mj_key_cache program allows local users to modify files via a symlink attack. ====================================================== Name: CVE-1999-0958 Status: Entry Reference: BUGTRAQ:19980112 Re: hole in sudo for MP-RAS. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88465708614896&w=2 Reference: XF:sudo-dot-dot-attack sudo 1.5.x allows local users to execute arbitrary commands via a .. (dot dot) attack. ====================================================== Name: CVE-1999-0959 Status: Entry Reference: BUGTRAQ:19970209 IRIX: Bug in startmidi Reference: AUSCERT:AA-97-05 Reference: SGI:19980301-01-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980301-01-PX Reference: BID:469 Reference: URL:http://www.securityfocus.com/bid/469 Reference: OSVDB:8447 Reference: URL:http://www.osvdb.org/8447 Reference: XF:irix-startmidi-file-creation((1634) IRIX startmidi program allows local users to modify arbitrary files via a symlink attack. ====================================================== Name: CVE-1999-0960 Status: Entry Reference: AUSCERT:AA-96.11 Reference: SGI:19980301-01-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980301-01-PX Reference: XF:irix-cdplayer-directory-create IRIX cdplayer allows local users to create directories in arbitrary locations via a command line option. ====================================================== Name: CVE-1999-0961 Status: Entry Reference: BUGTRAQ:19960921 Vunerability in HP sysdiag ? Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167419906&w=2 Reference: CIAC:H-03 Reference: XF:hp-sysdiag-symlink HPUX sysdiag allows local users to gain root privileges via a symlink attack during log file creation. ====================================================== Name: CVE-1999-0962 Status: Entry Reference: AUSCERT:AA-96.13 Reference: HP:HPSBUX9701-045 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9701-045 Reference: XF:hp-password-cmd-bo Reference: OSVDB:6415 Reference: URL:http://www.osvdb.org/6415 Buffer overflow in HPUX passwd command allows local users to gain root privileges via a command line option. ====================================================== Name: CVE-1999-0963 Status: Entry Reference: BUGTRAQ:19960517 BoS: SECURITY BUG in FreeBSD Reference: CERT:VB-96.06 Reference: XF:freebsd-mount-union-root Reference: OSVDB:6088 Reference: URL:http://www.osvdb.org/6088 FreeBSD mount_union command allows local users to gain root privileges via a symlink attack. ====================================================== Name: CVE-1999-0964 Status: Entry Reference: FREEBSD:FreeBSD-SA-97:01 Reference: XF:freebsd-setlocale-bo Reference: OSVDB:6086 Reference: URL:http://www.osvdb.org/6086 Buffer overflow in FreeBSD setlocale in the libc module allows attackers to execute arbitrary code via a long PATH_LOCALE environment variable. ====================================================== Name: CVE-1999-0965 Status: Entry Reference: CERT:CA-93.17 Reference: XF:xterm Race condition in xterm allows local users to modify arbitrary files via the logging option. ====================================================== Name: CVE-1999-0966 Status: Entry Reference: L0PHT:19970127 Solaris libc - getopt(3) Buffer overflow in Solaris getopt in libc allows local users to gain root privileges via a long argv[0]. ====================================================== Name: CVE-1999-0967 Status: Entry Reference: L0PHT:19971101 Microsoft Internet Explorer 4.0 Suite Buffer overflow in the HTML library used by Internet Explorer, Outlook Express, and Windows Explorer via the res: local resource protocol. ====================================================== Name: CVE-1999-0968 Status: Entry Reference: BUGTRAQ:19981226 bnc exploit Reference: URL:http://www.securityfocus.com/archive/1/11711 Reference: XF:bnc-proxy-bo(1546) Reference: URL:http://xforce.iss.net/static/1546.php Reference: BID:1927 Reference: URL:http://www.securityfocus.com/bid/1927 Buffer overflow in BNC IRC proxy allows remote attackers to gain privileges. ====================================================== Name: CVE-1999-0969 Status: Entry Reference: ISS:19980929 "Snork" Denial of Service Attack Against Windows NT RPC Service Reference: NTBUGTRAQ:19980929 ISS Security Advisory: Snork Reference: MS:MS98-014 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms98-014.mspx Reference: MSKB:Q193233 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q193233 Reference: XF:snork-dos The Windows NT RPC service allows remote attackers to conduct a denial of service using spoofed malformed RPC packets which generate an error message that is sent to the spoofed host, potentially setting up a loop, aka Snork. ====================================================== Name: CVE-1999-0971 Status: Entry Reference: BUGTRAQ:19970722 Security hole in exim 1.62: local root exploit Reference: URL:http://www.securityfocus.com/archive/1/7301 Reference: XF:exim-include-overflow Buffer overflow in Exim allows local users to gain root privileges via a long :include: option in a .forward file. ====================================================== Name: CVE-1999-0972 Status: Entry Reference: BUGTRAQ:19991209 xsw 1.24 remote buffer overflow Reference: BID:863 Reference: URL:http://www.securityfocus.com/bid/863 Buffer overflow in Xshipwars xsw program. ====================================================== Name: CVE-1999-0973 Status: Entry Reference: BUGTRAQ:19991206 [w00giving #8] Solaris 2.7's snoop Reference: BUGTRAQ:19991209 Clarification needed on the snoop vuln(s) (fwd) Reference: BID:858 Reference: URL:http://www.securityfocus.com/bid/858 Buffer overflow in Solaris snoop program allows remote attackers to gain root privileges via a long domain name when snoop is running in verbose mode. ====================================================== Name: CVE-1999-0974 Status: Entry Reference: ISS:19991209 Buffer Overflow in Solaris Snoop Reference: SUN:00190 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/190 Reference: BUGTRAQ:19991209 Clarification needed on the snoop vuln(s) (fwd) Reference: BID:864 Reference: URL:http://www.securityfocus.com/bid/864 Buffer overflow in Solaris snoop allows remote attackers to gain root privileges via GETQUOTA requests to the rpc.rquotad service. ====================================================== Name: CVE-1999-0975 Status: Entry Reference: BUGTRAQ:19991207 Local user can fool another to run executable. .CNT/.GID/.HLP M$WINNT Reference: BID:868 Reference: URL:http://www.securityfocus.com/bid/868 The Windows help system can allow a local user to execute commands as another user by editing a table of contents metafile with a .CNT extension and modifying the topic action to include the commands to be executed when the .hlp file is accessed. ====================================================== Name: CVE-1999-0976 Status: Entry Reference: OPENBSD:19991204 Reference: BUGTRAQ:19991207 [Debian] New version of sendmail released Reference: XF:sendmail-bi-alias Reference: BID:857 Reference: URL:http://www.securityfocus.com/bid/857 Sendmail allows local users to reinitialize the aliases database via the newaliases command, then cause a denial of service by interrupting Sendmail. ====================================================== Name: CVE-1999-0977 Status: Entry Reference: SF-INCIDENTS:19991209 sadmind Reference: BUGTRAQ:19991210 Solaris sadmind Buffer Overflow Vulnerability Reference: BUGTRAQ:19991210 Re: Solaris sadmind Buffer Overflow Vulnerability Reference: CERT:CA-99-16 Reference: SUN:00191 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/191 Reference: BID:866 Reference: URL:http://www.securityfocus.com/bid/866 Reference: BID:2354 Reference: URL:http://www.securityfocus.com/bid/2354 Reference: XF:sol-sadmind-amslverify-bo Reference: OSVDB:2558 Reference: URL:http://www.osvdb.org/2558 Buffer overflow in Solaris sadmind allows remote attackers to gain root privileges using a NETMGT_PROC_SERVICE request. ====================================================== Name: CVE-1999-0978 Status: Entry Reference: DEBIAN:19991209 Reference: BID:867 Reference: URL:http://www.securityfocus.com/bid/867 htdig allows remote attackers to execute commands via filenames with shell metacharacters. ====================================================== Name: CVE-1999-0979 Status: Entry Reference: BUGTRAQ:19991209 Fundamental flaw in UnixWare 7 security Reference: BUGTRAQ:19991215 Recent postings about SCO UnixWare 7 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94530783815434&w=2 Reference: BID:869 Reference: URL:http://www.securityfocus.com/bid/869 The SCO UnixWare privileged process system allows local users to gain root privileges by using a debugger such as gdb to insert traps into _init before the privileged process is executed. ====================================================== Name: CVE-1999-0980 Status: Entry Reference: MS:MS99-055 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-055.mspx Reference: MSKB:Q246045 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q246045 Windows NT Service Control Manager (SCM) allows remote attackers to cause a denial of service via a malformed argument in a resource enumeration request. ====================================================== Name: CVE-1999-0981 Status: Entry Reference: MS:MS99-050 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-050.mspx Reference: MSKB:Q246094 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q246094 Internet Explorer 5.01 and earlier allows a remote attacker to create a reference to a client window and use a server-side redirect to access local files via that window, aka "Server-side Page Reference Redirect." ====================================================== Name: CVE-1999-0982 Status: Entry Reference: BUGTRAQ:19991206 Solaris WBEM 1.0: plaintext password stored in world readable file The Sun Web-Based Enterprise Management (WBEM) installation script stores a password in plaintext in a world readable file. ====================================================== Name: CVE-1999-0986 Status: Entry Reference: BUGTRAQ:19991209 Big problem on 2.0.x? Reference: BID:870 Reference: URL:http://www.securityfocus.com/bid/870 The ping command in Linux 2.0.3x allows local users to cause a denial of service by sending large packets with the -R (record route) option. ====================================================== Name: CVE-1999-0987 Status: Entry Reference: NTBUGTRAQ:19991118 NT System Policy for Win95 Not downloaded when adding a space after domain name Reference: MSKB:Q237923 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q237923 Windows NT does not properly download a system policy if the domain user logs into the domain with a space at the end of the domain name. ====================================================== Name: CVE-1999-0989 Status: Entry Reference: NTBUGTRAQ:19991205 new IE5 remote exploit Reference: BUGTRAQ:19991205 new IE5 remote exploit Reference: BID:861 Reference: URL:http://www.securityfocus.com/bid/861 Buffer overflow in Internet Explorer 5 directshow filter (MSDXM.OCX) allows remote attackers to execute commands via the vnd.ms.radio protocol. ====================================================== Name: CVE-1999-0991 Status: Entry Reference: NTBUGTRAQ:19991206 Remote DoS Attack in GoodTech Telnet Server NT v2.2.1 Vulnerability Reference: BUGTRAQ:19991206 Remote DoS Attack in GoodTech Telnet Server NT v2.2.1 Vulnerability Reference: BID:862 Reference: URL:http://www.securityfocus.com/bid/862 Buffer overflow in GoodTech Telnet Server NT allows remote users to cause a denial of service via a long login name. ====================================================== Name: CVE-1999-0992 Status: Entry Reference: HP:HPSBUX9912-107 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9912-107 HP VirtualVault with the PHSS_17692 patch allows unprivileged processes to bypass access restrictions via the Trusted Gateway Proxy (TGP). ====================================================== Name: CVE-1999-0994 Status: Entry Reference: BINDVIEW:19991216 Windows NT's SYSKEY feature Reference: MS:MS99-056 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-056.mspx Reference: MSKB:Q248183 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q248183 Reference: BID:873 Reference: URL:http://www.securityfocus.com/bid/873 Windows NT with SYSKEY reuses the keystream that is used for encrypting SAM password hashes, allowing an attacker to crack passwords. ====================================================== Name: CVE-1999-0995 Status: Entry Reference: NAI:19991216 Windows NT LSA Remote Denial of Service Reference: MS:MS99-057 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-057.mspx Reference: MSKB:Q248185 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q248185 Reference: BID:875 Reference: URL:http://www.securityfocus.com/bid/875 Windows NT Local Security Authority (LSA) allows remote attackers to cause a denial of service via malformed arguments to the LsaLookupSids function which looks up the SID, aka "Malformed Security Identifier Request." ====================================================== Name: CVE-1999-0996 Status: Entry Reference: EEYE:AD19991215 Reference: URL:http://www.eeye.com/html/Research/Advisories/AD19991215.html Reference: BUGTRAQ:19991216 Infoseek Ultraseek Remote Buffer Overflow Reference: NTBUGTRAQ:19991216 Infoseek Ultraseek Remote Buffer Overflow Reference: XF:infoseek-ultraseek-bo Reference: OSVDB:6490 Reference: URL:http://www.osvdb.org/6490 Buffer overflow in Infoseek Ultraseek search engine allows remote attackers to execute commands via a long GET request. ====================================================== Name: CVE-1999-0997 Status: Entry Reference: BUGTRAQ:19991220 Security vulnerability in certain wu-ftpd (and derivitives) configurations (fwd) Reference: DEBIAN:DSA-377 Reference: URL:http://www.debian.org/security/2003/dsa-377 Reference: XF:wuftp-ftp-conversion wu-ftp with FTP conversion enabled allows an attacker to execute commands via a malformed file name that is interpreted as an argument to the program that does the conversion, e.g. tar or uncompress. ====================================================== Name: CVE-1999-0998 Status: Entry Reference: CISCO:19991216 Cisco Cache Engine Authentication Vulnerabilities Reference: BUGTRAQ:19991216 Cisco Security Advisory: Cisco Cache Engine Authentication Vulnerabilities Reference: XF:cisco-cache-engine-replace Cisco Cache Engine allows an attacker to replace content in the cache. ====================================================== Name: CVE-1999-0999 Status: Entry Reference: MS:MS99-059 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-059.mspx Reference: MSKB:Q248749 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q248749 Reference: BID:817 Reference: URL:http://www.securityfocus.com/bid/817 Microsoft SQL 7.0 server allows a remote attacker to cause a denial of service via a malformed TDS packet. ====================================================== Name: CVE-1999-1000 Status: Entry Reference: CISCO:19991216 Cisco Cache Engine Authentication Vulnerabilities Reference: BUGTRAQ:19991216 Cisco Security Advisory: Cisco Cache Engine Authentication Vulnerabilities Reference: XF:cisco-cache-engine-performance The web administration interface for Cisco Cache Engine allows remote attackers to view performance statistics. ====================================================== Name: CVE-1999-1001 Status: Entry Reference: CISCO:19991216 Cisco Cache Engine Authentication Vulnerabilities Reference: BUGTRAQ:19991216 Cisco Security Advisory: Cisco Cache Engine Authentication Vulnerabilities Cisco Cache Engine allows a remote attacker to gain access via a null username and password. ====================================================== Name: CVE-1999-1004 Status: Entry Reference: BUGTRAQ:19991217 NAV2000 Email Protection DoS Reference: URL:http://www.securityfocus.com/archive/1/38970 Reference: BUGTRAQ:19991220 Norton Email Protection Remote Overflow (Addendum) Reference: URL:http://www.securityfocus.com/archive/1/39194 Reference: CONFIRM:http://service1.symantec.com/SUPPORT/nav.nsf/df0a595864594c86852567ac0063608c/6206f660a1f2516a882568660082c930?OpenDocument&Highlight=0,poproxy Reference: OSVDB:6267 Reference: URL:http://www.osvdb.org/6267 Buffer overflow in the POP server POProxy for the Norton Anti-Virus protection NAV2000 program via a large USER command. ====================================================== Name: CVE-1999-1005 Status: Entry Reference: BUGTRAQ:19991219 Groupewise Web Interface Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94571433731824&w=2 Reference: XF:groupwise-web-read-files Reference: BID:879 Reference: URL:http://www.securityfocus.com/bid/879 Reference: OSVDB:3413 Reference: URL:http://www.osvdb.org/3413 Groupwise web server GWWEB.EXE allows remote attackers to read arbitrary files with .htm extensions via a .. (dot dot) attack using the HELP parameter. ====================================================== Name: CVE-1999-1007 Status: Entry Reference: BUGTRAQ:19991213 VDO Live Player 3.02 Buffer Overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94512259331599&w=2 Reference: XF:vdolive-bo-execute Reference: BID:872 Reference: URL:http://www.securityfocus.com/bid/872 Buffer overflow in VDO Live Player allows remote attackers to execute commands on the VDO client via a malformed .vdo file. ====================================================== Name: CVE-1999-1008 Status: Entry Reference: BUGTRAQ:19991215 FreeBSD 3.3 xsoldier root exploit Reference: MISC:http://marc.theaimsgroup.com/?l=freebsd-security&m=94531826621620&w=2 Reference: BID:871 Reference: URL:http://www.securityfocus.com/bid/871 Reference: XF:unix-xsoldier-overflow xsoldier program allows local users to gain root access via a long argument. ====================================================== Name: CVE-1999-1010 Status: Entry Reference: BUGTRAQ:19991214 sshd1 allows unencrypted sessions regardless of server policy Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94519142415338&w=2 Reference: XF:ssh-policy-bypass An SSH 1.2.27 server allows a client to use the "none" cipher, even if it is not allowed by the server policy. ====================================================== Name: CVE-1999-1011 Status: Entry Reference: MS:MS98-004 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms98-004.asp Reference: MS:MS99-025 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-025.asp Reference: CIAC:J-054 Reference: URL:http://www.ciac.org/ciac/bulletins/j-054.shtml Reference: ISS:19990809 Vulnerabilities in Microsoft Remote Data Service Reference: BID:529 Reference: URL:http://www.ciac.org/ciac/bulletins/j-054.shtml Reference: XF:nt-iis-rds Reference: OSVDB:272 Reference: URL:http://www.osvdb.org/272 The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands. ====================================================== Name: CVE-1999-1014 Status: Entry Reference: BUGTRAQ:19990913 Solaris 2.7 /usr/bin/mail Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93727925026476&w=2 Reference: BUGTRAQ:19990927 Working Solaris x86 /usr/bin/mail exploit Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93846422810162&w=2 Reference: SUNBUG:4276509 Reference: XF:sun-usrbinmail-local-bo(3297) Reference: URL:http://xforce.iss.net/static/3297.php Reference: BID:672 Reference: URL:http://www.securityfocus.com/bid/672 Buffer overflow in mail command in Solaris 2.7 and 2.7 allows local users to gain privileges via a long -m argument. ====================================================== Name: CVE-1999-1019 Status: Entry Reference: BUGTRAQ:19990623 Cabletron Spectrum security vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93024398713491&w=2 Reference: BUGTRAQ:19990624 Re: Cabletron Spectrum security vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93024398513475&w=2 Reference: BID:495 Reference: URL:http://www.securityfocus.com/bid/495 SpectroSERVER in Cabletron Spectrum Enterprise Manager 5.0 installs a directory tree with insecure permissions, which allows local users to replace a privileged executable (processd) with a Trojan horse, facilitating a root or Administrator compromise. ====================================================== Name: CVE-1999-1021 Status: Entry Reference: CERT:CA-1992-15 Reference: URL:http://www.cert.org/advisories/CA-1992-15.html Reference: SUN:00117 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/117&type=0&nav=sec.sba Reference: BID:47 Reference: URL:http://www.securityfocus.com/bid/47 Reference: XF:nfs-uid(82) Reference: URL:http://xforce.iss.net/static/82.php NFS on SunOS 4.1 through 4.1.2 ignores the high order 16 bits in a 32 bit UID, which allows a local user to gain root access if the lower 16 bits are set to 0, as fixed by the NFS jumbo patch upgrade. ====================================================== Name: CVE-1999-1027 Status: Entry Reference: BUGTRAQ:19980507 admintool mode 0777 in Solaris 2.6 HW3/98 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221101925880&w=2 Reference: SUNBUG:4178998 Reference: XF:solaris-admintool-world-writable(7296) Reference: URL:http://xforce.iss.net/static/7296.php Reference: BID:290 Reference: URL:http://www.securityfocus.com/bid/290 Solaris 2.6 HW3/98 installs admintool with world-writable permissions, which allows local users to gain privileges by replacing it with a Trojan horse program. ====================================================== Name: CVE-1999-1028 Status: Entry Reference: NTBUGTRAQ:19990528 DoS against PC Anywhere Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92807524225090&w=2 Reference: BID:288 Reference: URL:http://www.securityfocus.com/bid/288 Reference: XF:pcanywhere-dos(2256) Reference: URL:http://www.iss.net/security_center/static/2256.php Symantec pcAnywhere 8.0 allows remote attackers to cause a denial of service (CPU utilization) via a large amount of data to port 5631. ====================================================== Name: CVE-1999-1032 Status: Entry Reference: CERT:CA-1991-11 Reference: URL:http://www.cert.org/advisories/CA-1991-11.html Reference: CIAC:B-36 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/b-36.shtml Reference: BID:26 Reference: URL:http://www.securityfocus.com/bid/26 Reference: XF:ultrix-telnet(584) Reference: URL:http://xforce.iss.net/static/584.php Vulnerability in LAT/Telnet Gateway (lattelnet) on Ultrix 4.1 and 4.2 allows attackers to gain root privileges. ====================================================== Name: CVE-1999-1034 Status: Entry Reference: CERT:CA-1991-08 Reference: URL:http://www.cert.org/advisories/CA-1991-08.html Reference: CIAC:B-28 Reference: URL:http://www.ciac.org/ciac/bulletins/b-28.shtml Reference: BID:23 Reference: URL:http://www.securityfocus.com/bid/23 Reference: XF:sysv-login(583) Reference: URL:http://xforce.iss.net/static/583.php Vulnerability in login in AT&T System V Release 4 allows local users to gain privileges. ====================================================== Name: CVE-1999-1035 Status: Entry Reference: MS:MS98-019 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms98-019.asp Reference: MSKB:Q192296 Reference: URL:http://support.microsoft.com/support/kb/articles/q192/2/96.asp Reference: XF:iis-get-dos(1823) Reference: URL:http://xforce.iss.net/static/1823.php IIS 3.0 and 4.0 on x86 and Alpha allows remote attackers to cause a denial of service (hang) via a malformed GET request, aka the IIS "GET" vulnerability. ====================================================== Name: CVE-1999-1037 Status: Entry Reference: BUGTRAQ:19980626 vulnerability in satan, cops & tiger Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221103125976&w=2 Reference: BUGTRAQ:19980627 Re: vulnerability in satan, cops & tiger Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221103125986&w=2 Reference: XF:satan-rexsatan-symlink(7167) Reference: URL:http://www.iss.net/security_center/static/7167.php Reference: OSVDB:3147 Reference: URL:http://www.osvdb.org/3147 rex.satan in SATAN 1.1.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/rex.$$ file. ====================================================== Name: CVE-1999-1044 Status: Entry Reference: COMPAQ:SSRT0495U Reference: URL:http://ciac.llnl.gov/ciac/bulletins/i-050.shtml Reference: CIAC:I-050 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/i-050.shtml Reference: XF:dgux-advfs-softlinks(7431) Reference: URL:http://www.iss.net/security_center/static/7431.php Vulnerability in Advanced File System Utility (advfs) in Digital UNIX 4.0 through 4.0d allows local users to gain privileges. ====================================================== Name: CVE-1999-1045 Status: Entry Reference: BUGTRAQ:19980115 pnserver exploit.. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88492978527261&w=2 Reference: BUGTRAQ:19980115 [rootshell] Security Bulletin #7 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88490880523890&w=2 Reference: BUGTRAQ:19980817 Re: Real Audio Server Version 5 bug? Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90338245305236&w=2 Reference: MISC:http://service.real.com/help/faq/serv501.html Reference: XF:realserver-pnserver-remote-dos(7297) Reference: URL:http://www.iss.net/security_center/static/7297.php Reference: OSVDB:6979 Reference: URL:http://www.osvdb.org/6979 pnserver in RealServer 5.0 and earlier allows remote attackers to cause a denial of service by sending a short, malformed request. ====================================================== Name: CVE-1999-1047 Status: Entry Reference: BUGTRAQ:19991018 Gauntlet 5.0 BSDI warning Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94026690521279&w=2 Reference: BUGTRAQ:19991019 Re: Gauntlet 5.0 BSDI warning Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94036662326185&w=2 Reference: XF:gauntlet-bsdi-bypass(3397) Reference: URL:http://www.iss.net/security_center/static/3397.php When BSDI patches for Gauntlet 5.0 BSDI are installed in a particular order, Gauntlet allows remote attackers to bypass firewall access restrictions, and does not log the activities. ====================================================== Name: CVE-1999-1048 Status: Entry Reference: BUGTRAQ:19980905 BASH buffer overflow, LiNUX x86 exploit Reference: URL:http://www.securityfocus.com/archive/1/10542 Reference: BUGTRAQ:19970821 Buffer overflow in /bin/bash Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602746719555&w=2 Reference: DEBIAN:19980909 problem with very long pathnames Reference: URL:http://www.debian.org/security/1998/19980909 Reference: XF:linux-bash-bo(3414) Reference: URL:http://xforce.iss.net/static/3414.php Reference: OSVDB:8345 Reference: URL:http://www.osvdb.org/8345 Buffer overflow in bash 2.0.0, 1.4.17, and other versions allows local attackers to gain privileges by creating an extremely large directory name, which is inserted into the password prompt via the \w option in the PS1 environmental variable when another user changes into that directory. ====================================================== Name: CVE-1999-1055 Status: Entry Reference: MS:MS98-018 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms98-018.asp Reference: BID:179 Reference: URL:http://www.securityfocus.com/bid/179 Reference: XF:excel-call(1737) Reference: URL:http://xforce.iss.net/static/1737.php Microsoft Excel 97 does not warn the user before executing worksheet functions, which could allow attackers to execute arbitrary commands by using the CALL function to execute a malicious DLL, aka the Excel "CALL Vulnerability." ====================================================== Name: CVE-1999-1057 Status: Entry Reference: CERT:CA-1990-07 Reference: URL:http://www.cert.org/advisories/CA-1990-07.html Reference: CIAC:B-04 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/b-04.shtml Reference: BID:12 Reference: URL:http://www.securityfocus.com/bid/12 Reference: XF:vms-analyze-processdump-privileges(7137) Reference: URL:http://www.iss.net/security_center/static/7137.php VMS 4.0 through 5.3 allows local users to gain privileges via the ANALYZE/PROCESS_DUMP dcl command. ====================================================== Name: CVE-1999-1059 Status: Entry Reference: CERT:CA-1992-04 Reference: URL:http://www.cert.org/advisories/CA-1992-04.html Reference: BID:36 Reference: URL:http://www.securityfocus.com/bid/36 Reference: XF:att-rexecd(3159) Reference: URL:http://www.iss.net/security_center/static/3159.php Vulnerability in rexec daemon (rexecd) in AT&T TCP/IP 4.0 for various SVR4 systems allows remote attackers to execute arbitrary commands. ====================================================== Name: CVE-1999-1074 Status: Entry Reference: BUGTRAQ:19980501 Warning! Webmin Security Advisory Reference: URL:http://www.securityfocus.com/archive/1/9138 Reference: CONFIRM:http://www.webmin.com/webmin/changes.html Reference: BID:98 Reference: URL:http://www.securityfocus.com/bid/98 Webmin before 0.5 does not restrict the number of invalid passwords that are entered for a valid username, which could allow remote attackers to gain privileges via brute force password cracking. ====================================================== Name: CVE-1999-1080 Status: Entry Reference: BUGTRAQ:19990510 SunOS 5.7 rmmount, no nosuid. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92633694100270&w=2 Reference: BUGTRAQ:19991011 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93971288323395&w=2 Reference: BID:250 Reference: URL:http://www.securityfocus.com/bid/250 Reference: SUNBUG:4205437 Reference: XF:solaris-rmmount-gain-root(8350) Reference: URL:http://xforce.iss.net/xforce/xfdb/8350 rmmount in SunOS 5.7 may mount file systems without the nosuid flag set, contrary to the documentation and its use in previous versions of SunOS, which could allow local users with physical access to gain root privileges by mounting a floppy or CD-ROM that contains a setuid program and running volcheck, when the file systems do not have the nosuid option specified in rmmount.conf. ====================================================== Name: CVE-1999-1085 Status: Entry Reference: BUGTRAQ:19980612 CORE-SDI-04: SSH insertion attack Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221103125884&w=2 Reference: BUGTRAQ:19980703 UPDATE: SSH insertion attack Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104525878&w=2 Reference: CISCO:20010627 Multiple SSH Vulnerabilities Reference: CERT-VN:VU#13877 Reference: URL:http://www.kb.cert.org/vuls/id/13877 Reference: XF:ssh-insert(1126) Reference: URL:http://www.iss.net/security_center/static/1126.php SSH 1.2.25, 1.2.23, and other versions, when used in in CBC (Cipher Block Chaining) or CFB (Cipher Feedback 64 bits) modes, allows remote attackers to insert arbitrary data into an existing stream between an SSH client and server by using a known plaintext attack and computing a valid CRC-32 checksum for the packet, aka the "SSH insertion attack." ====================================================== Name: CVE-1999-1087 Status: Entry Reference: MS:MS98-016 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS98-016.asp Reference: MSKB:Q168617 Reference: URL:http://support.microsoft.com/support/kb/articles/q168/6/17.asp Reference: CONFIRM:http://www.microsoft.com/Windows/Ie/security/dotless.asp Reference: OSVDB:7828 Reference: URL:http://www.osvdb.org/7828 Reference: XF:ie-dotless(2209) Reference: URL:http://xforce.iss.net/static/2209.php Internet Explorer 4 treats a 32-bit number ("dotless IP address") in the a URL as the hostname instead of an IP address, which causes IE to apply Local Intranet Zone settings to the resulting web page, allowing remote malicious web servers to conduct unauthorized activities by using URLs that contain the dotless IP address for their server. ====================================================== Name: CVE-1999-1090 Status: Entry Reference: CERT:CA-1991-15 Reference: URL:http://www.cert.org/advisories/CA-1991-15.html Reference: XF:ftp-ncsa(1844) Reference: URL:http://xforce.iss.net/static/1844.php The default configuration of NCSA Telnet package for Macintosh and PC enables FTP, even though it does not include an "ftp=yes" line, which allows remote attackers to read and modify arbitrary files. ====================================================== Name: CVE-1999-1093 Status: Entry Reference: MS:MS98-011 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS98-011.asp Reference: MSKB:Q191200 Reference: URL:http://support.microsoft.com/support/kb/articles/q191/2/00.asp Reference: XF:java-script-patch(1276) Reference: URL:http://www.iss.net/security_center/static/1276.php Buffer overflow in the Window.External function in the JScript Scripting Engine in Internet Explorer 4.01 SP1 and earlier allows remote attackers to execute arbitrary commands via a malicious web page. ====================================================== Name: CVE-1999-1094 Status: Entry Reference: MSKB:Q176697 Reference: URL:http://support.microsoft.com/support/kb/articles/q176/6/97.asp Reference: BUGTRAQ:19980114 L0pht Advisory MSIE4.0(1) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88480839506155&w=2 Reference: XF:iemk-bug(917) Reference: URL:http://xforce.iss.net/static/917.php Buffer overflow in Internet Explorer 4.01 and earlier allows remote attackers to execute arbitrary commands via a long URL with the "mk:" protocol, aka the "MK Overrun security issue." ====================================================== Name: CVE-1999-1098 Status: Entry Reference: CERT:CA-1995-03 Reference: URL:http://www.cert.org/advisories/CA-1995-03.html Reference: CIAC:F-12 Reference: URL:http://www.ciac.org/ciac/bulletins/f-12.shtml Reference: XF:bsd-telnet(516) Reference: URL:http://www.iss.net/security_center/static/516.php Reference: OSVDB:4881 Reference: URL:http://www.osvdb.org/4881 Vulnerability in BSD Telnet client with encryption and Kerberos 4 authentication allows remote attackers to decrypt the session via sniffing. ====================================================== Name: CVE-1999-1099 Status: Entry Reference: BUGTRAQ:19961122 L0pht Kerberos Advisory Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420184&w=2 Reference: XF:kerberos-user-grab(65) Reference: URL:http://xforce.iss.net/static/65.php Kerberos 4 allows remote attackers to obtain sensitive information via a malformed UDP packet that generates an error string that inadvertently includes the realm name and the last user. ====================================================== Name: CVE-1999-1100 Status: Entry Reference: CISCO:19980616 PIX Private Link Key Processing and Cryptography Issues Reference: URL:http://www.cisco.com/warp/public/770/pixkey-pub.shtml Reference: CIAC:I-056 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/i-056.shtml Reference: XF:cisco-pix-parse-error(1579) Reference: URL:http://xforce.iss.net/static/1579.php Cisco PIX Private Link 4.1.6 and earlier does not properly process certain commands in the configuration file, which reduces the effective key length of the DES key to 48 bits instead of 56 bits, which makes it easier for an attacker to find the proper key via a brute force attack. ====================================================== Name: CVE-1999-1102 Status: Entry Reference: MISC:http://www.phreak.org/archives/security/8lgm/8lgm.lpr Reference: BUGTRAQ:19940307 8lgm Advisory Releases Reference: URL:http://www.aenigma.net/resources/maillist/bugtraq/1994/0091.htm Reference: CIAC:E-25a Reference: URL:http://ciac.llnl.gov/ciac/bulletins/e-25.shtml lpr on SunOS 4.1.1, BSD 4.3, A/UX 2.0.1, and other BSD-based operating systems allows local users to create or overwrite arbitrary files via a symlink attack that is triggered after invoking lpr 1000 times. ====================================================== Name: CVE-1999-1103 Status: Entry Reference: CERT:VB-96.05 Reference: URL:http://www.cert.org/vendor_bulletins/VB-96.05.dec Reference: CIAC:G-18 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/g-18.shtml Reference: MISC:http://www.tao.ca/fire/bos/0209.html Reference: XF:osf-dxconsole-gain-privileges(7138) Reference: URL:http://www.iss.net/security_center/static/7138.php dxconsole in DEC OSF/1 3.2C and earlier allows local users to read arbitrary files by specifying the file with the -file parameter. ====================================================== Name: CVE-1999-1104 Status: Entry Reference: BUGTRAQ:19951205 Cracked: WINDOWS.PWL Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167418931&w=2 Reference: NTBUGTRAQ:19980121 How to recover private keys for various Microsoft products Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=88540877601866&w=2 Reference: BUGTRAQ:19980120 How to recover private keys for various Microsoft products Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88536273725787&w=2 Reference: MSKB:Q140557 Reference: URL:http://support.microsoft.com/support/kb/articles/q140/5/57.asp Reference: XF:win95-nbsmbpwl(71) Reference: URL:http://www.iss.net/security_center/static/71.php Windows 95 uses weak encryption for the password list (.pwl) file used when password caching is enabled, which allows local users to gain privileges by decrypting the passwords. ====================================================== Name: CVE-1999-1105 Status: Entry Reference: CONFIRM:http://www.zdnet.com/eweek/reviews/1016/tr42bug.html Reference: MISC:http://www.net-security.sk/bugs/NT/netware1.html Reference: XF:win95-netware-hidden-share(7231) Reference: URL:http://www.iss.net/security_center/static/7231.php Windows 95, when Remote Administration and File Sharing for NetWare Networks is enabled, creates a share (C$) when an administrator logs in remotely, which allows remote attackers to read arbitrary files by mapping the network drive. ====================================================== Name: CVE-1999-1109 Status: Entry Reference: BUGTRAQ:19991222 Re: procmail / Sendmail - five bugs Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94632241202626&w=2 Reference: BUGTRAQ:20000113 Re: procmail / Sendmail - five bugs Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94780566911948&w=2 Reference: BID:904 Reference: URL:http://www.securityfocus.com/bid/904 Reference: XF:sendmail-etrn-dos(7760) Reference: URL:http://www.iss.net/security_center/static/7760.php Sendmail before 8.10.0 allows remote attackers to cause a denial of service by sending a series of ETRN commands then disconnecting from the server, while Sendmail continues to process the commands after the connection has been terminated. ====================================================== Name: CVE-1999-1111 Status: Entry Reference: BUGTRAQ:19911109 ImmuniX OS Security Alert: StackGuard 1.21 Released Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94218618329838&w=2 Reference: BID:786 Reference: URL:http://www.securityfocus.com/bid/786 Reference: XF:immunix-stackguard-bo(3524) Reference: URL:http://xforce.iss.net/static/3524.php Vulnerability in StackGuard before 1.21 allows remote attackers to bypass the Random and Terminator Canary security mechanisms by using a non-linear attack which directly modifies a pointer to a return address instead of using a buffer overflow to reach the return address entry itself. ====================================================== Name: CVE-1999-1114 Status: Entry Reference: CIAC:H-15A Reference: URL:http://ciac.llnl.gov/ciac/bulletins/h-15a.shtml Reference: AUSCERT:AA-96.17 Reference: URL:ftp://ftp.auscert.org.au/pub/auscert/advisory/AA-96.17.suid_exec.vul Reference: SGI:19980405-01-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980405-01-I Reference: XF:ksh-suid_exec(2100) Reference: URL:http://xforce.iss.net/static/2100.php Reference: BID:467 Reference: URL:http://www.securityfocus.com/bid/467 Buffer overflow in Korn Shell (ksh) suid_exec program on IRIX 6.x and earlier, and possibly other operating systems, allows local users to gain root privileges. ====================================================== Name: CVE-1999-1115 Status: Entry Reference: CERT:CA-1990-04 Reference: URL:http://www.cert.org/advisories/CA-1990-04.html Reference: CIAC:A-30 Reference: URL:http://www.ciac.org/ciac/bulletins/a-30.shtml Reference: BID:7 Reference: URL:http://www.securityfocus.com/bid/7 Reference: XF:apollo-suidexec-unauthorized-access(6721) Reference: URL:http://www.iss.net/security_center/static/6721.php Vulnerability in the /etc/suid_exec program in HP Apollo Domain/OS sr10.2 and sr10.3 beta, related to the Korn Shell (ksh). ====================================================== Name: CVE-1999-1116 Status: Entry Reference: SGI:19970503-01-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19970503-01-PX Reference: BID:462 Reference: URL:http://www.securityfocus.com/bid/462 Reference: OSVDB:1009 Reference: URL:http://www.osvdb.org/1009 Reference: XF:sgi-runpriv(2108) Reference: URL:http://xforce.iss.net/static/2108.php Vulnerability in runpriv in Indigo Magic System Administration subsystem of SGI IRIX 6.3 and 6.4 allows local users to gain root privileges. ====================================================== Name: CVE-1999-1117 Status: Entry Reference: BUGTRAQ:19961124 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&w=2&r=1&s=lquerypv&q=b Reference: BUGTRAQ:19961125 lquerypv fix Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420195&w=2 Reference: BUGTRAQ:19961125 AIX lquerypv Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420196&w=2 Reference: CIAC:H-13 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/h-13.shtml Reference: BID:455 Reference: URL:http://www.securityfocus.com/bid/455 Reference: XF:ibm-lquerypv(1752) Reference: URL:http://xforce.iss.net/static/1752.php lquerypv in AIX 4.1 and 4.2 allows local users to read arbitrary files by specifying the file in the -h command line parameter. ====================================================== Name: CVE-1999-1118 Status: Entry Reference: SUN:00165 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/165&type=0&nav=sec.sba Reference: BID:433 Reference: URL:http://www.securityfocus.com/bid/433 Reference: XF:sun-ndd(817) Reference: URL:http://xforce.iss.net/static/817.php ndd in Solaris 2.6 allows local users to cause a denial of service by modifying certain TCP/IP parameters. ====================================================== Name: CVE-1999-1119 Status: Entry Reference: CERT:CA-1992-09 Reference: URL:http://www.cert.org/advisories/CA-1992-09.html Reference: BID:41 Reference: URL:http://www.securityfocus.com/bid/41 Reference: XF:aix-anon-ftp(3154) Reference: URL:http://xforce.iss.net/static/3154.php FTP installation script anon.ftp in AIX insecurely configures anonymous FTP, which allows remote attackers to execute arbitrary commands. ====================================================== Name: CVE-1999-1120 Status: Entry Reference: BUGTRAQ:19970104 Irix: netprint story Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420403&w=2 Reference: SGI:19961203-01-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19961203-01-PX Reference: SGI:19961203-02-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19961203-02-PX Reference: BID:395 Reference: URL:http://www.securityfocus.com/bid/395 Reference: OSVDB:993 Reference: URL:http://www.osvdb.org/993 Reference: XF:sgi-netprint(2107) Reference: URL:http://xforce.iss.net/static/2107.php netprint in SGI IRIX 6.4 and earlier trusts the PATH environmental variable for finding and executing the disable program, which allows local users to gain privileges. ====================================================== Name: CVE-1999-1121 Status: Entry Reference: CERT:CA-1992-06 Reference: URL:http://www.cert.org/advisories/CA-1992-06.html Reference: BID:38 Reference: URL:http://www.securityfocus.com/bid/38 Reference: XF:ibm-uucp(554) Reference: URL:http://xforce.iss.net/static/554.php Reference: OSVDB:891 Reference: URL:http://www.osvdb.org/891 The default configuration for UUCP in AIX before 3.2 allows local users to gain root privileges. ====================================================== Name: CVE-1999-1122 Status: Entry Reference: CERT:CA-1989-02 Reference: URL:http://www.cert.org/advisories/CA-1989-02.html Reference: CIAC:CIAC-08 Reference: URL:http://www.ciac.org/ciac/bulletins/ciac-08.shtml Reference: SUNBUG:1019265 Reference: BID:3 Reference: URL:http://www.securityfocus.com/bid/3 Reference: XF:sun-restore-gain-privileges(6695) Reference: URL:http://xforce.iss.net/xforce/xfdb/6695 Vulnerability in restore in SunOS 4.0.3 and earlier allows local users to gain privileges. ====================================================== Name: CVE-1999-1127 Status: Entry Reference: MS:MS98-017 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms98-017.asp Reference: MSKB:Q195733 Reference: URL:http://support.microsoft.com/support/kb/articles/Q195/7/33.asp Reference: XF:nt-spoolss(523) Reference: URL:http://www.iss.net/security_center/static/523.php Windows NT 4.0 does not properly shut down invalid named pipe RPC connections, which allows remote attackers to cause a denial of service (resource exhaustion) via a series of connections containing malformed data, aka the "Named Pipes Over RPC" vulnerability. ====================================================== Name: CVE-1999-1131 Status: Entry Reference: CERT:VB-97.12 Reference: URL:http://www.cert.org/vendor_bulletins/VB-97.12.opengroup Reference: CIAC:I-060 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/i-060.shtml Reference: SGI:19980601-01-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980601-01-PX Reference: XF:sgi-osf-dce-dos(1123) Reference: URL:http://xforce.iss.net/static/1123.php Buffer overflow in OSF Distributed Computing Environment (DCE) security demon (secd) in IRIX 6.4 and earlier allows attackers to cause a denial of service via a long principal, group, or organization. ====================================================== Name: CVE-1999-1132 Status: Entry Reference: BUGTRAQ:19981005 NMRC Advisory - Lame NT Token Ring DoS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90763508011966&w=2 Reference: NTBUGTRAQ:19981002 NMRC Advisory - Lame NT Token Ring DoS Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=90760603030452&w=2 Reference: MSKB:Q179157 Reference: URL:http://support.microsoft.com/support/kb/articles/Q179/1/57.asp Reference: XF:token-ring-dos(1399) Reference: URL:http://www.iss.net/security_center/static/1399.php Windows NT 4.0 allows remote attackers to cause a denial of service (crash) via extra source routing data such as (1) a Routing Information Field (RIF) field with a hop count greater than 7, or (2) a list containing duplicate Token Ring IDs. ====================================================== Name: CVE-1999-1136 Status: Entry Reference: HP:HPSBUX9807-081 Reference: URL:http://www.codetalker.com/advisories/vendor/hp/hpsbux9807-081.html Reference: HP:HPSBMP9807-005 Reference: URL:http://cert.ip-plus.net/bulletin-archive/msg00040.html Reference: BUGTRAQ:19980729 HP-UX Predictive & Netscape SSL Vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104526177&w=2 Reference: CIAC:I-081 Reference: URL:http://www.ciac.org/ciac/bulletins/i-081.shtml Reference: XF:mpeix-predictive(1413) Reference: URL:http://xforce.iss.net/static/1413.php Vulnerability in Predictive on HP-UX 11.0 and earlier, and MPE/iX 5.5 and earlier, allows attackers to compromise data transfer for Predictive messages (using e-mail or modem) between customer and Response Center Predictive systems. ====================================================== Name: CVE-1999-1137 Status: Entry Reference: CIAC:E-01 Reference: URL:http://www.ciac.org/ciac/bulletins/e-01.shtml Reference: SUN:00122 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/122&type=0&nav=sec.sba Reference: XF:sun-audio(549) Reference: URL:http://xforce.iss.net/static/549.php Reference: OSVDB:6436 Reference: URL:http://www.osvdb.org/6436 The permissions for the /dev/audio device on Solaris 2.2 and earlier, and SunOS 4.1.x, allow any local user to read from the device, which could be used by an attacker to monitor conversations happening near a machine that has a microphone. ====================================================== Name: CVE-1999-1138 Status: Entry Reference: CERT:CA-1993-13 Reference: URL:http://www.cert.org/advisories/CA-1993-13.html Reference: XF:sco-homedir(546) Reference: URL:http://xforce.iss.net/static/546.php SCO UNIX System V/386 Release 3.2, and other SCO products, installs the home directories (1) /tmp for the dos user, and (2) /usr/tmp for the asg user, which allows other users to gain access to those accounts since /tmp and /usr/tmp are world-writable. ====================================================== Name: CVE-1999-1139 Status: Entry Reference: BUGTRAQ:19980121 HP-UX CUE, CUD and LAND vulnerabilities Reference: URL:http://security-archive.merton.ox.ac.uk/bugtraq-199801/0122.html Reference: BUGTRAQ:19970901 HP UX Bug :) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602880019745&w=2 Reference: HP:HPSBUX9801-074 Reference: URL:http://www.codetalker.com/advisories/vendor/hp/hpsbux9801-074.html Reference: CIAC:I-027B Reference: URL:http://www.ciac.org/ciac/bulletins/i-027b.shtml Reference: XF:hp-cue(2007) Reference: URL:http://www.iss.net/security_center/static/2007.php Character-Terminal User Environment (CUE) in HP-UX 11.0 and earlier allows local users to overwrite arbitrary files and gain root privileges via a symlink attack on the IOERROR.mytty file. ====================================================== Name: CVE-1999-1140 Status: Entry Reference: BUGTRAQ:19971214 buffer overflows in cracklib?! Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88209041500913&w=2 Reference: CERT:VB-97.16 Reference: URL:http://www.cert.org/vendor_bulletins/VB-97.16.CrackLib Reference: XF:cracklib-bo(1539) Reference: URL:http://xforce.iss.net/static/1539.php Buffer overflow in CrackLib 2.5 may allow local users to gain root privileges via a long GECOS field. ====================================================== Name: CVE-1999-1142 Status: Entry Reference: CERT:CA-1992-11 Reference: URL:http://www.cert.org/advisories/CA-1992-11.html Reference: SUN:00116 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/116 Reference: XF:sun-env(3152) Reference: URL:http://xforce.iss.net/static/3152.php SunOS 4.1.2 and earlier allows local users to gain privileges via "LD_*" environmental variables to certain dynamically linked setuid or setgid programs such as (1) login, (2) su, or (3) sendmail, that change the real and effective user ids to the same user. ====================================================== Name: CVE-1999-1143 Status: Entry Reference: CIAC:H-065 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/h-65.shtml Reference: SGI:19970504-01-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19970504-01-PX Reference: XF:sgi-rld(2109) Reference: URL:http://xforce.iss.net/static/2109.php Vulnerability in runtime linker program rld in SGI IRIX 6.x and earlier allows local users to gain privileges via setuid and setgid programs. ====================================================== Name: CVE-1999-1144 Status: Entry Reference: HP:HPSBUX9701-051 Reference: URL:http://www.codetalker.com/advisories/vendor/hp/hpsbux9701-051.html Reference: XF:hp-mpower(2056) Reference: URL:http://xforce.iss.net/static/2056.php Certain files in MPower in HP-UX 10.x are installed with insecure permissions, which allows local users to gain privileges. ====================================================== Name: CVE-1999-1145 Status: Entry Reference: HP:HPSBUX9701-044 Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=1514 Reference: CIAC:H-21 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/h-21.shtml Reference: XF:hp-glanceplus(2059) Reference: URL:http://xforce.iss.net/static/2059.php Vulnerability in Glance programs in GlancePlus for HP-UX 10.20 and earlier allows local users to access arbitrary files and gain privileges. ====================================================== Name: CVE-1999-1146 Status: Entry Reference: HP:HPSBUX9405-011 Reference: URL:http://www.securityfocus.com/advisories/1555 Reference: XF:hp-glanceplus-gpm(2060) Reference: URL:http://xforce.iss.net/static/2060.php Vulnerability in Glance and gpm programs in GlancePlus for HP-UX 9.x and earlier allows local users to access arbitrary files and gain privileges. ====================================================== Name: CVE-1999-1147 Status: Entry Reference: BUGTRAQ:19981204 [SAFER-981204.DOS.1.3] Buffer Overflow in Platinum PCM 7.0 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91273739726314&w=2 Reference: BUGTRAQ:19981207 Re: [SAFER-981204.DOS.1.3] Buffer Overflow in Platinum PCM 7.0 Reference: XF:pcm-dos-execute(1430) Reference: URL:http://xforce.iss.net/static/1430.php Reference: OSVDB:3164 Reference: URL:http://www.osvdb.org/3164 Buffer overflow in Platinum Policy Compliance Manager (PCM) 7.0 allows remote attackers to execute arbitrary commands via a long string to the Agent port (1827), which is handled by smaxagent.exe. ====================================================== Name: CVE-1999-1148 Status: Entry Reference: MS:MS98-006 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms98-006.asp Reference: MSKB:Q189262 Reference: URL:http://support.microsoft.com/support/kb/articles/Q189/2/62.ASP Reference: XF:iis-passive-ftp(1215) Reference: URL:http://xforce.iss.net/static/1215.php FTP service in IIS 4.0 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via many passive (PASV) connections at the same time. ====================================================== Name: CVE-1999-1156 Status: Entry Reference: NTBUGTRAQ:19990517 Vulnerabilities in BisonWare FTP Server 3.5 Reference: XF:bisonware-port-crash(2254) Reference: URL:http://xforce.iss.net/static/2254.php BisonWare FTP Server 4.1 and earlier allows remote attackers to cause a denial of service via a malformed PORT command that contains a non-numeric character and a large number of carriage returns. ====================================================== Name: CVE-1999-1157 Status: Entry Reference: MSKB:Q192774 Reference: URL:http://support.microsoft.com/support/kb/articles/Q192/7/74.ASP Reference: XF:tcpipsys-icmp-dos(3894) Reference: URL:http://xforce.iss.net/static/3894.php Tcpip.sys in Windows NT 4.0 before SP4 allows remote attackers to cause a denial of service via an ICMP Subnet Mask Address Request packet, when certain multiple IP addresses are bound to the same network interface. ====================================================== Name: CVE-1999-1159 Status: Entry Reference: BUGTRAQ:19981229 ssh2 security problem (and patch) (fwd) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91495920911490&w=2 Reference: XF:ssh-privileged-port-forward(1471) Reference: URL:http://xforce.iss.net/static/1471.php SSH 2.0.11 and earlier allows local users to request remote forwarding from privileged ports without being root. ====================================================== Name: CVE-1999-1160 Status: Entry Reference: HP:HPSBUX9702-055 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420581&w=2 Reference: CIAC:H-33 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/h-33.shtml Reference: XF:hp-ftpd-kftpd(7437) Reference: URL:http://www.iss.net/security_center/static/7437.php Vulnerability in ftpd/kftpd in HP-UX 10.x and 9.x allows local and possibly remote users to gain root privileges. ====================================================== Name: CVE-1999-1161 Status: Entry Reference: BUGTRAQ:19961103 Re: Untitled Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420102&w=2 Reference: BUGTRAQ:19961104 ppl bugs Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420103&w=2 Reference: HP:HPSBUX9704-057 Reference: URL:http://www.codetalker.com/advisories/vendor/hp/hpsbux9704-057.html Reference: CIAC:H-32 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/h-32.shtml Reference: AUSCERT:AA-97.07 Reference: XF:hp-ppl(7438) Reference: URL:http://www.iss.net/security_center/static/7438.php Vulnerability in ppl in HP-UX 10.x and earlier allows local users to gain root privileges by forcing ppl to core dump. ====================================================== Name: CVE-1999-1162 Status: Entry Reference: CERT:CA-1993-08 Reference: URL:http://www.cert.org/advisories/CA-1993-08.html Reference: XF:sco-passwd-deny(542) Reference: URL:http://www.iss.net/security_center/static/542.php Vulnerability in passwd in SCO UNIX 4.0 and earlier allows attackers to cause a denial of service by preventing users from being able to log into the system. ====================================================== Name: CVE-1999-1163 Status: Entry Reference: HP:HPSBUX9911-105 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94347039929958&w=2 Reference: XF:hp-ssp(7439) Reference: URL:http://www.iss.net/security_center/static/7439.php Vulnerability in HP Series 800 S/X/V Class servers allows remote attackers to gain access to the S/X/V Class console via the Service Support Processor (SSP) Teststation. ====================================================== Name: CVE-1999-1167 Status: Entry Reference: CONFIRM:http://www.wired.com/news/technology/0,1282,20677,00.html Reference: MISC:http://www.wired.com/news/technology/0,1282,20636,00.html Reference: XF:thirdvoice-cross-site-scripting(7252) Reference: URL:http://www.iss.net/security_center/static/7252.php Cross-site scripting vulnerability in Third Voice Web annotation utility allows remote users to read sensitive data and generate fake web pages for other Third Voice users by injecting malicious Javascript into an annotation. ====================================================== Name: CVE-1999-1175 Status: Entry Reference: CISCO:19980513 Cisco Web Cache Control Protocol Router Vulnerability Reference: URL:http://www.cisco.com/warp/public/770/wccpauth-pub.shtml Reference: CIAC:I-054 Reference: URL:http://www.ciac.org/ciac/bulletins/i-054.shtml Reference: XF:cisco-wccp-vuln(1577) Reference: URL:http://xforce.iss.net/static/1577.php Web Cache Control Protocol (WCCP) in Cisco Cache Engine for Cisco IOS 11.2 and earlier does not use authentication, which allows remote attackers to redirect HTTP traffic to arbitrary hosts via WCCP packets to UDP port 2048. ====================================================== Name: CVE-1999-1177 Status: Entry Reference: MISC:http://www.w3.org/Security/Faq/wwwsf4.html Reference: CONFIRM:http://www-genome.wi.mit.edu/WWW/tools/CGI_scripts/server_publish/nph-publish Reference: XF:http-cgi-nphpublish(2055) Reference: URL:http://xforce.iss.net/static/2055.php Directory traversal vulnerability in nph-publish before 1.2 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the pathname for an upload operation. ====================================================== Name: CVE-1999-1181 Status: Entry Reference: SGI:19980901-01-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980901-01-PX Reference: CIAC:J-003 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/j-003.shtml Reference: XF:irix-register(7441) Reference: URL:http://www.iss.net/security_center/static/7441.php Vulnerability in On-Line Customer Registration software for IRIX 6.2 through 6.4 allows local users to gain root privileges. ====================================================== Name: CVE-1999-1188 Status: Entry Reference: BUGTRAQ:19981227 mysql: mysqld creates world readable logs.. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91479159617803&w=2 Reference: XF:mysql-readable-log-files(1568) Reference: URL:http://xforce.iss.net/static/1568.php mysqld in MySQL 3.21 creates log files with world-readable permissions, which allows local users to obtain passwords for users who are added to the user database. ====================================================== Name: CVE-1999-1189 Status: Entry Reference: BUGTRAQ:19991124 Netscape Communicator 4.7 - Navigator Overflows Reference: URL:http://www.securityfocus.com/archive/1/36306 Reference: BUGTRAQ:19991127 Netscape Communicator 4.7 - Navigator Overflows Reference: URL:http://www.securityfocus.com/archive/1/36608 Reference: BID:822 Reference: URL:http://www.securityfocus.com/bid/822 Reference: XF:netscape-long-argument-bo(7884) Reference: URL:http://xforce.iss.net/xforce/xfdb/7884 Buffer overflow in Netscape Navigator/Communicator 4.7 for Windows 95 and Windows 98 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long argument after the ? character in a URL that references an .asp, .cgi, .html, or .pl file. ====================================================== Name: CVE-1999-1191 Status: Entry Reference: BUGTRAQ:19970519 Re: Finally, most of an exploit for Solaris 2.5.1's ps. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167418335&w=2 Reference: AUSCERT:AA-97.18 Reference: URL:ftp://ftp.auscert.org.au/pub/auscert/advisory/AA-97.18.solaris.chkey.buffer.overflow.vul Reference: SUN:00144 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/144 Reference: BID:207 Reference: URL:http://www.securityfocus.com/bid/207 Reference: XF:solaris-chkey-bo(7442) Reference: URL:http://www.iss.net/security_center/static/7442.php Buffer overflow in chkey in Solaris 2.5.1 and earlier allows local users to gain root privileges via a long command line argument. ====================================================== Name: CVE-1999-1192 Status: Entry Reference: SUN:00143 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/143 Reference: BID:206 Reference: URL:http://www.securityfocus.com/bid/206 Reference: XF:solaris-eeprom-bo(7444) Reference: URL:http://www.iss.net/security_center/static/7444.php Buffer overflow in eeprom in Solaris 2.5.1 and earlier allows local users to gain root privileges via a long command line argument. ====================================================== Name: CVE-1999-1193 Status: Entry Reference: CERT:CA-1991-06 Reference: URL:http://www.cert.org/advisories/CA-1991-06.html Reference: XF:next-me(581) Reference: URL:http://xforce.iss.net/static/581.php Reference: BID:20 Reference: URL:http://www.securityfocus.com/bid/20 The "me" user in NeXT NeXTstep 2.1 and earlier has wheel group privileges, which could allow the me user to use the su command to become root. ====================================================== Name: CVE-1999-1194 Status: Entry Reference: CERT:CA-1991-05 Reference: URL:http://www.cert.org/advisories/CA-1991-05.html Reference: BID:17 Reference: URL:http://www.securityfocus.com/bid/17 Reference: XF:dec-chroot(577) Reference: URL:http://xforce.iss.net/static/577.php chroot in Digital Ultrix 4.1 and 4.0 is insecurely installed, which allows local users to gain privileges. ====================================================== Name: CVE-1999-1197 Status: Entry Reference: CERT:CA-1990-12 Reference: URL:http://www.cert.org/advisories/CA-1990-12.html Reference: BID:14 Reference: URL:http://www.securityfocus.com/bid/14 Reference: XF:sunos-tioccons-console-redirection(7140) Reference: URL:http://www.iss.net/security_center/static/7140.php TIOCCONS in SunOS 4.1.1 does not properly check the permissions of a user who tries to redirect console output and input, which could allow a local user to gain privileges. ====================================================== Name: CVE-1999-1198 Status: Entry Reference: CERT:CA-1990-06 Reference: URL:http://www.cert.org/advisories/CA-1990-06.html Reference: CIAC:B-01 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/b-01.shtml Reference: BID:11 Reference: URL:http://www.securityfocus.com/bid/11 Reference: XF:nextstep-builddisk-root-access(7141) Reference: URL:http://www.iss.net/security_center/static/7141.php BuildDisk program on NeXT systems before 2.0 does not prompt users for the root password, which allows local users to gain root privileges. ====================================================== Name: CVE-1999-1199 Status: Entry Reference: BUGTRAQ:19980807 YA Apache DoS attack Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90252779826784&w=2 Reference: BUGTRAQ:19980808 Debian Apache Security Update Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90276683825862&w=2 Reference: BUGTRAQ:19980810 Apache DoS Attack Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90286768232093&w=2 Reference: BUGTRAQ:19980811 Apache 'sioux' DOS fix for TurboLinux Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90280517007869&w=2 Reference: CONFIRM:http://www.redhat.com/support/errata/rh51-errata-general.html#apache Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability. ====================================================== Name: CVE-1999-1201 Status: Entry Reference: NTBUGTRAQ:19990206 New Windows 9x Bug: TCP Chorusing Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=91849617221319&w=2 Reference: BID:225 Reference: URL:http://www.securityfocus.com/bid/225 Reference: XF:win-multiple-ip-dos(7542) Reference: URL:http://xforce.iss.net/xforce/xfdb/7542 Windows 95 and Windows 98 systems, when configured with multiple TCP/IP stacks bound to the same MAC address, allow remote attackers to cause a denial of service (traffic amplification) via a certain ICMP echo (ping) packet, which causes all stacks to send a ping response, aka TCP Chorusing. ====================================================== Name: CVE-1999-1203 Status: Entry Reference: BUGTRAQ:19990210 Security problems in ISDN equipment authentication Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91868964203769&w=2 Reference: BUGTRAQ:19990212 PPP/ISDN multilink security issue - summary Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91888117502765&w=2 Reference: XF:ascend-ppp-isdn-dos(7498) Reference: URL:http://www.iss.net/security_center/static/7498.php Multilink PPP for ISDN dialup users in Ascend before 4.6 allows remote attackers to cause a denial of service via a spoofed endpoint identifier. ====================================================== Name: CVE-1999-1204 Status: Entry Reference: BUGTRAQ:19980511 Firewall-1 Reserved Keywords Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221101925912&w=2 Reference: CONFIRM:http://www.checkpoint.com/techsupport/config/keywords.html Reference: XF:fw1-user-defined-keywords-access(7293) Reference: URL:http://xforce.iss.net/static/7293.php Reference: OSVDB:4416 Reference: URL:http://www.osvdb.org/4416 Check Point Firewall-1 does not properly handle certain restricted keywords (e.g., Mail, auth, time) in user-defined objects, which could produce a rule with a default "ANY" address and result in access to more systems than intended by the administrator. ====================================================== Name: CVE-1999-1205 Status: Entry Reference: BUGTRAQ:19960607 HP-UX B.10.01 vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167419195&w=2 Reference: HP:HPSBUX9607-035 Reference: URL:http://packetstormsecurity.org/advisories/ibm-ers/96-08 Reference: CIAC:G-34 Reference: XF:hp-nettune(414) Reference: URL:http://xforce.iss.net/xforce/xfdb/414 nettune in HP-UX 10.01 and 10.00 is installed setuid root, which allows local users to cause a denial of service by modifying critical networking configuration information. ====================================================== Name: CVE-1999-1208 Status: Entry Reference: BUGTRAQ:19970721 AIX ping, lchangelv, xlock fixes Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602661419337&w=2 Reference: BUGTRAQ:19970721 AIX ping (Exploit) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602661419330&w=2 Reference: XF:ping-bo(803) Reference: URL:http://xforce.iss.net/static/803.php Buffer overflow in ping in AIX 4.2 and earlier allows local users to gain root privileges via a long command line argument. ====================================================== Name: CVE-1999-1209 Status: Entry Reference: BUGTRAQ:19971204 scoterm exploit Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88131151000069&w=2 Reference: CERT:VB-97.14 Reference: URL:http://www.cert.org/vendor_bulletins/VB-97.14.scoterm Reference: XF:sco-scoterm(690) Reference: URL:http://xforce.iss.net/xforce/xfdb/690 Vulnerability in scoterm in SCO OpenServer 5.0 and SCO Open Desktop/Open Server 3.0 allows local users to gain root privileges. ====================================================== Name: CVE-1999-1214 Status: Entry Reference: OPENBSD:19970915 Vulnerability in I/O Signal Handling Reference: URL:http://www.openbsd.com/advisories/signals.txt Reference: MISC:http://www.openbsd.com/advisories/signals.txt Reference: OSVDB:11062 Reference: URL:http://www.osvdb.org/11062 Reference: XF:openbsd-iosig(556) Reference: URL:http://xforce.iss.net/static/556.php The asynchronous I/O facility in 4.4 BSD kernel does not check user credentials when setting the recipient of I/O notification, which allows local users to cause a denial of service by using certain ioctl and fcntl calls to cause the signal to be sent to an arbitrary process ID. ====================================================== Name: CVE-1999-1215 Status: Entry Reference: CIAC:D-21 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/d-21.shtml Reference: CERT:CA-1993-12 Reference: URL:http://www.cert.org/advisories/CA-1993-12.html Reference: XF:novell-login(545) Reference: URL:http://xforce.iss.net/static/545.php LOGIN.EXE program in Novell Netware 4.0 and 4.01 temporarily writes user name and password information to disk, which could allow local users to gain privileges. ====================================================== Name: CVE-1999-1217 Status: Entry Reference: NTBUGTRAQ:19970725 Re: NT security - why bother? Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=87602726319435&w=2 Reference: NTBUGTRAQ:19970723 NT security - why bother? Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=87602726319426&w=2 Reference: XF:nt-path(526) Reference: URL:http://xforce.iss.net/static/526.php The PATH in Windows NT includes the current working directory (.), which could allow local users to gain privileges by placing Trojan horse programs with the same name as commonly used system programs into certain directories. ====================================================== Name: CVE-1999-1222 Status: Entry Reference: MSKB:Q188571 Reference: URL:http://support.microsoft.com/support/kb/articles/Q188/5/71.ASP Reference: XF:dns-netbtsys-dos(3893) Reference: URL:http://xforce.iss.net/static/3893.php Netbt.sys in Windows NT 4.0 allows remote malicious DNS servers to cause a denial of service (crash) by returning 0.0.0.0 as the IP address for a DNS host name lookup. ====================================================== Name: CVE-1999-1223 Status: Entry Reference: MSKB:Q187503 Reference: URL:http://support.microsoft.com/support/kb/articles/q187/5/03.asp Reference: XF:url-asp-av(3892) Reference: URL:http://xforce.iss.net/static/3892.php IIS 3.0 allows remote attackers to cause a denial of service via a request to an ASP page in which the URL contains a large number of / (forward slash) characters. ====================================================== Name: CVE-1999-1226 Status: Entry Reference: MISC:http://www.securiteam.com/exploits/Netscape_4_7_and_earlier_vulnerable_to__Huge_Key__DoS.html Reference: XF:netscape-huge-key-dos(3436) Reference: URL:http://xforce.iss.net/static/3436.php Netscape Communicator 4.7 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long certificate key. ====================================================== Name: CVE-1999-1233 Status: Entry Reference: MS:MS99-039 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-039.asp Reference: MSKB:241562 Reference: URL:http://support.microsoft.com/support/kb/articles/Q241/5/62.asp Reference: BID:657 Reference: URL:http://www.securityfocus.com/bid/657 Reference: XF:iis-unresolved-domain-access(3306) Reference: URL:http://xforce.iss.net/static/3306.php IIS 4.0 does not properly restrict access for the initial session request from a user's IP address if the address does not resolve to a DNS domain, aka the "Domain Resolution" vulnerability. ====================================================== Name: CVE-1999-1243 Status: Entry Reference: CIAC:F-16 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/f-16.shtml Reference: SGI:19950301-01-P373 Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19950301-01-P373 Reference: XF:sgi-permissions(2113) Reference: URL:http://xforce.iss.net/static/2113.php SGI Desktop Permissions Tool in IRIX 6.0.1 and earlier allows local users to modify permissions for arbitrary files and gain privileges. ====================================================== Name: CVE-1999-1246 Status: Entry Reference: MSKB:Q229972 Reference: URL:http://support.microsoft.com/support/kb/articles/Q229/9/72.asp Reference: XF:siteserver-directmail-passwords(2068) Reference: URL:http://xforce.iss.net/static/2068.php Direct Mailer feature in Microsoft Site Server 3.0 saves user domain names and passwords in plaintext in the TMLBQueue network share, which has insecure default permissions, allowing remote attackers to read the passwords and gain privileges. ====================================================== Name: CVE-1999-1249 Status: Entry Reference: HP:HPSBUX9701-047 Reference: URL:http://www.codetalker.com/advisories/vendor/hp/hpsbux9701-047.html Reference: XF:hp-movemail(2057) Reference: URL:http://xforce.iss.net/static/2057.php Reference: OSVDB:8099 Reference: URL:http://www.osvdb.org/8099 movemail in HP-UX 10.20 has insecure permissions, which allows local users to gain privileges. ====================================================== Name: CVE-1999-1258 Status: Entry Reference: SUN:00102 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/102 Reference: XF:sun-pwdauthd(1782) Reference: URL:http://xforce.iss.net/static/1782.php rpc.pwdauthd in SunOS 4.1.1 and earlier does not properly prevent remote access to the daemon, which allows remote attackers to obtain sensitive system information. ====================================================== Name: CVE-1999-1259 Status: Entry Reference: MSKB:Q189529 Reference: URL:http://support.microsoft.com/support/kb/articles/q189/5/29.asp Reference: XF:office-extraneous-data(1780) Reference: URL:http://xforce.iss.net/static/1780.php Microsoft Office 98, Macintosh Edition, does not properly initialize the disk space used by Office 98 files and effectively inserts data from previously deleted files into the Office file, which could allow attackers to obtain sensitive information. ====================================================== Name: CVE-1999-1262 Status: Entry Reference: BUGTRAQ:19990202 Unsecured server in applets under Netscape Reference: URL:http://www.securityfocus.com/archive/1/12231 Reference: XF:java-socket-open(1727) Reference: URL:http://xforce.iss.net/static/1727.php Java in Netscape 4.5 does not properly restrict applets from connecting to other hosts besides the one from which the applet was loaded, which violates the Java security model and could allow remote attackers to conduct unauthorized activities. ====================================================== Name: CVE-1999-1263 Status: Entry Reference: BUGTRAQ:19971024 Vulnerability in metamail Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87773365324657&w=2 Reference: XF:metamail-file-creation(1677) Reference: URL:http://xforce.iss.net/static/1677.php Metamail before 2.7-7.2 allows remote attackers to overwrite arbitrary files via an e-mail message containing a uuencoded attachment that specifies the full pathname for the file to be modified, which is processed by uuencode in Metamail scripts such as sun-audio-file. ====================================================== Name: CVE-1999-1276 Status: Entry Reference: DEBIAN:19981207 fte-console: does not drop its root priviliges Reference: URL:http://www.debian.org/security/1998/19981207 Reference: XF:fte-console-privileges(1609) Reference: URL:http://xforce.iss.net/static/1609.php fte-console in the fte package before 0.46b-4.1 does not drop root privileges, which allows local users to gain root access via the virtual console device. ====================================================== Name: CVE-1999-1279 Status: Entry Reference: MSKB:Q138001 Reference: URL:http://support.microsoft.com/support/kb/articles/q138/0/01.asp Reference: XF:snaserver-shared-folders(1548) Reference: URL:http://xforce.iss.net/static/1548.php An interaction between the AS/400 shared folders feature and Microsoft SNA Server 3.0 and earlier allows users to view each other's folders when the users share the same Local APPC LU. ====================================================== Name: CVE-1999-1284 Status: Entry Reference: BUGTRAQ:19981105 various *lame* DoS attacks Reference: URL:http://www.securityfocus.com/archive/1/11131 Reference: BUGTRAQ:19981107 Re: various *lame* DoS attacks Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91063407332594&w=2 Reference: MISC:http://www.dynamsol.com/puppet/text/new.txt Reference: XF:nukenabber-timeout-dos(1540) Reference: URL:http://xforce.iss.net/static/1540.php NukeNabber allows remote attackers to cause a denial of service by connecting to the NukeNabber port (1080) without sending any data, which causes the CPU usage to rise to 100% from the report.exe program that is executed upon the connection. ====================================================== Name: CVE-1999-1288 Status: Entry Reference: BUGTRAQ:19981119 Vulnerability in Samba on RedHat, Caldera and PHT TurboLinux Reference: URL:http://www.securityfocus.com/archive/1/11397 Reference: CALDERA:SA-1998.35 Reference: URL:http://www.caldera.com/support/security/advisories/SA-1998.35.txt Reference: XF:samba-wsmbconf(1406) Reference: URL:http://xforce.iss.net/static/1406.php Samba 1.9.18 inadvertently includes a prototype application, wsmbconf, which is installed with incorrect permissions including the setgid bit, which allows local users to read and write files and possibly gain privileges via bugs in the program. ====================================================== Name: CVE-1999-1290 Status: Entry Reference: BUGTRAQ:19981117 nftp vulnerability (fwd) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91127951426494&w=2 Reference: CONFIRM:http://www.ayukov.com/nftp/history.html Reference: XF:nftp-bo(1397) Reference: URL:http://xforce.iss.net/static/1397.php Buffer overflow in nftp FTP client version 1.40 allows remote malicious FTP servers to cause a denial of service, and possibly execute arbitrary commands, via a long response string. ====================================================== Name: CVE-1999-1294 Status: Entry Reference: MSKB:Q146604 Reference: URL:http://support.microsoft.com/support/kb/articles/q146/6/04.asp Reference: XF:nt-filemgr(562) Reference: URL:http://xforce.iss.net/static/562.php Office Shortcut Bar (OSB) in Windows 3.51 enables backup and restore permissions, which are inherited by programs such as File Manager that are started from the Shortcut Bar, which could allow local users to read folders for which they do not have permission. ====================================================== Name: CVE-1999-1297 Status: Entry Reference: SUNBUG:1077164 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fpatches%2F100452&zone_32=10045%2A%20 Reference: XF:sun-cmdtool-echo(7482) Reference: URL:http://xforce.iss.net/static/7482.php cmdtool in OpenWindows 3.0 and XView 3.0 in SunOS 4.1.4 and earlier allows attackers with physical access to the system to display unechoed characters (such as those from password prompts) via the L2/AGAIN key. ====================================================== Name: CVE-1999-1298 Status: Entry Reference: FREEBSD:FreeBSD-SA-97:03 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/old/FreeBSD-SA-97:03.sysinstall.asc Reference: XF:freebsd-sysinstall-ftp-password(7537) Reference: URL:http://www.iss.net/security_center/static/7537.php Reference: OSVDB:6087 Reference: URL:http://www.osvdb.org/6087 Sysinstall in FreeBSD 2.2.1 and earlier, when configuring anonymous FTP, creates the ftp user without a password and with /bin/date as the shell, which could allow attackers to gain access to certain system resources. ====================================================== Name: CVE-1999-1301 Status: Entry Reference: CIAC:G-31 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/g-31.shtml Reference: FREEBSD:FreeBSD-SA-96:17 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/old/FreeBSD-SA-96:17.rzsz.asc Reference: XF:rzsz-command-execution(7540) Reference: URL:http://www.iss.net/security_center/static/7540.php A design flaw in the Z-Modem protocol allows the remote sender of a file to execute arbitrary programs on the client, as implemented in rz in the rzsz module of FreeBSD before 2.1.5, and possibly other programs. ====================================================== Name: CVE-1999-1309 Status: Entry Reference: BUGTRAQ:19940314 sendmail -d problem (OLD yet still here) Reference: URL:http://www.dataguard.no/bugtraq/1994_1/0040.html Reference: BUGTRAQ:19940315 so... Reference: URL:http://www.dataguard.no/bugtraq/1994_1/0043.html Reference: BUGTRAQ:19940315 anyone know details? Reference: URL:http://www.dataguard.no/bugtraq/1994_1/0042.html Reference: BUGTRAQ:19940315 Security problem in sendmail versions 8.x.x Reference: URL:http://www.dataguard.no/bugtraq/1994_1/0048.html Reference: BUGTRAQ:19940327 sendmail exploit script - resend Reference: URL:http://www.dataguard.no/bugtraq/1994_1/0078.html Reference: CERT:CA-1994-12 Reference: URL:http://www.cert.org/advisories/CA-94.12.sendmail.vulnerabilities Reference: XF:sendmail-debug-gain-root(7155) Reference: URL:http://xforce.iss.net/static/7155.php Sendmail before 8.6.7 allows local users to gain root access via a large value in the debug (-d) command line option. ====================================================== Name: CVE-1999-1316 Status: Entry Reference: MSKB:Q247975 Reference: URL:http://support.microsoft.com/support/kb/articles/Q247/9/75.asp Reference: XF:passfilt-fullname(7391) Reference: URL:http://xforce.iss.net/static/7391.php Passfilt.dll in Windows NT SP2 allows users to create a password that contains the user's name, which could make it easier for an attacker to guess. ====================================================== Name: CVE-1999-1317 Status: Entry Reference: NTBUGTRAQ:19990312 [ ALERT ] Case Sensitivity and Symbolic Links Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92127046701349&w=2 Reference: NTBUGTRAQ:19990314 AW: [ ALERT ] Case Sensitivity and Symbolic Links Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92162979530341&w=2 Reference: MSKB:Q222159 Reference: URL:http://support.microsoft.com/support/kb/articles/q222/1/59.asp Reference: XF:nt-symlink-case(7398) Reference: URL:http://xforce.iss.net/static/7398.php Windows NT 4.0 SP4 and earlier allows local users to gain privileges by modifying the symbolic link table in the \?? object folder using a different case letter (upper or lower) to point to a different device. ====================================================== Name: CVE-1999-1318 Status: Entry Reference: SUNBUG:1121935 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fpatches%2F100630&zone_32=112193%2A%20 Reference: XF:sun-su-path(7480) Reference: URL:http://www.iss.net/security_center/static/7480.php /usr/5bin/su in SunOS 4.1.3 and earlier uses a search path that includes the current working directory (.), which allows local users to gain privileges via Trojan horse programs. ====================================================== Name: CVE-1999-1320 Status: Entry Reference: CIAC:D-01 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/d-01.shtml Reference: XF:netware-packet-spoofing-privileges(7213) Reference: URL:http://www.iss.net/security_center/static/7213.php Vulnerability in Novell NetWare 3.x and earlier allows local users to gain privileges via packet spoofing. ====================================================== Name: CVE-1999-1321 Status: Entry Reference: BUGTRAQ:19981105 security patch for ssh-1.2.26 kerberos code Reference: URL:http://lists.netspace.org/cgi-bin/wa?A2=ind9811A&L=bugtraq&P=R4814 Reference: OSVDB:4883 Reference: URL:http://www.osvdb.org/4883 Buffer overflow in ssh 1.2.26 client with Kerberos V enabled could allow remote attackers to cause a denial of service or execute arbitrary commands via a long DNS hostname that is not properly handled during TGT ticket passing. ====================================================== Name: CVE-1999-1324 Status: Entry Reference: CIAC:D-06 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/d-06.shtml Reference: XF:openvms-sysgen-enabled(7225) Reference: URL:http://xforce.iss.net/static/7225.php VAXstations running Open VMS 5.3 through 5.5-2 with VMS DECwindows or MOTIF do not properly disable access to user accounts that exceed the break-in limit threshold for failed login attempts, which makes it easier for attackers to conduct brute force password guessing. ====================================================== Name: CVE-1999-1325 Status: Entry Reference: CIAC:C-19 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/c-19.shtml Reference: XF:vaxvms-sas-gain-privileges(7261) Reference: URL:http://xforce.iss.net/static/7261.php SAS System 5.18 on VAX/VMS is installed with insecure permissions for its directories and startup file, which allows local users to gain privileges. ====================================================== Name: CVE-1999-1326 Status: Entry Reference: BUGTRAQ:19970104 serious security bug in wu-ftpd v2.4 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420401&w=2 Reference: BUGTRAQ:19970105 BoS: serious security bug in wu-ftpd v2.4 -- PATCH Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420408&w=2 Reference: XF:wuftpd-abor-gain-privileges(7169) Reference: URL:http://xforce.iss.net/static/7169.php wu-ftpd 2.4 FTP server does not properly drop privileges when an ABOR (abort file transfer) command is executed during a file transfer, which causes a signal to be handled incorrectly and allows local and possibly remote attackers to read arbitrary files. ====================================================== Name: CVE-1999-1327 Status: Entry Reference: BUGTRAQ:19980601 Re: SECURITY: Red Hat Linux 5.1 linuxconf bug (fwd) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221103125826&w=2 Reference: CONFIRM:http://www.redhat.com/support/errata/rh51-errata-general.html#linuxconf Reference: XF:linuxconf-lang-bo(7239) Reference: URL:http://www.iss.net/security_center/static/7239.php Reference: OSVDB:6065 Reference: URL:http://www.osvdb.org/6065 Buffer overflow in linuxconf 1.11r11-rh2 on Red Hat Linux 5.1 allows local users to gain root privileges via a long LANG environmental variable. ====================================================== Name: CVE-1999-1328 Status: Entry Reference: BUGTRAQ:19980826 [djb@redhat.com: Unidentified subject!] Reference: BUGTRAQ:19980823 Security concerns in linuxconf shipped w/RedHat 5.1 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90383955231511&w=2 Reference: CONFIRM:http://www.redhat.com/support/errata/rh51-errata-general.html#linuxconf Reference: XF:linuxconf-symlink-gain-privileges(7232) Reference: URL:http://www.iss.net/security_center/static/7232.php Reference: OSVDB:6068 Reference: URL:http://www.osvdb.org/6068 linuxconf before 1.11.r11-rh3 on Red Hat Linux 5.1 allows local users to overwrite arbitrary files and gain root access via a symlink attack. ====================================================== Name: CVE-1999-1329 Status: Entry Reference: CONFIRM:http://www.redhat.com/support/errata/rh50-errata-general.html#SysVinit Reference: XF:sysvinit-root-bo(7250) Reference: URL:http://www.iss.net/security_center/static/7250.php Buffer overflow in SysVInit in Red Hat Linux 5.1 and earlier allows local users to gain privileges. ====================================================== Name: CVE-1999-1330 Status: Entry Reference: BUGTRAQ:19970709 [linux-security] so-called snprintf() in db-1.85.4 (fwd) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602661419259&w=2 Reference: CONFIRM:http://lists.openresources.com/Debian/debian-bugs-closed/msg00581.html Reference: CONFIRM:http://www.redhat.com/support/errata/rh42-errata-general.html#db Reference: XF:linux-libdb-snprintf-bo(7244) Reference: URL:http://www.iss.net/security_center/static/7244.php The snprintf function in the db library 1.85.4 ignores the size parameter, which could allow attackers to exploit buffer overflows that would be prevented by a properly implemented snprintf. ====================================================== Name: CVE-1999-1331 Status: Entry Reference: CONFIRM:http://www.redhat.com/support/errata/rh42-errata-general.html#netcfg Reference: XF:netcfg-ethernet-dos(7245) Reference: URL:http://www.iss.net/security_center/static/7245.php netcfg 2.16-1 in Red Hat Linux 4.2 allows the Ethernet interface to be controlled by users on reboot when an option is set, which allows local users to cause a denial of service by shutting down the interface. ====================================================== Name: CVE-1999-1332 Status: Entry Reference: BUGTRAQ:19980128 GZEXE - the big problem Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88603844115233&w=2 Reference: CONFIRM:http://www.redhat.com/support/errata/rh50-errata-general.html#gzip Reference: DEBIAN:DSA-308 Reference: URL:http://www.debian.org/security/2003/dsa-308 Reference: BID:7845 Reference: URL:http://www.securityfocus.com/bid/7845 Reference: OSVDB:3812 Reference: URL:http://www.osvdb.org/3812 Reference: XF:gzip-gzexe-tmp-symlink(7241) Reference: URL:http://www.iss.net/security_center/static/7241.php gzexe in the gzip package on Red Hat Linux 5.0 and earlier allows local users to overwrite files of other users via a symlink attack on a temporary file. ====================================================== Name: CVE-1999-1333 Status: Entry Reference: BUGTRAQ:19980319 ncftp 2.4.2 MkDirs bug Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=89042322924057&w=2 Reference: CONFIRM:http://www.redhat.com/support/errata/rh50-errata-general.html#ncftp Reference: XF:ncftp-autodownload-command-execution(7240) Reference: URL:http://www.iss.net/security_center/static/7240.php Reference: OSVDB:6111 Reference: URL:http://www.osvdb.org/6111 automatic download option in ncftp 2.4.2 FTP client in Red Hat Linux 5.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the names of files that are to be downloaded. ====================================================== Name: CVE-1999-1335 Status: Entry Reference: CONFIRM:http://www.redhat.com/support/errata/rh40-errata-general.html#cmu-snmp Reference: XF:cmusnmp-read-write(7251) Reference: URL:http://xforce.iss.net/static/7251.php snmpd server in cmu-snmp SNMP package before 3.3-1 in Red Hat Linux 4.0 is configured to allow remote attackers to read and write sensitive information. ====================================================== Name: CVE-1999-1336 Status: Entry Reference: BUGTRAQ:19990812 3com hiperarch flaw [hiperbomb.c] Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93458364903256&w=2 Reference: BUGTRAQ:19990816 Re: 3com hiperarch flaw [hiperbomb.c] Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93492615408725&w=2 Reference: OSVDB:6057 Reference: URL:http://www.osvdb.org/6057 3Com HiPer Access Router Card (HiperARC) 4.0 through 4.2.29 allows remote attackers to cause a denial of service (reboot) via a flood of IAC packets to the telnet port. ====================================================== Name: CVE-1999-1337 Status: Entry Reference: BUGTRAQ:19990801 midnight commander vulnerability(?) (fwd) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93370073207984&w=2 Reference: XF:midnight-commander-data-disclosure(9873) Reference: URL:http://www.iss.net/security_center/static/9873.php Reference: OSVDB:5921 Reference: URL:http://www.osvdb.org/5921 FTP client in Midnight Commander (mc) before 4.5.11 stores usernames and passwords for visited sites in plaintext in the world-readable history file, which allows other local users to gain privileges. ====================================================== Name: CVE-1999-1339 Status: Entry Reference: BUGTRAQ:19990722 Re: ping -R causes kernel panic on a forwarding machine ( 2.2.5 a nd 2 .2.10) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93277766505061&w=2 Reference: BUGTRAQ:19990722 Linux +ipchains+ ping -R Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93277426802802&w=2 Reference: CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.2/patch-2.2.11.gz Reference: XF:ipchains-ping-route-dos(7257) Reference: URL:http://www.iss.net/security_center/static/7257.php Reference: OSVDB:6105 Reference: URL:http://www.osvdb.org/6105 Vulnerability when Network Address Translation (NAT) is enabled in Linux 2.2.10 and earlier with ipchains, or FreeBSD 3.2 with ipfw, allows remote attackers to cause a denial of service (kernel panic) via a ping -R (record route) command. ====================================================== Name: CVE-1999-1341 Status: Entry Reference: BUGTRAQ:19991022 Local user can send forged packets Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94061108411308&w=2 Reference: XF:linux-tiocsetd-forge-packets(7858) Reference: URL:http://xforce.iss.net/static/7858.php Linux kernel before 2.3.18 or 2.2.13pre15, with SLIP and PPP options, allows local unprivileged users to forge IP packets via the TIOCSETD option on tty devices. ====================================================== Name: CVE-1999-1351 Status: Entry Reference: BUGTRAQ:19990924 Kvirc bug Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93845560631314&w=2 Reference: XF:kvirc-dot-directory-traversal(7761) Reference: URL:http://www.iss.net/security_center/static/7761.php Directory traversal vulnerability in KVIrc IRC client 0.9.0 with the "Listen to !nick <soundname> requests" option enabled allows remote attackers to read arbitrary files via a .. (dot dot) in a DCC GET request. ====================================================== Name: CVE-1999-1356 Status: Entry Reference: BUGTRAQ:19990902 Compaq CIM UG Overwrites Legal Notice Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93646669500991&w=2 Reference: NTBUGTRAQ:19990902 Compaq CIM UG Overwrites Legal Notice Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93637792706047&w=2 Reference: NTBUGTRAQ:19990917 Re: Compaq CIM UG Overwrites Legal Notice Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93759822830815&w=2 Reference: XF:compaq-smartstart-legal-notice(7763) Reference: URL:http://www.iss.net/security_center/static/7763.php Compaq Integration Maintenance Utility as used in Compaq Insight Manager agent before SmartStart 4.50 modifies the legal notice caption (LegalNoticeCaption) and text (LegalNoticeText) in Windows NT, which could produce a legal notice that is in violation of the security policy. ====================================================== Name: CVE-1999-1358 Status: Entry Reference: MSKB:Q157673 Reference: URL:http://support.microsoft.com/support/kb/articles/q157/6/73.asp Reference: XF:nt-user-policy-update(7400) Reference: URL:http://www.iss.net/security_center/static/7400.php When an administrator in Windows NT or Windows 2000 changes a user policy, the policy is not properly updated if the local ntconfig.pol is not writable by the user, which could allow local users to bypass restrictions that would otherwise be enforced by the policy, possibly by changing the policy file to be read-only. ====================================================== Name: CVE-1999-1359 Status: Entry Reference: MSKB:Q163875 Reference: URL:http://support.microsoft.com/support/kb/articles/q163/8/75.asp Reference: XF:nt-group-policy-longname(7401) Reference: URL:http://www.iss.net/security_center/static/7401.php When the Ntconfig.pol file is used on a server whose name is longer than 13 characters, Windows NT does not properly enforce policies for global groups, which could allow users to bypass restrictions that were intended by those policies. ====================================================== Name: CVE-1999-1360 Status: Entry Reference: MSKB:Q160650 Reference: URL:http://support.microsoft.com/support/kb/articles/q160/6/50.asp Reference: XF:nt-kernel-handle-dos(7402) Reference: URL:http://www.iss.net/security_center/static/7402.php Windows NT 4.0 allows local users to cause a denial of service via a user mode application that closes a handle that was opened in kernel mode, which causes a crash when the kernel attempts to close the handle. ====================================================== Name: CVE-1999-1362 Status: Entry Reference: MSKB:Q160601 Reference: URL:http://support.microsoft.com/support/kb/articles/q160/6/01.asp Reference: XF:nt-win32k-dos(7403) Reference: URL:http://www.iss.net/security_center/static/7403.php Win32k.sys in Windows NT 4.0 before SP2 allows local users to cause a denial of service (crash) by calling certain WIN32K functions with incorrect parameters. ====================================================== Name: CVE-1999-1363 Status: Entry Reference: MSKB:Q163143 Reference: URL:http://support.microsoft.com/support/kb/articles/q163/1/43.asp Reference: XF:nt-nonpagedpool-dos(7405) Reference: URL:http://www.iss.net/security_center/static/7405.php Windows NT 3.51 and 4.0 allow local users to cause a denial of service (crash) by running a program that creates a large number of locks on a file, which exhausts the NonPagedPool. ====================================================== Name: CVE-1999-1365 Status: Entry Reference: NTBUGTRAQ:19990628 NT runs Explorer.exe, Taskmgr.exe etc. from wrong location Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93069418400856&w=2 Reference: NTBUGTRAQ:19990630 Update: NT runs explorer.exe, etc... Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93127894731200&w=2 Reference: XF:nt-login-default-folder(2336) Reference: URL:http://xforce.iss.net/xforce/xfdb/2336 Reference: BID:0515 Reference: URL:http://www.securityfocus.com/bid/0515 Windows NT searches a user's home directory (%systemroot% by default) before other directories to find critical programs such as NDDEAGNT.EXE, EXPLORER.EXE, USERINIT.EXE or TASKMGR.EXE, which could allow local users to bypass access restrictions or gain privileges by placing a Trojan horse program into the root directory, which is writable by default. ====================================================== Name: CVE-1999-1379 Status: Entry Reference: BUGTRAQ:19990730 Possible Denial Of Service using DNS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93348057829957&w=2 Reference: BUGTRAQ:19990810 Possible Denial Of Service using DNS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93433758607623&w=2 Reference: AUSCERT:AL-1999.004 Reference: URL:ftp://ftp.auscert.org.au/pub/auscert/advisory/AL-1999.004.dns_dos Reference: CIAC:J-063 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/j-063.shtml Reference: XF:dns-udp-query-dos(7238) Reference: URL:http://www.iss.net/security_center/static/7238.php DNS allows remote attackers to use DNS name servers as traffic amplifiers via a UDP DNS query with a spoofed source address, which produces more traffic to the victim than was sent by the attacker. ====================================================== Name: CVE-1999-1380 Status: Entry Reference: MISC:http://www.net-security.sk/bugs/NT/nu20.html Reference: MISC:http://mlarchive.ima.com/win95/1997/May/0342.html Reference: MISC:http://news.zdnet.co.uk/story/0,,s2065518,00.html Reference: XF:nu-tuneocx-activex-control(7188) Reference: URL:http://www.iss.net/security_center/static/7188.php Symantec Norton Utilities 2.0 for Windows 95 marks the TUNEOCX.OCX ActiveX control as safe for scripting, which allows remote attackers to execute arbitrary commands via the run option through malicious web pages that are accessed by browsers such as Internet Explorer 3.0. ====================================================== Name: CVE-1999-1382 Status: Entry Reference: BUGTRAQ:19980108 NetWare NFS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88427711321769&w=2 Reference: BUGTRAQ:19980812 Re: Netware NFS (fwd) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90295697702474&w=2 Reference: CONFIRM:http://support.novell.com/cgi-bin/search/tidfinder.cgi?2940551 Reference: XF:netware-nfs-file-ownership(7246) Reference: URL:http://www.iss.net/security_center/static/7246.php NetWare NFS mode 1 and 2 implements the "Read Only" flag in Unix by changing the ownership of a file to root, which allows local users to gain root privileges by creating a setuid program and setting it to "Read Only," which NetWare-NFS changes to a setuid root program. ====================================================== Name: CVE-1999-1384 Status: Entry Reference: BUGTRAQ:19961030 (Another) vulnerability in new SGIs Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420095&w=2 Reference: AUSCERT:AA-96.08 Reference: URL:ftp://ftp.auscert.org.au/pub/auscert/advisory/AA-96.08.SGI.systour.vul Reference: SGI:19961101-01-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19961101-01-I Reference: BID:470 Reference: URL:http://www.securityfocus.com/bid/470 Reference: XF:irix-systour(7456) Reference: URL:http://www.iss.net/security_center/static/7456.php Indigo Magic System Tour in the SGI system tour package (systour) for IRIX 5.x through 6.3 allows local users to gain root privileges via a Trojan horse .exitops program, which is called by the inst command that is executed by the RemoveSystemTour program. ====================================================== Name: CVE-1999-1385 Status: Entry Reference: BUGTRAQ:19961219 Exploit for ppp bug (FreeBSD 2.1.0). Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420332&w=2 Reference: FREEBSD:FreeBSD-SA-96:20 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/old/FreeBSD-SA-96:20.stack-overflow.asc Reference: XF:ppp-bo(7465) Reference: URL:http://www.iss.net/security_center/static/7465.php Reference: OSVDB:6085 Reference: URL:http://www.osvdb.org/6085 Buffer overflow in ppp program in FreeBSD 2.1 and earlier allows local users to gain privileges via a long HOME environment variable. ====================================================== Name: CVE-1999-1386 Status: Entry Reference: BUGTRAQ:19980308 another /tmp race: `perl -e' opens temp file not safely Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88932165406213&w=2 Reference: CONFIRM:http://www.redhat.com/support/errata/rh50-errata-general.html#perl Reference: XF:perl-e-tmp-symlink(7243) Reference: URL:http://www.iss.net/security_center/static/7243.php Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl-eaXXXXX file. ====================================================== Name: CVE-1999-1397 Status: Entry Reference: BUGTRAQ:19990323 Index Server 2.0 and the Registry Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92242671024118&w=2 Reference: NTBUGTRAQ:19990323 Index Server 2.0 and the Registry Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92223293409756&w=2 Reference: BID:476 Reference: URL:http://www.securityfocus.com/bid/476 Reference: XF:iis-indexserver-reveal-path(7559) Reference: URL:http://www.iss.net/security_center/static/7559.php Index Server 2.0 on IIS 4.0 stores physical path information in the ContentIndex\Catalogs subkey of the AllowedPaths registry key, whose permissions allows local and remote users to obtain the physical paths of directories that are being indexed. ====================================================== Name: CVE-1999-1402 Status: Entry Reference: BUGTRAQ:19970517 UNIX domain socket (Solarisx86 2.5) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167418317&w=2 Reference: BUGTRAQ:19971003 Solaris 2.6 and sockets Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602248718482&w=2 Reference: BID:456 Reference: URL:http://www.securityfocus.com/bid/456 Reference: XF:sun-domain-socket-permissions(7172) Reference: URL:http://www.iss.net/security_center/static/7172.php The access permissions for a UNIX domain socket are ignored in Solaris 2.x and SunOS 4.x, and other BSD-based operating systems before 4.4, which could allow local users to connect to the socket and possibly disrupt or control the operations of the program using that socket. ====================================================== Name: CVE-1999-1407 Status: Entry Reference: BUGTRAQ:19980309 *sigh* another RH5 /tmp problem Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88950856416985&w=2 Reference: BID:368 Reference: URL:http://www.securityfocus.com/bid/368 Reference: XF:initscripts-ifdhcpdone-dhcplog-symlink(7294) Reference: URL:http://www.iss.net/security_center/static/7294.php Reference: CONFIRM:http://www.redhat.com/support/errata/rh50-errata-general.html#initscripts ifdhcpc-done script for configuring DHCP on Red Hat Linux 5 allows local users to append text to arbitrary files via a symlink attack on the dhcplog file. ====================================================== Name: CVE-1999-1409 Status: Entry Reference: BUGTRAQ:19980703 more about 'at' Reference: URL:http://www.shmoo.com/mail/bugtraq/jul98/msg00064.html Reference: BUGTRAQ:19980805 irix-6.2 "at -f" vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90233906612929&w=2 Reference: NETBSD:NetBSD-SA1998-004 Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/security/advisories/NetBSD-SA1998-004.txt.asc Reference: BID:331 Reference: URL:http://www.securityfocus.com/bid/331 Reference: XF:at-f-read-files(7577) Reference: URL:http://www.iss.net/security_center/static/7577.php The at program in IRIX 6.2 and NetBSD 1.3.2 and earlier allows local users to read portions of arbitrary files by submitting the file to at with the -f argument, which generates error messages that at sends to the user via e-mail. ====================================================== Name: CVE-1999-1411 Status: Entry Reference: DEBIAN:19981126 new version of fsp fixes security flaw Reference: URL:http://lists.debian.org/debian-security-announce/debian-security-announce-1998/msg00033.html Reference: BUGTRAQ:19981128 Debian: Security flaw in FSP Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91228908407679&w=2 Reference: BUGTRAQ:19981130 Debian: Security flaw in FSP Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91244712808780&w=2 Reference: BUGTRAQ:19990217 Debian GNU/Linux 2.0r5 released (fwd) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91936850009861&w=2 Reference: BID:316 Reference: URL:http://www.securityfocus.com/bid/316 Reference: XF:fsp-anon-ftp-access(7574) Reference: URL:http://www.iss.net/security_center/static/7574.php The installation of the fsp package 2.71-10 in Debian GNU/Linux 2.0 adds the anonymous FTP user without notifying the administrator, which could automatically enable anonymous FTP on some servers such as wu-ftp. ====================================================== Name: CVE-1999-1414 Status: Entry Reference: NTBUGTRAQ:19990525 Security Leak with IBM Netfinity Remote Control Software Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92765856706547&w=2 Reference: NTBUGTRAQ:19990609 IBM's response to "Security Leak with IBM Netfinity Remote Control Software Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92902484317769&w=2 Reference: BID:284 Reference: URL:http://www.securityfocus.com/bid/284 IBM Netfinity Remote Control allows local users to gain administrator privileges by starting programs from the process manager, which runs with system level privileges. ====================================================== Name: CVE-1999-1419 Status: Entry Reference: SUN:00148 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/148 Reference: BID:219 Reference: URL:http://www.securityfocus.com/bid/219 Reference: XF:sun-nisplus-bo(7535) Reference: URL:http://www.iss.net/security_center/static/7535.php Buffer overflow in nss_nisplus.so.1 library in NIS+ in Solaris 2.3 and 2.4 allows local users to gain root privileges. ====================================================== Name: CVE-1999-1423 Status: Entry Reference: BUGTRAQ:19970626 Solaris Ping bug (DoS) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602558319160&w=2 Reference: BUGTRAQ:19970627 SUMMARY: Solaris Ping bug (DoS) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602558319171&w=2 Reference: BUGTRAQ:19970627 Solaris Ping bug(inetsvc) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602558319181&w=2 Reference: BUGTRAQ:19971005 Solaris Ping Bug and other [bc] oddities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602558319180&w=2 Reference: SUN:00146 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/146 Reference: BID:209 Reference: URL:http://www.securityfocus.com/bid/209 Reference: XF:ping-multicast-loopback-dos(7492) Reference: URL:http://www.iss.net/security_center/static/7492.php ping in Solaris 2.3 through 2.6 allows local users to cause a denial of service (crash) via a ping request to a multicast address through the loopback interface, e.g. via ping -i. ====================================================== Name: CVE-1999-1432 Status: Entry Reference: BUGTRAQ:19980716 Security risk with powermanagemnet on Solaris 2.6 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104525997&w=2 Reference: BID:160 Reference: URL:http://www.securityfocus.com/bid/160 Reference: SUNBUG:4024179 Power management (Powermanagement) on Solaris 2.4 through 2.6 does not start the xlock process until after the sys-suspend has completed, which allows an attacker with physical access to input characters to the last active application from the keyboard for a short period after the system is restoring, which could lead to increased privileges. ====================================================== Name: CVE-1999-1433 Status: Entry Reference: BUGTRAQ:19980715 JetAdmin software Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104525988&w=2 Reference: BUGTRAQ:19980722 Re: JetAdmin software Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104526067&w=2 Reference: BID:157 Reference: URL:http://www.securityfocus.com/bid/157 HP JetAdmin D.01.09 on Solaris allows local users to change the permissions of arbitrary files via a symlink attack on the /tmp/jetadmin.log file. ====================================================== Name: CVE-1999-1437 Status: Entry Reference: BUGTRAQ:19980707 ePerl: bad handling of ISINDEX queries Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104525890&w=2 Reference: BUGTRAQ:19980710 ePerl Security Update Available Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104525927&w=2 Reference: BID:151 Reference: URL:http://www.securityfocus.com/bid/151 ePerl 2.2.12 allows remote attackers to read arbitrary files and possibly execute certain commands by specifying a full pathname of the target file as an argument to bar.phtml. ====================================================== Name: CVE-1999-1452 Status: Entry Reference: NTBUGTRAQ:19990129 ole objects in a "secured" environment? Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=91764169410814&w=2 Reference: NTBUGTRAQ:19990205 Alert: MS releases GINA-fix for SP3, SP4, and TS Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=91822011021558&w=2 Reference: BUGTRAQ:19990129 ole objects in a "secured" environment? Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91788829326419&w=2 Reference: MSKB:Q214802 Reference: URL:http://support.microsoft.com/support/kb/articles/q214/8/02.asp Reference: BID:198 Reference: URL:http://www.securityfocus.com/bid/198 Reference: XF:nt-gina-clipboard(1975) Reference: URL:http://xforce.iss.net/static/1975.php GINA in Windows NT 4.0 allows attackers with physical access to display a portion of the clipboard of the user who has locked the workstation by pasting (CTRL-V) the contents into the username prompt. ====================================================== Name: CVE-1999-1455 Status: Entry Reference: MSKB:Q158320 Reference: URL:http://support.microsoft.com/support/kb/articles/q158/3/20.asp Reference: XF:nt-rshsvc-ale-bypass(7422) Reference: URL:http://xforce.iss.net/static/7422.php RSH service utility RSHSVC in Windows NT 3.5 through 4.0 does not properly restrict access as specified in the .Rhosts file when a user comes from an authorized host, which could allow unauthorized users to access the service by logging in from an authorized host. ====================================================== Name: CVE-1999-1456 Status: Entry Reference: BUGTRAQ:19980819 thttpd 2.04 released (fwd) Reference: URL:http://www.securityfocus.com/archive/1/10368 Reference: CONFIRM:http://www.acme.com/software/thttpd/thttpd.html#releasenotes Reference: XF:thttpd-file-read(1809) Reference: URL:http://xforce.iss.net/static/1809.php thttpd HTTP server 2.03 and earlier allows remote attackers to read arbitrary files via a GET request with more than one leading / (slash) character in the filename. ====================================================== Name: CVE-1999-1468 Status: Entry Reference: MISC:http://www.alw.nih.gov/Security/8lgm/8lgm-Advisory-01.html Reference: CERT:CA-91.20 Reference: URL:http://www.cert.org/advisories/CA-91.20.rdist.vulnerability Reference: BID:31 Reference: URL:http://www.securityfocus.com/bid/31 Reference: XF:rdist-popen-gain-privileges(7160) Reference: URL:http://www.iss.net/security_center/static/7160.php Reference: OSVDB:8106 Reference: URL:http://www.osvdb.org/8106 rdist in various UNIX systems uses popen to execute sendmail, which allows local users to gain root privileges by modifying the IFS (Internal Field Separator) variable. ====================================================== Name: CVE-1999-1472 Status: Entry Reference: BUGTRAQ:19971017 Security Hole in Explorer 4.0 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87710897923098&w=2 Reference: MISC:http://www.insecure.org/sploits/Internet_explorer_4.0.hack.html Reference: CONFIRM:http://www.microsoft.com/Windows/ie/security/freiburg.asp Reference: MSKB:Q176794 Reference: URL:http://support.microsoft.com/support/kb/articles/q176/7/94.asp Reference: MSKB:Q176697 Reference: URL:http://support.microsoft.com/support/kb/articles/q176/6/97.asp Reference: XF:http-ie-spy(587) Reference: URL:http://xforce.iss.net/static/587.php Reference: OSVDB:7819 Reference: URL:http://www.osvdb.org/7819 Internet Explorer 4.0 allows remote attackers to read arbitrary text and HTML files on the user's machine via a small IFRAME that uses Dynamic HTML (DHTML) to send the data to the attacker, aka the Freiburg text-viewing issue. ====================================================== Name: CVE-1999-1473 Status: Entry Reference: MSKB:Q176697 Reference: URL:http://support.microsoft.com/support/kb/articles/q176/6/97.asp Reference: XF:ie-page-redirect(7426) Reference: URL:http://www.iss.net/security_center/static/7426.php Reference: OSVDB:7818 Reference: URL:http://www.osvdb.org/7818 When a Web site redirects the browser to another site, Internet Explorer 3.02 and 4.0 automatically resends authentication information to the second site, aka the "Page Redirect Issue." ====================================================== Name: CVE-1999-1476 Status: Entry Reference: MSKB:Q163852 Reference: URL:http://support.microsoft.com/support/kb/articles/q163/8/52.asp Reference: XF:pentium-crash(704) Reference: URL:http://xforce.iss.net/static/704.php A bug in Intel Pentium processor (MMX and Overdrive) allows local users to cause a denial of service (hang) in Intel-based operating systems such as Windows NT and Windows 95, via an invalid instruction, aka the "Invalid Operand with Locked CMPXCHG8B Instruction" problem. ====================================================== Name: CVE-1999-1478 Status: Entry Reference: NTBUGTRAQ:19990706 Bug in SUN's Hotspot VM Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93138827429589&w=2 Reference: NTBUGTRAQ:19990716 FW: (Review ID: 85125) Hotspot crashes bringing down webserver Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93240220324183&w=2 Reference: BID:522 Reference: URL:http://www.securityfocus.com/bid/522 Reference: XF:sun-hotspot-vm(2348) Reference: URL:http://xforce.iss.net/static/2348.php The Sun HotSpot Performance Engine VM allows a remote attacker to cause a denial of service on any server running HotSpot via a URL that includes the [ character. ====================================================== Name: CVE-1999-1481 Status: Entry Reference: BUGTRAQ:19991025 [squid] exploit for external authentication problem Reference: URL:http://www.securityfocus.com/archive/1/33295 Reference: BUGTRAQ:19991103 [squid]exploit for external authentication problem Reference: URL:http://www.securityfocus.com/archive/1/33295 Reference: CONFIRM:http://www.squid-cache.org/Versions/v2/2.2/bugs/ Reference: BID:741 Reference: URL:http://www.securityfocus.com/bid/741 Reference: XF:squid-proxy-auth-access(3433) Reference: URL:http://xforce.iss.net/static/3433.php Squid 2.2.STABLE5 and below, when using external authentication, allows attackers to bypass access controls via a newline in the user/password pair. ====================================================== Name: CVE-1999-1486 Status: Entry Reference: CONFIRM:http://techsupport.services.ibm.com/aix/fixes/v4/os/bos.acct.4.3.1.0.info Reference: AIXAPAR:IX75554 Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IX75554&apar=only Reference: AIXAPAR:IX76853 Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IX76853&apar=only Reference: AIXAPAR:IX76330 Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IX76330&apar=only Reference: BID:408 Reference: URL:http://www.securityfocus.com/bid/408 Reference: XF:aix-sadc-timex(7675) Reference: URL:http://xforce.iss.net/xforce/xfdb/7675 sadc in IBM AIX 4.1 through 4.3, when called from programs such as timex that are setgid adm, allows local users to overwrite arbitrary files via a symlink attack. ====================================================== Name: CVE-1999-1488 Status: Entry Reference: CIAC:I-079A Reference: URL:http://ciac.llnl.gov/ciac/bulletins/i-079a.shtml Reference: BID:371 Reference: URL:http://www.securityfocus.com/bid/371 Reference: XF:ibm-sdr-read-files(7217) Reference: URL:http://www.iss.net/security_center/static/7217.php sdrd daemon in IBM SP2 System Data Repository (SDR) allows remote attackers to read files without authentication. ====================================================== Name: CVE-1999-1490 Status: Entry Reference: BUGTRAQ:19980528 ALERT: Tiresome security hole in "xosview", RedHat5.1? Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221101926021&w=2 Reference: BUGTRAQ:19980529 Re: Tiresome security hole in "xosview" (xosexp.c) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221101926034&w=2 Reference: BID:362 Reference: URL:http://www.securityfocus.com/bid/362 Reference: XF:linux-xosview-bo(8787) Reference: URL:http://www.iss.net/security_center/static/8787.php xosview 1.5.1 in Red Hat 5.1 allows local users to gain root access via a long HOME environmental variable. ====================================================== Name: CVE-1999-1494 Status: Entry Reference: BUGTRAQ:19940809 Re: IRIX 5.2 Security Advisory Reference: URL:http://www.securityfocus.com/archive/1/675 Reference: BUGTRAQ:19950307 sigh. another Irix 5.2 hole. Reference: URL:http://www.tryc.on.ca/archives/bugtraq/1995_1/0614.html Reference: SGI:19950209-00-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19950209-01-P Reference: XF:sgi-colorview(2112) Reference: URL:http://xforce.iss.net/static/2112.php Reference: BID:336 Reference: URL:http://www.securityfocus.com/bid/336 colorview in Silicon Graphics IRIX 5.1, 5.2, and 6.0 allows local attackers to read arbitrary files via the -text argument. ====================================================== Name: CVE-1999-1507 Status: Entry Reference: CERT:CA-1993-03 Reference: URL:http://www.cert.org/advisories/CA-1993-03.html Reference: BID:59 Reference: URL:http://www.securityfocus.com/bid/59 Reference: XF:sun-dir(521) Reference: URL:http://xforce.iss.net/static/521.php Sun SunOS 4.1 through 4.1.3 allows local attackers to gain root access via insecure permissions on files and directories such as crash. ====================================================== Name: CVE-1999-1512 Status: Entry Reference: BUGTRAQ:19990716 AMaViS virus scanner for Linux - root exploit Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93219846414732&w=2 Reference: CONFIRM:http://www.amavis.org/ChangeLog.txt Reference: BID:527 Reference: URL:http://www.securityfocus.com/bid/527 Reference: XF:amavis-command-execute(2349) Reference: URL:http://xforce.iss.net/static/2349.php The AMaViS virus scanner 0.2.0-pre4 and earlier allows remote attackers to execute arbitrary commands as root via an infected mail message with shell metacharacters in the reply-to field. ====================================================== Name: CVE-1999-1520 Status: Entry Reference: BUGTRAQ:19990511 [ALERT] Site Server 3.0 May Expose SQL IDs and PSWs Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92647407227303&w=2 Reference: BID:256 Reference: URL:http://www.securityfocus.com/bid/256 Reference: XF:siteserver-site-csc(2270) Reference: URL:http://xforce.iss.net/static/2270.php A configuration problem in the Ad Server Sample directory (AdSamples) in Microsoft Site Server 3.0 allows an attacker to obtain the SITE.CSC file, which exposes sensitive SQL database information. ====================================================== Name: CVE-1999-1530 Status: Entry Reference: BUGTRAQ:19991108 Security flaw in Cobalt RaQ2 cgiwrap Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94209954200450&w=2 Reference: BUGTRAQ:19991109 [Cobalt] Security Advisory - cgiwrap Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94225629200045&w=2 Reference: BID:777 Reference: URL:http://www.securityfocus.com/bid/777 Reference: XF:cobalt-cgiwrap-incorrect-permissions(7764) Reference: URL:http://www.iss.net/security_center/static/7764.php Reference: OSVDB:35 Reference: URL:http://www.osvdb.org/35 cgiwrap as used on Cobalt RaQ 2.0 and RaQ 3i does not properly identify the user for running certain scripts, which allows a malicious site administrator to view or modify data located at another virtual site on the same system. ====================================================== Name: CVE-1999-1531 Status: Entry Reference: BUGTRAQ:19991102 Some holes for Win/UNIX softwares Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94157187815629&w=2 Reference: BID:763 Reference: URL:http://www.securityfocus.com/bid/763 Reference: XF:ibm-homepageprint-bo(7767) Reference: URL:http://www.iss.net/security_center/static/7767.php Buffer overflow in IBM HomePagePrint 1.0.7 for Windows98J allows a malicious Web site to execute arbitrary code on a viewer's system via a long IMG_SRC HTML tag. ====================================================== Name: CVE-1999-1535 Status: Entry Reference: NTBUGTRAQ:19990720 Buffer overflow in AspUpload 1.4 Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93256878011447&w=2 Reference: NTBUGTRAQ:19990818 AspUpload Buffer Overflow Fixed Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93501427820328&w=2 Reference: BID:592 Reference: URL:http://www.securityfocus.com/bid/592 Reference: XF:http-aspupload-bo(3291) Reference: URL:http://xforce.iss.net/static/3291.php Buffer overflow in AspUpload.dll in Persits Software AspUpload before 1.4.0.2 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long argument in the HTTP request. ====================================================== Name: CVE-1999-1537 Status: Entry Reference: NTBUGTRAQ:19990707 SSL and IIS. Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93138827329577&w=2 Reference: BID:521 Reference: URL:http://www.securityfocus.com/bid/521 Reference: XF:ssl-iis-dos(2352) Reference: URL:http://xforce.iss.net/static/2352.php IIS 3.x and 4.x does not distinguish between pages requiring encryption and those that do not, which allows remote attackers to cause a denial of service (resource exhaustion) via SSL requests to the HTTPS port for normally unencrypted files, which will cause IIS to perform extra work to send the files over SSL. ====================================================== Name: CVE-1999-1542 Status: Entry Reference: BUGTRAQ:19991004 RH6.0 local/remote command execution Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93915641729415&w=2 Reference: BUGTRAQ:19991006 Fwd: [Re: RH6.0 local/remote command execution] Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93923853105687&w=2 Reference: XF:linux-rh-rpmmail(3353) Reference: URL:http://xforce.iss.net/static/3353.php RPMMail before 1.4 allows remote attackers to execute commands via an e-mail message with shell metacharacters in the "MAIL FROM" command. ====================================================== Name: CVE-1999-1550 Status: Entry Reference: BUGTRAQ:19991108 BigIP - bigconf.cgi holes Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94217006208374&w=2 Reference: BUGTRAQ:19991109 Re: BigIP - bigconf.cgi holes Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94217879020184&w=2 Reference: BUGTRAQ:19991109 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94225879703021&w=2 Reference: BID:778 Reference: URL:http://www.securityfocus.com/bid/778 Reference: XF:bigip-bigconf-view-files(7771) Reference: URL:http://www.iss.net/security_center/static/7771.php bigconf.conf in F5 BIG/ip 2.1.2 and earlier allows remote attackers to read arbitrary files by specifying the target file in the "file" parameter. ====================================================== Name: CVE-1999-1556 Status: Entry Reference: NTBUGTRAQ:19980629 MS SQL Server 6.5 stores password in unprotected registry keys Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=90222453431645&w=2 Reference: BID:109 Reference: URL:http://www.securityfocus.com/bid/109 Reference: XF:mssql-sqlexecutivecmdexec-password(7354) Reference: URL:http://xforce.iss.net/xforce/xfdb/7354 Microsoft SQL Server 6.5 uses weak encryption for the password for the SQLExecutiveCmdExec account and stores it in an accessible portion of the registry, which could allow local users to gain privileges by reading and decrypting the CmdExecAccount value. ====================================================== Name: CVE-1999-1565 Status: Entry Reference: BUGTRAQ:19990820 [SECURITY] New versions of man2html fixes postinst glitch Reference: URL:http://www.securityfocus.com/archive/1/24784 Reference: OSVDB:6291 Reference: URL:http://www.osvdb.org/6291 Man2html 2.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file. ====================================================== Name: CVE-1999-1568 Status: Entry Reference: BUGTRAQ:19990223 NcFTPd remote buffer overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91981352617720&w=2 Reference: BUGTRAQ:19990223 Comments on NcFTPd "theoretical root compromise" Reference: URL:http://www.securityfocus.com/archive/1/12699 Reference: XF:ncftpd-port-bo(1833) Reference: URL:http://xforce.iss.net/static/1833.php Off-by-one error in NcFTPd FTP server before 2.4.1 allows a remote attacker to cause a denial of service (crash) via a long PORT command. ====================================================== Name: CVE-2000-0001 Status: Entry Reference: BUGTRAQ:19991222 RealMedia Server 5.0 Crasher (rmscrash.c) Reference: BID:888 Reference: URL:http://www.securityfocus.com/bid/888 Reference: XF:realserver-ramgen-dos RealMedia server allows remote attackers to cause a denial of service via a long ramgen request. ====================================================== Name: CVE-2000-0002 Status: Entry Reference: NTBUGTRAQ:19991223 Local / Remote GET Buffer Overflow Vulnerability in ZBServer 1.5 Pro Edition for Win98/NT Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind9912&L=NTBUGTRAQ&P=R3556 Reference: BUGTRAQ:19991223 Local / Remote GET Buffer Overflow Vulnerability in ZBServer 1.5 Pro Edition for Win98/NT Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94598388530358&w=2 Reference: BUGTRAQ:20000128 ZBServer 1.50-r1x exploit (WinNT) Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=36B0596E.8D111D66@teleline.es Reference: VULNWATCH:20020114 ZBServer Pro DoS Vulnerability Reference: BID:889 Reference: URL:http://www.securityfocus.com/bid/889 Reference: XF:zbserver-get-bo Buffer overflow in ZBServer Pro 1.50 allows remote attackers to execute commands via a long GET request. ====================================================== Name: CVE-2000-0003 Status: Entry Reference: BUGTRAQ:19991230 UnixWare rtpm exploit + discussion Reference: BUGTRAQ:20000127 New SCO patches... Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94908470928258&w=2 Buffer overflow in UnixWare rtpm program allows local users to gain privileges via a long environmental variable. ====================================================== Name: CVE-2000-0004 Status: Entry Reference: NTBUGTRAQ:19991223 Local / Remote GET Buffer Overflow Vulnerability in ZBServer 1.5 Pro Edition for Win98/NT Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind9912&L=NTBUGTRAQ&P=R3556 Reference: BUGTRAQ:19991223 Re: Local / Remote GET Buffer Overflow Vulnerability in ZBServer 1.5 Pro Edition for Win98/NT Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94606572912422&w=2 Reference: XF:zbserver-url-dot ZBServer Pro allows remote attackers to read source code for executable files by inserting a . (dot) into the URL. ====================================================== Name: CVE-2000-0006 Status: Entry Reference: BUGTRAQ:19991225 strace can lie Reference: URL:http://online.securityfocus.com/archive/1/39831 Reference: XF:linux-strace(4554) Reference: URL:http://xforce.iss.net/static/4554.php strace allows local users to read arbitrary files via memory mapped file names. ====================================================== Name: CVE-2000-0007 Status: Entry Reference: BUGTRAQ:19991230 PC-Cillin 6.x DoS Attack Reference: XF:pccillin-proxy-remote-dos(4491) Reference: URL:http://xforce.iss.net/static/4491.php Reference: BID:1740 Reference: URL:http://www.securityfocus.com/bid/1740 Trend Micro PC-Cillin does not restrict access to its internal proxy port, allowing remote attackers to conduct a denial of service. ====================================================== Name: CVE-2000-0009 Status: Entry Reference: BUGTRAQ:19991230 bna,sh Reference: XF:netarchitect-path-vulnerability Reference: BID:907 Reference: URL:http://www.securityfocus.com/bid/907 The bna_pass program in Optivity NETarchitect uses the PATH environmental variable for finding the "rm" program, which allows local users to execute arbitrary commands. ====================================================== Name: CVE-2000-0010 Status: Entry Reference: BUGTRAQ:19991226 WebWho+ ADVISORY Reference: XF:http-cgi-webwhoplus WebWho+ whois.cgi program allows remote attackers to execute commands via shell metacharacters in the TLD parameter. ====================================================== Name: CVE-2000-0011 Status: Entry Reference: BUGTRAQ:19991231 Local / Remote GET Buffer Overflow Vulnerability in AnalogX SimpleServer:WWW HTTP Server v1.1 Reference: MISC:http://www.analogx.com/contents/download/network/sswww.htm Reference: XF:simpleserver-get-bo Reference: BID:906 Reference: URL:http://www.securityfocus.com/bid/906 Reference: OSVDB:1184 Reference: URL:http://www.osvdb.org/1184 Buffer overflow in AnalogX SimpleServer:WWW HTTP server allows remote attackers to execute commands via a long GET request. ====================================================== Name: CVE-2000-0012 Status: Entry Reference: BUGTRAQ:19991227 remote buffer overflow in miniSQL Reference: BID:898 Reference: URL:http://www.securityfocus.com/bid/898 Reference: XF:w3-msql-scanf-bo Buffer overflow in w3-msql CGI program in miniSQL package allows remote attackers to execute commands. ====================================================== Name: CVE-2000-0013 Status: Entry Reference: BUGTRAQ:19991231 irix-soundplayer.sh Reference: XF:irix-soundplayer-symlink Reference: BID:909 Reference: URL:http://www.securityfocus.com/bid/909 IRIX soundplayer program allows local users to gain privileges by including shell metacharacters in a .wav file, which is executed via the midikeys program. ====================================================== Name: CVE-2000-0014 Status: Entry Reference: BUGTRAQ:19991228 Local / Remote D.o.S Attack in Savant Web Server V2.0 WIN9X / NT / 2K Reference: BID:897 Reference: URL:http://www.securityfocus.com/bid/897 Reference: XF:savant-server-null-dos Denial of service in Savant web server via a null character in the requested URL. ====================================================== Name: CVE-2000-0015 Status: Entry Reference: BUGTRAQ:19991231 tftpserv.sh Reference: BID:910 Reference: URL:http://www.securityfocus.com/bid/910 Reference: XF:cascadeview-tftp-symlink CascadeView TFTP server allows local users to gain privileges via a symlink attack. ====================================================== Name: CVE-2000-0018 Status: Entry Reference: BUGTRAQ:19991221 Wmmon under FreeBSD Reference: BID:885 Reference: URL:http://www.securityfocus.com/bid/885 Reference: XF:freebsd-wmmon-root-exploit Reference: OSVDB:1169 Reference: URL:http://www.osvdb.org/1169 wmmon in FreeBSD allows local users to gain privileges via the .wmmonrc configuration file. ====================================================== Name: CVE-2000-0020 Status: Entry Reference: NTBUGTRAQ:19991221 Remote D.o.S Attack in DNS PRO v5.7 WinNT From FBLI Software Vulnerability Reference: BUGTRAQ:19991221 Remote D.o.S Attack in DNS PRO v5.7 WinNT From FBLI Software Vulnerability Reference: XF:dnspro-flood-dos DNS PRO allows remote attackers to conduct a denial of service via a large number of connections. ====================================================== Name: CVE-2000-0022 Status: Entry Reference: BUGTRAQ:19991221 serious Lotus Domino HTTP denial of service Reference: BUGTRAQ:19991227 Re: Lotus Domino HTTP denial of service attack Reference: BID:881 Reference: URL:http://www.securityfocus.com/bid/881 Lotus Domino HTTP server does not properly disable anonymous access for the cgi-bin directory. ====================================================== Name: CVE-2000-0023 Status: Entry Reference: BUGTRAQ:19991221 serious Lotus Domino HTTP denial of service Reference: BUGTRAQ:19991222 Lotus Notes HTTP cgi-bin vulnerability: possible workaround Reference: BUGTRAQ:19991227 Re: Lotus Domino HTTP denial of service attack Reference: BID:881 Reference: URL:http://www.securityfocus.com/bid/881 Reference: OSVDB:51 Reference: URL:http://www.osvdb.org/51 Buffer overflow in Lotus Domino HTTP server allows remote attackers to cause a denial of service via a long URL. ====================================================== Name: CVE-2000-0024 Status: Entry Reference: MISC:http://www.acrossecurity.com/aspr/ASPR-1999-11-10-1-PUB.txt Reference: MS:MS99-061 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-061.asp Reference: BUGTRAQ:19991228 Third Party Software Affected by IIS "Escape Character Parsing" Vulnerability Reference: BUGTRAQ:19991229 More info on MS99-061 (IIS escape character vulnerability) Reference: XF:iis-badescapes Reference: MSKB:Q246401 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q246401 IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka the "Escape Character Parsing" vulnerability. ====================================================== Name: CVE-2000-0025 Status: Entry Reference: MS:MS99-058 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-058.mspx Reference: MSKB:Q238606 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q238606 Reference: OSVDB:8098 Reference: URL:http://www.osvdb.org/8098 IIS 4.0 and Site Server 3.0 allow remote attackers to read source code for ASP files if the file is in a virtual directory whose name includes extensions such as .com, .exe, .sh, .cgi, or .dll, aka the "Virtual Directory Naming" vulnerability. ====================================================== Name: CVE-2000-0026 Status: Entry Reference: BUGTRAQ:19991222 UnixWare i2odialogd remote root exploit Reference: BUGTRAQ:19991223 FYI, SCO Security patches available. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94606167110764&w=2 Reference: BID:876 Reference: URL:http://www.securityfocus.com/bid/876 Reference: OSVDB:6310 Reference: URL:http://www.osvdb.org/6310 Buffer overflow in UnixWare i2odialogd daemon allows remote attackers to gain root access via a long username/password authorization string. ====================================================== Name: CVE-2000-0027 Status: Entry Reference: BUGTRAQ:19991227 IBM NetStation/UnixWare local root exploit Reference: URL:http://www.securityfocus.com/archive/1/39962 Reference: BID:900 Reference: URL:http://www.securityfocus.com/bid/900 Reference: XF:ibm-netstat-race-condition(5381) Reference: URL:http://www.iss.net/security_center/static/5381.php IBM Network Station Manager NetStation allows local users to gain privileges via a symlink attack. ====================================================== Name: CVE-2000-0029 Status: Entry Reference: BUGTRAQ:19991227 UnixWare local pis exploit Reference: BUGTRAQ:20000113 Info on some security holes reported against SCO Unixware. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94780294009285&w=2 Reference: BID:901 Reference: URL:http://www.securityfocus.com/bid/901 UnixWare pis and mkpis commands allow local users to gain privileges via a symlink attack. ====================================================== Name: CVE-2000-0030 Status: Entry Reference: BUGTRAQ:19991222 Solaris 2.7 dmispd local/remote problems Reference: XF:sol-dmispd-fill-disk Reference: BID:878 Reference: URL:http://www.securityfocus.com/bid/878 Solaris dmispd dmi_cmd allows local users to fill up restricted disk space by adding files to the /var/dmi/db database. ====================================================== Name: CVE-2000-0031 Status: Entry Reference: L0PHT:19991227 initscripts-4.48-1 RedHat Linux 6.1 Reference: REDHAT:RHSA-1999:052-04 The initscripts package in Red Hat Linux allows local users to gain privileges via a symlink attack. ====================================================== Name: CVE-2000-0032 Status: Entry Reference: BUGTRAQ:19991222 Solaris 2.7 dmispd local/remote problems Reference: XF:sol-dmispd-dos Reference: BID:878 Reference: URL:http://www.securityfocus.com/bid/878 Reference: OSVDB:7582 Reference: URL:http://www.osvdb.org/7582 Solaris dmi_cmd allows local users to crash the dmispd daemon by adding a malformed file to the /var/dmi/db database. ====================================================== Name: CVE-2000-0033 Status: Entry Reference: BUGTRAQ:19991227 Trend Micro InterScan VirusWall SMTP bug Reference: BID:899 Reference: URL:http://www.securityfocus.com/bid/899 Reference: XF:interscan-viruswall-bypass InterScan VirusWall SMTP scanner does not properly scan messages with malformed attachments. ====================================================== Name: CVE-2000-0034 Status: Entry Reference: BUGTRAQ:19991222 More Netscape Passwords Available. Reference: XF:netscape-password-preferences Netscape 4.7 records user passwords in the preferences.js file during an IMAP or POP session, even if the user has not enabled "remember passwords." ====================================================== Name: CVE-2000-0036 Status: Entry Reference: MS:MS99-060 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-060.asp Reference: MSKB:Q249082 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q249082 Outlook Express 5 for Macintosh downloads attachments to HTML mail without prompting the user, aka the "HTML Mail Attachment" vulnerability. ====================================================== Name: CVE-2000-0037 Status: Entry Reference: BUGTRAQ:19991228 majordomo local exploit Reference: BUGTRAQ:20000113 Info on some security holes reported against SCO Unixware. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94780294009285&w=2 Reference: BUGTRAQ:20000124 majordomo 1.94.5 does not fix all vulnerabilities Reference: REDHAT:RHSA-2000:005 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-005.html Reference: BID:903 Reference: URL:http://www.securityfocus.com/bid/903 Majordomo wrapper allows local users to gain privileges by specifying an alternate configuration file. ====================================================== Name: CVE-2000-0039 Status: Entry Reference: BUGTRAQ:19991229 AltaVista Reference: BUGTRAQ:19991230 Follow UP AltaVista Reference: BUGTRAQ:19991229 AltaVista followup and monitor script Reference: BUGTRAQ:20000103 FW: Patch issued for AltaVista Search Engine Directory TraversalVulnerability Reference: BUGTRAQ:20000109 Altavista followup Reference: BID:896 Reference: URL:http://www.securityfocus.com/bid/896 Reference: OSVDB:15 Reference: URL:http://www.osvdb.org/15 AltaVista search engine allows remote attackers to read files above the document root via a .. (dot dot) in the query.cgi CGI program. ====================================================== Name: CVE-2000-0040 Status: Entry Reference: BUGTRAQ:19991223 Multiple vulnerabilites in glFtpD (current versions) glFtpD allows local users to gain privileges via metacharacters in the SITE ZIPCHK command. ====================================================== Name: CVE-2000-0041 Status: Entry Reference: BUGTRAQ:19991229 The "Mac DoS Attack," a Scheme for Blocking Internet Connections Reference: BID:890 Reference: URL:http://www.securityfocus.com/bid/890 Macintosh systems generate large ICMP datagrams in response to malformed datagrams, allowing them to be used as amplifiers in a flood attack. ====================================================== Name: CVE-2000-0042 Status: Entry Reference: BUGTRAQ:19991229 Local / Remote D.o.S Attack in CSM Mail Server for Windows 95/NT v.2000.08.A Reference: XF:csm-server-bo Reference: BID:895 Reference: URL:http://www.securityfocus.com/bid/895 Buffer overflow in CSM mail server allows remote attackers to cause a denial of service or execute commands via a long HELO command. ====================================================== Name: CVE-2000-0043 Status: Entry Reference: BUGTRAQ:19991230 Local / Remote GET Buffer Overflow Vulnerability in CamShot WebCam HTTP Server v2.5 for Win9x/NT Reference: BID:905 Reference: URL:http://www.securityfocus.com/bid/905 Reference: XF:camshot-http-get-overflow Buffer overflow in CamShot WebCam HTTP server allows remote attackers to execute commands via a long GET request. ====================================================== Name: CVE-2000-0044 Status: Entry Reference: BUGTRAQ:20000105 SECURITY ALERT - WAR FTP DAEMON ALL VERSIONS Reference: BID:919 Reference: URL:http://www.securityfocus.com/bid/919 Reference: XF:warftp-macro-access-files Macros in War FTP 1.70 and 1.67b2 allow local or remote attackers to read arbitrary files or execute commands. ====================================================== Name: CVE-2000-0045 Status: Entry Reference: BUGTRAQ:20000111 Serious bug in MySQL password handling. Reference: BUGTRAQ:20000113 New MySQL Available Reference: XF:mysql-pwd-grant Reference: BID:926 Reference: URL:http://www.securityfocus.com/bid/926 MySQL allows local users to modify passwords for arbitrary MySQL users via the GRANT privilege. ====================================================== Name: CVE-2000-0048 Status: Entry Reference: BUGTRAQ:20000112 Serious Bug in Corel Linux.(Local root exploit) Reference: BID:928 Reference: URL:http://www.securityfocus.com/bid/928 Reference: CONFIRM:http://linux.corel.com/support/clos_patch1.htm Reference: XF:linux-corel-update get_it program in Corel Linux Update allows local users to gain root access by specifying an alternate PATH for the cp program. ====================================================== Name: CVE-2000-0050 Status: Entry Reference: ALLAIRE:ASB00-01 Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=13976&Method=Full Reference: XF:allaire-webtop-access Reference: BID:915 Reference: URL:http://www.securityfocus.com/bid/915 The Allaire Spectra Webtop allows authenticated users to access other Webtop sections by specifying explicit URLs. ====================================================== Name: CVE-2000-0051 Status: Entry Reference: ALLAIRE:ASB00-02 Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=13977&Method=Full Reference: BID:916 Reference: URL:http://www.securityfocus.com/bid/916 Reference: XF:allaire-spectra-config-dos The Allaire Spectra Configuration Wizard allows remote attackers to cause a denial of service by repeatedly resubmitting data collections for indexing via a URL. ====================================================== Name: CVE-2000-0052 Status: Entry Reference: L0PHT:20000104 PamSlam Reference: URL:http://www.l0pht.com/advisories/pam_advisory Reference: REDHAT:RHSA-2000:001 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-001.html Reference: XF:linux-pam-userhelper Reference: URL:http://xforce.iss.net/search.php3?type=2&pattern=linux-pam-userhelper Reference: BID:913 Reference: URL:http://www.securityfocus.com/bid/913 Red Hat userhelper program in the usermode package allows local users to gain root access via PAM and a .. (dot dot) attack. ====================================================== Name: CVE-2000-0053 Status: Entry Reference: MS:MS00-001 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-001.asp Reference: MSKB:Q246731 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q246731 Reference: BID:912 Reference: URL:http://www.securityfocus.com/bid/912 Reference: XF:mcis-malformed-imap Microsoft Commercial Internet System (MCIS) IMAP server allows remote attackers to cause a denial of service via a malformed IMAP request. ====================================================== Name: CVE-2000-0056 Status: Entry Reference: BUGTRAQ:20000105 Local / Remote D.o.S Attack in IMail IMONITOR Server for WinNT Version 5.08 Reference: BID:914 Reference: URL:http://www.securityfocus.com/bid/914 Reference: XF:imail-imonitor-status-dos IMail IMONITOR status.cgi CGI script allows remote attackers to cause a denial of service with many calls to status.cgi. ====================================================== Name: CVE-2000-0057 Status: Entry Reference: ALLAIRE:ASB00-03 Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=13978&Method=Full Reference: XF:coldfusion-cfcache Reference: BID:917 Reference: URL:http://www.securityfocus.com/bid/917 Cold Fusion CFCACHE tag places temporary cache files within the web document root, allowing remote attackers to obtain sensitive system information. ====================================================== Name: CVE-2000-0060 Status: Entry Reference: NTBUGTRAQ:19991227 Local / Remote Remote DoS Attack in Rover POP3 Server V1.1 NT From aVirt Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=94647711311057&w=2 Reference: BUGTRAQ:19991227 Local / Remote Remote DoS Attack in Rover POP3 Server V1.1 NT From aVirt Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94633851427858&w=2 Reference: BID:894 Reference: URL:http://www.securityfocus.com/bid/894 Reference: XF:avirt-rover-pop3-dos(3765) Reference: URL:http://www.iss.net/security_center/static/3765.php Buffer overflow in aVirt Rover POP3 server 1.1 allows remote attackers to cause a denial of service via a long user name. ====================================================== Name: CVE-2000-0062 Status: Entry Reference: BUGTRAQ:20000104 [petrilli@digicool.com: [Zope] SECURITY ALERT] Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000104222219.B41650@schvin.net Reference: BID:922 Reference: URL:http://www.securityfocus.com/bid/922 Reference: XF:zope-dtml The DTML implementation in the Z Object Publishing Environment (Zope) allows remote attackers to conduct unauthorized activities. ====================================================== Name: CVE-2000-0063 Status: Entry Reference: BUGTRAQ:20000118 Nortel Contivity Vulnerability Reference: XF:http-cgi-cgiproc-file-read Reference: BID:938 Reference: URL:http://www.securityfocus.com/bid/938 cgiproc CGI script in Nortel Contivity HTTP server allows remote attackers to read arbitrary files by specifying the filename in a parameter to the script. ====================================================== Name: CVE-2000-0064 Status: Entry Reference: BUGTRAQ:20000118 Nortel Contivity Vulnerability Reference: BID:938 Reference: URL:http://www.securityfocus.com/bid/938 Reference: XF:http-cgi-cgiproc-dos Reference: OSVDB:7583 Reference: URL:http://www.osvdb.org/7583 cgiproc CGI script in Nortel Contivity HTTP server allows remote attackers to cause a denial of service via a malformed URL that includes shell metacharacters. ====================================================== Name: CVE-2000-0065 Status: Entry Reference: NTBUGTRAQ:20000117 Remote Buffer Exploit - InetServ 3.0 Reference: XF:inetserv-get-bo Buffer overflow in InetServ 3.0 allows remote attackers to execute commands via a long GET request. ====================================================== Name: CVE-2000-0070 Status: Entry Reference: BINDVIEW:20000113 Local Promotion Vulnerability in Windows NT 4 Reference: URL:http://www.bindview.com/security/advisory/adv_NtImpersonate.html Reference: MS:MS00-003 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-003.asp Reference: MSKB:Q247869 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q247869 Reference: XF:nt-spoofed-lpc-port Reference: URL:http://xforce.iss.net/search.php3?type=2&pattern=nt-spoofed-lpc-port Reference: BID:934 Reference: URL:http://www.securityfocus.com/bid/934 NtImpersonateClientOfPort local procedure call in Windows NT 4.0 allows local users to gain privileges, aka "Spoofed LPC Port Request." ====================================================== Name: CVE-2000-0072 Status: Entry Reference: BUGTRAQ:20000118 Warning: VCasel security hole. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94823061421676&w=2 Reference: BID:937 Reference: URL:http://www.securityfocus.com/bid/937 Reference: XF:vcasel-filename-trusting(3867) Reference: URL:http://www.iss.net/security_center/static/3867.php Visual Casel (Vcasel) does not properly prevent users from executing files, which allows local users to use a relative pathname to specify an alternate file which has an approved name and possibly gain privileges. ====================================================== Name: CVE-2000-0073 Status: Entry Reference: MS:MS00-005 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-005.asp Reference: MSKB:Q249973 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q249973 Reference: XF:win-malformed-rtf-control-word Reference: URL:http://xforce.iss.net/search.php3?type=2&pattern=win-malformed-rtf-control-word Buffer overflow in Microsoft Rich Text Format (RTF) reader allows attackers to cause a denial of service via a malformed control word. ====================================================== Name: CVE-2000-0075 Status: Entry Reference: NTBUGTRAQ:20000113 Local / Remote D.o.S Attack in Super Mail Transfer Package (SMTP) Server for WinNT Version 1.9x Reference: BUGTRAQ:20000113 Local / Remote D.o.S Attack in Super Mail Transfer Package (SMTP) Server for WinNT Version 1.9x Reference: BID:930 Reference: URL:http://www.securityfocus.com/bid/930 Reference: XF:supermail-memleak-dos Super Mail Transfer Package (SMTP), later called MsgCore, has a memory leak which allows remote attackers to cause a denial of service by repeating multiple HELO, MAIL FROM, RCPT TO, and DATA commands in the same session. ====================================================== Name: CVE-2000-0076 Status: Entry Reference: BUGTRAQ:19991230 vibackup.sh Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94709988232618&w=2 Reference: DEBIAN:20000108 Reference: XF:nvi-delete-files Reference: BID:1439 Reference: URL:http://www.securityfocus.com/bid/1439 nviboot boot script in the Debian nvi package allows local users to delete files via malformed entries in vi.recover. ====================================================== Name: CVE-2000-0080 Status: Entry Reference: BUGTRAQ:20000110 2nd attempt: AIX techlibss follows links Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94757136413681&w=2 Reference: BID:931 Reference: URL:http://www.securityfocus.com/bid/931 Reference: XF:aix-techlibss-symbolic-link AIX techlibss allows local users to overwrite files via a symlink attack. ====================================================== Name: CVE-2000-0083 Status: Entry Reference: HP:HPSBUX0001-109 Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2031 Reference: XF:hp-audio-security-perms HP asecure creates the Audio Security File audio.sec with insecure permissions, which allows local users to cause a denial of service or gain additional privileges. ====================================================== Name: CVE-2000-0087 Status: Entry Reference: BUGTRAQ:20000113 Misleading sense of security in Netscape Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94790377622943&w=2 Reference: XF:netscape-mail-notify-plaintext(4385) Reference: URL:http://www.iss.net/security_center/static/4385.php Netscape Mail Notification (nsnotify) utility in Netscape Communicator uses IMAP without SSL, even if the user has set a preference for Communicator to use an SSL connection, allowing a remote attacker to sniff usernames and passwords in plaintext. ====================================================== Name: CVE-2000-0088 Status: Entry Reference: MS:MS00-002 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-002.mspx Reference: XF:office-malformed-convert Reference: BID:946 Reference: URL:http://www.securityfocus.com/bid/946 Buffer overflow in the conversion utilities for Japanese, Korean and Chinese Word 5 documents allows an attacker to execute commands, aka the "Malformed Conversion Data" vulnerability. ====================================================== Name: CVE-2000-0089 Status: Entry Reference: NTBUGTRAQ:20000121 RDISK registry enumeration file vulnerability in Windows NT 4.0 Terminal Server Edition Reference: BUGTRAQ:20000122 RDISK registry enumeration file vulnerability in Windows NT 4.0 Terminal Server Edition Reference: MS:MS00-004 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-004.mspx Reference: MSKB:Q249108 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q249108 Reference: BID:947 Reference: URL:http://www.securityfocus.com/bid/947 Reference: XF:nt-rdisk-enum-file The rdisk utility in Microsoft Terminal Server Edition and Windows NT 4.0 stores registry hive information in a temporary file with permissions that allow local users to read it, aka the "RDISK Registry Enumeration File" vulnerability. ====================================================== Name: CVE-2000-0090 Status: Entry Reference: BUGTRAQ:20000124 VMware 1.1.2 Symlink Vulnerability Reference: XF:linux-vmware-symlink Reference: BID:943 Reference: URL:http://www.securityfocus.com/bid/943 Reference: OSVDB:1205 Reference: URL:http://www.osvdb.org/1205 VMWare 1.1.2 allows local users to cause a denial of service via a symlink attack. ====================================================== Name: CVE-2000-0091 Status: Entry Reference: BUGTRAQ:20000122 remote root qmail-pop with vpopmail advisory and exploit with patch Reference: BUGTRAQ:20000123 Re: vpopmail/vchkpw remote root exploit Reference: BID:942 Reference: URL:http://www.securityfocus.com/bid/942 Reference: MISC:http://www.inter7.com/vpopmail/ChangeLog Reference: MISC:http://www.inter7.com/vpopmail/ Buffer overflow in vchkpw/vpopmail POP authentication package allows remote attackers to gain root privileges via a long username or password. ====================================================== Name: CVE-2000-0092 Status: Entry Reference: FREEBSD:FreeBSD-SA-00:01 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:01.make.asc Reference: BID:939 Reference: URL:http://www.securityfocus.com/bid/939 Reference: XF:gnu-makefile-tmp-root The BSD make program allows local users to modify files via a symlink attack when the -j option is being used. ====================================================== Name: CVE-2000-0094 Status: Entry Reference: BUGTRAQ:20000121 *BSD procfs vulnerability Reference: FREEBSD:FreeBSD-SA-00:02 Reference: NETBSD:NetBSD-SA2000-001 Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2000-001.txt.asc Reference: OPENBSD:20000120 [2.6] 018: SECURITY FIX: Jan 20, 2000 Reference: BID:940 Reference: URL:http://www.securityfocus.com/bid/940 Reference: OSVDB:20760 Reference: URL:http://www.osvdb.org/20760 Reference: XF:netbsd-procfs(3995) Reference: URL:http://xforce.iss.net/xforce/xfdb/3995 procfs in BSD systems allows local users to gain root privileges by modifying the /proc/pid/mem interface via a modified file descriptor for stderr. ====================================================== Name: CVE-2000-0095 Status: Entry Reference: HP:HPSBUX0001-110 Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2041 Reference: BID:944 Reference: URL:http://www.securityfocus.com/bid/944 The PMTU discovery procedure used by HP-UX 10.30 and 11.00 for determining the optimum MTU generates large amounts of traffic in response to small packets, allowing remote attackers to cause the system to be used as a packet amplifier. ====================================================== Name: CVE-2000-0097 Status: Entry Reference: NTBUGTRAQ:20000127 Alert: MS IIS 4 / IS 2 (Cerberus Security Advisory CISADV000126) Reference: MS:MS00-006 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-006.asp Reference: BID:950 Reference: URL:http://www.securityfocus.com/bid/950 Reference: XF:http-indexserver-dirtrans Reference: OSVDB:1210 Reference: URL:http://www.osvdb.org/1210 The WebHits ISAPI filter in Microsoft Index Server allows remote attackers to read arbitrary files, aka the "Malformed Hit-Highlighting Argument" vulnerability. ====================================================== Name: CVE-2000-0098 Status: Entry Reference: MS:MS00-006 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-006.asp Microsoft Index Server allows remote attackers to determine the real path for a web directory via a request to an Internet Data Query file that does not exist. ====================================================== Name: CVE-2000-0099 Status: Entry Reference: BUGTRAQ:20000119 Unixware ppptalk Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94848865112897&w=2 Buffer overflow in UnixWare ppptalk command allows local users to gain privileges via a long prompt argument. ====================================================== Name: CVE-2000-0100 Status: Entry Reference: NTBUGTRAQ:20000115 Security Vulnerability with SMS 2.0 Remote Control Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/current/0045.html Reference: MS:MS00-012 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-012.asp The SMS Remote Control program is installed with insecure permissions, which allows local users to gain privileges by modifying or replacing the program. ====================================================== Name: CVE-2000-0107 Status: Entry Reference: DEBIAN:20000201 Reference: URL:http://www.debian.org/security/2000/20000201 Reference: BID:958 Reference: URL:http://www.securityfocus.com/bid/958 Linux apcd program allows local attackers to modify arbitrary files via a symlink attack. ====================================================== Name: CVE-2000-0111 Status: Entry Reference: BUGTRAQ:20000129 [LoWNOISE] Rightfax web client 5.2 Reference: BID:953 Reference: URL:http://www.securityfocus.com/bid/953 Reference: XF:avt-rightfax-predict-session The RightFax web client uses predictable session numbers, which allows remote attackers to hijack user sessions. ====================================================== Name: CVE-2000-0112 Status: Entry Reference: BUGTRAQ:20000202 vulnerability in Linux Debian default boot configuration Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94973075614088&w=2 Reference: BID:960 Reference: URL:http://www.securityfocus.com/bid/960 Reference: XF:debian-mbr-bypass-security The default installation of Debian GNU/Linux uses an insecure Master Boot Record (MBR) which allows a local user to boot from a floppy disk during the installation. ====================================================== Name: CVE-2000-0113 Status: Entry Reference: BUGTRAQ:20000128 SyGate 3.11 Port 7323 / Remote Admin hole Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94934808714972&w=2 Reference: BUGTRAQ:20000202 SV: SyGate 3.11 Port 7323 / Remote Admin hole Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94952641025328&w=2 Reference: BUGTRAQ:20000203 UPDATE: Sygate 3.11 Port 7323 Telnet Hole Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94973281714994&w=2 Reference: CONFIRM:http://www.sybergen.com/support/fix.htm Reference: BID:952 Reference: URL:http://www.securityfocus.com/bid/952 The SyGate Remote Management program does not properly restrict access to its administration service, which allows remote attackers to cause a denial of service, or access network traffic statistics. ====================================================== Name: CVE-2000-0116 Status: Entry Reference: NTBUGTRAQ:20000129 "Strip Script Tags" in FW-1 can be circumvented Reference: BUGTRAQ:20000129 "Strip Script Tags" in FW-1 can be circumvented Reference: BID:954 Reference: URL:http://www.securityfocus.com/bid/954 Reference: XF:http-script-bypass Reference: OSVDB:1212 Reference: URL:http://www.osvdb.org/1212 Firewall-1 does not properly filter script tags, which allows remote attackers to bypass the "Strip Script Tags" restriction by including an extra < in front of the SCRIPT tag. ====================================================== Name: CVE-2000-0117 Status: Entry Reference: BUGTRAQ:20000127 Cobalt RaQ2 - a user of mine changed my admin password.. Reference: BUGTRAQ:20000131 [ Cobalt ] Security Advisory -- 01.31.2000 Reference: XF:http-cgi-cobalt-passwords Reference: BID:951 Reference: URL:http://www.securityfocus.com/bid/951 The siteUserMod.cgi program in Cobalt RaQ2 servers allows any Site Administrator to modify passwords for other users, site administrators, and possibly admin (root). ====================================================== Name: CVE-2000-0120 Status: Entry Reference: ALLAIRE:ASB00-04 Reference: BID:955 Reference: URL:http://www.securityfocus.com/bid/955 Reference: XF:allaire-spectra-ras-access(4025) Reference: URL:http://xforce.iss.net/static/4025.php The Remote Access Service invoke.cfm template in Allaire Spectra 1.0 allows users to bypass authentication via the bAuthenticated parameter. ====================================================== Name: CVE-2000-0121 Status: Entry Reference: NTBUGTRAQ:20000201 "Recycle Bin Creation" Vulnerability in Windows NT / Windows 2000 Reference: MS:MS00-007 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-007.mspx Reference: MSKB:Q248399 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q248399 Reference: BID:963 Reference: URL:http://www.securityfocus.com/bid/963 The Recycle Bin utility in Windows NT and Windows 2000 allows local users to read or modify files by creating a subdirectory with the victim's SID in the recycler directory, aka the "Recycle Bin Creation" vulnerability. ====================================================== Name: CVE-2000-0127 Status: Entry Reference: BUGTRAQ:20000203 Webspeed security issue Reference: CONFIRM:http://www.progress.com/services/support/cgi-bin/techweb-kbase.cgi/webkb.html?kbid=19412&keywords=security%20Webspeed Reference: BID:969 Reference: URL:http://www.securityfocus.com/bid/969 Reference: XF:webspeed-adminutil-auth The Webspeed configuration program does not properly disable access to the WSMadmin utility, which allows remote attackers to gain privileges via wsisa.dll. ====================================================== Name: CVE-2000-0128 Status: Entry Reference: BUGTRAQ:20000204 "The Finger Server" Reference: CONFIRM:http://www.glazed.org/finger/changelog.txt Reference: XF:finger-server-input Reference: OSVDB:7610 Reference: URL:http://www.osvdb.org/7610 The Finger Server 0.82 allows remote attackers to execute commands via shell metacharacters. ====================================================== Name: CVE-2000-0130 Status: Entry Reference: BUGTRAQ:20000127 New SCO patches... Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94908470928258&w=2 Reference: SCO:SB-00.02a Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-00.02a Reference: XF:sco-help-bo Buffer overflow in SCO scohelp program allows remote attackers to execute commands. ====================================================== Name: CVE-2000-0131 Status: Entry Reference: BUGTRAQ:20000201 war-ftpd 1.6x DoS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94960703721503&w=2 Reference: BID:966 Reference: URL:http://www.securityfocus.com/bid/966 Reference: OSVDB:4677 Reference: URL:http://www.osvdb.org/4677 Buffer overflow in War FTPd 1.6x allows users to cause a denial of service via long MKD and CWD commands. ====================================================== Name: CVE-2000-0139 Status: Entry Reference: BUGTRAQ:20000210 remote DoS on Internet Anywhere Mail Server Ver.3.1.3 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95021326417936&w=2 Reference: BID:982 Reference: URL:http://www.securityfocus.com/bid/982 Internet Anywhere POP3 Mail Server allows local users to cause a denial of service via a malformed RETR command. ====================================================== Name: CVE-2000-0140 Status: Entry Reference: BUGTRAQ:20000210 remote DoS on Internet Anywhere Mail Server Ver.3.1.3 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95021326417936&w=2 Reference: NTBUGTRAQ:20000210 remote DoS on Internet Anywhere Mail Server Ver.3.1.3 Reference: BID:980 Reference: URL:http://www.securityfocus.com/bid/980 Internet Anywhere POP3 Mail Server allows remote attackers to cause a denial of service via a large number of connections. ====================================================== Name: CVE-2000-0141 Status: Entry Reference: BUGTRAQ:20000211 perl-cgi hole in UltimateBB by Infopop Corp. Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-8&msg=20000211224935.A13236@infomag.ape.relarn.ru Reference: BUGTRAQ:20000225 FW: Important UBB News For Licensed Users Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-22&msg=NDBBLKOPOLNKELHPDEFKIEPGCAAA.renzo.toma@veronica.nl Reference: BID:991 Reference: URL:http://www.securityfocus.com/bid/991 Reference: MISC:http://www.ultimatebb.com/home/versions.shtml Reference: XF:http-cgi-ultimatebb Infopop Ultimate Bulletin Board (UBB) allows remote attackers to execute commands via shell metacharacters in the topic hidden field. ====================================================== Name: CVE-2000-0144 Status: Entry Reference: BUGTRAQ:20000207 Infosec.20000207.axis700.a Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0034.html Reference: BID:971 Reference: URL:http://www.securityfocus.com/bid/971 Axis 700 Network Scanner does not properly restrict access to administrator URLs, which allows users to bypass the password protection via a .. (dot dot) attack. ====================================================== Name: CVE-2000-0145 Status: Entry Reference: BUGTRAQ:20000205 Debian (frozen): Perms on /usr/lib/libguile.so.6.0.0 The libguile.so library file used by gnucash in Debian GNU/Linux is installed with world-writable permissions. ====================================================== Name: CVE-2000-0146 Status: Entry Reference: BUGTRAQ:20000207 Novell GroupWise 5.5 Enhancement Pack Web Access Denial of Servic e Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0049.html Reference: BID:972 Reference: URL:http://www.securityfocus.com/bid/972 Reference: XF:novell-groupwise-url-dos The Java Server in the Novell GroupWise Web Access Enhancement Pack allows remote attackers to cause a denial of service via a long URL to the servlet. ====================================================== Name: CVE-2000-0148 Status: Entry Reference: BUGTRAQ:20000208 Remote access vulnerability in all MySQL server versions Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0053.html Reference: BUGTRAQ:20000214 MySQL 3.22.32 released Reference: BID:975 Reference: URL:http://www.securityfocus.com/bid/975 MySQL 3.22 allows remote attackers to bypass password authentication and access a database via a short check string. ====================================================== Name: CVE-2000-0149 Status: Entry Reference: BUGTRAQ:20000209 [SAFER 000209.EXP.1.2] Zeus Web Server - obtaining source of CGI scripts Reference: BUGTRAQ:20000208 Zeus Web Server: Null Terminated Strings Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0057.html Reference: BID:977 Reference: URL:http://www.securityfocus.com/bid/977 Reference: OSVDB:254 Reference: URL:http://www.osvdb.org/254 Reference: XF:zeus-server-null-string(3982) Reference: URL:http://xforce.iss.net/xforce/xfdb/3982 Zeus web server allows remote attackers to view the source code for CGI programs via a null character (%00) at the end of a URL. ====================================================== Name: CVE-2000-0150 Status: Entry Reference: BUGTRAQ:20000209 FireWall-1 FTP Server Vulnerability Reference: BUGTRAQ:20000212 Re: FireWall-1 FTP Server Vulnerability Reference: BUGTRAQ:20000210 Multiple firewalls: FTP Application Level Gateway "PASV" Vulnerability Reference: CERT-VN:VU#328867 Reference: URL:http://www.kb.cert.org/vuls/id/328867 Reference: BID:979 Reference: URL:http://www.securityfocus.com/bid/979 Reference: OSVDB:4417 Reference: URL:http://www.osvdb.org/4417 Check Point Firewall-1 allows remote attackers to bypass port access restrictions on an FTP server by forcing it to send malicious packets that Firewall-1 misinterprets as a valid 227 response to a client's PASV attempt. ====================================================== Name: CVE-2000-0152 Status: Entry Reference: BUGTRAQ:20000209 Novell BorderManager 3.5 Remote Slow Death Reference: BUGTRAQ:20000211 BorderManager csatpxy.nlm fix avalable. Reference: BID:976 Reference: URL:http://www.securityfocus.com/bid/976 Reference: OSVDB:7468 Reference: URL:http://www.osvdb.org/7468 Remote attackers can cause a denial of service in Novell BorderManager 3.5 by pressing the enter key in a telnet connection to port 2000. ====================================================== Name: CVE-2000-0156 Status: Entry Reference: MS:MS00-009 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-009.mspx Reference: OSVDB:7827 Reference: URL:http://www.osvdb.org/7827 Reference: XF:ie-image-source-redirect(3996) Reference: URL:http://xforce.iss.net/xforce/xfdb/3996 Internet Explorer 4.x and 5.x allows remote web servers to access files on the client that are outside of its security domain, aka the "Image Source Redirect" vulnerability. ====================================================== Name: CVE-2000-0157 Status: Entry Reference: NETBSD:1999-012 Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA1999-012.txt.asc Reference: BID:992 Reference: URL:http://www.securityfocus.com/bid/992 Reference: XF:netbsd-ptrace NetBSD ptrace call on VAX allows local users to gain privileges by modifying the PSL contents in the debugging process. ====================================================== Name: CVE-2000-0159 Status: Entry Reference: HP:HPSBUX0002-111 Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-15&msg=20000217160216.13708.qmail@underground.org HP Ignite-UX does not save /etc/passwd when it creates an image of a trusted system, which can set the password field to a blank and allow an attacker to gain privileges. ====================================================== Name: CVE-2000-0161 Status: Entry Reference: MS:MS00-010 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-010.asp Reference: BID:994 Reference: URL:http://www.securityfocus.com/bid/994 Sample web sites on Microsoft Site Server 3.0 Commerce Edition do not validate an identification number, which allows remote attackers to execute SQL commands. ====================================================== Name: CVE-2000-0162 Status: Entry Reference: MS:MS00-011 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-011.asp The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x allows a remote attacker to read files via a malicious Java applet that escapes the Java sandbox, aka the "VM File Reading" vulnerability. ====================================================== Name: CVE-2000-0164 Status: Entry Reference: BUGTRAQ:20000220 Sun Internet Mail Server Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-15&msg=Pine.SOL.4.21.0002200031320.22675-100000@klayman.hq.formus.pl Reference: SUNBUG:4316521 Reference: BID:1004 Reference: URL:http://www.securityfocus.com/bid/1004 Reference: XF:sims-temp-world-readable The installation of Sun Internet Mail Server (SIMS) creates a world-readable file that allows local users to obtain passwords. ====================================================== Name: CVE-2000-0165 Status: Entry Reference: BUGTRAQ:20000210 Re: application proxies? Reference: FREEBSD:FreeBSD-SA-00:04 Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-15&msg=Pine.BSF.4.21.0002192249290.10784-100000@freefall.freebsd.org Reference: CIAC:K-023 Reference: URL:http://www.ciac.org/ciac/bulletins/k-023.shtml Reference: XF:delegate-proxy-bo The Delegate application proxy has several buffer overflows which allow a remote attacker to execute commands. ====================================================== Name: CVE-2000-0166 Status: Entry Reference: BUGTRAQ:20000221 Local / Remote Exploiteable Buffer Overflow Vulnerability in InterAccess TelnetD Server 4.0 for Windows NT Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NCBBKFKDOLAGKIAPMILPGEJHCCAA.labs@ussrback.com Reference: BUGTRAQ:20000223 Pragma Systems response to USSRLabs report Reference: BID:995 Reference: URL:http://www.securityfocus.com/bid/995 Reference: XF:interaccess-telnet-login-bo Buffer overflow in the InterAccess telnet server TelnetD allows remote attackers to execute commands via a long login name. ====================================================== Name: CVE-2000-0168 Status: Entry Reference: BUGTRAQ:20000306 con\con is a old thing (anyway is cool) Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NCBBKFKDOLAGKIAPMILPCENECCAA.labs@ussrback.com Reference: MS:MS00-017 Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2126 Reference: BID:1043 Reference: URL:http://www.securityfocus.com/bid/1043 Reference: XF:win-dos-devicename-dos Microsoft Windows 9x operating systems allow an attacker to cause a denial of service via a pathname that includes file device names, aka the "DOS Device in Path Name" vulnerability. ====================================================== Name: CVE-2000-0169 Status: Entry Reference: NTBUGTRAQ:20000314 Oracle Web Listener 4.0.x Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q1/0211.html Reference: BID:1053 Reference: URL:http://www.securityfocus.com/bid/1053 Reference: XF:oracle-weblistener-remote-attack Batch files in the Oracle web listener ows-bin directory allow remote attackers to execute commands via a malformed URL that includes '?&'. ====================================================== Name: CVE-2000-0170 Status: Entry Reference: BUGTRAQ:20000226 man bugs might lead to root compromise (RH 6.1 and other boxes) Reference: BID:1011 Reference: URL:http://www.securityfocus.com/bid/1011 Buffer overflow in the man program in Linux allows local users to gain privileges via the MANPAGER environmental variable. ====================================================== Name: CVE-2000-0171 Status: Entry Reference: BUGTRAQ:20000311 TESO advisory -- atsadc Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0102.html Reference: XF:atsar-root-access Reference: BID:1048 Reference: URL:http://www.securityfocus.com/bid/1048 atsadc in the atsar package for Linux does not properly check the permissions of an output file, which allows local users to gain root privileges. ====================================================== Name: CVE-2000-0172 Status: Entry Reference: BUGTRAQ:20000303 Potential security problem with mtr Reference: DEBIAN:20000309 mtr Reference: FREEBSD:FreeBSD-SA-00:09 Reference: BUGTRAQ:20000308 [TL-Security-Announce] mtr-0.41 and earlier TLSA2000003-1 (fwd) Reference: BID:1038 Reference: URL:http://www.securityfocus.com/bid/1038 The mtr program only uses a seteuid call when attempting to drop privileges, which could allow local users to gain root privileges. ====================================================== Name: CVE-2000-0174 Status: Entry Reference: BUGTRAQ:20000308 [SAFER 000309.EXP.1.4] StarScheduler (StarOffice) vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0063.html Reference: BID:1040 Reference: URL:http://www.securityfocus.com/bid/1040 Reference: XF:staroffice-scheduler-fileread StarOffice StarScheduler web server allows remote attackers to read arbitrary files via a .. (dot dot) attack. ====================================================== Name: CVE-2000-0175 Status: Entry Reference: BUGTRAQ:20000308 [SAFER 000309.EXP.1.4] StarScheduler (StarOffice) vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0063.html Reference: XF:staroffice-scheduler-bo Reference: BID:1039 Reference: URL:http://www.securityfocus.com/bid/1039 Buffer overflow in StarOffice StarScheduler web server allows remote attackers to gain root access via a long GET command. ====================================================== Name: CVE-2000-0178 Status: Entry Reference: BUGTRAQ:20000227 Advisory: Foundry Networks ServerIron TCP/IP sequence predictability Reference: MISC:http://www.foundrynet.com/bugTraq.html Reference: BID:1017 Reference: URL:http://www.securityfocus.com/bid/1017 ServerIron switches by Foundry Networks have predictable TCP/IP sequence numbers, which allows remote attackers to spoof or hijack sessions. ====================================================== Name: CVE-2000-0179 Status: Entry Reference: BUGTRAQ:20000228 HP Omniback remote DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0387.html Reference: HP:HPSBUX0006-115 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0006-115 Reference: BID:1015 Reference: URL:http://www.securityfocus.com/bid/1015 Reference: XF:omniback-connection-dos HP OpenView OmniBack 2.55 allows remote attackers to cause a denial of service via a large number of connections to port 5555. ====================================================== Name: CVE-2000-0180 Status: Entry Reference: NTBUGTRAQ:20000313 SOJOURN Search engine exposes files Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q1/0201.html Reference: BID:1052 Reference: URL:http://www.securityfocus.com/bid/1052 Reference: XF:sojourn-file-read(4197) Reference: URL:http://xforce.iss.net/static/4197.php Sojourn search engine allows remote attackers to read arbitrary files via a .. (dot dot) attack. ====================================================== Name: CVE-2000-0181 Status: Entry Reference: BUGTRAQ:20000311 Our old friend Firewall-1 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0119.html Reference: BID:1054 Reference: URL:http://www.securityfocus.com/bid/1054 Reference: OSVDB:1256 Reference: URL:http://www.osvdb.org/1256 Firewall-1 3.0 and 4.0 leaks packets with private IP address information, which could allow remote attackers to determine the real IP address of the host that is making the connection. ====================================================== Name: CVE-2000-0182 Status: Entry Reference: BUGTRAQ:20000223 DoS for the iPlanet Web Server, Enterprise Edition 4.1 iPlanet Web Server 4.1 allows remote attackers to cause a denial of service via a large number of GET commands, which consumes memory and causes a kernel panic. ====================================================== Name: CVE-2000-0183 Status: Entry Reference: BUGTRAQ:20000310 Fwd: ircii-4.4 buffer overflow Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0093.html Reference: FREEBSD:FreeBSD-SA-00:11 Reference: REDHAT:RHSA-2000:008 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-008.html Reference: BID:1046 Reference: URL:http://www.securityfocus.com/bid/1046 Buffer overflow in ircII 4.4 IRC client allows remote attackers to execute commands via the DCC chat capability. ====================================================== Name: CVE-2000-0184 Status: Entry Reference: BUGTRAQ:20000309 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0082.html Reference: BID:1037 Reference: URL:http://www.securityfocus.com/bid/1037 Linux printtool sets the permissions of printer configuration files to be world-readable, which allows local attackers to obtain printer share passwords. ====================================================== Name: CVE-2000-0185 Status: Entry Reference: BUGTRAQ:20000308 RealServer exposes internal IP addresses Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0069.html Reference: BID:1049 Reference: URL:http://www.securityfocus.com/bid/1049 RealMedia RealServer reveals the real IP address of a Real Server, even if the address is supposed to be private. ====================================================== Name: CVE-2000-0186 Status: Entry Reference: BUGTRAQ:20000228 [ Hackerslab bug_paper ] Linux dump buffer overflow Reference: TURBO:TLSA200007-1 Reference: REDHAT:RHSA-2000:100 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-100.html Reference: BID:1020 Reference: URL:http://www.securityfocus.com/bid/1020 Buffer overflow in the dump utility in the Linux ext2fs backup package allows local users to gain privileges via a long command line argument. ====================================================== Name: CVE-2000-0189 Status: Entry Reference: NTBUGTRAQ:20000301 ColdFusions application.cfm shows full path Reference: BUGTRAQ:20000305 ColdFusion Bug: Application.cfm shows full path Reference: BID:1021 Reference: URL:http://www.securityfocus.com/bid/1021 ColdFusion Server 4.x allows remote attackers to determine the real pathname of the server via an HTTP request to the application.cfm or onrequestend.cfm files. ====================================================== Name: CVE-2000-0191 Status: Entry Reference: BUGTRAQ:20000229 Infosec.20000229.axisstorpointcd.a Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=41256894.00492503.00@mailgw.backupcentralen.se Reference: XF:axis-storpoint-auth Reference: BID:1025 Reference: URL:http://www.securityfocus.com/bid/1025 Reference: OSVDB:19 Reference: URL:http://www.osvdb.org/19 Axis StorPoint CD allows remote attackers to access administrator URLs without authentication via a .. (dot dot) attack. ====================================================== Name: CVE-2000-0192 Status: Entry Reference: BUGTRAQ:20000304 OpenLinux 2.3: rpm_query Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0029.html Reference: BID:1036 Reference: URL:http://www.securityfocus.com/bid/1036 The default installation of Caldera OpenLinux 2.3 includes the CGI program rpm_query, which allows remote attackers to determine what packages are installed on the system. ====================================================== Name: CVE-2000-0193 Status: Entry Reference: BUGTRAQ:20000302 Corel Linux 1.0 dosemu default configuration: Local root vuln Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200003020436.PAA20168@jawa.chilli.net.au Reference: BID:1030 Reference: URL:http://www.securityfocus.com/bid/1030 Reference: XF:linux-dosemu-config The default configuration of Dosemu in Corel Linux 1.0 allows local users to execute the system.com program and gain privileges. ====================================================== Name: CVE-2000-0194 Status: Entry Reference: BUGTRAQ:20000224 Corel Linux 1.0 local root compromise Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0323.html Reference: BID:1007 Reference: URL:http://www.securityfocus.com/bid/1007 buildxconf in Corel Linux allows local users to modify or create arbitrary files via the -x or -f parameters. ====================================================== Name: CVE-2000-0195 Status: Entry Reference: BUGTRAQ:20000224 Corel Linux 1.0 local root compromise Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0323.html Reference: BID:1008 Reference: URL:http://www.securityfocus.com/bid/1008 Reference: XF:corel-linux-setxconf-root setxconf in Corel Linux allows local users to gain root access via the -T parameter, which executes the user's .xserverrc file. ====================================================== Name: CVE-2000-0196 Status: Entry Reference: DEBIAN:20000229 Reference: REDHAT:RHSA-2000:006 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-006.html Reference: BID:1018 Reference: URL:http://www.securityfocus.com/bid/1018 Buffer overflow in mhshow in the Linux nmh package allows remote attackers to execute commands via malformed MIME headers in an email message. ====================================================== Name: CVE-2000-0200 Status: Entry Reference: MS:MS00-015 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-015.mspx Reference: BID:1034 Reference: URL:http://www.securityfocus.com/bid/1034 Buffer overflow in Microsoft Clip Art Gallery allows remote attackers to cause a denial of service or execute commands via a malformed CIL (clip art library) file, aka the "Clip Art Buffer Overrun" vulnerability. ====================================================== Name: CVE-2000-0201 Status: Entry Reference: BUGTRAQ:20000301 IE 5.x allows executing arbitrary programs using .chm files Reference: BID:1033 Reference: URL:http://www.securityfocus.com/bid/1033 The window.showHelp() method in Internet Explorer 5.x does not restrict HTML help files (.chm) to be executed from the local host, which allows remote attackers to execute arbitrary commands via Microsoft Networking. ====================================================== Name: CVE-2000-0202 Status: Entry Reference: MS:MS00-014 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-014.mspx Reference: BID:1041 Reference: URL:http://www.securityfocus.com/bid/1041 Microsoft SQL Server 7.0 and Microsoft Data Engine (MSDE) 1.0 allow remote attackers to gain privileges via a malformed Select statement in an SQL query. ====================================================== Name: CVE-2000-0206 Status: Entry Reference: BUGTRAQ:20000305 Oracle installer problem Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0023.html Reference: BID:1035 Reference: URL:http://www.securityfocus.com/bid/1035 The installation of Oracle 8.1.5.x on Linux follows symlinks and creates the orainstRoot.sh file with world-writeable permissions, which allows local users to gain privileges. ====================================================== Name: CVE-2000-0207 Status: Entry Reference: BUGTRAQ:20000301 infosrch.cgi vulnerability (IRIX 6.5) Reference: SGI:20000501-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20000501-01-P Reference: XF:irix-infosrch-fname Reference: BID:1031 Reference: URL:http://www.securityfocus.com/bid/1031 SGI InfoSearch CGI program infosrch.cgi allows remote attackers to execute commands via shell metacharacters. ====================================================== Name: CVE-2000-0208 Status: Entry Reference: BUGTRAQ:20000228 ht://Dig remote information exposure Reference: FREEBSD:FreeBSD-SA-00:06 Reference: DEBIAN:20000227 Reference: TURBO:TLSA200005-1 Reference: BID:1026 Reference: URL:http://www.securityfocus.com/bid/1026 The htdig (ht://Dig) CGI program htsearch allows remote attackers to read arbitrary files by enclosing the file name with backticks (`) in parameters to htsearch. ====================================================== Name: CVE-2000-0209 Status: Entry Reference: BUGTRAQ:20000227 lynx - someone is deaf and blind ;) Reference: FREEBSD:FreeBSD-SA-00:08 Reference: BID:1012 Reference: URL:http://www.securityfocus.com/bid/1012 Buffer overflow in Lynx 2.x allows remote attackers to crash Lynx and possibly execute commands via a long URL in a malicious web page. ====================================================== Name: CVE-2000-0210 Status: Entry Reference: BUGTRAQ:20000221 flex license manager tempfile predictable name... Reference: BID:998 Reference: URL:http://www.securityfocus.com/bid/998 The lit program in Sun Flex License Manager (FlexLM) follows symlinks, which allows local users to modify arbitrary files. ====================================================== Name: CVE-2000-0211 Status: Entry Reference: MS:MS00-013 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-013.mspx Reference: XF:win-media-dos Reference: BID:1000 Reference: URL:http://www.securityfocus.com/bid/1000 The Windows Media server allows remote attackers to cause a denial of service via a series of client handshake packets that are sent in an improper sequence, aka the "Misordered Windows Media Services Handshake" vulnerability. ====================================================== Name: CVE-2000-0212 Status: Entry Reference: BUGTRAQ:20000224 Local / Remote D.o.S Attack in InterAccess TelnetD Server Release 4.0 *ALL BUILDS* for WinNT Vulnerability Reference: BID:1001 Reference: URL:http://www.securityfocus.com/bid/1001 Reference: XF:interaccess-telnet-dos(4033) Reference: URL:http://xforce.iss.net/xforce/xfdb/4033 InterAccess TelnetID Server 4.0 allows remote attackers to conduct a denial of service via malformed terminal client configuration information. ====================================================== Name: CVE-2000-0215 Status: Entry Reference: SCO:SB-00.05 Reference: BID:1019 Reference: URL:http://www.securityfocus.com/bid/1019 Vulnerability in SCO cu program in UnixWare 7.x allows local users to gain privileges. ====================================================== Name: CVE-2000-0217 Status: Entry Reference: BUGTRAQ:20000224 SSH & xauth Reference: BID:1006 Reference: URL:http://www.securityfocus.com/bid/1006 The default configuration of SSH allows X forwarding, which could allow a remote attacker to control a client's X sessions via a malicious xauth program. ====================================================== Name: CVE-2000-0218 Status: Entry Reference: SUSE:20000210 util < 2.10f Reference: CALDERA:CSSA-2000-002.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2000-002.0.txt Reference: OSVDB:6980 Reference: URL:http://www.osvdb.org/6980 Reference: OSVDB:7004 Reference: URL:http://www.osvdb.org/7004 Buffer overflow in Linux mount and umount allows local users to gain root privileges via a long relative pathname. ====================================================== Name: CVE-2000-0221 Status: Entry Reference: BUGTRAQ:20000225 Scorpion Marlin Reference: BID:1009 Reference: URL:http://www.securityfocus.com/bid/1009 The Nautica Marlin bridge allows remote attackers to cause a denial of service via a zero length UDP packet to the SNMP port. ====================================================== Name: CVE-2000-0222 Status: Entry Reference: BUGTRAQ:20000215 Windows 2000 installation process weakness Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000215155750.M4500@safe.hsc.fr Reference: BID:990 Reference: URL:http://www.securityfocus.com/bid/990 The installation for Windows 2000 does not activate the Administrator password until the system has rebooted, which allows remote attackers to connect to the ADMIN$ share without a password until the reboot occurs. ====================================================== Name: CVE-2000-0223 Status: Entry Reference: BUGTRAQ:20000311 TESO advisory -- wmcdplay Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0107.html Reference: BID:1047 Reference: URL:http://www.securityfocus.com/bid/1047 Buffer overflow in the wmcdplay CD player program for the WindowMaker desktop allows local users to gain root privileges via a long parameter. ====================================================== Name: CVE-2000-0224 Status: Entry Reference: NAI:20000215 ARCserve symlink vulnerability Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-15&msg=000101bf78af$94528870$4d2f45a1@jmagdych.na.nai.com Reference: SCO:SSE063 Reference: XF:sco-openserver-arc-symlink ARCserve agent in SCO UnixWare 7.x allows local attackers to gain root privileges via a symlink attack. ====================================================== Name: CVE-2000-0225 Status: Entry Reference: BUGTRAQ:20000303 Pocsag remote access to client can't be disabled. Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=003601bf854b$6893a090$0100a8c0@FIREWALKER Reference: BID:1032 Reference: URL:http://www.securityfocus.com/bid/1032 Reference: XF:telnet-pocsag Reference: OSVDB:259 Reference: URL:http://www.osvdb.org/259 The Pocsag POC32 program does not properly prevent remote users from accessing its server port, even if the option has been disabled. ====================================================== Name: CVE-2000-0226 Status: Entry Reference: MS:MS00-018 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-018.asp Reference: BID:1066 Reference: URL:http://www.securityfocus.com/bid/1066 Reference: XF:iis-chunked-encoding-dos IIS 4.0 allows attackers to cause a denial of service by requesting a large buffer in a POST or PUT command which consumes memory, aka the "Chunked Transfer Encoding Buffer Overflow Vulnerability." ====================================================== Name: CVE-2000-0228 Status: Entry Reference: MS:MS00-016 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-016.asp Reference: BID:1058 Reference: URL:http://www.securityfocus.com/bid/1058 Reference: XF:mwmt-malformed-media-license Microsoft Windows Media License Manager allows remote attackers to cause a denial of service by sending a malformed request that causes the manager to halt, aka the "Malformed Media License Request" Vulnerability. ====================================================== Name: CVE-2000-0229 Status: Entry Reference: BUGTRAQ:20000322 gpm-root Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0242.html Reference: SUSE:20000405 Security hole in gpm < 1.18.1 Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_45.html Reference: REDHAT:RHSA-2000:009 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-009.html Reference: REDHAT:RHSA-2000:045 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-045.html Reference: BID:1069 Reference: URL:http://www.securityfocus.com/bid/1069 Reference: XF:linux-gpm-root gpm-root in the gpm package does not properly drop privileges, which allows local users to gain privileges by starting a utility from gpm-root. ====================================================== Name: CVE-2000-0230 Status: Entry Reference: BUGTRAQ:20000316 TESO & C-Skills development advisory -- imwheel Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0168.html Reference: REDHAT:RHSA-2000:016 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-016.html Reference: XF:linux-imwheel-bo Reference: BID:1060 Reference: URL:http://www.securityfocus.com/bid/1060 Buffer overflow in imwheel allows local users to gain root privileges via the imwheel-solo script and a long HOME environmental variable. ====================================================== Name: CVE-2000-0231 Status: Entry Reference: BUGTRAQ:20000316 "TESO & C-Skills development advisory -- kreatecd" at: Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0162.html Reference: SUSE:20000405 Security hole in kreatecd < 0.3.8b Reference: XF:linux-kreatecd-path Reference: BID:1061 Reference: URL:http://www.securityfocus.com/bid/1061 Linux kreatecd trusts a user-supplied path that is used to find the cdrecord program, allowing local users to gain root privileges. ====================================================== Name: CVE-2000-0232 Status: Entry Reference: MS:MS00-021 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-021.asp Reference: BUGTRAQ:20000330 Remote DoS Attack in Windows 2000/NT 4.0 TCP/IP Print Request Server Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0306.html Reference: BID:1082 Reference: URL:http://www.securityfocus.com/bid/1082 Reference: XF:win-tcpip-printing-dos Microsoft TCP/IP Printing Services, aka Print Services for Unix, allows an attacker to cause a denial of service via a malformed TCP/IP print request. ====================================================== Name: CVE-2000-0233 Status: Entry Reference: SUSE:20000327 Security hole in SuSE Linux IMAP Server Reference: URL:http://archives.neohapsis.com/archives/vendor/2000-q1/0035.html Reference: XF:linux-imap-remote-unauthorized-access SuSE Linux IMAP server allows remote attackers to bypass IMAP authentication and gain privileges. ====================================================== Name: CVE-2000-0234 Status: Entry Reference: BUGTRAQ:20000330 Cobalt apache configuration exposes .htaccess Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000330220757.28456.qmail@securityfocus.com Reference: CONFIRM:http://www.securityfocus.com/templates/advisory.html?id=2150 Reference: BID:1083 Reference: URL:http://www.securityfocus.com/bid/1083 Reference: XF:cobalt-raq-remote-access The default configuration of Cobalt RaQ2 and RaQ3 as specified in access.conf allows remote attackers to view sensitive contents of a .htaccess file. ====================================================== Name: CVE-2000-0235 Status: Entry Reference: FREEBSD:FreeBSD-SA-00:10 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:10-orville-write.asc Reference: BID:1070 Reference: URL:http://www.securityfocus.com/bid/1070 Reference: XF:freebsd-orvillewrite-bo Reference: OSVDB:1263 Reference: URL:http://www.osvdb.org/1263 Buffer overflow in the huh program in the orville-write package allows local users to gain root privileges. ====================================================== Name: CVE-2000-0236 Status: Entry Reference: BUGTRAQ:20000317 [SAFER 000317.EXP.1.5] Netscape Enterprise Server and '?wp' tags Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=38D2173D.24E39DD0@relaygroup.com Reference: BID:1063 Reference: URL:http://www.securityfocus.com/bid/1063 Reference: XF:netscape-server-directory-indexing Netscape Enterprise Server with Directory Indexing enabled allows remote attackers to list server directories via web publishing tags such as ?wp-ver-info and ?wp-cs-dump. ====================================================== Name: CVE-2000-0237 Status: Entry Reference: MISC:http://zsh.stupidphat.com/advisory.cgi?000311-1 Reference: BID:1075 Reference: URL:http://www.securityfocus.com/bid/1075 Reference: XF:netscape-webpublisher-invalid-access Netscape Enterprise Server with Web Publishing enabled allows remote attackers to list arbitrary directories via a GET request for the /publisher directory, which provides a Java applet that allows the attacker to browse the directories. ====================================================== Name: CVE-2000-0238 Status: Entry Reference: BUGTRAQ:20000317 DoS with NAVIEG Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=s8d1f3e3.036@kib.co.kodiak.ak.us Reference: XF:nav-email-gateway-dos Reference: BID:1064 Reference: URL:http://www.securityfocus.com/bid/1064 Buffer overflow in the web server for Norton AntiVirus for Internet Email Gateways allows remote attackers to cause a denial of service via a long URL. ====================================================== Name: CVE-2000-0240 Status: Entry Reference: BUGTRAQ:20000321 vqserver /........../ Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=4.1.20000321084646.0095c7f0@olga.swip.net Reference: CONFIRM:http://www.vqsoft.com/vq/server/faqs/dotdotbug.html Reference: XF:vqserver-dir-traverse Reference: BID:1067 Reference: URL:http://www.securityfocus.com/bid/1067 Reference: OSVDB:270 Reference: URL:http://www.osvdb.org/270 vqSoft vqServer program allows remote attackers to read arbitrary files via a /........../ in the URL, a variation of a .. (dot dot) attack. ====================================================== Name: CVE-2000-0243 Status: Entry Reference: BUGTRAQ:20000324 AnalogX SimpleServer 1.03 Remote Crash" at: Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=web-5645555@post2.rnci.com Reference: MISC:http://www.analogx.com/contents/download/network/sswww.htm Reference: XF:simpleserver-exception-dos(4189) Reference: URL:http://xforce.iss.net/static/4189.php Reference: BID:1076 Reference: URL:http://www.securityfocus.com/bid/1076 Reference: OSVDB:1265 Reference: URL:http://www.osvdb.org/1265 AnalogX SimpleServer:WWW HTTP server 1.03 allows remote attackers to cause a denial of service via a short GET request to cgi-bin. ====================================================== Name: CVE-2000-0245 Status: Entry Reference: BUGTRAQ:20000328 Objectserver vulnerability Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200003290852.aa27218@blaze.arl.mil Reference: SGI:20000303-01-PX Reference: URL:ftp://sgigate.sgi.com/security/20000303-01-PX Reference: CIAC:K-030 Reference: URL:http://www.ciac.org/ciac/bulletins/k-030.shtml Reference: BID:1079 Reference: URL:http://www.securityfocus.com/bid/1079 Reference: OSVDB:1267 Reference: URL:http://www.osvdb.org/1267 Reference: XF:irix-objectserver-create-accounts(4206) Reference: URL:http://xforce.iss.net/xforce/xfdb/4206 Vulnerability in SGI IRIX objectserver daemon allows remote attackers to create user accounts. ====================================================== Name: CVE-2000-0246 Status: Entry Reference: MS:MS00-019 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-019.asp Reference: MSKB:Q249599 Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=249599 Reference: BID:1081 Reference: URL:http://www.securityfocus.com/bid/1081 Reference: XF:iis-virtual-unc-share IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mapped to a UNC share, which allows remote attackers to read the source code of ASP and other files, aka the "Virtualized UNC Share" vulnerability. ====================================================== Name: CVE-2000-0247 Status: Entry Reference: BUGTRAQ:20000322 Local root compromise in GNQS 3.50.6 and 3.50.7 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0236.html Reference: MISC:http://ftp.gnqs.org/pub/gnqs/source/by-version-number/v3.50/Generic-NQS-3.50.8-ChangeLog.txt Reference: FREEBSD:FreeBSD-SA-00:13 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:13.generic-nqs.asc Reference: BID:1842 Reference: URL:http://www.securityfocus.com/bid/1842 Reference: XF:generic-nqs-local-root(4306) Reference: URL:http://xforce.iss.net/xforce/xfdb/4306 Unknown vulnerability in Generic-NQS (GNQS) allows local users to gain root privileges. ====================================================== Name: CVE-2000-0249 Status: Entry Reference: ISS:20000426 Insecure file handling in IBM AIX frcactrl program Reference: URL:http://xforce.iss.net/alerts/advise47.php3 Reference: IBM:ERS-OAR-E01-2000:075.1 Reference: XF:aix-frcactrl Reference: BID:1152 Reference: URL:http://www.securityfocus.com/bid/1152 The AIX Fast Response Cache Accelerator (FRCA) allows local users to modify arbitrary files via the configuration capability in the frcactrl program. ====================================================== Name: CVE-2000-0251 Status: Entry Reference: HP:HPSBUX0004-112 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0021.html Reference: BID:1090 Reference: URL:http://www.securityfocus.com/bid/1090 Reference: XF:hp-virtual-vault HP-UX 11.04 VirtualVault (VVOS) sends data to unprivileged processes via an interface that has multiple aliased IP addresses. ====================================================== Name: CVE-2000-0252 Status: Entry Reference: BUGTRAQ:20000411 Back Door in Commercial Shopping Cart Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0051.html Reference: BID:1115 Reference: URL:http://www.securityfocus.com/bid/1115 Reference: XF:dansie-shell-metacharacters Reference: URL:http://xforce.iss.net/static/4975.php The dansie shopping cart application cart.pl allows remote attackers to execute commands via a shell metacharacters in a form variable. ====================================================== Name: CVE-2000-0253 Status: Entry Reference: BUGTRAQ:20000411 Re: Back Door in Commercial Shopping Cart Reference: BID:1115 Reference: URL:http://www.securityfocus.com/bid/1115 Reference: XF:shopping-cart-form-tampering Reference: URL:http://xforce.iss.net/static/4621.php The dansie shopping cart application cart.pl allows remote attackers to modify sensitive purchase information via hidden form fields. ====================================================== Name: CVE-2000-0254 Status: Entry Reference: BUGTRAQ:20000411 Re: Back Door in Commercial Shopping Cart Reference: BID:1115 Reference: URL:http://www.securityfocus.com/bid/1115 Reference: XF:dansie-form-variables Reference: URL:http://xforce.iss.net/static/4954.php The dansie shopping cart application cart.pl allows remote attackers to obtain the shopping cart database and configuration information via a URL that references either the env, db, or vars form variables. ====================================================== Name: CVE-2000-0255 Status: Entry Reference: BUGTRAQ:20000405 SilverBack Security Advisory: Nbase-Xyplex DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0022.html Reference: BID:1091 Reference: URL:http://www.securityfocus.com/bid/1091 Reference: XF:nbase-xyplex-router The Nbase-Xyplex EdgeBlaster router allows remote attackers to cause a denial of service via a scan for the FormMail CGI program. ====================================================== Name: CVE-2000-0257 Status: Entry Reference: BUGTRAQ:20000418 Novell Netware 5.1 (server 5.00h, Dec 11, 1999)... Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.21.0004171825340.10088-100000@nimue.tpi.pl Reference: BID:1118 Reference: URL:http://www.securityfocus.com/bid/1118 Reference: XF:netware-remote-admin-overflow Buffer overflow in the NetWare remote web administration utility allows remote attackers to cause a denial of service or execute commands via a long URL. ====================================================== Name: CVE-2000-0258 Status: Entry Reference: MS:MS00-023 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-023.asp Reference: BID:1101 Reference: URL:http://www.securityfocus.com/bid/1101 IIS 4.0 and 5.0 allows remote attackers to cause a denial of service by sending many URLs with a large number of escaped characters, aka the "Myriad Escaped Characters" Vulnerability. ====================================================== Name: CVE-2000-0260 Status: Entry Reference: MS:MS00-025 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-025.asp Reference: BID:1109 Reference: URL:http://www.securityfocus.com/bid/1109 Reference: OSVDB:282 Reference: URL:http://www.osvdb.org/282 Buffer overflow in the dvwssr.dll DLL in Microsoft Visual Interdev 1.0 allows users to cause a denial of service or execute commands, aka the "Link View Server-Side Component" vulnerability. ====================================================== Name: CVE-2000-0261 Status: Entry Reference: BUGTRAQ:20000415 (no subject) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0073.html Reference: BUGTRAQ:20000418 AVM's Statement Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=383085010.956159226625.JavaMail.root@web305-mc.mail.com Reference: XF:ken-download-files Reference: BID:1103 Reference: URL:http://www.securityfocus.com/bid/1103 Reference: OSVDB:1282 Reference: URL:http://www.osvdb.org/1282 The AVM KEN! web server allows remote attackers to read arbitrary files via a .. (dot dot) attack. ====================================================== Name: CVE-2000-0262 Status: Entry Reference: BUGTRAQ:20000415 (no subject) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0073.html Reference: BUGTRAQ:20000418 AVM's Statement Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=383085010.956159226625.JavaMail.root@web305-mc.mail.com Reference: BID:1103 Reference: URL:http://www.securityfocus.com/bid/1103 Reference: XF:ken-dos The AVM KEN! ISDN Proxy server allows remote attackers to cause a denial of service via a malformed request. ====================================================== Name: CVE-2000-0263 Status: Entry Reference: BUGTRAQ:20000416 xfs Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0079.html Reference: XF:redhat-fontserver-dos Reference: BID:1111 Reference: URL:http://www.securityfocus.com/bid/1111 The X font server xfs in Red Hat Linux 6.x allows an attacker to cause a denial of service via a malformed request. ====================================================== Name: CVE-2000-0264 Status: Entry Reference: BUGTRAQ:20000417 bugs in Panda Security 3.0 Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=38FB45F2.550EA000@teleline.es Reference: CONFIRM:http://updates.pandasoftware.com/docs/us/Avoidvulnerability.zip Reference: XF:panda-admin-privileges Reference: BID:1119 Reference: URL:http://www.securityfocus.com/bid/1119 Panda Security 3.0 with registry editing disabled allows users to edit the registry and gain privileges by directly executing a .reg file or using other methods. ====================================================== Name: CVE-2000-0265 Status: Entry Reference: BUGTRAQ:20000417 bugs in Panda Security 3.0 Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=38FB45F2.550EA000@teleline.es Reference: CONFIRM:http://updates.pandasoftware.com/docs/us/Avoidvulnerability.zip Reference: BID:1119 Reference: URL:http://www.securityfocus.com/bid/1119 Reference: XF:panda-uninstall-program Panda Security 3.0 allows users to uninstall the Panda software via its Add/Remove Programs applet. ====================================================== Name: CVE-2000-0267 Status: Entry Reference: CISCO:20000419 Cisco Catalyst Enable Password Bypass Vulnerability Reference: URL:http://www.cisco.com/warp/public/707/catos-enable-bypass-pub.shtml Reference: XF:cisco-catalyst-password-bypass Reference: BID:1122 Reference: URL:http://www.securityfocus.com/bid/1122 Reference: OSVDB:1288 Reference: URL:http://www.osvdb.org/1288 Cisco Catalyst 5.4.x allows a user to gain access to the "enable" mode without a password. ====================================================== Name: CVE-2000-0268 Status: Entry Reference: CISCO:20000420 Cisco IOS Software TELNET Option Handling Vulnerability Reference: URL:http://www.cisco.com/warp/public/707/iostelnetopt-pub.shtml Reference: BID:1123 Reference: URL:http://www.securityfocus.com/bid/1123 Reference: XF:cisco-ios-option-handling Reference: OSVDB:1289 Reference: URL:http://www.osvdb.org/1289 Cisco IOS 11.x and 12.x allows remote attackers to cause a denial of service by sending the ENVIRON option to the Telnet daemon before it is ready to accept it, which causes the system to reboot. ====================================================== Name: CVE-2000-0272 Status: Entry Reference: BUGTRAQ:20000420 Remote DoS attack in Real Networks Real Server Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95625288231045&w=2 Reference: CONFIRM:http://service.real.com/help/faq/servg270.html Reference: XF:realserver-remote-dos Reference: BID:1128 Reference: URL:http://www.securityfocus.com/bid/1128 RealNetworks RealServer allows remote attackers to cause a denial of service by sending malformed input to the server at port 7070. ====================================================== Name: CVE-2000-0273 Status: Entry Reference: BUGTRAQ:20000409 A funny way to DOS pcANYWHERE8.0 and 9.0 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0031.html Reference: BID:1095 Reference: URL:http://www.securityfocus.com/bid/1095 Reference: XF:pcanywhere-login-dos PCAnywhere allows remote attackers to cause a denial of service by terminating the connection before PCAnywhere provides a login prompt. ====================================================== Name: CVE-2000-0274 Status: Entry Reference: BUGTRAQ:20000410 linux trustees 1.5 long path name vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0035.html Reference: CONFIRM:http://www.braysystems.com/linux/trustees.html Reference: XF:linux-trustees-patch-dos Reference: BID:1096 Reference: URL:http://www.securityfocus.com/bid/1096 The Linux trustees kernel patch allows attackers to cause a denial of service by accessing a file or directory with a long name. ====================================================== Name: CVE-2000-0276 Status: Entry Reference: BUGTRAQ:20000410 BeOS syscall bug Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000410131628.659.qmail@securityfocus.com Reference: BID:1098 Reference: URL:http://www.securityfocus.com/bid/1098 Reference: XF:beos-syscall-dos BeOS 4.5 and 5.0 allow local users to cause a denial of service via malformed direct system calls using interrupt 37. ====================================================== Name: CVE-2000-0277 Status: Entry Reference: MS:MS00-022 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-022.asp Reference: BID:1087 Reference: URL:http://www.securityfocus.com/bid/1087 Reference: OSVDB:1272 Reference: URL:http://www.osvdb.org/1272 Microsoft Excel 97 and 2000 does not warn the user when executing Excel Macro Language (XLM) macros in external text files, which could allow an attacker to execute a macro virus, aka the "XLM Text Macro" vulnerability. ====================================================== Name: CVE-2000-0278 Status: Entry Reference: BUGTRAQ:20000331 SalesLogix Eviewer Web App Bug: URL request crashes eviewer web application Reference: URL:http://archives.neohapsis.com/archives/bugtraq/current/0006.html Reference: BID:1089 Reference: URL:http://www.securityfocus.com/bid/1089 Reference: XF:eviewer-admin-request-dos The SalesLogix Eviewer allows remote attackers to cause a denial of service by accessing the URL for the slxweb.dll administration program, which does not authenticate the user. ====================================================== Name: CVE-2000-0279 Status: Entry Reference: BUGTRAQ:20000407 BeOS Networking DOS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0029.html Reference: MISC:http://bebugs.be.com/devbugs/detail.php3?oid=2505312 Reference: BID:1100 Reference: URL:http://www.securityfocus.com/bid/1100 Reference: XF:beos-networking-dos BeOS allows remote attackers to cause a denial of service via malformed packets whose length field is less than the length of the headers. ====================================================== Name: CVE-2000-0282 Status: Entry Reference: BUGTRAQ:20000412 TalentSoft Web+ Input Validation Bug Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0050.html Reference: CONFIRM:ftp://ftp.talentsoft.com/Download/Webplus/Unix/Patches/Webplus46p%20Read%20me.html Reference: BID:1102 Reference: URL:http://www.securityfocus.com/bid/1102 Reference: XF:talentsoft-web-input TalentSoft webpsvr daemon in the Web+ shopping cart application allows remote attackers to read arbitrary files via a .. (dot dot) attack on the webplus CGI program. ====================================================== Name: CVE-2000-0283 Status: Entry Reference: BUGTRAQ:20000412 Performance Copilot for IRIX 6.5 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0056.html Reference: BID:1106 Reference: URL:http://www.securityfocus.com/bid/1106 Reference: XF:irix-pmcd-info The default installation of IRIX Performance Copilot allows remote attackers to access sensitive system information via the pmcd daemon. ====================================================== Name: CVE-2000-0285 Status: Entry Reference: BUGTRAQ:20000416 XFree86 server overflow Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0076.html Reference: BID:1306 Reference: URL:http://www.securityfocus.com/bid/1306 Reference: XF:xfree86-xkbmap-parameter-bo Buffer overflow in XFree86 3.3.x allows local users to execute arbitrary commands via a long -xkbmap parameter. ====================================================== Name: CVE-2000-0287 Status: Entry Reference: BUGTRAQ:20000412 BizDB Search Script Enables Shell Command Execution at the Server Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0058.html Reference: BID:1104 Reference: URL:http://www.securityfocus.com/bid/1104 Reference: XF:http-cgi-bizdb The BizDB CGI script bizdb-search.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the dbname parameter. ====================================================== Name: CVE-2000-0289 Status: Entry Reference: BUGTRAQ:20000327 Security Problems with Linux 2.2.x IP Masquerading Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0284.html Reference: SUSE:20000520 Security hole in kernel < 2.2.15 Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_48.html Reference: BID:1078 Reference: URL:http://www.securityfocus.com/bid/1078 Reference: XF:linux-masquerading-dos IP masquerading in Linux 2.2.x allows remote attackers to route UDP packets through the internal interface by modifying the external source IP address and port number to match those of an established connection. ====================================================== Name: CVE-2000-0290 Status: Entry Reference: BUGTRAQ:20000331 Webstar 4.0 Buffer overflow vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0005.html Reference: XF:macos-webstar-get-bo(4792) Reference: URL:http://xforce.iss.net/static/4792.php Reference: BID:1822 Reference: URL:http://www.securityfocus.com/bid/1822 Buffer overflow in Webstar HTTP server allows remote attackers to cause a denial of service via a long GET request. ====================================================== Name: CVE-2000-0292 Status: Entry Reference: BUGTRAQ:20000418 Adtran DoS Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.10004190908140.32750-100000@localhost.localdomain Reference: BID:1129 Reference: URL:http://www.securityfocus.com/bid/1129 Reference: XF:adtran-ping-dos The Adtran MX2800 M13 Multiplexer allows remote attackers to cause a denial of service via a ping flood to the Ethernet interface, which causes the device to crash. ====================================================== Name: CVE-2000-0294 Status: Entry Reference: FREEBSD:FreeBSD-SA-00:12 Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2162 Reference: BID:1107 Reference: URL:http://www.securityfocus.com/bid/1107 Reference: XF:freebsd-healthd Reference: OSVDB:606 Reference: URL:http://www.osvdb.org/606 Buffer overflow in healthd for FreeBSD allows local users to gain root privileges. ====================================================== Name: CVE-2000-0296 Status: Entry Reference: BUGTRAQ:20000331 fcheck v.2.7.45 and insecure use of Perl's system() Reference: URL:http://archives.neohapsis.com/archives/bugtraq/current/0011.html Reference: BID:1086 Reference: URL:http://www.securityfocus.com/bid/1086 Reference: XF:fcheck-shell fcheck allows local users to gain privileges by embedding shell metacharacters into file names that are processed by fcheck. ====================================================== Name: CVE-2000-0297 Status: Entry Reference: ALLAIRE:ASB00-06 Reference: URL:http://www2.allaire.com/handlers/index.cfm?ID=15099&Method=Full Reference: BID:1085 Reference: URL:http://www.securityfocus.com/bid/1085 Reference: XF:allaire-forums-allaccess Reference: OSVDB:1270 Reference: URL:http://www.osvdb.org/1270 Allaire Forums 2.0.5 allows remote attackers to bypass access restrictions to secure conferences via the rightAccessAllForums or rightModerateAllForums variables. ====================================================== Name: CVE-2000-0298 Status: Entry Reference: NTBUGTRAQ:20000407 All Users startup folder left open if unattended install and OEMP reinstall=1 Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0027.html Reference: XF:win2k-unattended-install(4278) Reference: URL:http://xforce.iss.net/static/4278.php Reference: BID:1758 Reference: URL:http://www.securityfocus.com/bid/1758 The unattended installation of Windows 2000 with the OEMPreinstall option sets insecure permissions for the All Users and Default Users directories. ====================================================== Name: CVE-2000-0301 Status: Entry Reference: BUGTRAQ:20000405 Re: IMAIL (Ipswitch) DoS with Eudora (Qualcomm) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95505800117143&w=2 Reference: CONFIRM:http://support.ipswitch.com/kb/IM-20000208-DM02.htm Reference: BID:1094 Reference: URL:http://www.securityfocus.com/bid/1094 Reference: XF:ipswitch-imail-dos Ipswitch IMAIL server 6.02 and earlier allows remote attackers to cause a denial of service via the AUTH CRAM-MD5 command. ====================================================== Name: CVE-2000-0302 Status: Entry Reference: BUGTRAQ:20000331 Alert: MS Index Server (CISADV000330) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95453598317340&w=2 Reference: MS:MS00-006 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-006.asp Reference: BID:1084 Reference: URL:http://www.securityfocus.com/bid/1084 Reference: XF:http-indexserver-asp-source Reference: OSVDB:271 Reference: URL:http://www.osvdb.org/271 Microsoft Index Server allows remote attackers to view the source code of ASP files by appending a %20 to the filename in the CiWebHitsFile argument to the null.htw URL. ====================================================== Name: CVE-2000-0303 Status: Entry Reference: ISS:20000503 Vulnerability in Quake3Arena Auto-Download Feature Reference: URL:http://xforce.iss.net/alerts/advise50.php3 Reference: CONFIRM:http://www.quake3arena.com/news/index.html Reference: BID:1169 Reference: URL:http://www.securityfocus.com/bid/1169 Reference: XF:quake3-auto-download Reference: OSVDB:7531 Reference: URL:http://www.osvdb.org/7531 Quake3 Arena allows malicious server operators to read or modify files on a client via a dot dot (..) attack. ====================================================== Name: CVE-2000-0304 Status: Entry Reference: ISS:20000511 Microsoft IIS Remote Denial of Service Attack Reference: URL:http://xforce.iss.net/alerts/advise52.php3 Reference: MS:MS00-031 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-031.mspx Reference: BID:1191 Reference: URL:http://www.securityfocus.com/bid/1191 Reference: XF:iis-authchangeurl-dos Microsoft IIS 4.0 and 5.0 with the IISADMPWD virtual directory installed allows a remote attacker to cause a denial of service via a malformed request to the inetinfo.exe program, aka the "Undelimited .HTR Request" vulnerability. ====================================================== Name: CVE-2000-0305 Status: Entry Reference: BINDVIEW:20000519 jolt2 - Remote DoS against NT, W2K, 9x Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2240 Reference: MS:MS00-029 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-029.asp Reference: BID:1236 Reference: URL:http://www.securityfocus.com/bid/1236 Reference: XF:ip-fragment-reassembly-dos Windows 95, Windows 98, Windows 2000, Windows NT 4.0, and Terminal Server systems allow a remote attacker to cause a denial of service by sending a large number of identical fragmented IP packets, aka jolt2 or the "IP Fragment Reassembly" vulnerability. ====================================================== Name: CVE-2000-0306 Status: Entry Reference: SCO:SB-99.02 Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-99.02a Reference: BUGTRAQ:19981229 Local/remote exploit for SCO UNIX. Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=1998-12-29&msg=AAh6GYsGU1@leshka.chuvashia.su Buffer overflow in calserver in SCO OpenServer allows remote attackers to gain root access via a long message. ====================================================== Name: CVE-2000-0307 Status: Entry Reference: SCO:SB-99.07 Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-99.07b Vulnerability in xserver in SCO UnixWare 2.1.x and OpenServer 5.05 and earlier allows an attacker to cause a denial of service which prevents access to reserved port numbers below 1024. ====================================================== Name: CVE-2000-0308 Status: Entry Reference: SCO:SB-99.08 Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-99.08a Insecure file permissions for Netscape FastTrack Server 2.x, Enterprise Server 2.0, and Proxy Server 2.5 in SCO UnixWare 7.0.x and 2.1.3 allow an attacker to gain root privileges. ====================================================== Name: CVE-2000-0309 Status: Entry Reference: OPENBSD:19990212 i386 trace-trap handling when DDB was configured could cause a system crash. Reference: URL:http://www.openbsd.org/errata24.html#trctrap Reference: OSVDB:6126 Reference: URL:http://www.osvdb.org/6126 The i386 trace-trap handling in OpenBSD 2.4 with DDB enabled allows a local user to cause a denial of service. ====================================================== Name: CVE-2000-0310 Status: Entry Reference: OPENBSD:19990217 IP fragment assembly can bog the machine excessively and cause problems. Reference: URL:http://www.openbsd.org/errata24.html#maxqueue Reference: OSVDB:7539 Reference: URL:http://www.osvdb.org/7539 IP fragment assembly in OpenBSD 2.4 allows a remote attacker to cause a denial of service by sending a large number of fragmented packets. ====================================================== Name: CVE-2000-0311 Status: Entry Reference: MS:MS00-026 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-026.asp Reference: XF:ms-mixed-object Reference: BID:1145 Reference: URL:http://www.securityfocus.com/bid/1145 The Windows 2000 domain controller allows a malicious user to modify Active Directory information by modifying an unprotected attribute, aka the "Mixed Object Access" vulnerability. ====================================================== Name: CVE-2000-0313 Status: Entry Reference: OPENBSD:19991109 Any user can change interface media configurations. Reference: URL:http://www.openbsd.org/errata.html#ifmedia Reference: OSVDB:7540 Reference: URL:http://www.osvdb.org/7540 Vulnerability in OpenBSD 2.6 allows a local user to change interface media configurations. ====================================================== Name: CVE-2000-0314 Status: Entry Reference: BUGTRAQ:19990213 traceroute as a flooder Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91893782027835&w=2 Reference: NETBSD:NetBSD-SA1999-004 Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA1999-004.txt.asc Reference: OSVDB:7574 Reference: URL:http://www.osvdb.org/7574 traceroute in NetBSD 1.3.3 and Linux systems allows local users to flood other systems by providing traceroute with a large waittime (-w) option, which is not parsed properly and sets the time delay for sending packets to zero. ====================================================== Name: CVE-2000-0315 Status: Entry Reference: BUGTRAQ:19990213 traceroute as a flooder Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91893782027835&w=2 Reference: NETBSD:NetBSD-SA1999-004 Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA1999-004.txt.asc Reference: OSVDB:7575 Reference: URL:http://www.osvdb.org/7575 traceroute in NetBSD 1.3.3 and Linux systems allows local unprivileged users to modify the source address of the packets, which could be used in spoofing attacks. ====================================================== Name: CVE-2000-0316 Status: Entry Reference: BUGTRAQ:20000424 Solaris 7 x86 lp exploit Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0191.html Reference: SUNBUG:4314312 Reference: BID:1143 Reference: URL:http://www.securityfocus.com/bid/1143 Reference: XF:solaris-lp-bo Buffer overflow in Solaris 7 lp allows local users to gain root privileges via a long -d option. ====================================================== Name: CVE-2000-0318 Status: Entry Reference: NTBUGTRAQ:20000413 Security problems with Atrium Mercur Mailserver 3.20 Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0057.html Reference: BID:1144 Reference: URL:http://www.securityfocus.com/bid/1144 Reference: XF:mercur-remote-dot-attack Atrium Mercur Mail Server 3.2 allows local attackers to read other user's email and create arbitrary files via a dot dot (..) attack. ====================================================== Name: CVE-2000-0319 Status: Entry Reference: BUGTRAQ:20000424 unsafe fgets() in sendmail's mail.local Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=2694.000424@SECURITY.NNOV.RU Reference: XF:sendmail-maillocal-dos Reference: BID:1146 Reference: URL:http://www.securityfocus.com/bid/1146 mail.local in Sendmail 8.10.x does not properly identify the .\n string which identifies the end of message text, which allows a remote attacker to cause a denial of service or corrupt mailboxes via a message line that is 2047 characters long and ends in .\n. ====================================================== Name: CVE-2000-0320 Status: Entry Reference: BUGTRAQ:20000421 unsafe fgets() in qpopper Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=9763.000421@SECURITY.NNOV.RU Reference: BID:1133 Reference: URL:http://www.securityfocus.com/bid/1133 Reference: XF:qpopper-fgets-spoofing Qpopper 2.53 and 3.0 does not properly identify the \n string which identifies the end of message text, which allows a remote attacker to cause a denial of service or corrupt mailboxes via a message line that is 1023 characters long and ends in \n. ====================================================== Name: CVE-2000-0322 Status: Entry Reference: BUGTRAQ:20000424 piranha default password/exploit Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Enip.BSO.23.0004241601140.28851-100000@www.whitehats.com Reference: REDHAT:RHSA-2000:014 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-014.html Reference: BID:1149 Reference: URL:http://www.securityfocus.com/bid/1149 Reference: XF:piranha-passwd-execute The passwd.php3 CGI script in the Red Hat Piranha Virtual Server Package allows local users to execure arbitrary commands via shell metacharacters. ====================================================== Name: CVE-2000-0323 Status: Entry Reference: BUGTRAQ:19990728 Alert : MS Office 97 Vulnerability Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=1999-08-22&msg=19990729195531.25108.qmail@underground.org Reference: MS:MS99-030 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-030.asp Reference: XF:jet-text-isam Reference: BID:595 Reference: URL:http://www.securityfocus.com/level2/?go=vulnerabilities&id=595 The Microsoft Jet database engine allows an attacker to modify text files via a database query, aka the "Text I-ISAM" vulnerability. ====================================================== Name: CVE-2000-0324 Status: Entry Reference: BUGTRAQ:20000425 Denial of Service Against pcAnywhere. Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.3.96.1000425150157.13567A-100000@sword.damocles.com Reference: BUGTRAQ:20010211 Symantec pcAnywhere 9.0 DoS / Buffer Overflow Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0201.html Reference: BUGTRAQ:20010212 Re: Symantec pcAnywhere 9.0 DoS / Buffer Overflow Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0258.html Reference: BID:1150 Reference: URL:http://www.securityfocus.com/bid/1150 Reference: XF:pcanywhere-tcpsyn-dos(4347) Reference: URL:http://www.iss.net/security_center/static/4347.php Reference: OSVDB:1301 Reference: URL:http://www.osvdb.org/1301 pcAnywhere 8.x and 9.0 allows remote attackers to cause a denial of service via a TCP SYN scan, e.g. by nmap. ====================================================== Name: CVE-2000-0327 Status: Entry Reference: BUGTRAQ:19991014 Another Microsoft Java Flaw Disovered Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93993545118416&w=2 Reference: MS:MS99-045 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-045.asp Reference: XF:msvm-verifier-java Microsoft Virtual Machine (VM) allows remote attackers to escape the Java sandbox and execute commands via an applet containing an illegal cast operation, aka the "Virtual Machine Verifier" vulnerability. ====================================================== Name: CVE-2000-0328 Status: Entry Reference: BUGTRAQ:19990824 NT Predictable Initial TCP Sequence numbers - changes observed with SP4 Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=4.1.19990824165629.00abcb40@192.168.124.1 Reference: MS:MS99-046 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-046.asp Reference: BID:604 Reference: URL:http://www.securityfocus.com/bid/604 Reference: XF:nt-sequence-prediction-sp4 Reference: XF:tcp-seq-predict Windows NT 4.0 generates predictable random TCP initial sequence numbers (ISN), which allows remote attackers to perform spoofing and session hijacking. ====================================================== Name: CVE-2000-0329 Status: Entry Reference: MS:MS99-048 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-048.asp Reference: XF:ie-active-setup-control A Microsoft ActiveX control allows a remote attacker to execute a malicious cabinet file via an attachment and an embedded script in an HTML mail, aka the "Active Setup Control" vulnerability. ====================================================== Name: CVE-2000-0330 Status: Entry Reference: MS:MS99-049 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-049.asp Reference: XF:win-fileurl-overflow The networking software in Windows 95 and Windows 98 allows remote attackers to execute commands via a long file name string, aka the "File Access URL" vulnerability. ====================================================== Name: CVE-2000-0331 Status: Entry Reference: BUGTRAQ:20000421 CMD.EXE overflow (CISADV000420) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0147.html Reference: MS:MS00-027 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-027.asp Reference: BID:1135 Reference: URL:http://www.securityfocus.com/bid/1135 Reference: XF:nt-cmd-overflow Buffer overflow in Microsoft command processor (CMD.EXE) for Windows NT and Windows 2000 allows a local user to cause a denial of service via a long environment variable, aka the "Malformed Environment Variable" vulnerability. ====================================================== Name: CVE-2000-0332 Status: Entry Reference: BUGTRAQ:20000502 Fun with UltraBoard V1.6X Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000503091316.99073.qmail@hotmail.com Reference: BID:1164 Reference: URL:http://www.securityfocus.com/bid/1164 Reference: XF:ultraboard-printabletopic-fileread Reference: OSVDB:1309 Reference: URL:http://www.osvdb.org/1309 Reference: OSVDB:4065 Reference: URL:http://www.osvdb.org/4065 UltraBoard.pl or UltraBoard.cgi CGI scripts in UltraBoard 1.6 allows remote attackers to read arbitrary files via a pathname string that includes a dot dot (..) and ends with a null byte. ====================================================== Name: CVE-2000-0334 Status: Entry Reference: ALLAIRE:ASB00-10 Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=15411&Method=Full Reference: BID:1181 Reference: URL:http://www.securityfocus.com/bid/1181 Reference: XF:allaire-spectra-container-editor-preview The Allaire Spectra container editor preview tool does not properly enforce object security, which allows an attacker to conduct unauthorized activities via an object-method that is added to the container object with a publishing rule. ====================================================== Name: CVE-2000-0335 Status: Entry Reference: BUGTRAQ:20000502 glibc resolver weakness Reference: BID:1166 Reference: URL:http://www.securityfocus.com/bid/1166 Reference: XF:glibc-resolver-id-predictable The resolver in glibc 2.1.3 uses predictable IDs, which allows a local attacker to spoof DNS query results. ====================================================== Name: CVE-2000-0336 Status: Entry Reference: REDHAT:RHSA-2000:012 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-012.html Reference: CALDERA:CSSA-2000-009.0 Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-009.0.txt Reference: TURBO:TLSA2000010-1 Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2000-May/000009.html Reference: BID:1232 Reference: URL:http://www.securityfocus.com/bid/1232 Reference: XF:openldap-symlink-attack Linux OpenLDAP server allows local users to modify arbitrary files via a symlink attack. ====================================================== Name: CVE-2000-0337 Status: Entry Reference: BUGTRAQ:20000424 Solaris x86 Xsun overflow. Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0188.html Reference: SUNBUG:4335411 Reference: XF:solaris-xsun-bo Reference: BID:1140 Reference: URL:http://www.securityfocus.com/bid/1140 Buffer overflow in Xsun X server in Solaris 7 allows local users to gain root privileges via a long -dev parameter. ====================================================== Name: CVE-2000-0338 Status: Entry Reference: BUGTRAQ:20000423 CVS DoS Reference: URL:http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3D20000423174038.A520%40clico.pl Reference: BID:1136 Reference: URL:http://www.securityfocus.com/bid/1136 Reference: XF:cvs-tempfile-dos Concurrent Versions Software (CVS) uses predictable temporary file names for locking, which allows local users to cause a denial of service by creating the lock directory before it is created for use by a legitimate CVS user. ====================================================== Name: CVE-2000-0339 Status: Entry Reference: BUGTRAQ:20000420 ZoneAlarm Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000421044123.2353.qmail@securityfocus.com Reference: BID:1137 Reference: URL:http://www.securityfocus.com/bid/1137 Reference: XF:zonealarm-portscan Reference: OSVDB:1294 Reference: URL:http://www.osvdb.org/1294 ZoneAlarm 2.1.10 and earlier does not filter UDP packets with a source port of 67, which allows remote attackers to bypass the firewall rules. ====================================================== Name: CVE-2000-0340 Status: Entry Reference: BUGTRAQ:20000428 SuSE 6.3 Gnomelib buffer overflow Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=00042902575201.09597@wintermute-pub Reference: CONFIRM:http://www.suse.com/us/support/download/updates/axp_63.html Reference: BID:1155 Reference: URL:http://www.securityfocus.com/bid/1155 Reference: XF:linux-gnomelib-bo Buffer overflow in Gnomelib in SuSE Linux 6.3 allows local users to execute arbitrary commands via the DISPLAY environmental variable. ====================================================== Name: CVE-2000-0341 Status: Entry Reference: NTBUGTRAQ:20000501 Remote DoS attack in CASSANDRA NNTPServer v1.10 from ATRIUM Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=95736106504870&w=2 Reference: BID:1156 Reference: URL:http://www.securityfocus.com/bid/1156 Reference: XF:nntpserver-cassandra-bo ATRIUM Cassandra NNTP Server 1.10 allows remote attackers to cause a denial of service via a long login name. ====================================================== Name: CVE-2000-0342 Status: Entry Reference: MISC:http://www.peacefire.org/security/stealthattach/explanation.html Reference: CONFIRM:http://news.cnet.com/news/0-1005-200-1773077.html?tag=st.ne.fd.lthd.1005-200-1773077 Reference: BID:1157 Reference: URL:http://www.securityfocus.com/bid/1157 Reference: XF:eudora-warning-message Eudora 4.x allows remote attackers to bypass the user warning for executable attachments such as .exe, .com, and .bat by using a .lnk file that refers to the attachment, aka "Stealth Attachment." ====================================================== Name: CVE-2000-0344 Status: Entry Reference: BUGTRAQ:20000501 Linux knfsd DoS issue Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.21.0005012042550.6419-100000@ferret.lmh.ox.ac.uk Reference: BID:1160 Reference: URL:http://www.securityfocus.com/bid/1160 Reference: XF:linux-knfsd-dos The knfsd NFS server in Linux kernel 2.2.x allows remote attackers to cause a denial of service via a negative size value. ====================================================== Name: CVE-2000-0346 Status: Entry Reference: BUGTRAQ:20000502 INFO:AppleShare IP 6.3.2 squashes security bug Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000502133240.21807.qmail@securityfocus.com Reference: CONFIRM:http://asu.info.apple.com/swupdates.nsf/artnum/n11670 Reference: XF:macos-appleshare-invalid-range Reference: BID:1162 Reference: URL:http://www.securityfocus.com/bid/1162 AppleShare IP 6.1 and later allows a remote attacker to read potentially sensitive information via an invalid range request to the web server. ====================================================== Name: CVE-2000-0347 Status: Entry Reference: NTBUGTRAQ:20000501 el8.org advisory - Win 95/98 DoS (RFParalyze.c) Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=95737580922397&w=2 Reference: BID:1163 Reference: URL:http://www.securityfocus.com/bid/1163 Reference: XF:win-netbios-source-null Windows 95 and Windows 98 allow a remote attacker to cause a denial of service via a NetBIOS session request packet with a NULL source name. ====================================================== Name: CVE-2000-0348 Status: Entry Reference: SCO:SB-99.10 Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-99.10a A vulnerability in the Sendmail configuration file sendmail.cf as installed in SCO UnixWare 7.1.0 and earlier allows an attacker to gain root privileges. ====================================================== Name: CVE-2000-0349 Status: Entry Reference: SCO:SB-99.13 Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-99.13a Vulnerability in the passthru driver in SCO UnixWare 7.1.0 allows an attacker to cause a denial of service. ====================================================== Name: CVE-2000-0350 Status: Entry Reference: MISC:http://www.securityfocus.com/templates/advisory.html?id=2220 Reference: CONFIRM:http://advice.networkice.com/advice/Support/KB/q000166/ Reference: BID:1216 Reference: URL:http://www.securityfocus.com/bid/1216 Reference: XF:netice-icecap-alert-execute Reference: XF:netice-icecap-default Reference: OSVDB:312 Reference: URL:http://www.osvdb.org/312 A debugging feature in NetworkICE ICEcap 2.0.23 and earlier is enabled, which allows a remote attacker to bypass the weak authentication and post unencrypted events. ====================================================== Name: CVE-2000-0351 Status: Entry Reference: SCO:SB-99.09 Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-99.09b Some packaging commands in SCO UnixWare 7.1.0 have insecure privileges, which allows local users to add or remove software packages. ====================================================== Name: CVE-2000-0352 Status: Entry Reference: BUGTRAQ:19991117 Pine: expanding env vars in URLs (seems to be fixed as of 4.21) Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.9911171818220.12375-100000@ray.compu-aid.com Reference: CALDERA:CSSA-1999-036.0 Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-036.0.txt Reference: SUSE:19991227 Security hole in Pine < 4.21 Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_36.html Reference: XF:pine-remote-exe Reference: BID:810 Reference: URL:http://www.securityfocus.com/bid/810 Pine before version 4.21 does not properly filter shell metacharacters from URLs, which allows remote attackers to execute arbitrary commands via a malformed URL. ====================================================== Name: CVE-2000-0353 Status: Entry Reference: MISC:http://www.securiteam.com/unixfocus/HHP-Pine_remote_exploit.html Reference: SUSE:19990628 Execution of commands in Pine 4.x Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_6.html Reference: SUSE:19990911 Update for Pine (fixed IMAP support) Reference: URL:http://www.novell.com/linux/security/advisories/pine_update_announcement.html Reference: BID:1247 Reference: URL:http://www.securityfocus.com/bid/1247 Reference: XF:pine-lynx-execute-commands Pine 4.x allows a remote attacker to execute arbitrary commands via an index.html file which executes lynx and obtains a uudecoded file from a malicious web server, which is then executed by Pine. ====================================================== Name: CVE-2000-0354 Status: Entry Reference: BUGTRAQ:19990928 mirror 2.9 hole Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=15769.990928@tomcat.ru Reference: DEBIAN:19991018 Incorrect directory name handling in mirror Reference: URL:http://www.debian.org/security/1999/19991018 Reference: SUSE:19991001 Security hole in mirror Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_22.html Reference: BID:681 Reference: URL:http://www.securityfocus.com/bid/681 Reference: XF:mirror-perl-remote-file-creation mirror 2.8.x in Linux systems allows remote attackers to create files one level above the local target directory. ====================================================== Name: CVE-2000-0356 Status: Entry Reference: REDHAT:RHSA-1999:040 Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=1789 Reference: XF:linux-pam-nis-login Reference: BID:697 Reference: URL:http://www.securityfocus.com/bid/697 Pluggable Authentication Modules (PAM) in Red Hat Linux 6.1 does not properly lock access to disabled NIS accounts. ====================================================== Name: CVE-2000-0359 Status: Entry Reference: BUGTRAQ:19991113 thttpd 2.04 stack overflow (VD#6) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/1626.html Reference: SUSE:19991116 Security hole in thttpd 1.90a - 2.04 Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_30.html Reference: XF:thttpd-ifmodifiedsince-header-dos Reference: BID:1248 Reference: URL:http://www.securityfocus.com/bid/1248 Buffer overflow in Trivial HTTP (THTTPd) allows remote attackers to cause a denial of service or execute arbitrary commands via a long If-Modified-Since header. ====================================================== Name: CVE-2000-0360 Status: Entry Reference: SUSE:19991124 Security hole in inn <= 2.2.1 Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_34.html Reference: CALDERA:CSSA-1999-038.0 Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-038.0.txt Reference: XF:inn-remote-dos Reference: BID:1249 Reference: URL:http://www.securityfocus.com/bid/1249 Buffer overflow in INN 2.2.1 and earlier allows remote attackers to cause a denial of service via a maliciously formatted article. ====================================================== Name: CVE-2000-0361 Status: Entry Reference: SUSE:19991214 Security hole in wvdial <= 1.4 Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_35.html Reference: XF:wvdial-gain-dialup-info The PPP wvdial.lxdialog script in wvdial 1.4 and earlier creates a .config file with world readable permissions, which allows a local attacker in the dialout group to access login and password information. ====================================================== Name: CVE-2000-0362 Status: Entry Reference: SUSE:19991019 Security hole in cdwtools < 093 Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_25.html Reference: BID:738 Reference: URL:http://www.securityfocus.com/bid/738 Reference: XF:linux-cdda2cdr Buffer overflows in Linux cdwtools 093 and earlier allows local users to gain root privileges. ====================================================== Name: CVE-2000-0363 Status: Entry Reference: SUSE:19991019 Security hole in cdwtools < 093 Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_25.html Reference: BID:738 Reference: URL:http://www.securityfocus.com/bid/738 Reference: XF:linux-cdda2cdr Linux cdwtools 093 and earlier allows local users to gain root privileges via the /tmp directory. ====================================================== Name: CVE-2000-0366 Status: Entry Reference: DEBIAN:19991202 problem restoring symlinks Reference: URL:http://www.debian.org/security/1999/19991202 Reference: XF:debian-dump-modify-ownership Reference: BID:1442 Reference: URL:http://www.securityfocus.com/bid/1442 dump in Debian GNU/Linux 2.1 does not properly restore symlinks, which allows a local user to modify the ownership of arbitrary files. ====================================================== Name: CVE-2000-0367 Status: Entry Reference: DEBIAN:19990218 Root exploit in eterm Reference: URL:http://www.debian.org/security/1999/19990218 Reference: XF:linux-eterm Vulnerability in eterm 0.8.8 in Debian GNU/Linux allows an attacker to gain root privileges. ====================================================== Name: CVE-2000-0368 Status: Entry Reference: CISCO:19981014 Cisco IOS Command History Release at Login Prompt Reference: URL:http://www.cisco.com/warp/public/770/ioshist-pub.shtml Reference: CIAC:J-009 Reference: URL:http://www.ciac.org/ciac/bulletins/j-009.shtml Classic Cisco IOS 9.1 and later allows attackers with access to the loging prompt to obtain portions of the command history of previous users, which may allow the attacker to access sensitive data. ====================================================== Name: CVE-2000-0369 Status: Entry Reference: CALDERA:CSSA-1999-029.1 Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-029.1.txt Reference: BID:1266 Reference: URL:http://www.securityfocus.com/bid/1266 Reference: XF:caldera-ident-server-dos The IDENT server in Caldera Linux 2.3 creates multiple threads for each IDENT request, which allows remote attackers to cause a denial of service. ====================================================== Name: CVE-2000-0370 Status: Entry Reference: CALDERA:CSSA-1999-001.0 Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-001.0.txt Reference: BID:1268 Reference: URL:http://www.securityfocus.com/bid/1268 Reference: XF:caldera-smail-rmail-command The debug option in Caldera Linux smail allows remote attackers to execute commands via shell metacharacters in the -D option for the rmail command. ====================================================== Name: CVE-2000-0371 Status: Entry Reference: CALDERA:CSSA-1999-005.0 Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-005.0.txt Reference: BID:1269 Reference: URL:http://www.securityfocus.com/bid/1269 Reference: XF:kde-mediatool The libmediatool library used for the KDE mediatool allows local users to create arbitrary files via a symlink attack. ====================================================== Name: CVE-2000-0372 Status: Entry Reference: CALDERA:CSSA-1999-014.0 Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-014.0.txt Reference: XF:linux-rmt Reference: URL:http://xforce.iss.net/static/2268.php Reference: OSVDB:7940 Reference: URL:http://www.osvdb.org/7940 Vulnerability in Caldera rmt command in the dump package 0.4b4 allows a local user to gain root privileges. ====================================================== Name: CVE-2000-0373 Status: Entry Reference: CALDERA:CSSA-1999-015.0 Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-015.0.txt Reference: REDHAT:RHSA-1999:015-01 Reference: URL:http://www.redhat.com/support/errata/RHSA1999015_01.html Reference: XF:kde-kvt Reference: URL:http://xforce.iss.net/static/2266.php Vulnerabilities in the KDE kvt terminal program allow local users to gain root privileges. ====================================================== Name: CVE-2000-0374 Status: Entry Reference: CALDERA:CSSA-1999-021.0 Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-021.0.txt Reference: MANDRAKE:MDKSA-2002:025 Reference: URL:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:025 Reference: BID:1446 Reference: URL:http://www.securityfocus.com/bid/1446 Reference: XF:xdmcp-kdm-default-configuration(4856) Reference: URL:http://xforce.iss.net/xforce/xfdb/4856 The default configuration of kdm in Caldera and Mandrake Linux, and possibly other distributions, allows XDMCP connections from any host, which allows remote attackers to obtain sensitive information or bypass additional access restrictions. ====================================================== Name: CVE-2000-0375 Status: Entry Reference: FREEBSD:FreeBSD-SA-99:04 Reference: OSVDB:6084 Reference: URL:http://www.osvdb.org/6084 The kernel in FreeBSD 3.2 follows symbolic links when it creates core dump files, which allows local attackers to modify arbitrary files. ====================================================== Name: CVE-2000-0376 Status: Entry Reference: ISS:20000607 Buffer Overflow in i-drive Filo (tm) software Reference: BID:1324 Reference: URL:http://www.securityfocus.com/bid/1324 Reference: XF:idrive-filo-bo Buffer overflow in the HTTP proxy server for the i-drive Filo software allows remote attackers to execute arbitrary commands via a long HTTP GET request. ====================================================== Name: CVE-2000-0377 Status: Entry Reference: MS:MS00-040 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-040.asp Reference: MSKB:Q264684 Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=264684 Reference: XF:nt-registry-request-dos Reference: BID:1331 Reference: URL:http://www.securityfocus.com/bid/1331 Reference: OVAL:oval:org.mitre.oval:def:1021 Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1021 The Remote Registry server in Windows NT 4.0 allows local authenticated users to cause a denial of service via a malformed request, which causes the winlogon process to fail, aka the "Remote Registry Access Authentication" vulnerability. ====================================================== Name: CVE-2000-0378 Status: Entry Reference: BUGTRAQ:20000502 pam_console bug Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0023.html Reference: BID:1176 Reference: URL:http://www.securityfocus.com/bid/1176 Reference: XF:linux-pam-sniff-activities The pam_console PAM module in Linux systems performs a chown on various devices upon a user login, but an open file descriptor for those devices can be maintained after the user logs out, which allows that user to sniff activity on these devices when subsequent users log in. ====================================================== Name: CVE-2000-0379 Status: Entry Reference: BUGTRAQ:20000507 Advisory: Netopia R9100 router vulnerability Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200005082054.NAA32590@linux.mtndew.com Reference: CONFIRM:http://www.netopia.com/equipment/purchase/fmw_update.html Reference: BID:1177 Reference: URL:http://www.securityfocus.com/bid/1177 Reference: XF:netopia-snmp-comm-strings The Netopia R9100 router does not prevent authenticated users from modifying SNMP tables, even if the administrator has configured it to do so. ====================================================== Name: CVE-2000-0380 Status: Entry Reference: BUGTRAQ:20000426 Cisco HTTP possible bug: Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0261.html Reference: CISCO:20000514 Cisco IOS HTTP Server Vulnerability Reference: URL:http://www.cisco.com/warp/public/707/ioshttpserver-pub.shtml Reference: XF:cisco-ios-http-dos Reference: BID:1154 Reference: URL:http://www.securityfocus.com/bid/1154 Reference: OSVDB:1302 Reference: URL:http://www.osvdb.org/1302 The IOS HTTP service in Cisco routers and switches running IOS 11.1 through 12.1 allows remote attackers to cause a denial of service by requesting a URL that contains a %% string. ====================================================== Name: CVE-2000-0381 Status: Entry Reference: BUGTRAQ:20000505 Black Watch Labs Vulnerability Alert Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0067.html Reference: MISC:http://www.perfectotech.com/blackwatchlabs/vul5_05.html Reference: XF:http-cgi-dbman-db Reference: BID:1178 Reference: URL:http://www.securityfocus.com/bid/1178 The Gossamer Threads DBMan db.cgi CGI script allows remote attackers to view environmental variables and setup information by referencing a non-existing database in the db parameter. ====================================================== Name: CVE-2000-0382 Status: Entry Reference: ALLAIRE:ASB00-12 Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=15697&Method=Full Reference: BID:1179 Reference: URL:http://www.securityfocus.com/bid/1179 Reference: XF:allaire-clustercats-url-redirect ColdFusion ClusterCATS appends stale query string arguments to a URL during HTML redirection, which may provide sensitive information to the redirected site. ====================================================== Name: CVE-2000-0387 Status: Entry Reference: FREEBSD:FreeBSD-SA-00:16 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:16.golddig.asc Reference: BID:1184 Reference: URL:http://www.securityfocus.com/bid/1184 Reference: XF:golddig-overwrite-files The makelev program in the golddig game from the FreeBSD ports collection allows local users to overwrite arbitrary files. ====================================================== Name: CVE-2000-0388 Status: Entry Reference: FREEBSD:FreeBSD-SA-00:17 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00%3A17.libmytinfo.asc Reference: BID:1185 Reference: URL:http://www.securityfocus.com/bid/1185 Reference: XF:libmytinfo-bo Buffer overflow in FreeBSD libmytinfo library allows local users to execute commands via a long TERMCAP environmental variable. ====================================================== Name: CVE-2000-0389 Status: Entry Reference: BUGTRAQ:20000516 BUFFER OVERRUN VULNERABILITIES IN KERBEROS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0184.html Reference: CERT:CA-2000-06 Reference: URL:http://www.cert.org/advisories/CA-2000-06.html Reference: FREEBSD:FreeBSD-SA-00:20 Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-05/0295.html Reference: REDHAT:RHSA-2000:025 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-025.html Reference: XF:kerberos-krb-rd-req-bo Reference: BID:1220 Reference: URL:http://www.securityfocus.com/bid/1220 Buffer overflow in krb_rd_req function in Kerberos 4 and 5 allows remote attackers to gain root privileges. ====================================================== Name: CVE-2000-0390 Status: Entry Reference: BUGTRAQ:20000516 BUFFER OVERRUN VULNERABILITIES IN KERBEROS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0184.html Reference: CERT:CA-2000-06 Reference: URL:http://www.cert.org/advisories/CA-2000-06.html Reference: FREEBSD:FreeBSD-SA-00:20 Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-05/0295.html Reference: REDHAT:RHSA-2000:025 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-025.html Reference: BID:1220 Reference: URL:http://www.securityfocus.com/bid/1220 Reference: XF:kerberos-krb425-conv-principal-bo Reference: OSVDB:4884 Reference: URL:http://www.osvdb.org/4884 Buffer overflow in krb425_conv_principal function in Kerberos 5 allows remote attackers to gain root privileges. ====================================================== Name: CVE-2000-0391 Status: Entry Reference: BUGTRAQ:20000516 BUFFER OVERRUN VULNERABILITIES IN KERBEROS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0184.html Reference: CERT:CA-2000-06 Reference: URL:http://www.cert.org/advisories/CA-2000-06.html Reference: FREEBSD:FreeBSD-SA-00:20 Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-05/0295.html Reference: REDHAT:RHSA-2000:025 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-025.html Reference: XF:kerberos-krshd-bo Reference: BID:1220 Reference: URL:http://www.securityfocus.com/bid/1220 Reference: OSVDB:4876 Reference: URL:http://www.osvdb.org/4876 Buffer overflow in krshd in Kerberos 5 allows remote attackers to gain root privileges. ====================================================== Name: CVE-2000-0392 Status: Entry Reference: BUGTRAQ:20000516 BUFFER OVERRUN VULNERABILITIES IN KERBEROS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0184.html Reference: CERT:CA-2000-06 Reference: URL:http://www.cert.org/advisories/CA-2000-06.html Reference: FREEBSD:FreeBSD-SA-00:20 Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-05/0295.html Reference: REDHAT:RHSA-2000:025 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-025.html Reference: XF:kerberos-ksu-bo Reference: BID:1220 Reference: URL:http://www.securityfocus.com/bid/1220 Buffer overflow in ksu in Kerberos 5 allows local users to gain root privileges. ====================================================== Name: CVE-2000-0393 Status: Entry Reference: BUGTRAQ:20000516 kscd vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0172.html Reference: SUSE:20000529 kmulti <= 1.1.2 Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_50.html Reference: XF:kscd-shell-env-variable Reference: BID:1206 Reference: URL:http://www.securityfocus.com/bid/1206 The KDE kscd program does not drop privileges when executing a program specified in a user's SHELL environmental variable, which allows the user to gain privileges by specifying an alternate program to execute. ====================================================== Name: CVE-2000-0394 Status: Entry Reference: BUGTRAQ:20000519 RFP2K05: NetProwler vs. RFProwler Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95878603510835&w=2 Reference: BUGTRAQ:20000522 RFP2K05 - NetProwler "Fragmentation" Issue Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=392AD3B3.3E9BE3EA@axent.com Reference: XF:axent-netprowler-ipfrag-dos Reference: BID:1225 Reference: URL:http://www.securityfocus.com/bid/1225 NetProwler 3.0 allows remote attackers to cause a denial of service by sending malformed IP packets that trigger NetProwler's Man-in-the-Middle signature. ====================================================== Name: CVE-2000-0395 Status: Entry Reference: BUGTRAQ:20000516 CProxy v3.3 SP 2 DoS Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=007d01bfbf48$e44f0e40$01dc11ac@peopletel.org Reference: XF:cproxy-http-dos Reference: BID:1213 Reference: URL:http://www.securityfocus.com/bid/1213 Buffer overflow in CProxy 3.3 allows remote users to cause a denial of service via a long HTTP request. ====================================================== Name: CVE-2000-0396 Status: Entry Reference: BUGTRAQ:20000524 Alert: Carello File Creation flaw Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0285.html Reference: BID:1245 Reference: URL:http://www.securityfocus.com/bid/1245 Reference: XF:carello-file-duplication The add.exe program in the Carello shopping cart software allows remote attackers to duplicate files on the server, which could allow the attacker to read source code for web scripts such as .ASP files. ====================================================== Name: CVE-2000-0397 Status: Entry Reference: BUGTRAQ:20000515 Vulnerability in EMURL-based e-mail providers Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0160.html Reference: XF:emurl-account-access Reference: BID:1203 Reference: URL:http://www.securityfocus.com/bid/1203 The EMURL web-based email account software encodes predictable identifiers in user session URLs, which allows a remote attacker to access a user's email account. ====================================================== Name: CVE-2000-0398 Status: Entry Reference: BUGTRAQ:20000524 Alert: Buffer overflow in Rockliffe's MailSite Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0286.html Reference: BID:1244 Reference: URL:http://www.securityfocus.com/bid/1244 Reference: XF:mailsite-get-overflow Buffer overflow in wconsole.dll in Rockliffe MailSite Management Agent allows remote attackers to execute arbitrary commands via a long query_string parameter in the HTTP GET request. ====================================================== Name: CVE-2000-0399 Status: Entry Reference: BUGTRAQ:20000524 Deerfield Communications MDaemon Mail Server DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0301.html Reference: XF:deerfield-mdaemon-dos Reference: BID:1250 Reference: URL:http://www.securityfocus.com/bid/1250 Buffer overflow in MDaemon POP server allows remote attackers to cause a denial of service via a long user name. ====================================================== Name: CVE-2000-0402 Status: Entry Reference: MS:MS00-035 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-035.asp Reference: MSKB:Q263968 Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=263968 Reference: BID:1281 Reference: URL:http://www.securityfocus.com/bid/1281 Reference: XF:mssql-agent-stored-pw Reference: XF:mssql-sa-pw-in-sqlsplog The Mixed Mode authentication capability in Microsoft SQL Server 7.0 stores the System Administrator (sa) account in plaintext in a log file which is readable by any user, aka the "SQL Server 7.0 Service Pack Password" vulnerability. ====================================================== Name: CVE-2000-0403 Status: Entry Reference: MS:MS00-036 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-036.asp Reference: MSKB:Q263307 Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=263307 Reference: XF:win-browser-hostannouncement Reference: BID:1261 Reference: URL:http://www.securityfocus.com/bid/1261 The CIFS Computer Browser service on Windows NT 4.0 allows a remote attacker to cause a denial of service by sending a large number of host announcement requests to the master browse tables, aka the "HostAnnouncement Flooding" or "HostAnnouncement Frame" vulnerability. ====================================================== Name: CVE-2000-0404 Status: Entry Reference: MS:MS00-036 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-036.asp Reference: MSKB:Q262694 Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=262694 Reference: BID:1262 Reference: URL:http://www.securityfocus.com/bid/1262 Reference: XF:win-browser-reset-frame The CIFS Computer Browser service allows remote attackers to cause a denial of service by sending a ResetBrowser frame to the Master Browser, aka the "ResetBrowser Frame" vulnerability. ====================================================== Name: CVE-2000-0405 Status: Entry Reference: L0PHT:20000515 AntiSniff version 1.01 and Researchers version 1 DNS overflow Reference: URL:http://www.l0pht.com/advisories/asniff_advisory.txt Reference: BID:1207 Reference: URL:http://www.securityfocus.com/bid/1207 Reference: XF:antisniff-dns-overflow Reference: OSVDB:3179 Reference: URL:http://www.osvdb.org/3179 Buffer overflow in L0pht AntiSniff allows remote attackers to execute arbitrary commands via a malformed DNS response packet. ====================================================== Name: CVE-2000-0406 Status: Entry Reference: MISC:http://www.acrossecurity.com/aspr/ASPR-2000-04-06-1-PUB.txt Reference: CERT:CA-2000-05 Reference: URL:http://www.cert.org/advisories/CA-2000-05.html Reference: REDHAT:RHSA-2000:028 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-028.html Reference: BID:1188 Reference: URL:http://www.securityfocus.com/bid/1188 Reference: XF:netscape-invalid-ssl-sessions Netscape Communicator before version 4.73 and Navigator 4.07 do not properly validate SSL certificates, which allows remote attackers to steal information by redirecting traffic from a legitimate web server to their own malicious server, aka the "Acros-Suencksen SSL" vulnerability. ====================================================== Name: CVE-2000-0407 Status: Entry Reference: BUGTRAQ:20000512 New Solaris root exploit for /usr/lib/lp/bin/netpr Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0141.html Reference: XF:sol-netpr-bo Reference: BID:1200 Reference: URL:http://www.securityfocus.com/bid/1200 Buffer overflow in Solaris netpr program allows local users to execute arbitrary commands via a long -p option. ====================================================== Name: CVE-2000-0408 Status: Entry Reference: MISC:http://www.ussrback.com/labs40.html Reference: MS:MS00-030 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-030.asp Reference: MSKB:Q260205 Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=260205 Reference: XF:iis-url-extension-data-dos Reference: BID:1190 Reference: URL:http://www.securityfocus.com/bid/1190 IIS 4.05 and 5.0 allow remote attackers to cause a denial of service via a long, complex URL that appears to contain a large number of file extensions, aka the "Malformed Extension Data in URL" vulnerability. ====================================================== Name: CVE-2000-0409 Status: Entry Reference: BUGTRAQ:20000510 Possible symlink problems with Netscape 4.73 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0126.html Reference: BID:1201 Reference: URL:http://www.securityfocus.com/bid/1201 Reference: XF:netscape-import-certificate-symlink Netscape 4.73 and earlier follows symlinks when it imports a new certificate, which allows local users to overwrite files of the user importing the certificate. ====================================================== Name: CVE-2000-0410 Status: Entry Reference: NTBUGTRAQ:20000510 Cold Fusion Server 4.5.1 DoS Vulnerability. Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0005&L=ntbugtraq&F=&S=&P=4843 Reference: XF:coldfusion-cfcache-dos Reference: BID:1192 Reference: URL:http://www.securityfocus.com/bid/1192 ColdFusion Server 4.5.1 allows remote attackers to cause a denial of service by making repeated requests to a CFCACHE tagged cache file that is not stored in memory. ====================================================== Name: CVE-2000-0411 Status: Entry Reference: BUGTRAQ:20000510 Black Watch Labs Vulnerability Alert Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0125.html Reference: MISC:http://www.perfectotech.com/blackwatchlabs/vul5_10.html Reference: XF:http-cgi-formmail-environment Reference: BID:1187 Reference: URL:http://www.securityfocus.com/bid/1187 Matt Wright's FormMail CGI script allows remote attackers to obtain environmental variables via the env_report parameter. ====================================================== Name: CVE-2000-0414 Status: Entry Reference: HP:HPSBUX0005-113 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0047.html Reference: XF:hp-shutdown-privileges Reference: BID:1214 Reference: URL:http://www.securityfocus.com/bid/1214 Vulnerability in shutdown command for HP-UX 11.X and 10.X allows allows local users to gain privileges via malformed input variables. ====================================================== Name: CVE-2000-0416 Status: Entry Reference: BUGTRAQ:20000511 NTMail Proxy Exploit Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NABBJLKKPKIHDIMKFKGCMEFANMAB.georger@nls.net Reference: CONFIRM:http://www.gordano.com/support/archives/ntmail/2000-05/00001114.htm Reference: XF:ntmail-bypass-proxy Reference: BID:1196 Reference: URL:http://www.securityfocus.com/bid/1196 NTMail 5.x allows network users to bypass the NTMail proxy restrictions by redirecting their requests to NTMail's web configuration server. ====================================================== Name: CVE-2000-0417 Status: Entry Reference: BUGTRAQ:20000505 Cayman 3220-H DSL Router DOS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0075.html Reference: BUGTRAQ:20000523 Cayman 3220H DSL Router Software Update and New Bonus Attack Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0280.html Reference: XF:cayman-router-dos Reference: BID:1219 Reference: URL:http://www.securityfocus.com/bid/1219 The HTTP administration interface to the Cayman 3220-H DSL router allows remote attackers to cause a denial of service via a long username or password. ====================================================== Name: CVE-2000-0418 Status: Entry Reference: BUGTRAQ:20000523 Cayman 3220H DSL Router Software Update and New Bonus Attack Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0280.html Reference: XF:cayman-dsl-dos Reference: BID:1240 Reference: URL:http://www.securityfocus.com/bid/1240 The Cayman 3220-H DSL router allows remote attackers to cause a denial of service via oversized ICMP echo (ping) requests. ====================================================== Name: CVE-2000-0419 Status: Entry Reference: MS:MS00-034 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-034.asp Reference: MSKB:Q262767 Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=262767 Reference: CERT:CA-2000-07 Reference: URL:http://www.cert.org/advisories/CA-2000-07.html Reference: BID:1197 Reference: URL:http://www.securityfocus.com/bid/1197 Reference: XF:office-ua-control The Office 2000 UA ActiveX Control is marked as "safe for scripting," which allows remote attackers to conduct unauthorized activities via the "Show Me" function in Office Help, aka the "Office 2000 UA Control" vulnerability. ====================================================== Name: CVE-2000-0421 Status: Entry Reference: BUGTRAQ:20000510 Advisory: Unchecked system(blaat $var blaat) call in Bugzilla 2.8 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0128.html Reference: XF:bugzilla-unchecked-system-call Reference: BID:1199 Reference: URL:http://www.securityfocus.com/bid/1199 The process_bug.cgi script in Bugzilla allows remote attackers to execute arbitrary commands via shell metacharacters. ====================================================== Name: CVE-2000-0424 Status: Entry Reference: BUGTRAQ:20000514 Vulnerability in CGI counter 4.0.7 by George Burgyan Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200005151024.aa01811@blaze.arl.mil Reference: BID:1202 Reference: URL:http://www.securityfocus.com/bid/1202 Reference: XF:http-cgi-burgyan-counter The CGI counter 4.0.7 by George Burgyan allows remote attackers to execute arbitrary commands via shell metacharacters. ====================================================== Name: CVE-2000-0425 Status: Entry Reference: CONFIRM:http://www.lsoft.com/news/default.asp?item=Advisory0 Reference: BUGTRAQ:20000505 Alert: Listserv Web Archives (wa) buffer overflow Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0048.html Reference: XF:http-cgi-listserv-wa-bo Reference: BID:1167 Reference: URL:http://www.securityfocus.com/bid/1167 Buffer overflow in the Web Archives component of L-Soft LISTSERV 1.8 allows remote attackers to execute arbitrary commands. ====================================================== Name: CVE-2000-0426 Status: Entry Reference: BUGTRAQ:20000505 Re: Fun with UltraBoard V1.6X Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0059.html Reference: BID:1175 Reference: URL:http://www.securityfocus.com/bid/1175 Reference: XF:ultraboard-cgi-dos UltraBoard 1.6 and other versions allow remote attackers to cause a denial of service by referencing UltraBoard in the Session parameter, which causes UltraBoard to fork copies of itself. ====================================================== Name: CVE-2000-0427 Status: Entry Reference: L0PHT:20000504 eToken Private Information Extraction and Physical Attack Reference: URL:http://www.l0pht.com/advisories/etoken-piepa.txt Reference: XF:aladdin-etoken-pin-reset Reference: BID:1170 Reference: URL:http://www.securityfocus.com/bid/1170 Reference: OSVDB:3266 Reference: URL:http://www.osvdb.org/3266 The Aladdin Knowledge Systems eToken device allows attackers with physical access to the device to obtain sensitive information without knowing the PIN of the owner by resetting the PIN in the EEPROM. ====================================================== Name: CVE-2000-0428 Status: Entry Reference: NAI:20000503 Trend Micro InterScan VirusWall Remote Overflow Reference: URL:http://www.nai.com/nai_labs/asp_set/advisory/39_Trend.asp Reference: BID:1168 Reference: URL:http://www.securityfocus.com/bid/1168 Reference: XF:interscan-viruswall-bo Buffer overflow in the SMTP gateway for InterScan Virus Wall 3.32 and earlier allows a remote attacker to execute arbitrary commands via a long filename for a uuencoded attachment. ====================================================== Name: CVE-2000-0430 Status: Entry Reference: BUGTRAQ:20000503 Another interesting Cart32 command Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95738697301956&w=2 Reference: XF:cart32-expdate Reference: BID:1358 Reference: URL:http://www.securityfocus.com/bid/1358 Cart32 allows remote attackers to access sensitive debugging information by appending /expdate to the URL request. ====================================================== Name: CVE-2000-0431 Status: Entry Reference: BUGTRAQ:20000522 Problem with FrontPage on Cobalt RaQ2/RaQ3 Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000523100045.B11049@HiWAAY.net Reference: BUGTRAQ:20000525 Cobalt Networks - Security Advisory - Frontpage Reference: CONFIRM:http://archives.neohapsis.com/archives/bugtraq/2000-05/0305.html Reference: BID:1238 Reference: URL:http://www.securityfocus.com/bid/1238 Reference: XF:cobalt-cgiwrap-bypass Reference: OSVDB:1346 Reference: URL:http://www.osvdb.org/1346 Cobalt RaQ2 and RaQ3 does not properly set the access permissions and ownership for files that are uploaded via FrontPage, which allows attackers to bypass cgiwrap and modify files. ====================================================== Name: CVE-2000-0432 Status: Entry Reference: BUGTRAQ:20000516 Vuln in calender.pl (Matt Kruse calender script) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0173.html Reference: BID:1215 Reference: URL:http://www.securityfocus.com/bid/1215 Reference: XF:http-cgi-calendar-execute The calender.pl and the calendar_admin.pl calendar scripts by Matt Kruse allow remote attackers to execute arbitrary commands via shell metacharacters. ====================================================== Name: CVE-2000-0435 Status: Entry Reference: BUGTRAQ:20000516 Allmanage.pl Vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0167.html Reference: XF:http-cgi-allmanage-account-access Reference: BID:1217 Reference: URL:http://www.securityfocus.com/bid/1217 Reference: OSVDB:1337 Reference: URL:http://www.osvdb.org/1337 The allmanageup.pl file upload CGI script in the Allmanage Website administration software 2.6 can be called directly by remote attackers, which allows them to modify user accounts or web pages. ====================================================== Name: CVE-2000-0436 Status: Entry Reference: BUGTRAQ:20000522 MetaProducts Offline Explorer Directory Traversal Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0254.html Reference: CONFIRM:http://www.metaproducts.com/mpOE-HY.html Reference: BID:1231 Reference: URL:http://www.securityfocus.com/bid/1231 Reference: XF:offline-explorer-directory-traversal MetaProducts Offline Explorer 1.2 and earlier allows remote attackers to access arbitrary files via a .. (dot dot) attack. ====================================================== Name: CVE-2000-0437 Status: Entry Reference: CONFIRM:http://www.tis.com/support/cyberadvisory.html Reference: CONFIRM:http://www.pgp.com/jump/gauntlet_advisory.asp Reference: BUGTRAQ:20000522 Gauntlet CyberPatrol Buffer Overflow Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0249.html Reference: XF:gauntlet-cyberdaemon-bo Reference: BID:1234 Reference: URL:http://www.securityfocus.com/bid/1234 Reference: OSVDB:322 Reference: URL:http://www.osvdb.org/322 Buffer overflow in the CyberPatrol daemon "cyberdaemon" used in gauntlet and WebShield allows remote attackers to cause a denial of service or execute arbitrary commands. ====================================================== Name: CVE-2000-0438 Status: Entry Reference: BUGTRAQ:20000522 fdmount buffer overflow Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0245.html Reference: XF:linux-fdmount-bo Reference: BID:1239 Reference: URL:http://www.securityfocus.com/bid/1239 Buffer overflow in fdmount on Linux systems allows local users in the "floppy" group to execute arbitrary commands via a long mountpoint parameter. ====================================================== Name: CVE-2000-0439 Status: Entry Reference: BUGTRAQ:20000510 IE Domain Confusion Vulnerability Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000511135609.D7774@securityfocus.com Reference: BUGTRAQ:20000511 IE Domain Confusion Vulnerability is an Email problem also Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NDBBKGHPMKBKDDGLDEEHAEHMDIAA.rms2000@bellatlantic.net Reference: MS:MS00-033 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-033.asp Reference: BID:1194 Reference: URL:http://www.securityfocus.com/bid/1194 Reference: OSVDB:1326 Reference: URL:http://www.osvdb.org/1326 Reference: XF:ie-cookie-disclosure(4447) Reference: URL:http://xforce.iss.net/xforce/xfdb/4447 Internet Explorer 4.0 and 5.0 allows a malicious web site to obtain client cookies from another domain by including that domain name and escaped characters in a URL, aka the "Unauthorized Cookie Access" vulnerability. ====================================================== Name: CVE-2000-0440 Status: Entry Reference: NETBSD:NetBSD-SA2000-002 Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-002.txt.asc Reference: FREEBSD:FreeBSD-SA-00:23 Reference: BUGTRAQ:20000506 [NHC20000504a.0: NetBSD Panics when sent unaligned IP options] Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0088.html Reference: BID:1173 Reference: URL:http://www.securityfocus.com/bid/1173 Reference: XF:netbsd-unaligned-ip-options NetBSD 1.4.2 and earlier allows remote attackers to cause a denial of service by sending a packet with an unaligned IP timestamp option. ====================================================== Name: CVE-2000-0441 Status: Entry Reference: IBM:ERS-OAR-E01-2000:087.1 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0275.html Reference: BID:1241 Reference: URL:http://www.securityfocus.com/bid/1241 Reference: XF:aix-local-filesystem Vulnerability in AIX 3.2.x and 4.x allows local users to gain write access to files on locally or remotely mounted AIX filesystems. ====================================================== Name: CVE-2000-0442 Status: Entry Reference: BUGTRAQ:20000523 Qpopper 2.53 remote problem, user can gain gid=mail Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0267.html Reference: SUSE:20000608 pop <= 2000.3.4 Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_51.html Reference: BID:1242 Reference: URL:http://www.securityfocus.com/bid/1242 Reference: XF:qualcomm-qpopper-euidl Qpopper 2.53 and earlier allows local users to gain privileges via a formatting string in the From: header, which is processed by the euidl command. ====================================================== Name: CVE-2000-0443 Status: Entry Reference: BUGTRAQ:20000524 HP Web JetAdmin Version 5.6 Web interface Server Directory Traversal Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0281.html Reference: XF:hp-jetadmin-directory-traversal Reference: BID:1243 Reference: URL:http://www.securityfocus.com/bid/1243 Reference: OSVDB:1350 Reference: URL:http://www.osvdb.org/1350 The web interface server in HP Web JetAdmin 5.6 allows remote attackers to read arbitrary files via a .. (dot dot) attack. ====================================================== Name: CVE-2000-0445 Status: Entry Reference: BUGTRAQ:20000523 Key Generation Security Flaw in PGP 5.0 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0273.html Reference: CERT:CA-2000-09 Reference: URL:http://www.cert.org/advisories/CA-2000-09.html Reference: BID:1251 Reference: URL:http://www.securityfocus.com/bid/1251 Reference: XF:pgp-key-predictable Reference: OSVDB:1355 Reference: URL:http://www.osvdb.org/1355 The pgpk command in PGP 5.x on Unix systems uses an insufficiently random data source for non-interactive key pair generation, which may produce predictable keys. ====================================================== Name: CVE-2000-0446 Status: Entry Reference: BUGTRAQ:20000524 Remote xploit for MDBMS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0274.html Reference: XF:mdbms-bo Reference: BID:1252 Reference: URL:http://www.securityfocus.com/bid/1252 Buffer overflow in MDBMS database server allows remote attackers to execute arbitrary commands via a long string. ====================================================== Name: CVE-2000-0447 Status: Entry Reference: BUGTRAQ:20000525 DST2K0003 : Buffer Overrun in NAI WebShield SMTP v4.5.44 Managem ent Tool Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=6C740781F92BD411831F0090273A8AB806FD4A@exchange.servers.delphis.net Reference: XF:nai-webshield-bo Reference: BID:1254 Reference: URL:http://www.securityfocus.com/bid/1254 Reference: OSVDB:327 Reference: URL:http://www.osvdb.org/327 Buffer overflow in WebShield SMTP 4.5.44 allows remote attackers to execute arbitrary commands via a long configuration parameter to the WebShield remote management service. ====================================================== Name: CVE-2000-0448 Status: Entry Reference: BUGTRAQ:20000525 DST2K0003 : Buffer Overrun in NAI WebShield SMTP v4.5.44 Managem ent Tool Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=6C740781F92BD411831F0090273A8AB806FD4A@exchange.servers.delphis.net Reference: XF:nai-webshield-getconfig Reference: BID:1253 Reference: URL:http://www.securityfocus.com/bid/1253 Reference: OSVDB:326 Reference: URL:http://www.osvdb.org/326 The WebShield SMTP Management Tool version 4.5.44 does not properly restrict access to the management port when an IP address does not resolve to a hostname, which allows remote attackers to access the configuration via the GET_CONFIG command. ====================================================== Name: CVE-2000-0451 Status: Entry Reference: BUGTRAQ:20000518 Remote Dos attack against Intel express 8100 router Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0229.html Reference: XF:intel-8100-remote-dos Reference: BID:1228 Reference: URL:http://www.securityfocus.com/bid/1228 The Intel express 8100 ISDN router allows remote attackers to cause a denial of service via oversized or fragmented ICMP packets. ====================================================== Name: CVE-2000-0452 Status: Entry Reference: BUGTRAQ:20000518 Lotus ESMTP Service (Lotus Domino Release 5.0.1 (Intl)) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0219.html Reference: XF:lotus-domino-esmtp-bo Reference: BID:1229 Reference: URL:http://www.securityfocus.com/bid/1229 Reference: OSVDB:321 Reference: URL:http://www.osvdb.org/321 Buffer overflow in the ESMTP service of Lotus Domino Server 5.0.1 allows remote attackers to cause a denial of service via a long MAIL FROM command. ====================================================== Name: CVE-2000-0453 Status: Entry Reference: BUGTRAQ:20000518 Nasty XFree Xserver DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0223.html Reference: CALDERA:CSSA-2000-012.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2000-012.0.txt Reference: BID:1235 Reference: URL:http://www.securityfocus.com/bid/1235 XFree86 3.3.x and 4.0 allows a user to cause a denial of service via a negative counter value in a malformed TCP packet that is sent to port 6000. ====================================================== Name: CVE-2000-0454 Status: Entry Reference: BUGTRAQ:20000527 Mandrake 7.0: /usr/bin/cdrecord gid=80 (strike #2) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0367.html Reference: BUGTRAQ:20000603 [Gael Duval ] [Security Announce] cdrecord Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0434.html Reference: BUGTRAQ:20000607 Conectiva Linux Security Announcement - cdrecord Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0019.html Reference: BID:1265 Reference: URL:http://www.securityfocus.com/bid/1265 Reference: XF:linux-cdrecord-execute Buffer overflow in Linux cdrecord allows local users to gain privileges via the dev parameter. ====================================================== Name: CVE-2000-0455 Status: Entry Reference: NAI:20000529 Initialized Data Overflow in Xlock Reference: URL:http://www.nai.com/nai_labs/asp_set/advisory/41initialized.asp Reference: NETBSD:NetBSD-SA2000-003 Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-003.txt.asc Reference: TURBO:TLSA2000012-1 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0375.html Reference: BID:1267 Reference: URL:http://www.securityfocus.com/bid/1267 Reference: XF:xlock-bo-read-passwd Buffer overflow in xlockmore xlock program version 4.16 and earlier allows local users to read sensitive data from memory via a long -mode option. ====================================================== Name: CVE-2000-0456 Status: Entry Reference: NETBSD:NetBSD-SA2000-005 Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-005.txt.asc Reference: BID:1272 Reference: URL:http://www.securityfocus.com/bid/1272 Reference: XF:bsd-syscall-cpu-dos Reference: OSVDB:1365 Reference: URL:http://www.osvdb.org/1365 NetBSD 1.4.2 and earlier allows local users to cause a denial of service by repeatedly running certain system calls in the kernel which do not yield the CPU, aka "cpu-hog". ====================================================== Name: CVE-2000-0457 Status: Entry Reference: BUGTRAQ:20000511 Alert: IIS ism.dll exposes file contents Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95810120719608&w=2 Reference: MS:MS00-031 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-031.mspx Reference: BID:1193 Reference: URL:http://www.securityfocus.com/bid/1193 Reference: XF:iis-ism-file-access(4448) Reference: URL:http://xforce.iss.net/static/4448.php ISM.DLL in IIS 4.0 and 5.0 allows remote attackers to read file contents by requesting the file and appending a large number of encoded spaces (%20) and terminated with a .htr extension, aka the ".HTR File Fragment Reading" or "File Fragment Reading via .HTR" vulnerability. ====================================================== Name: CVE-2000-0458 Status: Entry Reference: BUGTRAQ:20000424 Two Problems in IMP 2 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95672120116627&w=2 Reference: BID:1360 Reference: URL:http://www.securityfocus.com/bid/1360 Reference: XF:imp-tmpfile-view The MSWordView application in IMP creates world-readable files in the /tmp directory, which allows other local users to read potentially sensitive information. ====================================================== Name: CVE-2000-0459 Status: Entry Reference: BUGTRAQ:20000424 Two Problems in IMP 2 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95672120116627&w=2 Reference: BID:1361 Reference: URL:http://www.securityfocus.com/bid/1361 Reference: XF:imp-wordfile-dos IMP does not remove files properly if the MSWordView application quits, which allows local users to cause a denial of service by filling up the disk space by requesting a large number of documents and prematurely stopping the request. ====================================================== Name: CVE-2000-0460 Status: Entry Reference: BUGTRAQ:20000526 KDE: /usr/bin/kdesud, gid = 0 exploit Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0353.html Reference: BID:1274 Reference: URL:http://www.securityfocus.com/bid/1274 Reference: XF:kde-display-environment-overflow Buffer overflow in KDE kdesud on Linux allows local uses to gain privileges via a long DISPLAY environmental variable. ====================================================== Name: CVE-2000-0461 Status: Entry Reference: OPENBSD:20000526 Reference: URL:http://www.openbsd.org/errata26.html#semconfig Reference: NETBSD:NetBSD-SA2000-004 Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-004.txt.asc Reference: FREEBSD:FreeBSD-SA-00:19 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:19.semconfig.asc Reference: XF:bsd-semaphore-dos Reference: BID:1270 Reference: URL:http://www.securityfocus.com/bid/1270 The undocumented semconfig system call in BSD freezes the state of semaphores, which allows local users to cause a denial of service of the semaphore system by using the semconfig call. ====================================================== Name: CVE-2000-0462 Status: Entry Reference: NETBSD:NetBSD-SA2000-006 Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-006.txt.asc Reference: BID:1273 Reference: URL:http://www.securityfocus.com/bid/1273 Reference: XF:netbsd-ftpchroot-parsing Reference: OSVDB:1366 Reference: URL:http://www.osvdb.org/1366 ftpd in NetBSD 1.4.2 does not properly parse entries in /etc/ftpchroot and does not chroot the specified users, which allows those users to access other files outside of their home directory. ====================================================== Name: CVE-2000-0463 Status: Entry Reference: BUGTRAQ:20000517 AUX Security Advisory on Be/OS 5.0 (DoS) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0197.html Reference: XF:beos-tcp-frag-dos Reference: BID:1222 Reference: URL:http://www.securityfocus.com/bid/1222 BeOS 5.0 allows remote attackers to cause a denial of service via fragmented TCP packets. ====================================================== Name: CVE-2000-0464 Status: Entry Reference: MS:MS00-033 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-033.asp Reference: MSKB:Q261257 Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=261257 Reference: XF:ie-malformed-component-attribute Reference: BID:1223 Reference: URL:http://www.securityfocus.com/bid/1223 Internet Explorer 4.x and 5.x allows remote attackers to execute arbitrary commands via a buffer overflow in the ActiveX parameter parsing capability, aka the "Malformed Component Attribute" vulnerability. ====================================================== Name: CVE-2000-0465 Status: Entry Reference: MS:MS00-033 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-033.asp Reference: MSKB:Q251108 Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=251108 Reference: MSKB:Q255676 Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=255676 Reference: BID:1224 Reference: URL:http://www.securityfocus.com/bid/1224 Reference: XF:ie-frame-domain-verification Internet Explorer 4.x and 5.x does properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files via the frame, aka the "Frame Domain Verification" vulnerability. ====================================================== Name: CVE-2000-0466 Status: Entry Reference: ISS:20000620 Insecure call of external program in AIX cdmount Reference: URL:http://xforce.iss.net/alerts/advise55.php Reference: XF:aix-cdmount-insecure-call Reference: BID:1384 Reference: URL:http://www.securityfocus.com/bid/1384 AIX cdmount allows local users to gain root privileges via shell metacharacters. ====================================================== Name: CVE-2000-0467 Status: Entry Reference: BUGTRAQ:20000614 Splitvt exploit Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0125.html Reference: DEBIAN:20000605a Reference: BID:1346 Reference: URL:http://www.securityfocus.com/bid/1346 Reference: XF:splitvt-screen-lock-bo Buffer overflow in Linux splitvt 1.6.3 and earlier allows local users to gain root privileges via a long password in the screen locking function. ====================================================== Name: CVE-2000-0468 Status: Entry Reference: BUGTRAQ:20000601 HP Security vulnerability in the man command Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.SOL.4.02.10006021014400.4779-100000@nofud.nwest.attws.com Reference: BID:1302 Reference: URL:http://www.securityfocus.com/bid/1302 Reference: XF:hp-man-file-overwrite man in HP-UX 10.20 and 11 allows local attackers to overwrite files via a symlink attack. ====================================================== Name: CVE-2000-0469 Status: Entry Reference: BUGTRAQ:20000613 CGI: Selena Sol's WebBanner ( Random Banner Generator ) Vulnerability Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-06-22&msg=ILENKALMCAFBLHBGEOFKGEJCCAAA.jwesterink@jwesterink.daxis.nl Reference: BUGTRAQ:20000620 Re: CGI: Selena Sol's WebBanner ( Random Banner Generator ) Vulnerability Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=4.2.0.58.20000620193604.00979950@mail.clark.net Reference: BID:1347 Reference: URL:http://www.securityfocus.com/bid/1347 Reference: XF:webbanner-input-validation-exe Selena Sol WebBanner 4.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack. ====================================================== Name: CVE-2000-0470 Status: Entry Reference: BUGTRAQ:20000601 Hardware Exploit - Gets network Down Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0398.html Reference: BID:1290 Reference: URL:http://www.securityfocus.com/bid/1290 Reference: XF:rompager-malformed-dos Reference: URL:http://xforce.iss.net/static/4588.php Allegro RomPager HTTP server allows remote attackers to cause a denial of service via a malformed authentication request. ====================================================== Name: CVE-2000-0471 Status: Entry Reference: BUGTRAQ:20000614 Vulnerability in Solaris ufsrestore Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0114.html Reference: SUNBUG:4339366 Reference: SUN:00210 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/210 Reference: CERT-VN:VU#36866 Reference: URL:http://www.kb.cert.org/vuls/id/36866 Reference: BID:1348 Reference: URL:http://www.securityfocus.com/bid/1348 Reference: OSVDB:1398 Reference: URL:http://www.osvdb.org/1398 Reference: XF:sol-ufsrestore-bo Reference: URL:http://xforce.iss.net/static/4711.php Buffer overflow in ufsrestore in Solaris 8 and earlier allows local users to gain root privileges via a long pathname. ====================================================== Name: CVE-2000-0472 Status: Entry Reference: BUGTRAQ:20000106 innd 2.2.2 remote buffer overflow Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0003.html Reference: CALDERA:CSSA-2000-016.0 Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-016.0.txt Reference: BUGTRAQ:20000707 inn update Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0097.html Reference: BUGTRAQ:20000721 [ANNOUNCE] INN 2.2.3 available Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0298.html Reference: BUGTRAQ:20000722 MDKSA-2000:023 inn update Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0330.html Reference: BID:1316 Reference: URL:http://www.securityfocus.com/bid/1316 Reference: XF:innd-cancel-overflow Reference: URL:http://xforce.iss.net/static/4615.php Buffer overflow in innd 2.2.2 allows remote attackers to execute arbitrary commands via a cancel request containing a long message ID. ====================================================== Name: CVE-2000-0474 Status: Entry Reference: BUGTRAQ:20000601 Remote DoS attack in Real Networks Real Server (Strike #2) Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0410.html Reference: BUGTRAQ:20000601 Remote DoS attack in RealServer: USSR-2000043 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0427.html Reference: BID:1288 Reference: URL:http://www.securityfocus.com/bid/1288 Reference: XF:realserver-malformed-remote-dos Reference: URL:http://xforce.iss.net/static/4587.php Real Networks RealServer 7.x allows remote attackers to cause a denial of service via a malformed request for a page in the viewsource directory. ====================================================== Name: CVE-2000-0475 Status: Entry Reference: MS:MS00-020 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-020.asp Reference: BID:1350 Reference: URL:http://www.securityfocus.com/bid/1350 Reference: XF:win2k-desktop-separation Reference: URL:http://xforce.iss.net/static/4714.php Windows 2000 allows a local user process to access another user's desktop within the same windows station, aka the "Desktop Separation" vulnerability. ====================================================== Name: CVE-2000-0477 Status: Entry Reference: BUGTRAQ:20000614 Vulnerabilities in Norton Antivirus for Exchange Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0136.html Reference: BID:1351 Reference: URL:http://www.securityfocus.com/bid/1351 Reference: XF:antivirus-nav-zip-bo Reference: URL:http://xforce.iss.net/static/4710.php Buffer overflow in Norton Antivirus for Exchange (NavExchange) allows remote attackers to cause a denial of service via a .zip file that contains long file names. ====================================================== Name: CVE-2000-0478 Status: Entry Reference: BUGTRAQ:20000614 Vulnerabilities in Norton Antivirus for Exchange Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0136.html Reference: BID:1351 Reference: URL:http://www.securityfocus.com/bid/1351 Reference: XF:antivirus-nav-fail-open Reference: URL:http://xforce.iss.net/static/4709.php Reference: OSVDB:6266 Reference: URL:http://www.osvdb.org/6266 In some cases, Norton Antivirus for Exchange (NavExchange) enters a "fail-open" state which allows viruses to pass through the server. ====================================================== Name: CVE-2000-0481 Status: Entry Reference: VULN-DEV:20000601 Kmail heap overflow Reference: URL:http://securityfocus.com/templates/archive.pike?list=82&date=2000-06-22&msg=00060200422401.01667@lez Reference: BID:1380 Reference: URL:http://www.securityfocus.com/bid/1380 Reference: XF:kde-kmail-attachment-dos Reference: URL:http://xforce.iss.net/static/4993.php Buffer overflow in KDE Kmail allows a remote attacker to cause a denial of service via an attachment with a long file name. ====================================================== Name: CVE-2000-0482 Status: Entry Reference: BUGTRAQ:20000605 FW-1 IP Fragmentation Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0473.html Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#IP_Fragmentation Reference: BID:1312 Reference: URL:http://www.securityfocus.com/bid/1312 Reference: XF:fw1-packet-fragment-dos Reference: URL:http://xforce.iss.net/static/4609.php Reference: OSVDB:1379 Reference: URL:http://www.osvdb.org/1379 Check Point Firewall-1 allows remote attackers to cause a denial of service by sending a large number of malformed fragmented IP packets. ====================================================== Name: CVE-2000-0483 Status: Entry Reference: BUGTRAQ:20000615 [Brian@digicool.com: [Zope] Zope security alert and 2.1.7 update [*important*]] Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0144.html Reference: CONFIRM:http://www.zope.org/Products/Zope/Hotfix_06_16_2000/security_alert Reference: REDHAT:RHSA-2000:038 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-038.html Reference: FREEBSD:FreeBSD-SA-00:38 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00%3A38.zope.asc Reference: BUGTRAQ:20000728 MDKSA-2000:026 Zope update Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0412.html Reference: BUGTRAQ:2000615 Conectiva Linux Security Announcement - ZOPE Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000616103807.A3768@conectiva.com.br Reference: BID:1354 Reference: URL:http://www.securityfocus.com/bid/1354 Reference: XF:zope-dtml-remote-modify Reference: URL:http://xforce.iss.net/static/4716.php The DocumentTemplate package in Zope 2.2 and earlier allows a remote attacker to modify DTMLDocuments or DTMLMethods without authorization. ====================================================== Name: CVE-2000-0484 Status: Entry Reference: BUGTRAQ:20000616 Remote DoS Attack in Small HTTP Server ver. 1.212 Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96113651713414&w=2 Reference: NTBUGTRAQ:20000616 Remote DoS Attack in Small HTTP Server ver. 1.212 Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=96151775004229&w=2 Reference: BID:1355 Reference: URL:http://www.securityfocus.com/bid/1355 Reference: XF:small-http-get-overflow-dos Reference: URL:http://xforce.iss.net/static/4692.php Buffer overflow in Small HTTP Server allows remote attackers to cause a denial of service via a long GET request. ====================================================== Name: CVE-2000-0485 Status: Entry Reference: BUGTRAQ:20000530 Fw: Steal Passwords Using SQL Server EM Reference: URL:http://www.securityfocus.com/archive/1/62771 Reference: MS:MS00-041 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-041.asp Reference: BID:1292 Reference: URL:http://www.securityfocus.com/bid/1292 Reference: XF:mssql-dts-reveal-passwords Reference: URL:http://xforce.iss.net/static/4582.php Microsoft SQL Server allows local users to obtain database passwords via the Data Transformation Service (DTS) package Properties dialog, aka the "DTS Password" vulnerability. ====================================================== Name: CVE-2000-0486 Status: Entry Reference: BUGTRAQ:20000530 An Analysis of the TACACS+ Protocol and its Implementations Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0369.html Reference: CONFIRM:http://archives.neohapsis.com/archives/bugtraq/2000-05/0370.html Reference: BID:1293 Reference: URL:http://www.securityfocus.com/bid/1293 Reference: XF:tacacsplus-packet-length-dos Reference: URL:http://xforce.iss.net/static/4985.php Buffer overflow in Cisco TACACS+ tac_plus server allows remote attackers to cause a denial of service via a malformed packet with a long length field. ====================================================== Name: CVE-2000-0488 Status: Entry Reference: BUGTRAQ:20000601 DST2K0007: Buffer Overrun in ITHouse Mail Server v1.04 Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q2/0148.html Reference: BID:1285 Reference: URL:http://www.securityfocus.com/bid/1285 Reference: XF:ithouse-rcpt-overflow(4580) Reference: URL:http://xforce.iss.net/static/4580.php Buffer overflow in ITHouse mail server 1.04 allows remote attackers to execute arbitrary commands via a long RCPT TO mail command. ====================================================== Name: CVE-2000-0489 Status: Entry Reference: BUGTRAQ:19990826 Local DoS in FreeBSD Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.9908270039010.16315-100000@thetis.deor.org Reference: BUGTRAQ:20000601 Local FreeBSD, Openbsd, NetBSD, DoS Vulnerability - Mac OS X affected Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NCBBKFKDOLAGKIAPMILPCEJLCEAA.labs@ussrback.com Reference: BID:622 Reference: URL:http://www.securityfocus.com/bid/622 Reference: XF:bsd-setsockopt-dos Reference: URL:http://xforce.iss.net/static/3298.php FreeBSD, NetBSD, and OpenBSD allow an attacker to cause a denial of service by creating a large number of socket pairs using the socketpair function, setting a large buffer size via setsockopt, then writing large buffers. ====================================================== Name: CVE-2000-0490 Status: Entry Reference: BUGTRAQ:20000601 Netwin's Dmail package Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0407.html Reference: CONFIRM:http://netwinsite.com/dmail/security.htm Reference: BID:1297 Reference: URL:http://www.securityfocus.com/bid/1297 Reference: XF:dmail-etrn-dos Reference: URL:http://xforce.iss.net/static/4579.php Buffer overflow in the NetWin DSMTP 2.7q in the NetWin dmail package allows remote attackers to execute arbitrary commands via a long ETRN request. ====================================================== Name: CVE-2000-0493 Status: Entry Reference: VULN-DEV:20000601 Vulnerability in SNTS Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2000-q2/0843.html Reference: BID:1289 Reference: URL:http://www.securityfocus.com/bid/1289 Reference: XF:timesync-bo-execute Reference: URL:http://xforce.iss.net/static/4602.php Buffer overflow in Simple Network Time Sync (SMTS) daemon allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long string. ====================================================== Name: CVE-2000-0494 Status: Entry Reference: BUGTRAQ:20000616 Veritas Volume Manager 3.0.x hole Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0151.html Reference: CONFIRM:http://seer.support.veritas.com/tnotes/volumeman/230053.htm Reference: BID:1356 Reference: URL:http://www.securityfocus.com/bid/1356 Reference: XF:veritas-volume-manager Veritas Volume Manager creates a world writable .server_pids file, which allows local users to add arbitrary commands into the file, which is then executed by the vmsa_server script. ====================================================== Name: CVE-2000-0495 Status: Entry Reference: MS:MS00-038 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-038.asp Reference: BID:1282 Reference: URL:http://www.securityfocus.com/bid/1282 Reference: XF:ms-malformed-media-dos Reference: URL:http://xforce.iss.net/static/4585.php Microsoft Windows Media Encoder allows remote attackers to cause a denial of service via a malformed request, aka the "Malformed Windows Media Encoder Request" vulnerability. ====================================================== Name: CVE-2000-0497 Status: Entry Reference: NTBUGTRAQ:20000612 IBM WebSphere JSP showcode vulnerability Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0263.html Reference: CONFIRM:http://www-4.ibm.com/software/webservers/appserv/efix.html Reference: BID:1328 Reference: URL:http://www.securityfocus.com/bid/1328 Reference: XF:websphere-jsp-source-read IBM WebSphere server 3.0.2 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case. ====================================================== Name: CVE-2000-0498 Status: Entry Reference: NTBUGTRAQ:20000608 Potential vulnerability in Unify eWave ServletExec Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0250.html Reference: BID:1328 Reference: URL:http://www.securityfocus.com/bid/1328 Reference: XF:ewave-servletexec-jsp-source-read(4649) Reference: URL:http://xforce.iss.net/static/4649.php Unify eWave ServletExec allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case. ====================================================== Name: CVE-2000-0499 Status: Entry Reference: NTBUGTRAQ:20000612 BEA WebLogic JSP showcode vulnerability Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0262.htm Reference: CONFIRM:http://developer.bea.com/alerts/security_000612.html Reference: BID:1328 Reference: URL:http://www.securityfocus.com/bid/1328 Reference: XF:weblogic-jsp-source-read Reference: URL:http://xforce.iss.net/static/4694.php The default configuration of BEA WebLogic 3.1.8 through 4.5.1 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case. ====================================================== Name: CVE-2000-0500 Status: Entry Reference: CONFIRM:http://www.weblogic.com/docs51/admindocs/http.html#file Reference: BUGTRAQ:20000621 BEA WebLogic /file/ showcode vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96161462915381&w=2 Reference: BID:1378 Reference: URL:http://www.securityfocus.com/bid/1378 Reference: XF:weblogic-file-source-read Reference: URL:http://xforce.iss.net/static/4775.php The default configuration of BEA WebLogic 5.1.0 allows a remote attacker to view source code of programs by requesting a URL beginning with /file/, which causes the default servlet to display the file without further processing. ====================================================== Name: CVE-2000-0501 Status: Entry Reference: NTBUGTRAQ:20000616 mdaemon 2.8.5.0 WinNT and Win9x remote DoS Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0277.html Reference: BID:1366 Reference: URL:http://www.securityfocus.com/bid/1366 Reference: XF:mdaemon-pass-dos Reference: URL:http://xforce.iss.net/static/4745.php Race condition in MDaemon 2.8.5.0 POP server allows local users to cause a denial of service by entering a UIDL command and quickly exiting the server. ====================================================== Name: CVE-2000-0502 Status: Entry Reference: BUGTRAQ:20000607 Mcafee Alerting DOS vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0038.html Reference: BID:1326 Reference: URL:http://www.securityfocus.com/bid/1326 Reference: XF:mcafee-alerting-dos(4641) Reference: URL:http://xforce.iss.net/static/4641.php Reference: OSVDB:6287 Reference: URL:http://www.osvdb.org/6287 Mcafee VirusScan 4.03 does not properly restrict access to the alert text file before it is sent to the Central Alert Server, which allows local users to modify alerts in an arbitrary fashion. ====================================================== Name: CVE-2000-0504 Status: Entry Reference: BUGTRAQ:20000619 XFree86: libICE DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0170.html Reference: CONFIRM:http://www.xfree86.org/security/ Reference: BID:1369 Reference: URL:http://www.securityfocus.com/bid/1369 Reference: XF:linux-libice-dos libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro. ====================================================== Name: CVE-2000-0505 Status: Entry Reference: BUGTRAQ:20000603 Re: IBM HTTP SERVER / APACHE Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.BSF.4.20.0006031912360.45740-100000@alive.znep.com Reference: BID:1284 Reference: URL:http://www.securityfocus.com/bid/1284 Reference: XF:ibm-http-file-retrieve Reference: URL:http://xforce.iss.net/static/4575.php The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters. ====================================================== Name: CVE-2000-0506 Status: Entry Reference: BUGTRAQ:20000609 Sendmail & procmail local root exploits on Linux kernel up to 2.2.16pre5 Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.21.0006090852340.3475-300000@alfa.elzabsoft.pl Reference: REDHAT:RHSA-2000:037 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-037.html Reference: TURBO:TLSA2000013-1 Reference: SGI:20000802-01-P Reference: URL:ftp://sgigate.sgi.com/security/20000802-01-P Reference: BUGTRAQ:20000609 Trustix Security Advisory Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0062.html Reference: BUGTRAQ:20000608 CONECTIVA LINUX SECURITY ANNOUNCEMENT - kernel Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0063.html Reference: BID:1322 Reference: URL:http://www.securityfocus.com/bid/1322 Reference: XF:linux-kernel-capabilities The "capabilities" feature in Linux before 2.2.16 allows local users to cause a denial of service or gain privileges by setting the capabilities to prevent a setuid program from dropping privileges, aka the "Linux kernel setuid/setcap vulnerability." ====================================================== Name: CVE-2000-0507 Status: Entry Reference: BUGTRAQ:20000601 DST2K0006: Denial of Service Possibility in Imate WebMail Server Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95990195708509&w=2 Reference: BID:1286 Reference: URL:http://www.securityfocus.com/bid/1286 Reference: XF:nt-webmail-dos Reference: URL:http://xforce.iss.net/static/4586.php Imate Webmail Server 2.5 allows remote attackers to cause a denial of service via a long HELO command. ====================================================== Name: CVE-2000-0508 Status: Entry Reference: BUGTRAQ:20000608 Remote DOS in linux rpc.lockd Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0073.html Reference: BID:1372 Reference: URL:http://www.securityfocus.com/bid/1372 Reference: XF:linux-lockd-remote-dos Reference: URL:http://xforce.iss.net/static/5050.php rpc.lockd in Red Hat Linux 6.1 and 6.2 allows remote attackers to cause a denial of service via a malformed request. ====================================================== Name: CVE-2000-0510 Status: Entry Reference: BUGTRAQ:20000620 CUPS DoS Bugs Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0188.html Reference: CONFIRM:ftp://ftp.easysw.com/pub/cups/1.0.5/cups-DoS.patch Reference: BID:1373 Reference: URL:http://www.securityfocus.com/bid/1373 Reference: XF:debian-cups-malformed-ipp Reference: URL:http://xforce.iss.net/static/4846.php CUPS (Common Unix Printing System) 1.04 and earlier allows remote attackers to cause a denial of service via a malformed IPP request. ====================================================== Name: CVE-2000-0511 Status: Entry Reference: BUGTRAQ:20000620 CUPS DoS Bugs Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0188.html Reference: CONFIRM:ftp://ftp.easysw.com/pub/cups/1.0.5/cups-DoS.patch Reference: BID:1373 Reference: URL:http://www.securityfocus.com/bid/1373 Reference: XF:debian-cups-posts Reference: URL:http://xforce.iss.net/static/4846.php CUPS (Common Unix Printing System) 1.04 and earlier allows remote attackers to cause a denial of service via a CGI POST request. ====================================================== Name: CVE-2000-0512 Status: Entry Reference: BUGTRAQ:20000620 CUPS DoS Bugs Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0188.html Reference: CONFIRM:ftp://ftp.easysw.com/pub/cups/1.0.5/cups-DoS.patch Reference: BID:1373 Reference: URL:http://www.securityfocus.com/bid/1373 Reference: XF:debian-cups-posts Reference: URL:http://xforce.iss.net/static/4846.php CUPS (Common Unix Printing System) 1.04 and earlier does not properly delete request files, which allows a remote attacker to cause a denial of service. ====================================================== Name: CVE-2000-0513 Status: Entry Reference: BUGTRAQ:20000620 CUPS DoS Bugs Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0188.html Reference: CONFIRM:ftp://ftp.easysw.com/pub/cups/1.0.5/cups-DoS.patch Reference: BID:1373 Reference: URL:http://www.securityfocus.com/bid/1373 Reference: XF:debian-cups-posts Reference: URL:http://xforce.iss.net/static/4846.php CUPS (Common Unix Printing System) 1.04 and earlier allows remote attackers to cause a denial of service by authenticating with a user name that does not exist or does not have a shadow password. ====================================================== Name: CVE-2000-0514 Status: Entry Reference: BUGTRAQ:20000614 Security Advisory: REMOTE ROOT VULNERABILITY IN GSSFTP DAEMON Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=ldvsnufao18.fsf@saint-elmos-fire.mit.edu Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/ftp.txt Reference: BID:1374 Reference: URL:http://www.securityfocus.com/bid/1374 Reference: XF:kerberos-gssftpd-dos Reference: URL:http://xforce.iss.net/static/4734.php Reference: OSVDB:4885 Reference: URL:http://www.osvdb.org/4885 GSSFTP FTP daemon in Kerberos 5 1.1.x does not properly restrict access to some FTP commands, which allows remote attackers to cause a denial of service, and local users to gain root privileges. ====================================================== Name: CVE-2000-0515 Status: Entry Reference: BUGTRAQ:20000607 [ Hackerslab bug_paper ] HP-UX SNMP daemon vulnerability Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200006070511.OAA05492@dogfoot.hackerslab.org Reference: BUGTRAQ:20000608 Re: HP-UX SNMP daemon vulnerability Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200006090640.XAA00779@hpchs.cup.hp.com Reference: BID:1327 Reference: URL:http://www.securityfocus.com/bid/1327 Reference: XF:hpux-snmp-daemon Reference: URL:http://xforce.iss.net/static/4643.php The snmpd.conf configuration file for the SNMP daemon (snmpd) in HP-UX 11.0 is world writable, which allows local users to modify SNMP configuration or gain privileges. ====================================================== Name: CVE-2000-0516 Status: Entry Reference: BUGTRAQ:20000606 Shiva Access Manager 5.0.0 Plaintext LDAP root password. Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0008.html Reference: BID:1329 Reference: URL:http://www.securityfocus.com/bid/1329 Reference: XF:shiva-plaintext-ldap-password Reference: URL:http://xforce.iss.net/static/4612.php When configured to store configuration information in an LDAP directory, Shiva Access Manager 5.0.0 stores the root DN (Distinguished Name) name and password in cleartext in a file that is world readable, which allows local users to compromise the LDAP server. ====================================================== Name: CVE-2000-0517 Status: Entry Reference: CERT:CA-2000-08 Reference: URL:http://www.cert.org/advisories/CA-2000-08.html Reference: BID:1260 Reference: URL:http://www.securityfocus.com/bid/1260 Reference: XF:netscape-ssl-certificate Reference: URL:http://xforce.iss.net/static/4550.php Netscape 4.73 and earlier does not properly warn users about a potentially invalid certificate if the user has previously accepted the certificate for a different web site, which could allow remote attackers to spoof a legitimate web site by compromising that site's DNS information. ====================================================== Name: CVE-2000-0518 Status: Entry Reference: MISC:http://www.acrossecurity.com/aspr/ASPR-1999-12-15-1-PUB.txt Reference: MS:MS00-039 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-039.asp Reference: CERT:CA-2000-10 Reference: URL:http://www.cert.org/advisories/CA-2000-10.html Reference: BID:1309 Reference: URL:http://www.securityfocus.com/bid/1309 Reference: XF:ie-invalid-frame-image-certificate Reference: URL:http://xforce.iss.net/static/4624.php Internet Explorer 4.x and 5.x does not properly verify all contents of an SSL certificate if a connection is made to the server via an image or a frame, aka one of two different "SSL Certificate Validation" vulnerabilities. ====================================================== Name: CVE-2000-0519 Status: Entry Reference: MISC:http://www.acrossecurity.com/aspr/ASPR-1999-12-15-1-PUB.txt Reference: MS:MS00-039 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-039.asp Reference: CERT:CA-2000-10 Reference: URL:http://www.cert.org/advisories/CA-2000-10.html Reference: BID:1309 Reference: URL:http://www.securityfocus.com/bid/1309 Reference: XF:ie-revalidate-certificate Reference: URL:http://xforce.iss.net/static/4627.php Internet Explorer 4.x and 5.x does not properly re-validate an SSL certificate if the user establishes a new SSL session with the same server during the same Internet Explorer session, aka one of two different "SSL Certificate Validation" vulnerabilities. ====================================================== Name: CVE-2000-0521 Status: Entry Reference: BUGTRAQ:20000605 MDMA Advisory #5: Reading of CGI Scripts under Savant Webserver Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0469.html Reference: BID:1313 Reference: URL:http://www.securityfocus.com/bid/1313 Reference: XF:savant-source-read Reference: URL:http://xforce.iss.net/static/4616.php Savant web server allows remote attackers to read source code of CGI scripts via a GET request that does not include the HTTP version number. ====================================================== Name: CVE-2000-0522 Status: Entry Reference: BUGTRAQ:20000608 Potential DoS Attack on RSA's ACE/Server Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=011a01bfd14c$3c206960$050010ac@xtranet.co.uk Reference: CONFIRM:ftp://ftp.securid.com/support/outgoing/dos/readme.txt Reference: BUGTRAQ:20000714 Re: RSA Aceserver UDP Flood Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0197.html Reference: BID:1332 Reference: URL:http://www.securityfocus.com/bid/1332 Reference: XF:aceserver-udp-packet-dos Reference: URL:http://xforce.iss.net/static/5053.php RSA ACE/Server allows remote attackers to cause a denial of service by flooding the server's authentication request port with UDP packets, which causes the server to crash. ====================================================== Name: CVE-2000-0523 Status: Entry Reference: BUGTRAQ:20000606 MDMA Advisory #6: EServ Logging Heap Overflow Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0009.html Reference: BID:1315 Reference: URL:http://www.securityfocus.com/bid/1315 Reference: XF:eserv-logging-overflow Reference: URL:http://xforce.iss.net/static/4614.php Buffer overflow in the logging feature of EServ 2.9.2 and earlier allows an attacker to execute arbitrary commands via a long MKD command. ====================================================== Name: CVE-2000-0525 Status: Entry Reference: BUGTRAQ:20000609 OpenSSH's UseLogin option allows remote access with root privilege. Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0065.html Reference: OPENBSD:20000606 The non-default UseLogin feature in /etc/sshd_config is broken and should not be used. Reference: URL:http://www.openbsd.org/errata.html#uselogin Reference: BID:1334 Reference: URL:http://www.securityfocus.com/bid/1334 Reference: XF:openssh-uselogin-remote-exec Reference: URL:http://xforce.iss.net/static/4646.php Reference: OSVDB:341 Reference: URL:http://www.osvdb.org/341 OpenSSH does not properly drop privileges when the UseLogin option is enabled, which allows local users to execute arbitrary commands by providing the command to the ssh daemon. ====================================================== Name: CVE-2000-0528 Status: Entry Reference: BUGTRAQ:20000619 Net Tools PKI server exploits Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0166.html Reference: CONFIRM:ftp://ftp.tis.com/gauntlet/hide/pki/hotfix.txt Reference: BID:1364 Reference: URL:http://www.securityfocus.com/bid/1364 Reference: XF:nettools-pki-unauthenticated-access Reference: URL:http://xforce.iss.net/static/4743.php Reference: OSVDB:4353 Reference: URL:http://www.osvdb.org/4353 Net Tools PKI Server does not properly restrict access to remote attackers when the XUDA template files do not contain absolute pathnames for other files. ====================================================== Name: CVE-2000-0529 Status: Entry Reference: BUGTRAQ:20000619 Net Tools PKI server exploits Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0166.html Reference: CONFIRM:ftp://ftp.tis.com/gauntlet/hide/pki/hotfix.txt Reference: BID:1363 Reference: URL:http://www.securityfocus.com/bid/1363 Reference: XF:nettools-pki-http-bo Reference: URL:http://xforce.iss.net/static/4744.php Reference: OSVDB:4352 Reference: URL:http://www.osvdb.org/4352 Net Tools PKI Server allows remote attackers to cause a denial of service via a long HTTP request. ====================================================== Name: CVE-2000-0530 Status: Entry Reference: BUGTRAQ:20000531 KDE::KApplication feature? Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0387.html Reference: CALDERA:CSSA-2000-015.0 Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-015.0.txt Reference: REDHAT:RHSA-2000:032 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-032.html Reference: BID:1291 Reference: URL:http://www.securityfocus.com/bid/1291 Reference: XF:kde-configuration-file-creation Reference: URL:http://xforce.iss.net/static/4583.php The KApplication class in the KDE 1.1.2 configuration file management capability allows local users to overwrite arbitrary files. ====================================================== Name: CVE-2000-0532 Status: Entry Reference: FREEBSD:FreeBSD-SA-00:21 Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-06/0031.html Reference: BID:1323 Reference: URL:http://www.securityfocus.com/bid/1323 Reference: XF:freebsd-ssh-ports Reference: URL:http://xforce.iss.net/static/4638.php Reference: OSVDB:1387 Reference: URL:http://www.osvdb.org/1387 A FreeBSD patch for SSH on 2000-01-14 configures ssh to listen on port 722 as well as port 22, which might allow remote attackers to access SSH through port 722 even if port 22 is otherwise filtered. ====================================================== Name: CVE-2000-0533 Status: Entry Reference: SGI:20000601-01-P Reference: URL:ftp://sgigate.sgi.com/security/20000601-01-P Reference: BID:1379 Reference: URL:http://www.securityfocus.com/bid/1379 Reference: XF:irix-workshop-cvconnect-overwrite Reference: URL:http://xforce.iss.net/static/4725.php Vulnerability in cvconnect in SGI IRIX WorkShop allows local users to overwrite arbitrary files. ====================================================== Name: CVE-2000-0534 Status: Entry Reference: FREEBSD:FreeBSD-SA-00:22 Reference: BID:1325 Reference: URL:http://www.securityfocus.com/bid/1325 Reference: XF:apsfilter-elevate-privileges Reference: URL:http://xforce.iss.net/static/4617.php Reference: OSVDB:1389 Reference: URL:http://www.osvdb.org/1389 The apsfilter software in the FreeBSD ports package does not properly read user filter configurations, which allows local users to execute commands as the lpd user. ====================================================== Name: CVE-2000-0536 Status: Entry Reference: CONFIRM:http://www.synack.net/xinetd/ Reference: DEBIAN:20000619 xinetd: bug in access control mechanism Reference: URL:http://www.debian.org/security/2000/20000619 Reference: BID:1381 Reference: URL:http://www.securityfocus.com/bid/1381 Reference: XF:xinetd-improper-restrictions Reference: URL:http://xforce.iss.net/static/4986.php xinetd 2.1.8.x does not properly restrict connections if hostnames are used for access control and the connecting host does not have a reverse DNS entry. ====================================================== Name: CVE-2000-0537 Status: Entry Reference: BUGTRAQ:20000606 BRU Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0013.html Reference: CALDERA:CSSA-2000-018.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-018.0.txt Reference: BID:1321 Reference: URL:http://www.securityfocus.com/bid/1321 Reference: XF:bru-execlog-env-variable Reference: URL:http://xforce.iss.net/static/4644.php BRU backup software allows local users to append data to arbitrary files by specifying an alternate configuration file with the BRUEXECLOG environmental variable. ====================================================== Name: CVE-2000-0538 Status: Entry Reference: BUGTRAQ:20000607 New Allaire ColdFusion DoS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96045469627806&w=2 Reference: ALLAIRE:ASB00-14 Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=16122&Method=Full Reference: BID:1314 Reference: URL:http://www.securityfocus.com/bid/1314 Reference: XF:coldfusion-parse-dos Reference: URL:http://xforce.iss.net/static/4611.php Reference: OSVDB:3399 Reference: URL:http://www.osvdb.org/3399 ColdFusion Administrator for ColdFusion 4.5.1 and earlier allows remote attackers to cause a denial of service via a long login password. ====================================================== Name: CVE-2000-0539 Status: Entry Reference: ALLAIRE:ASB00-015 Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=16290&Method=Full Reference: BID:1386 Reference: URL:http://www.securityfocus.com/bid/1386 Reference: XF:jrun-read-sample-files Reference: URL:http://xforce.iss.net/static/4774.php Reference: OSVDB:818 Reference: URL:http://www.osvdb.org/818 Servlet examples in Allaire JRun 2.3.x allow remote attackers to obtain sensitive information, e.g. listing HttpSession ID's via the SessionServlet servlet. ====================================================== Name: CVE-2000-0540 Status: Entry Reference: ALLAIRE:ASB00-015 Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=16290&Method=Full Reference: BID:1386 Reference: URL:http://www.securityfocus.com/bid/1386 Reference: XF:jrun-read-sample-files Reference: URL:http://xforce.iss.net/static/4774.php Reference: OSVDB:2713 Reference: URL:http://www.osvdb.org/2713 JSP sample files in Allaire JRun 2.3.x allow remote attackers to access arbitrary files (e.g. via viewsource.jsp) or obtain configuration information. ====================================================== Name: CVE-2000-0541 Status: Entry Reference: BUGTRAQ:20000617 Infosec.20000617.panda.a Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0164.html Reference: XF:panda-antivirus-remote-admin(4707) Reference: URL:http://xforce.iss.net/xforce/xfdb/4707 Reference: BID:1359 Reference: URL:http://www.securityfocus.com/bid/1359 The Panda Antivirus console on port 2001 allows local users to execute arbitrary commands without authentication via the CMD command. ====================================================== Name: CVE-2000-0542 Status: Entry Reference: BUGTRAQ:20000612 ACC/Ericsson Tigris Accounting Failure Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0104.html Reference: BID:1345 Reference: URL:http://www.securityfocus.com/bid/1345 Reference: XF:tigris-radius-login-failure Reference: URL:http://xforce.iss.net/static/4705.php Tigris remote access server before 11.5.4.22 does not properly record Radius accounting information when a user fails the initial login authentication but subsequently succeeds. ====================================================== Name: CVE-2000-0548 Status: Entry Reference: BUGTRAQ:20000609 Security Advisory: MULTIPLE DENIAL OF SERVICE VULNERABILITIES IN KRB4 KDC Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt Reference: REDHAT:RHSA-2000:031 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-031.html Reference: CERT:CA-2000-11 Reference: URL:http://www.cert.org/advisories/CA-2000-11.html Reference: CIAC:K-051 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/k-051.shtml Reference: XF:kerberos-emsg-bo Reference: OSVDB:4875 Reference: URL:http://www.osvdb.org/4875 Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the e_msg variable in the kerb_err_reply function. ====================================================== Name: CVE-2000-0549 Status: Entry Reference: BUGTRAQ:20000609 Security Advisory: MULTIPLE DENIAL OF SERVICE VULNERABILITIES IN KRB4 KDC Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt Reference: REDHAT:RHSA-2000:031 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-031.html Reference: CERT:CA-2000-11 Reference: URL:http://www.cert.org/advisories/CA-2000-11.html Reference: CIAC:K-051 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/k-051.shtml Kerberos 4 KDC program does not properly check for null termination of AUTH_MSG_KDC_REQUEST requests, which allows remote attackers to cause a denial of service via a malformed request. ====================================================== Name: CVE-2000-0550 Status: Entry Reference: BUGTRAQ:20000609 Security Advisory: MULTIPLE DENIAL OF SERVICE VULNERABILITIES IN KRB4 KDC Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt Reference: REDHAT:RHSA-2000:031 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-031.html Reference: CERT:CA-2000-11 Reference: URL:http://www.cert.org/advisories/CA-2000-11.html Reference: CIAC:K-051 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/k-051.shtml Reference: XF:kerberos-free-memory Reference: BID:1465 Reference: URL:http://www.securityfocus.com/bid/1465 Kerberos 4 KDC program improperly frees memory twice (aka "double-free"), which allows remote attackers to cause a denial of service. ====================================================== Name: CVE-2000-0551 Status: Entry Reference: BUGTRAQ:20000523 I think Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0339.html Reference: BID:1263 Reference: URL:http://www.securityfocus.com/bid/1263 Reference: XF:danware-netop-bypass-security(4569) Reference: URL:http://xforce.iss.net/static/4569.php The file transfer mechanism in Danware NetOp 6.0 does not provide authentication, which allows remote attackers to access and modify arbitrary files. ====================================================== Name: CVE-2000-0552 Status: Entry Reference: NTBUGTRAQ:20000606 ICQ2000A ICQmail temparary internet link vulnearbility Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0237.html Reference: BID:1307 Reference: URL:http://www.securityfocus.com/bid/1307 Reference: XF:icq-temp-link Reference: URL:http://xforce.iss.net/static/4607.php ICQwebmail client for ICQ 2000A creates a world readable temporary file during login and does not delete it, which allows local users to obtain sensitive information. ====================================================== Name: CVE-2000-0553 Status: Entry Reference: BUGTRAQ:20000525 Security Vulnerability in IPFilter 3.3.15 and 3.4.3 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0326.html Reference: BID:1308 Reference: URL:http://www.securityfocus.com/bid/1308 Reference: XF:ipfilter-firewall-race-condition Reference: URL:http://xforce.iss.net/static/4994.php Reference: OSVDB:1377 Reference: URL:http://www.osvdb.org/1377 Race condition in IPFilter firewall 3.4.3 and earlier, when configured with overlapping "return-rst" and "keep state" rules, allows remote attackers to bypass access restrictions. ====================================================== Name: CVE-2000-0555 Status: Entry Reference: NTBUGTRAQ:20000608 DST2K0010: DoS & Path Revealing Vulnerability in Ceilidh v2.60a Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0246.html Reference: BID:1320 Reference: URL:http://www.securityfocus.com/bid/1320 Reference: XF:ceilidh-post-dos Reference: URL:http://xforce.iss.net/static/4622.php Ceilidh allows remote attackers to cause a denial of service via a large number of POST requests. ====================================================== Name: CVE-2000-0556 Status: Entry Reference: NTBUGTRAQ:20000608 DST2K0011: DoS & BufferOverrun in CMail v2.4.7 WebMail Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0248.html Reference: CONFIRM:http://www.computalynx.net/news/Jun2000/news0806200001.html Reference: BID:1319 Reference: URL:http://www.securityfocus.com/bid/1319 Reference: XF:cmail-long-username-dos Reference: URL:http://xforce.iss.net/static/4625.php Buffer overflow in the web interface for Cmail 2.4.7 allows remote attackers to cause a denial of service by sending a large user name to the user dialog running on port 8002. ====================================================== Name: CVE-2000-0557 Status: Entry Reference: NTBUGTRAQ:20000608 DST2K0011: DoS & BufferOverrun in CMail v2.4.7 WebMail Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0248.html Reference: BID:1318 Reference: URL:http://www.securityfocus.com/bid/1318 Reference: XF:cmail-get-overflow-execute Reference: URL:http://xforce.iss.net/static/4626.php Buffer overflow in the web interface for Cmail 2.4.7 allows remote attackers to execute arbitrary commands via a long GET request. ====================================================== Name: CVE-2000-0558 Status: Entry Reference: NTBUGTRAQ:20000608 DST2K0012: BufferOverrun in HP Openview Network Node Manager v6.1 Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0249.html Reference: BID:1317 Reference: URL:http://www.securityfocus.com/bid/1317 Buffer overflow in HP Openview Network Node Manager 6.1 allows remote attackers to execute arbitrary commands via the Alarm service (OVALARMSRV) on port 2345. ====================================================== Name: CVE-2000-0561 Status: Entry Reference: BUGTRAQ:20000620 DST2K0018: Multiple BufferOverruns in WebBBS HTTP Server v1.15 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0175.html Reference: BID:1365 Reference: URL:http://www.securityfocus.com/bid/1365 Reference: XF:webbbs-get-request-overflow Reference: URL:http://xforce.iss.net/static/4742.php Reference: OSVDB:3544 Reference: URL:http://www.osvdb.org/3544 Buffer overflow in WebBBS 1.15 allows remote attackers to execute arbitrary commands via a long HTTP GET request. ====================================================== Name: CVE-2000-0565 Status: Entry Reference: BUGTRAQ:20000613 SmartFTP Daemon v0.2 Beta Build 9 - Remote Exploit Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0100.html Reference: BID:1344 Reference: URL:http://www.securityfocus.com/bid/1344 Reference: XF:smartftp-directory-traversal Reference: URL:http://xforce.iss.net/static/4706.php Reference: OSVDB:1394 Reference: URL:http://www.osvdb.org/1394 SmartFTP Daemon 0.2 allows a local user to access arbitrary files by uploading and specifying an alternate user configuration file via a .. (dot dot) attack. ====================================================== Name: CVE-2000-0566 Status: Entry Reference: ISS:20000712 Insecure temporary file handling in Linux makewhatis Reference: REDHAT:RHSA-2000:041 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-041.html Reference: CALDERA:CSSA-2000-021.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2000-021.0.txt Reference: MANDRAKE:MDKSA-2000:015 Reference: URL:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2000:015 Reference: BUGTRAQ:20000707 [Security Announce] man update Reference: BUGTRAQ:20000727 CONECTIVA LINUX SECURITY ANNOUNCEMENT - MAN Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0390.html Reference: BID:1434 Reference: URL:http://www.securityfocus.com/bid/1434 Reference: XF:linux-man-makewhatis-tmp Reference: URL:http://xforce.iss.net/static/4900.php makewhatis in Linux man package allows local users to overwrite files via a symlink attack. ====================================================== Name: CVE-2000-0567 Status: Entry Reference: MS:MS00-043 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-043.mspx Reference: BUGTRAQ:20000719 Buffer Overflow in MS Outlook Email Clients Reference: BUGTRAQ:20000719 Aaron Drew - Security Advisory: Buffer Overflow in MS Outlook & Outlook Express Email Clients Reference: BID:1481 Reference: URL:http://www.securityfocus.com/bid/1481 Reference: XF:outlook-date-overflow Reference: URL:http://xforce.iss.net/static/4953.php Buffer overflow in Microsoft Outlook and Outlook Express allows remote attackers to execute arbitrary commands via a long Date field in an email header, aka the "Malformed E-mail Header" vulnerability. ====================================================== Name: CVE-2000-0568 Status: Entry Reference: BUGTRAQ:20000630 Multiple vulnerabilities in Sybergen Secure Desktop Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=4125690E.00524395.00@guardianit.se Reference: XF:sybergen-routing-table-modify Reference: BID:1417 Reference: URL:http://www.securityfocus.com/bid/1417 Sybergen Secure Desktop 2.1 does not properly protect against false router advertisements (ICMP type 9), which allows remote attackers to modify default routes. ====================================================== Name: CVE-2000-0569 Status: Entry Reference: WIN2KSEC:20000630 Any LAN user can crash Sygate Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q2/0189.html Reference: BID:1420 Reference: URL:http://www.securityfocus.com/bid/1420 Reference: XF:sygate-udp-packet-dos(5049) Reference: URL:http://xforce.iss.net/static/5049.php Sybergen Sygate allows remote attackers to cause a denial of service by sending a malformed DNS UDP packet to its internal interface. ====================================================== Name: CVE-2000-0570 Status: Entry Reference: BUGTRAQ:20000627 DoS in FirstClass Internet Services 5.770 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0295.html Reference: XF:firstclass-large-bcc-dos(4843) Reference: URL:http://xforce.iss.net/static/4843.php Reference: BID:1421 Reference: URL:http://www.securityfocus.com/bid/1421 Reference: OSVDB:5718 Reference: URL:http://www.osvdb.org/5718 FirstClass Internet Services server 5.770, and other versions before 6.1, allows remote attackers to cause a denial of service by sending an email with a long To: mail header. ====================================================== Name: CVE-2000-0571 Status: Entry Reference: BUGTRAQ:20000703 Remote DoS Attack in LocalWEB HTTP Server 1.2.0 Vulnerability Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-07-8&msg=NCBBKFKDOLAGKIAPMILPCEIHCFAA.labs@ussrback.com Reference: BID:1423 Reference: URL:http://www.securityfocus.com/bid/1423 Reference: XF:localweb-get-bo Reference: URL:http://xforce.iss.net/static/4896.php LocalWEB HTTP server 1.2.0 allows remote attackers to cause a denial of service via a long GET request. ====================================================== Name: CVE-2000-0573 Status: Entry Reference: BUGTRAQ:20000622 WuFTPD: Providing *remote* root since at least1994 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96171893218000&w=2 Reference: BUGTRAQ:20000623 WUFTPD 2.6.0 remote root exploit Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96179429114160&w=2 Reference: BUGTRAQ:20000707 New Released Version of the WuFTPD Sploit Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96299933720862&w=2 Reference: BUGTRAQ:20000623 ftpd: the advisory version Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000623091822.3321.qmail@fiver.freemessage.com Reference: AUSCERT:AA-2000.02 Reference: URL:ftp://ftp.auscert.org.au/pub/auscert/advisory/AA-2000.02 Reference: CERT:CA-2000-13 Reference: URL:http://www.cert.org/advisories/CA-2000-13.html Reference: DEBIAN:20000623 Reference: CALDERA:CSSA-2000-020.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-020.0.txt Reference: REDHAT:RHSA-2000:039 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-039.html Reference: BUGTRAQ:20000723 CONECTIVA LINUX SECURITY ANNOUNCEMENT - WU-FTPD (re-release) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0244.html Reference: BUGTRAQ:20000702 [Security Announce] wu-ftpd update Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0017.html Reference: BUGTRAQ:20000929 [slackware-security] wuftpd vulnerability - Slackware 4.0, 7.0, 7.1, -current Reference: FREEBSD:FreeBSD-SA-00:29 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:29.wu-ftpd.asc.v1.1 Reference: NETBSD:NetBSD-SA2000-009 Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2000-009.txt.asc Reference: XF:wuftp-format-string-stack-overwrite Reference: BID:1387 Reference: URL:http://www.securityfocus.com/bid/1387 Reference: XF:wuftp-format-string-stack-overwrite(4773) Reference: URL:http://xforce.iss.net/xforce/xfdb/4773 The lreply function in wu-ftpd 2.6.0 and earlier does not properly cleanse an untrusted format string, which allows remote attackers to execute arbitrary commands via the SITE EXEC command. ====================================================== Name: CVE-2000-0575 Status: Entry Reference: BUGTRAQ:20000630 Kerberos security vulnerability in SSH-1.2.27 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96256265914116&w=2 Reference: BID:1426 Reference: URL:http://www.securityfocus.com/bid/1426 Reference: XF:ssh-kerberos-tickets-disclosure(4903) Reference: URL:http://xforce.iss.net/static/4903.php SSH 1.2.27 with Kerberos authentication support stores Kerberos tickets in a file which is created in the current directory of the user who is logging in, which could allow remote attackers to sniff the ticket cache if the home directory is installed on NFS. ====================================================== Name: CVE-2000-0576 Status: Entry Reference: BUGTRAQ:20000704 Oracle Web Listener for AIX DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0027.html Reference: BID:1427 Reference: URL:http://www.securityfocus.com/bid/1427 Oracle Web Listener for AIX versions 4.0.7.0.0 and 4.0.8.1.0 allows remote attackers to cause a denial of service via a malformed URL. ====================================================== Name: CVE-2000-0577 Status: Entry Reference: BUGTRAQ:20000621 Netscape FTP Server - "Professional" as hell :> Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.21.0006211351280.23780-100000@nimue.tpi.pl Reference: BUGTRAQ:20000629 (forw) Re: Netscape ftp Server (fwd) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0345.html Reference: BID:1411 Reference: URL:http://www.securityfocus.com/bid/1411 Reference: XF:netscape-ftpserver-chroot Netscape Professional Services FTP Server 1.3.6 allows remote attackers to read arbitrary files via a .. (dot dot) attack. ====================================================== Name: CVE-2000-0579 Status: Entry Reference: BUGTRAQ:20000621 Predictability Problems in IRIX Cron and Compilers Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0204.html Reference: BID:1413 Reference: URL:http://www.securityfocus.com/bid/1413 Reference: XF:irix-cron-modify-crontab IRIX crontab creates temporary files with predictable file names and with the umask of the user, which could allow local users to modify another user's crontab file as it is being edited. ====================================================== Name: CVE-2000-0581 Status: Entry Reference: BUGTRAQ:20000630 SecureXpert Advisory [SX-20000620-1] Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.3.96.1000630161841.4619A-100000@fjord.fscinternet.com Reference: XF:win2k-telnetserver-dos Reference: BID:1414 Reference: URL:http://www.securityfocus.com/bid/1414 Windows 2000 Telnet Server allows remote attackers to cause a denial of service by sending a continuous stream of binary zeros, which causes the server to crash. ====================================================== Name: CVE-2000-0582 Status: Entry Reference: BUGTRAQ:20000630 SecureXpert Advisory [SX-20000620-3] Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.3.96.1000630162106.4619C-100000@fjord.fscinternet.com Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#SMTP_Security Reference: XF:fw1-resource-overload-dos Reference: BID:1416 Reference: URL:http://www.securityfocus.com/bid/1416 Reference: OSVDB:1438 Reference: URL:http://www.osvdb.org/1438 Check Point FireWall-1 4.0 and 4.1 allows remote attackers to cause a denial of service by sending a stream of invalid commands (such as binary zeros) to the SMTP Security Server proxy. ====================================================== Name: CVE-2000-0583 Status: Entry Reference: BUGTRAQ:20000626 vpopmail-3.4.11 problems Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=395BD2A8.5D3396A7@secureaustin.com Reference: CONFIRM:http://www.vpopmail.cx/vpopmail-ChangeLog Reference: BID:1418 Reference: URL:http://www.securityfocus.com/bid/1418 Reference: XF:vpopmail-format-string vchkpw program in vpopmail before version 4.8 does not properly cleanse an untrusted format string used in a call to syslog, which allows remote attackers to cause a denial of service via a USER or PASS command that contains arbitrary formatting directives. ====================================================== Name: CVE-2000-0584 Status: Entry Reference: MISC:http://shadowpenguin.backsection.net/advisories/advisory038.html Reference: DEBIAN:20000702 Reference: FREEBSD:FreeBSD-SA-00:31 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:31.canna.asc.v1.1 Reference: BID:1445 Reference: URL:http://www.securityfocus.com/bid/1445 Reference: XF:canna-bin-execute-bo Reference: URL:http://xforce.iss.net/static/4912.php Buffer overflow in Canna input system allows remote attackers to execute arbitrary commands via an SR_INIT command with a long user name or group name. ====================================================== Name: CVE-2000-0585 Status: Entry Reference: BUGTRAQ:20000624 Possible root exploit in ISC DHCP client. Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0247.html Reference: OPENBSD:20000624 A serious bug in dhclient(8) could allow strings from a malicious dhcp server to be executed in the shell as root. Reference: DEBIAN:20000628 dhcp client: remote root exploit in dhcp client Reference: URL:http://www.debian.org/security/2000/20000628 Reference: FREEBSD:FreeBSD-SA-00:34 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:34.dhclient.asc Reference: BUGTRAQ:20000702 [Security Announce] dhcp update Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0014.html Reference: SUSE:20000711 Security Hole in dhclient < 2.0 Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_56.html Reference: NETBSD:NetBSD-SA2000-008 Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-008.txt.asc Reference: BID:1388 Reference: URL:http://www.securityfocus.com/bid/1388 Reference: XF:openbsd-isc-dhcp Reference: URL:http://xforce.iss.net/static/4772.php ISC DHCP client program dhclient allows remote attackers to execute arbitrary commands via shell metacharacters. ====================================================== Name: CVE-2000-0586 Status: Entry Reference: VULN-DEV:20000628 dalnet 4.6.5 remote vulnerability Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2000-q2/1092.html Reference: XF:ircd-dalnet-summon-bo Reference: BID:1404 Reference: URL:http://www.securityfocus.com/bid/1404 Buffer overflow in Dalnet IRC server 4.6.5 allows remote attackers to cause a denial of service or execute arbitrary commands via the SUMMON command. ====================================================== Name: CVE-2000-0587 Status: Entry Reference: XF:glftpd-privpath-directive Reference: BUGTRAQ:20000626 Glftpd privpath bugs... +fix Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.10006261041360.31907-200000@twix.thrijswijk.nl Reference: BUGTRAQ:20000627 Re: Glftpd privpath bugs... +fix Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0317.html Reference: BID:1401 Reference: URL:http://www.securityfocus.com/bid/1401 The privpath directive in glftpd 1.18 allows remote attackers to bypass access restrictions for directories by using the file name completion capability. ====================================================== Name: CVE-2000-0588 Status: Entry Reference: BUGTRAQ:20000626 sawmill5.0.21 old path bug & weak hash algorithm Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0271.html Reference: BUGTRAQ:20000706 Patch for Flowerfire Sawmill Vulnerabilities Available Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0080.html Reference: BID:1402 Reference: URL:http://www.securityfocus.com/bid/1402 Reference: XF:sawmill-file-access SawMill 5.0.21 CGI program allows remote attackers to read the first line of arbitrary files by listing the file in the rfcf parameter, whose contents SawMill attempts to parse as configuration commands. ====================================================== Name: CVE-2000-0590 Status: Entry Reference: BUGTRAQ:20000706 Vulnerability in Poll_It cgi v2.0 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0076.html Reference: BID:1431 Reference: URL:http://www.securityfocus.com/bid/1431 Reference: XF:http-cgi-pollit-variable-overwrite(4878) Reference: URL:http://xforce.iss.net/static/4878.php Poll It 2.0 CGI script allows remote attackers to read arbitrary files by specifying the file name in the data_dir parameter. ====================================================== Name: CVE-2000-0591 Status: Entry Reference: BUGTRAQ:20000705 Novell BorderManager 3.0 EE - Encoded URL rule bypass Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0038.html Reference: BID:1432 Reference: URL:http://www.securityfocus.com/bid/1432 Reference: XF:bordermanager-bypass-url-restriction Novell BorderManager 3.0 and 3.5 allows remote attackers to bypass URL filtering by encoding characters in the requested URL. ====================================================== Name: CVE-2000-0593 Status: Entry Reference: BUGTRAQ:20000627 [SPSadvisory #37]WinProxy 2.0.0/2.0.1 DoS and Exploitable Buffer Overflow Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200006271417.GFE84146.-BJXON@lac.co.jp Reference: XF:winproxy-get-dos(4831) Reference: URL:http://xforce.iss.net/static/4831.php Reference: BID:1400 Reference: URL:http://www.securityfocus.com/bid/1400 WinProxy 2.0 and 2.0.1 allows remote attackers to cause a denial of service by sending an HTTP GET request without listing an HTTP version number. ====================================================== Name: CVE-2000-0594 Status: Entry Reference: VULN-DEV:20000704 BitchX /ignore bug Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2000-q3/0018.html Reference: BUGTRAQ:20000704 BitchX exploit possibly waiting to happen, certain DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0026.html Reference: REDHAT:RHSA-2000:042 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-042.html Reference: FREEBSD:FreeBSD-SA-00:32 Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-07/0042.html Reference: CALDERA:CSSA-2000-022.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-022.0.txt Reference: BUGTRAQ:20000707 BitchX update Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0105.html Reference: BUGTRAQ:20000707 CONECTIVA LINUX SECURITY ANNOUNCEMENT - BitchX Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0098.html Reference: BID:1436 Reference: URL:http://www.securityfocus.com/bid/1436 Reference: XF:irc-bitchx-invite-dos Reference: URL:http://xforce.iss.net/static/4897.php BitchX IRC client does not properly cleanse an untrusted format string, which allows remote attackers to cause a denial of service via an invite to a channel whose name includes special formatting characters. ====================================================== Name: CVE-2000-0595 Status: Entry Reference: FREEBSD:FreeBSD-SA-00:24 Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-07/0035.html Reference: BID:1437 Reference: URL:http://www.securityfocus.com/bid/1437 Reference: XF:bsd-libedit-editrc Reference: OSVDB:1446 Reference: URL:http://www.osvdb.org/1446 libedit searches for the .editrc file in the current directory instead of the user's home directory, which may allow local users to execute arbitrary commands by installing a modified .editrc in another directory. ====================================================== Name: CVE-2000-0596 Status: Entry Reference: BUGTRAQ:20000627 IE 5 and Access 2000 vulnerability - executing programs Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=39589359.762392DB@nat.bg Reference: BUGTRAQ:20000627 FW: IE 5 and Access 2000 vulnerability - executing programs Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=000d01bfe0fb$418f59b0$96217aa8@src.bu.edu Reference: MS:MS00-049 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-049.asp Reference: CERT:CA-2000-16 Reference: URL:http://www.cert.org/advisories/CA-2000-16.html Reference: XF:ie-access-vba-code-execute Reference: BID:1398 Reference: URL:http://www.securityfocus.com/bid/1398 Internet Explorer 5.x does not warn a user before opening a Microsoft Access database file that is referenced within ActiveX OBJECT tags in an HTML document, which could allow remote attackers to execute arbitrary commands, aka the "IE Script" vulnerability. ====================================================== Name: CVE-2000-0597 Status: Entry Reference: BUGTRAQ:20000627 IE 5 and Excel 2000, PowerPoint 2000 vulnerability - executing programs Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=39589349.ED9DBCAB@nat.bg Reference: MS:MS00-049 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-049.asp Reference: BID:1399 Reference: URL:http://www.securityfocus.com/bid/1399 Reference: XF:ie-powerpoint-activex-object-execute Microsoft Office 2000 (Excel and PowerPoint) and PowerPoint 97 are marked as safe for scripting, which allows remote attackers to force Internet Explorer or some email clients to save files to arbitrary locations via the Visual Basic for Applications (VBA) SaveAs function, aka the "Office HTML Script" vulnerability. ====================================================== Name: CVE-2000-0598 Status: Entry Reference: BUGTRAQ:20000626 Proxy+ Telnet Gateway Problems Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0268.html Reference: MISC:http://www.proxyplus.cz/faq/articles/EN/art01002.htm Reference: BID:1395 Reference: URL:http://www.securityfocus.com/bid/1395 Reference: XF:fortech-proxy-telnet-gateway Fortech Proxy+ allows remote attackers to bypass access restrictions for to the administration service by redirecting their connections through the telnet proxy. ====================================================== Name: CVE-2000-0599 Status: Entry Reference: BUGTRAQ:20000629 iMesh 1.02 vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0335.html Reference: MISC:http://www.imesh.com/download/download.html Reference: XF:imesh-tcp-port-overflow Reference: BID:1407 Reference: URL:http://www.securityfocus.com/bid/1407 Buffer overflow in iMesh 1.02 allows remote attackers to execute arbitrary commands via a long string to the iMesh port. ====================================================== Name: CVE-2000-0600 Status: Entry Reference: BUGTRAQ:20000626 Netscape Enterprise Server for NetWare Virtual Directory Vulnerab ility Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0264.html Reference: BID:1393 Reference: URL:http://www.securityfocus.com/bid/1393 Reference: XF:netscape-virtual-directory-bo(4780) Reference: URL:http://xforce.iss.net/static/4780.php Netscape Enterprise Server in NetWare 5.1 allows remote attackers to cause a denial of service or execute arbitrary commands via a malformed URL. ====================================================== Name: CVE-2000-0601 Status: Entry Reference: BUGTRAQ:20000625 LeafChat Denial of Service Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.BSF.4.10.10006252056110.74551-100000@unix.za.net Reference: CONFIRM:http://www.leafdigital.com/Software/leafChat/history.html Reference: XF:irc-leafchat-dos Reference: BID:1396 Reference: URL:http://www.securityfocus.com/bid/1396 LeafChat 1.7 IRC client allows a remote IRC server to cause a denial of service by rapidly sending a large amount of error messages. ====================================================== Name: CVE-2000-0602 Status: Entry Reference: BUGTRAQ:20000621 rh 6.2 - gid compromises, etc Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.21.0006211209500.22969-100000@nimue.tpi.pl Reference: XF:redhat-secure-locate-path Reference: BID:1385 Reference: URL:http://www.securityfocus.com/bid/1385 Secure Locate (slocate) in Red Hat Linux allows local users to gain privileges via a malformed configuration file that is specified in the LOCATE_PATH environmental variable. ====================================================== Name: CVE-2000-0603 Status: Entry Reference: MS:MS00-048 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-048.asp Reference: BID:1444 Reference: URL:http://www.securityfocus.com/bid/1444 Reference: XF:mssql-procedure-perms Reference: URL:http://xforce.iss.net/static/4921.php Microsoft SQL Server 7.0 allows a local user to bypass permissions for stored procedures by referencing them via a temporary stored procedure, aka the "Stored Procedure Permissions" vulnerability. ====================================================== Name: CVE-2000-0604 Status: Entry Reference: BUGTRAQ:20000621 rh 6.2 - gid compromises, etc Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.21.0006211209500.22969-100000@nimue.tpi.pl Reference: BID:1383 Reference: URL:http://www.securityfocus.com/bid/1383 Reference: XF:redhat-gkermit gkermit in Red Hat Linux is improperly installed with setgid uucp, which allows local users to modify files owned by uucp. ====================================================== Name: CVE-2000-0610 Status: Entry Reference: BUGTRAQ:20000623 NetWin dMailWeb Unrestricted Mail Relay Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0243.html Reference: BID:1390 Reference: URL:http://www.securityfocus.com/bid/1390 Reference: XF:netwin-dmailweb-newline Reference: URL:http://xforce.iss.net/static/4770.php NetWin dMailWeb and cwMail 2.6g and earlier allows remote attackers to bypass authentication and use the server for mail relay via a username that contains a carriage return. ====================================================== Name: CVE-2000-0611 Status: Entry Reference: BUGTRAQ:20000623 NetWin dMailWeb Unrestricted Mail Relay Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0243.html Reference: BID:1391 Reference: URL:http://www.securityfocus.com/bid/1391 Reference: XF:netwin-dmailweb-auth Reference: URL:http://xforce.iss.net/static/4771.php The default configuration of NetWin dMailWeb and cwMail trusts all POP servers, which allows attackers to bypass normal authentication and cause a denial of service. ====================================================== Name: CVE-2000-0613 Status: Entry Reference: BUGTRAQ:20000320 PIX DMZ Denial of Service - TCP Resets Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=B3D6883199DBD311868100A0C9FC2CDC046B72@protea.citec.net Reference: CISCO:20000711 Cisco Secure PIX Firewall TCP Reset Vulnerability Reference: URL:http://www.cisco.com/warp/public/707/pixtcpreset-pub.shtml Reference: BID:1454 Reference: URL:http://www.securityfocus.com/bid/1454 Reference: XF:cisco-pix-firewall-tcp Reference: URL:http://xforce.iss.net/static/4928.php Reference: OSVDB:1457 Reference: URL:http://www.osvdb.org/1457 Cisco Secure PIX Firewall does not properly identify forged TCP Reset (RST) packets, which allows remote attackers to force the firewall to close legitimate connections. ====================================================== Name: CVE-2000-0615 Status: Entry Reference: BUGTRAQ:20000709 LPRng lpd should not be SETUID root Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0117.html Reference: BID:1447 Reference: URL:http://www.securityfocus.com/bid/1447 Reference: XF:lpd-suid-root(7361) Reference: URL:http://xforce.iss.net/static/7361.php LPRng 3.6.x improperly installs lpd as setuid root, which can allow local users to append lpd trace and logging messages to files. ====================================================== Name: CVE-2000-0616 Status: Entry Reference: HP:HPSBMP0006-007 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0294.html Reference: BID:1405 Reference: URL:http://www.securityfocus.com/bid/1405 Reference: XF:hp-turboimage-dbutil Vulnerability in HP TurboIMAGE DBUTIL allows local users to gain additional privileges via DBUTIL.PUB.SYS. ====================================================== Name: CVE-2000-0619 Status: Entry Reference: VULN-DEV:20000520 TopLayer layer 7 switch Advisory Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2000-q2/0680.html Reference: VULN-DEV:20000614 Update on TopLayer Advisory Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2000-q2/0921.html Reference: BID:1258 Reference: URL:http://www.securityfocus.com/bid/1258 Reference: XF:toplayer-icmp-dos(7364) Reference: URL:http://xforce.iss.net/static/7364.php Top Layer AppSwitch 2500 allows remote attackers to cause a denial of service via malformed ICMP packets. ====================================================== Name: CVE-2000-0620 Status: Entry Reference: BUGTRAQ:20000619 XFree86: Various nasty libX11 holes Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96146116627474&w=2 Reference: BID:1409 Reference: URL:http://www.securityfocus.com/bid/1409 Reference: XF:libx11-infinite-loop-dos(4996) Reference: URL:http://xforce.iss.net/static/4996.php libX11 X library allows remote attackers to cause a denial of service via a resource mask of 0, which causes libX11 to go into an infinite loop. ====================================================== Name: CVE-2000-0621 Status: Entry Reference: MS:MS00-046 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-046.asp Reference: CERT:CA-2000-14 Reference: URL:http://www.cert.org/advisories/CA-2000-14.html Reference: BID:1501 Reference: URL:http://www.securityfocus.com/bid/1501 Reference: XF:outlook-cache-bypass Reference: URL:http://xforce.iss.net/static/5013.php Microsoft Outlook 98 and 2000, and Outlook Express 4.0x and 5.0x, allow remote attackers to read files on the client's system via a malformed HTML message that stores files outside of the cache, aka the "Cache Bypass" vulnerability. ====================================================== Name: CVE-2000-0622 Status: Entry Reference: NAI:20000719 O'Reilly WebSite Professional Overflow Reference: URL:http://www.nai.com/research/covert/advisories/043.asp Reference: CONFIRM:http://website.oreilly.com/support/software/wspro25_releasenotes.txt Reference: XF:website-webfind-bo(4962) Reference: URL:http://xforce.iss.net/static/4962.php Reference: BID:1487 Reference: URL:http://www.securityfocus.com/bid/1487 Buffer overflow in Webfind CGI program in O'Reilly WebSite Professional web server 2.x allows remote attackers to execute arbitrary commands via a URL containing a long "keywords" parameter. ====================================================== Name: CVE-2000-0624 Status: Entry Reference: BUGTRAQ:20000720 Winamp M3U playlist parser buffer overflow security vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0289.html Reference: CONFIRM:http://www.winamp.com/getwinamp/newfeatures.jhtml Reference: BID:1496 Reference: URL:http://www.securityfocus.com/bid/1496 Reference: XF:winamp-playlist-parser-bo Reference: URL:http://xforce.iss.net/static/4956.php Buffer overflow in Winamp 2.64 and earlier allows remote attackers to execute arbitrary commands via a long #EXTINF: extension in the M3U playlist. ====================================================== Name: CVE-2000-0627 Status: Entry Reference: BUGTRAQ:20000718 Blackboard Courseinfo v4.0 User Authentication Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0254.html Reference: BUGTRAQ:20000719 Security Fix for Blackboard CourseInfo 4.0 Reference: URL:http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3D20000719151904.I17986@securityfocus.com Reference: BID:1486 Reference: URL:http://www.securityfocus.com/bid/1486 Reference: XF:blackboard-courseinfo-dbase-modification Reference: URL:http://xforce.iss.net/static/4946.php BlackBoard CourseInfo 4.0 does not properly authenticate users, which allows local users to modify CourseInfo database information and gain privileges by directly calling the supporting CGI programs such as user_update_passwd.pl and user_update_admin.pl. ====================================================== Name: CVE-2000-0628 Status: Entry Reference: BUGTRAQ:20000710 ANNOUNCE Apache::ASP v1.95 - Security Hole Fixed Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0142.html Reference: CONFIRM:http://www.nodeworks.com/asp/changes.html Reference: BID:1457 Reference: URL:http://www.securityfocus.com/bid/1457 Reference: XF:apache-source-asp-file-write Reference: URL:http://xforce.iss.net/static/4931.php The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files. ====================================================== Name: CVE-2000-0630 Status: Entry Reference: MS:MS00-044 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-044.asp Reference: BID:1488 Reference: URL:http://www.securityfocus.com/bid/1488 Reference: XF:iis-htr-obtain-code Reference: URL:http://xforce.iss.net/static/5104.php IIS 4.0 and 5.0 allows remote attackers to obtain fragments of source code by appending a +.htr to the URL, a variant of the "File Fragment Reading via .HTR" vulnerability. ====================================================== Name: CVE-2000-0631 Status: Entry Reference: BUGTRAQ:20000718 ISBASE Security Advisory(SA2000-02) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96390444022878&w=2 Reference: MS:MS00-044 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-044.asp Reference: BID:1476 Reference: URL:http://www.securityfocus.com/bid/1476 Reference: XF:iis-absent-directory-dos Reference: URL:http://xforce.iss.net/static/4951.php An administrative script from IIS 3.0, later included in IIS 4.0 and 5.0, allows remote attackers to cause a denial of service by accessing the script without a particular argument, aka the "Absent Directory Browser Argument" vulnerability. ====================================================== Name: CVE-2000-0632 Status: Entry Reference: NAI:20000717 [COVERT-2000-07] LISTSERV Web Archive Remote Overflow Reference: URL:http://www.nai.com/nai_labs/asp_set/advisory/43_Advisory.asp Reference: CONFIRM:http://www.lsoft.com/news/default.asp?item=Advisory1 Reference: BID:1490 Reference: URL:http://www.securityfocus.com/bid/1490 Reference: XF:lsoft-listserv-querystring-bo Reference: URL:http://xforce.iss.net/static/4952.php Buffer overflow in the web archive component of L-Soft Listserv 1.8d and earlier allows remote attackers to execute arbitrary commands via a long query string. ====================================================== Name: CVE-2000-0633 Status: Entry Reference: REDHAT:RHSA-2000:053 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-053.html Reference: BUGTRAQ:20000718 MDKSA-2000:020 usermode update Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0251.html Reference: BUGTRAQ:20000812 Conectiva Linux security announcement - usermode Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0117.html Reference: BID:1489 Reference: URL:http://www.securityfocus.com/bid/1489 Reference: XF:linux-usermode-dos Reference: URL:http://xforce.iss.net/static/4944.php Vulnerability in Mandrake Linux usermode package allows local users to to reboot or halt the system. ====================================================== Name: CVE-2000-0634 Status: Entry Reference: BUGTRAQ:20000717 S21SEC-003: Vulnerabilities in CommuniGate Pro v3.2.4 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0223.html Reference: BID:1493 Reference: URL:http://www.securityfocus.com/bid/1493 Reference: XF:communigate-pro-file-read Reference: URL:http://xforce.iss.net/static/5105.php Reference: OSVDB:5774 Reference: URL:http://www.osvdb.org/5774 The web administration interface for CommuniGate Pro 3.2.5 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack. ====================================================== Name: CVE-2000-0635 Status: Entry Reference: BUGTRAQ:20000711 Akopia MiniVend Piped Command Execution Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0150.html Reference: CONFIRM:http://www.zdnet.com/zdnn/stories/news/0,4586,2600258,00.html Reference: BID:1449 Reference: URL:http://www.securityfocus.com/bid/1449 Reference: XF:minivend-viewpage-sample Reference: URL:http://xforce.iss.net/static/4880.php The view_page.html sample page in the MiniVend shopping cart program allows remote attackers to execute arbitrary commands via shell metacharacters. ====================================================== Name: CVE-2000-0636 Status: Entry Reference: BUGTRAQ:20000719 HP Jetdirect - Invalid FTP Command DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0265.html Reference: BID:1491 Reference: URL:http://www.securityfocus.com/bid/1491 Reference: XF:hp-jetdirect-quote-dos Reference: URL:http://xforce.iss.net/static/4947.php HP JetDirect printers versions G.08.20 and H.08.20 and earlier allow remote attackers to cause a denial of service via a malformed FTP quote command. ====================================================== Name: CVE-2000-0637 Status: Entry Reference: BUGTRAQ:20000711 Excel 2000 vulnerability - executing programs Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=396B3F8F.9244D290@nat.bg Reference: MS:MS00-051 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-051.asp Reference: BID:1451 Reference: URL:http://www.securityfocus.com/bid/1451 Reference: XF:excel-register-function Reference: URL:http://xforce.iss.net/static/5016.php Microsoft Excel 97 and 2000 allows an attacker to execute arbitrary commands by specifying a malicious .dll using the Register.ID function, aka the "Excel REGISTER.ID Function" vulnerability. ====================================================== Name: CVE-2000-0638 Status: Entry Reference: BUGTRAQ:20000711 BIG BROTHER EXPLOIT Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0146.html Reference: BUGTRAQ:20000711 REMOTE EXPLOIT IN ALL CURRENT VERSIONS OF BIG BROTHER Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0147.html Reference: CONFIRM:http://bb4.com/README.CHANGES Reference: BID:1455 Reference: URL:http://www.securityfocus.com/bid/1455 Reference: XF:http-cgi-bigbrother-bbhostsvc Reference: URL:http://xforce.iss.net/static/4879.php bb-hostsvc.sh in Big Brother 1.4h1 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack on the HOSTSVC parameter. ====================================================== Name: CVE-2000-0639 Status: Entry Reference: BUGTRAQ:20000711 Big Brother filename extension vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0171.html Reference: BID:1494 Reference: URL:http://www.securityfocus.com/bid/1494 Reference: XF:big-brother-filename-extension Reference: URL:http://xforce.iss.net/static/5103.php Reference: OSVDB:1472 Reference: URL:http://www.osvdb.org/1472 The default configuration of Big Brother 1.4h2 and earlier does not include proper access restrictions, which allows remote attackers to execute arbitrary commands by using bbd to upload a file whose extension will cause it to be executed as a CGI script by the web server. ====================================================== Name: CVE-2000-0640 Status: Entry Reference: BUGTRAQ:20000708 gnu-pop3d (FTGate problem), Savant Webserver, Guild FTPd Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0114.html Reference: BID:1452 Reference: URL:http://www.securityfocus.com/bid/1452 Reference: XF:guild-ftpd-disclosure Reference: URL:http://xforce.iss.net/static/4922.php Reference: OSVDB:573 Reference: URL:http://www.osvdb.org/573 Guild FTPd allows remote attackers to determine the existence of files outside the FTP root via a .. (dot dot) attack, which provides different error messages depending on whether the file exists or not. ====================================================== Name: CVE-2000-0641 Status: Entry Reference: BUGTRAQ:20000708 gnu-pop3d (FTGate problem), Savant Webserver, Guild FTPd Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0114.html Reference: BID:1453 Reference: URL:http://www.securityfocus.com/bid/1453 Reference: XF:savant-get-bo Reference: URL:http://xforce.iss.net/static/4901.php Savant web server allows remote attackers to execute arbitrary commands via a long GET request. ====================================================== Name: CVE-2000-0642 Status: Entry Reference: BUGTRAQ:20000711 Lame DoS in WEBactive win65/NT server Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200007130827.BAA32671@Rage.Resentment.org Reference: BID:1497 Reference: URL:http://www.securityfocus.com/bid/1497 Reference: XF:webactive-active-log Reference: URL:http://xforce.iss.net/static/5184.php The default configuration of WebActive HTTP Server 1.00 stores the web access log active.log in the document root, which allows remote attackers to view the logs by directly requesting the page. ====================================================== Name: CVE-2000-0643 Status: Entry Reference: BUGTRAQ:20000711 Lame DoS in WEBactive win65/NT server Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200007130827.BAA32671@Rage.Resentment.org Reference: BID:1470 Reference: URL:http://www.securityfocus.com/bid/1470 Reference: XF:webactive-long-get-dos Reference: URL:http://xforce.iss.net/static/4949.php Buffer overflow in WebActive HTTP Server 1.00 allows remote attackers to cause a denial of service via a long URL. ====================================================== Name: CVE-2000-0644 Status: Entry Reference: BUGTRAQ:20000721 WFTPD/WFTPD Pro 2.41 RC11 vulnerabilities. Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0295.html Reference: BID:1506 Reference: URL:http://www.securityfocus.com/bid/1506 Reference: XF:wftpd-stat-dos Reference: URL:http://xforce.iss.net/static/5003.php Reference: OSVDB:1477 Reference: URL:http://www.osvdb.org/1477 WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of service by executing a STAT command while the LIST command is still executing. ====================================================== Name: CVE-2000-0650 Status: Entry Reference: NTBUGTRAQ:20000711 Potential Vulnerability in McAfee Netshield and VirusScan 4.5 Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0007&L=ntbugtraq&F=&S=&P=2753 Reference: BID:1458 Reference: URL:http://www.securityfocus.com/bid/1458 Reference: XF:nai-virusscan-netshield-autoupgrade(5177) Reference: URL:http://xforce.iss.net/xforce/xfdb/5177 Reference: OSVDB:1458 Reference: URL:http://www.osvdb.org/1458 Reference: OSVDB:4200 Reference: URL:http://www.osvdb.org/4200 The default installation of VirusScan 4.5 and NetShield 4.5 has insecure permissions for the registry key that identifies the AutoUpgrade directory, which allows local users to execute arbitrary commands by replacing SETUP.EXE in that directory with a Trojan Horse. ====================================================== Name: CVE-2000-0651 Status: Entry Reference: BUGTRAQ:20000707 Novell Border Manger - Anyone can pose as an authenticated user Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=06256915.00591E18.00@uprrsmtp2.notes.up.com Reference: BID:1440 Reference: URL:http://www.securityfocus.com/bid/1440 Reference: XF:novell-bordermanager-verification Reference: URL:http://xforce.iss.net/static/5186.php The ClientTrust program in Novell BorderManager does not properly verify the origin of authentication requests, which could allow remote attackers to impersonate another user by replaying the authentication requests and responses from port 3024 of the victim's machine. ====================================================== Name: CVE-2000-0652 Status: Entry Reference: BUGTRAQ:20000723 IBM WebSphere default servlet handler showcode vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0342.html Reference: BID:1500 Reference: URL:http://www.securityfocus.com/bid/1500 Reference: XF:websphere-showcode Reference: URL:http://xforce.iss.net/static/5012.php IBM WebSphere allows remote attackers to read source code for executable web files by directly calling the default InvokerServlet using a URL which contains the "/servlet/file" string. ====================================================== Name: CVE-2000-0654 Status: Entry Reference: MS:MS00-041 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-041.asp Reference: BID:1466 Reference: URL:http://www.securityfocus.com/bid/1466 Reference: XF:mssql-dts-reveal-passwords Reference: URL:http://xforce.iss.net/static/4582.php Microsoft Enterprise Manager allows local users to obtain database passwords via the Data Transformation Service (DTS) package Registered Servers Dialog dialog, aka a variant of the "DTS Password" vulnerability. ====================================================== Name: CVE-2000-0655 Status: Entry Reference: BUGTRAQ:20000724 JPEG COM Marker Processing Vulnerability in Netscape Browsers Reference: URL:http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3D200007242356.DAA01274%40false.com Reference: REDHAT:RHSA-2000:046 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-046.html Reference: SUSE:20000823 Security Hole in Netscape, Versions 4.x, possibly others Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_60.html Reference: TURBO:TLSA2000017-1 Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2000-August/000016.html Reference: NETBSD:NetBSD-SA2000-011 Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-011.txt.asc Reference: FREEBSD:FreeBSD-SA-00:39 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:39.netscape.asc Reference: BUGTRAQ:20000801 MDKSA-2000:027-1 netscape update Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0456.html Reference: BUGTRAQ:20000810 Conectiva Linux Security Announcement - netscape Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0116.html Reference: BID:1503 Reference: URL:http://www.securityfocus.com/bid/1503 Reference: XF:netscape-jpg-comment Netscape Communicator 4.73 and earlier allows remote attackers to cause a denial of service or execute arbitrary commands via a JPEG image containing a comment with an illegal field length of 1. ====================================================== Name: CVE-2000-0660 Status: Entry Reference: BUGTRAQ:20000712 Infosec.20000712.worldclient.2.1 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0173.html Reference: CONFIRM:http://www.altn.com/Downloads/WorldClient/Release/RelNotes.txt Reference: BID:1462 Reference: URL:http://www.securityfocus.com/bid/1462 Reference: XF:worldclient-dir-traverse Reference: URL:http://xforce.iss.net/static/4913.php Reference: OSVDB:1459 Reference: URL:http://www.osvdb.org/1459 The WDaemon web server for WorldClient 2.1 allows remote attackers to read arbitrary files via a .. (dot dot) attack. ====================================================== Name: CVE-2000-0661 Status: Entry Reference: BUGTRAQ:20000710 Remote DoS Attack in WircSrv Irc Server v5.07s Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0120.html Reference: BID:1448 Reference: URL:http://www.securityfocus.com/bid/1448 Reference: XF:wircsrv-character-flood-dos Reference: URL:http://xforce.iss.net/static/4914.php WircSrv IRC Server 5.07s allows remote attackers to cause a denial of service via a long string to the server port. ====================================================== Name: CVE-2000-0662 Status: Entry Reference: BUGTRAQ:20000714 IE 5.5 and 5.01 vulnerability - reading at least local and from any host text and parsed html files Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=396EF9D5.62EEC625@nat.bg Reference: BID:1474 Reference: URL:http://www.securityfocus.com/bid/1474 Reference: XF:ie-dhtmled-file-read(5107) Reference: URL:http://xforce.iss.net/static/5107.php Internet Explorer 5.x and Microsoft Outlook allows remote attackers to read arbitrary files by redirecting the contents of an IFRAME using the DHTML Edit Control (DHTMLED). ====================================================== Name: CVE-2000-0663 Status: Entry Reference: MS:MS00-052 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-052.asp Reference: MSKB:Q269049 Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=269049 Reference: BID:1507 Reference: URL:http://www.securityfocus.com/bid/1507 Reference: XF:explorer-relative-path-name Reference: URL:http://xforce.iss.net/static/5040.php The registry entry for the Windows Shell executable (Explorer.exe) in Windows NT and Windows 2000 uses a relative path name, which allows local users to execute arbitrary commands by inserting a Trojan Horse named Explorer.exe into the %Systemdrive% directory, aka the "Relative Shell Path" vulnerability. ====================================================== Name: CVE-2000-0664 Status: Entry Reference: BUGTRAQ:20000726 AnalogX "SimpleServer:WWW" dot dot bug Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0374.html Reference: CONFIRM:http://www.analogx.com/contents/download/network/sswww.htm Reference: BID:1508 Reference: URL:http://www.securityfocus.com/bid/1508 Reference: XF:analogx-simpleserver-directory-path Reference: URL:http://xforce.iss.net/static/4999.php Reference: OSVDB:388 Reference: URL:http://www.osvdb.org/388 AnalogX SimpleServer:WWW 1.06 and earlier allows remote attackers to read arbitrary files via a modified .. (dot dot) attack that uses the %2E URL encoding for the dots. ====================================================== Name: CVE-2000-0665 Status: Entry Reference: NTBUGTRAQ:20000717 DoS in Gamsoft TelSrv telnet server for MS Windows 95/98/NT/2k. Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0031.html Reference: NTBUGTRAQ:20000729 TelSrv Reveals Usernames & Passwords After DoS Attack Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0056.html Reference: BID:1478 Reference: URL:http://www.securityfocus.com/bid/1478 Reference: XF:gamsoft-telsrv-dos Reference: URL:http://xforce.iss.net/static/4945.php Reference: OSVDB:373 Reference: URL:http://www.osvdb.org/373 GAMSoft TelSrv telnet server 1.5 and earlier allows remote attackers to cause a denial of service via a long username. ====================================================== Name: CVE-2000-0666 Status: Entry Reference: BUGTRAQ:20000716 Lots and lots of fun with rpc.statd Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0206.html Reference: DEBIAN:20000719a Reference: REDHAT:RHSA-2000:043 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-043.html Reference: BUGTRAQ:20000717 CONECTIVA LINUX SECURITY ANNOUNCEMENT - nfs-utils Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0230.html Reference: BUGTRAQ:20000718 Trustix Security Advisory - nfs-utils Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0236.html Reference: BUGTRAQ:20000718 [Security Announce] MDKSA-2000:021 nfs-utils update Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0260.html Reference: CALDERA:CSSA-2000-025.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-025.0.txt Reference: CERT:CA-2000-17 Reference: URL:http://www.cert.org/advisories/CA-2000-17.html Reference: BID:1480 Reference: URL:http://www.securityfocus.com/bid/1480 Reference: XF:linux-rpcstatd-format-overwrite Reference: URL:http://xforce.iss.net/static/4939.php rpc.statd in the nfs-utils package in various Linux distributions does not properly cleanse untrusted format strings, which allows remote attackers to gain root privileges. ====================================================== Name: CVE-2000-0668 Status: Entry Reference: REDHAT:RHSA-2000:044 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-044.html Reference: BUGTRAQ:20000727 CONECTIVA LINUX SECURITY ANNOUNCEMENT - PAM Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0398.html Reference: BUGTRAQ:20000801 MDKSA-2000:029 pam update Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0455.html Reference: BID:1513 Reference: URL:http://www.securityfocus.com/bid/1513 Reference: XF:linux-pam-console Reference: URL:http://xforce.iss.net/static/5001.php pam_console PAM module in Linux systems allows a user to access the system console and reboot the system when a display manager such as gdm or kdm has XDMCP enabled. ====================================================== Name: CVE-2000-0669 Status: Entry Reference: BUGTRAQ:20000711 Remote Denial Of Service -- NetWare 5.0 with SP 5 Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=000501bfeab5$9330c3d0$d801a8c0@dimuthu.baysidegrp.com.au Reference: BID:1467 Reference: URL:http://www.securityfocus.com/bid/1467 Reference: XF:netware-port40193-dos Novell NetWare 5.0 allows remote attackers to cause a denial of service by flooding port 40193 with random data. ====================================================== Name: CVE-2000-0670 Status: Entry Reference: BUGTRAQ:20000712 cvsweb: remote shell for cvs committers Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0178.html Reference: BUGTRAQ:20000714 MDKSA-2000:019 cvsweb update Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0196.html Reference: DEBIAN:20000719b Reference: FREEBSD:FreeBSD-SA-00:37 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:37.cvsweb.asc Reference: TURBO:TLSA2000016-1 Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2000-August/000015.html Reference: BID:1469 Reference: URL:http://www.securityfocus.com/bid/1469 Reference: XF:cvsweb-shell-access Reference: URL:http://xforce.iss.net/static/4925.php The cvsweb CGI script in CVSWeb 1.80 allows remote attackers with write access to a CVS repository to execute arbitrary commands via shell metacharacters. ====================================================== Name: CVE-2000-0671 Status: Entry Reference: BUGTRAQ:20000721 Roxen security alert: Problems with URLs containing null characters. Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0321.html Reference: BUGTRAQ:20000721 Roxen Web Server Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0307.html Reference: BID:1510 Reference: URL:http://www.securityfocus.com/bid/1510 Reference: XF:roxen-null-char-url Reference: URL:http://xforce.iss.net/static/4965.php Roxen web server earlier than 2.0.69 allows allows remote attackers to bypass access restrictions, list directory contents, and read source code by inserting a null character (%00) to the URL. ====================================================== Name: CVE-2000-0672 Status: Entry Reference: BUGTRAQ:20000721 Jakarta-tomcat.../admin Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0309.html Reference: BID:1548 Reference: URL:http://www.securityfocus.com/bid/1548 Reference: XF:jakarta-tomcat-admin Reference: URL:http://xforce.iss.net/static/5160.php The default configuration of Jakarta Tomcat does not restrict access to the /admin context, which allows remote attackers to read arbitrary files by directly calling the administrative servlets to add a context for the root directory. ====================================================== Name: CVE-2000-0673 Status: Entry Reference: NAI:20000727 Windows NetBIOS Name Conflicts Reference: URL:http://www.nai.com/research/covert/advisories/044.asp Reference: MS:MS00-047 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-047.asp Reference: BID:1514 Reference: URL:http://www.securityfocus.com/bid/1514 Reference: BID:1515 Reference: URL:http://www.securityfocus.com/bid/1515 Reference: XF:netbios-name-server-spoofing Reference: URL:http://xforce.iss.net/static/5035.php The NetBIOS Name Server (NBNS) protocol does not perform authentication, which allows remote attackers to cause a denial of service by sending a spoofed Name Conflict or Name Release datagram, aka the "NetBIOS Name Server Protocol Spoofing" vulnerability. ====================================================== Name: CVE-2000-0674 Status: Entry Reference: BUGTRAQ:20000712 ftp.pl vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0177.html Reference: BID:1471 Reference: URL:http://www.securityfocus.com/bid/1471 Reference: XF:virtualvision-ftp-browser Reference: URL:http://xforce.iss.net/static/5187.php ftp.pl CGI program for Virtual Visions FTP browser allows remote attackers to read directories outside of the document root via a .. (dot dot) attack. ====================================================== Name: CVE-2000-0675 Status: Entry Reference: BUGTRAQ:20000713 The MDMA Crew's GateKeeper Exploit Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=00af01bfece2$a52cbd80$367e1ec4@kungphusion Reference: BID:1477 Reference: URL:http://www.securityfocus.com/bid/1477 Reference: XF:gatekeeper-long-string-bo Reference: URL:http://xforce.iss.net/static/4948.php Buffer overflow in Infopulse Gatekeeper 3.5 and earlier allows remote attackers to execute arbitrary commands via a long string. ====================================================== Name: CVE-2000-0676 Status: Entry Reference: BUGTRAQ:20000804 Dangerous Java/Netscape Security Hole Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0019.html Reference: REDHAT:RHSA-2000:054 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-054.html Reference: CALDERA:CSSA-2000-027.1 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-027.1.txt Reference: FREEBSD:FreeBSD-SA-00:39 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:39.netscape.asc Reference: SUSE:20000823 Security Hole in Netscape, Versions 4.x, possibly others Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_60.html Reference: BUGTRAQ:20000810 MDKSA-2000:033 Netscape Java vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0115.html Reference: BUGTRAQ:20000821 MDKSA-2000:036 - netscape update Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0265.html Reference: BUGTRAQ:20000818 Conectiva Linux Security Announcement - netscape Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0236.html Reference: CERT:CA-2000-15 Reference: URL:http://www.cert.org/advisories/CA-2000-15.html Reference: BID:1546 Reference: URL:http://www.securityfocus.com/bid/1546 Reference: XF:java-brownorifice Netscape Communicator and Navigator 4.04 through 4.74 allows remote attackers to read arbitrary files by using a Java applet to open a connection to a URL using the "file", "http", "https", and "ftp" protocols, as demonstrated by Brown Orifice. ====================================================== Name: CVE-2000-0677 Status: Entry Reference: ISS:20000907 Buffer Overflow in IBM Net.Data db2www CGI program. Reference: URL:http://xforce.iss.net/alerts/advise60.php Reference: XF:ibm-netdata-db2www-bo Reference: URL:http://xforce.iss.net/static/4976.php Buffer overflow in IBM Net.Data db2www CGI program allows remote attackers to execute arbitrary commands via a long PATH_INFO environmental variable. ====================================================== Name: CVE-2000-0678 Status: Entry Reference: CERT:CA-2000-18 Reference: URL:http://www.cert.org/advisories/CA-2000-18.html Reference: BID:1606 Reference: URL:http://www.securityfocus.com/bid/1606 Reference: OSVDB:4354 Reference: URL:http://www.osvdb.org/4354 PGP 5.5.x through 6.5.3 does not properly check if an Additional Decryption Key (ADK) is stored in the signed portion of a public certificate, which allows an attacker who can modify a victim's public certificate to decrypt any data that has been encrypted with the modified certificate. ====================================================== Name: CVE-2000-0679 Status: Entry Reference: BUGTRAQ:20000728 cvs security problem Reference: URL:http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3Dhvou2daoebb.fsf%40serein.m17n.org Reference: BID:1523 Reference: URL:http://www.securityfocus.com/bid/1523 Reference: XF:cvs-client-creates-file The CVS 1.10.8 client trusts pathnames that are provided by the CVS server, which allows the server to force the client to create arbitrary files. ====================================================== Name: CVE-2000-0681 Status: Entry Reference: BUGTRAQ:20000815 BEA Weblogic server proxy library vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0186.html Reference: BID:1570 Reference: URL:http://www.securityfocus.com/bid/1570 Reference: XF:weblogic-plugin-bo Buffer overflow in BEA WebLogic server proxy plugin allows remote attackers to execute arbitrary commands via a long URL with a .JSP extension. ====================================================== Name: CVE-2000-0682 Status: Entry Reference: BUGTRAQ:20000728 BEA's WebLogic force handlers show code vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0410.html Reference: CONFIRM:http://developer.bea.com/alerts/security_000731.html Reference: BID:1518 Reference: URL:http://www.securityfocus.com/bid/1518 Reference: XF:weblogic-fileservlet-show-code Reference: OSVDB:1481 Reference: URL:http://www.osvdb.org/1481 BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /ConsoleHelp/ into the URL, which invokes the FileServlet. ====================================================== Name: CVE-2000-0683 Status: Entry Reference: BUGTRAQ:20000728 BEA's WebLogic force handlers show code vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0410.html Reference: CONFIRM:http://developer.bea.com/alerts/security_000728.html Reference: BID:1517 Reference: URL:http://www.securityfocus.com/bid/1517 Reference: OSVDB:1480 Reference: URL:http://www.osvdb.org/1480 BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /*.shtml/ into the URL, which invokes the SSIServlet. ====================================================== Name: CVE-2000-0684 Status: Entry Reference: BUGTRAQ:20000731 BEA's WebLogic *.jsp/*.jhtml remote command execution Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0434.html Reference: CONFIRM:http://developer.bea.com/alerts/security_000731.html Reference: BID:1525 Reference: URL:http://www.securityfocus.com/bid/1525 Reference: XF:html-malicious-tags BEA WebLogic 5.1.x does not properly restrict access to the JSPServlet, which could allow remote attackers to compile and execute Java JSP code by directly invoking the servlet on any source file. ====================================================== Name: CVE-2000-0685 Status: Entry Reference: BUGTRAQ:20000731 BEA's WebLogic *.jsp/*.jhtml remote command execution Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0434.html Reference: CONFIRM:http://developer.bea.com/alerts/security_000731.html Reference: BID:1525 Reference: URL:http://www.securityfocus.com/bid/1525 Reference: XF:html-malicious-tags BEA WebLogic 5.1.x does not properly restrict access to the PageCompileServlet, which could allow remote attackers to compile and execute Java JHTML code by directly invoking the servlet on any source file. ====================================================== Name: CVE-2000-0693 Status: Entry Reference: BUGTRAQ:20000802 Local root compromise in PGX Config Sun Sparc Solaris Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0463.html Reference: BID:1563 Reference: URL:http://www.securityfocus.com/bid/1563 Reference: OSVDB:1501 Reference: URL:http://www.osvdb.org/1501 pgxconfig in the Raptor GFX configuration tool uses a relative path name for a system call to the "cp" program, which allows local users to execute arbitrary commands by modifying their path to point to an alternate "cp" program. ====================================================== Name: CVE-2000-0694 Status: Entry Reference: BUGTRAQ:20000802 Local root compromise in PGX Config Sun Sparc Solaris Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0463.html Reference: OSVDB:5740 Reference: URL:http://www.osvdb.org/5740 pgxconfig in the Raptor GFX configuration tool allows local users to gain privileges via a symlink attack. ====================================================== Name: CVE-2000-0698 Status: Entry Reference: BUGTRAQ:20000819 RH 6.1 / 6.2 minicom vulnerability Reference: URL:http://www.securityfocus.com/archive/1/77361 Reference: BID:1599 Reference: URL:http://www.securityfocus.com/bid/1599 Reference: XF:minicom-capture-groupown Reference: URL:http://xforce.iss.net/static/5151.php Minicom 1.82.1 and earlier on some Linux systems allows local users to create arbitrary files owned by the uucp user via a symlink attack. ====================================================== Name: CVE-2000-0699 Status: Entry Reference: BUGTRAQ:20000806 HPUX FTPd vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0028.html Reference: BID:1560 Reference: URL:http://www.securityfocus.com/bid/1560 Format string vulnerability in ftpd in HP-UX 10.20 allows remote attackers to cause a denial of service or execute arbitrary commands via format strings in the PASS command. ====================================================== Name: CVE-2000-0700 Status: Entry Reference: CISCO:20000803 Possible Access Control Bypass and Denial of Service in Gigabit Switch Routers Using Gigabit Ethernet or Fast Ethernet Cards Reference: URL:http://www.cisco.com/warp/public/707/gsraclbypassdos-pub.shtml Reference: BID:1541 Reference: URL:http://www.securityfocus.com/bid/1541 Reference: OSVDB:793 Reference: URL:http://www.osvdb.org/793 Reference: OSVDB:798 Reference: URL:http://www.osvdb.org/798 Cisco Gigabit Switch Routers (GSR) with Fast Ethernet / Gigabit Ethernet cards, from IOS versions 11.2(15)GS1A up to 11.2(19)GS0.2 and some versions of 12.0, do not properly handle line card failures, which allows remote attackers to bypass ACLs or force the interface to stop forwarding packets. ====================================================== Name: CVE-2000-0702 Status: Entry Reference: BUGTRAQ:20000821 [HackersLab bugpaper] HP-UX net.init rc script Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0261.html Reference: BID:1602 Reference: URL:http://www.securityfocus.com/bid/1602 Reference: XF:hp-netinit-symlink Reference: URL:http://xforce.iss.net/static/5131.php The net.init rc script in HP-UX 11.00 (S008net.init) allows local users to overwrite arbitrary files via a symlink attack that points from /tmp/stcp.conf to the targeted file. ====================================================== Name: CVE-2000-0703 Status: Entry Reference: BUGTRAQ:20000805 sperl 5.00503 (and newer ;) exploit Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0022.html Reference: SUSE:20000810 Security Hole in perl, all versions Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_59.html Reference: CALDERA:CSSA-2000-026.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-026.0.txt Reference: DEBIAN:20000810 Reference: REDHAT:RHSA-2000:048 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-048.html Reference: TURBO:TLSA2000018-1 Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2000-August/000017.html Reference: BUGTRAQ:20000814 Trustix Security Advisory - perl and mailx Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0153.html Reference: BUGTRAQ:20000808 MDKSA-2000:031 perl update Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0086.html Reference: BUGTRAQ:20000810 Conectiva Linux security announcemente - PERL Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0113.html Reference: BID:1547 Reference: URL:http://www.securityfocus.com/bid/1547 Reference: XF:perl-shell-escape suidperl (aka sperl) does not properly cleanse the escape sequence "~!" before calling /bin/mail to send an error report, which allows local users to gain privileges by setting the "interactive" environmental variable and calling suidperl with a filename that contains the escape sequence. ====================================================== Name: CVE-2000-0705 Status: Entry Reference: BUGTRAQ:20000802 [ Hackerslab bug_paper ] ntop web mode vulnerabliity Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0459.html Reference: REDHAT:RHSA-2000:049 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-049.html Reference: BID:1550 Reference: URL:http://www.securityfocus.com/bid/1550 Reference: XF:ntop-remote-file-access Reference: OSVDB:1496 Reference: URL:http://www.osvdb.org/1496 ntop running in web mode allows remote attackers to read arbitrary files via a .. (dot dot) attack. ====================================================== Name: CVE-2000-0706 Status: Entry Reference: FREEBSD:FreeBSD-SA-00:36 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:36.ntop.asc Reference: DEBIAN:20000830 ntop: Still remotely exploitable using buffer overflows Reference: URL:http://www.debian.org/security/2000/20000830 Reference: BID:1576 Reference: URL:http://www.securityfocus.com/bid/1576 Reference: XF:ntop-bo Reference: OSVDB:1513 Reference: URL:http://www.osvdb.org/1513 Buffer overflows in ntop running in web mode allows remote attackers to execute arbitrary commands. ====================================================== Name: CVE-2000-0707 Status: Entry Reference: BUGTRAQ:20000804 PCCS MySQL DB Admin Tool v1.2.3- Advisory Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0015.html Reference: CONFIRM:http://pccs-linux.com/public/view.php3?bn=agora_pccslinux&key=965951324 Reference: BID:1557 Reference: URL:http://www.securityfocus.com/bid/1557 Reference: XF:pccs-mysql-admin-tool PCCS MySQLDatabase Admin Tool Manager 1.2.4 and earlier installs the file dbconnect.inc within the web root, which allows remote attackers to obtain sensitive information such as the administrative password. ====================================================== Name: CVE-2000-0708 Status: Entry Reference: NTBUGTRAQ:20000824 Remote DoS Attack in Pragma TelnetServer 2000 (Remote Execute Daemon) Vulnerability Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0008&L=NTBUGTRAQ&P=R4247 Reference: CONFIRM:http://www.pragmasys.com/TelnetServer/ Reference: BID:1605 Reference: URL:http://www.securityfocus.com/bid/1605 Reference: XF:telnetserver-rpc-bo Buffer overflow in Pragma Systems TelnetServer 2000 version 4.0 allows remote attackers to cause a denial of service via a long series of null characters to the rexec port. ====================================================== Name: CVE-2000-0711 Status: Entry Reference: BUGTRAQ:20000816 JDK 1.1.x Listening Socket Vulnerability (was Re: BrownOrifice can break firewalls!) Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=3999922128E.EE84TAKAGI@java-house.etl.go.jp Reference: BUGTRAQ:20000805 Dangerous Java/Netscape Security Hole Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000805020429.11774.qmail@securityfocus.com Reference: CERT:CA-2000-15 Reference: URL:http://www.cert.org/advisories/CA-2000-15.html Reference: BID:1545 Reference: URL:http://www.securityfocus.com/bid/1545 Netscape Communicator does not properly prevent a ServerSocket object from being created by untrusted entities, which allows remote attackers to create a server on the victim's system via a malicious applet, as demonstrated by Brown Orifice. ====================================================== Name: CVE-2000-0712 Status: Entry Reference: MISC:http://www.egroups.com/message/lids/1038 Reference: BUGTRAQ:2000803 LIDS severe bug Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0486.html Reference: CONFIRM:http://www.lids.org/changelog.html Reference: BID:1549 Reference: URL:http://www.securityfocus.com/bid/1549 Reference: OSVDB:1495 Reference: URL:http://www.osvdb.org/1495 Linux Intrusion Detection System (LIDS) 0.9.7 allows local users to gain root privileges when LIDS is disabled via the security=0 boot option. ====================================================== Name: CVE-2000-0716 Status: Entry Reference: NTBUGTRAQ:20000809 Session hijacking in Alt-N's MDaemon 2.8 Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0008&L=ntbugtraq&F=&S=&P=459 Reference: BID:1553 Reference: URL:http://www.securityfocus.com/bid/1553 Reference: XF:mdaemon-session-id-hijack Reference: URL:http://xforce.iss.net/static/5070.php WorldClient email client in MDaemon 2.8 includes the session ID in the referer field of an HTTP request when the user clicks on a URL, which allows the visited web site to hijcak the session ID and read the user's email. ====================================================== Name: CVE-2000-0717 Status: Entry Reference: BUGTRAQ:20000830 [EXPL] GoodTech's FTP Server vulnerable to a DoS (RNTO) Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=02ff01c0124c$e9387660$0201a8c0@aviram Reference: BID:1619 Reference: URL:http://www.securityfocus.com/bid/1619 Reference: XF:ftp-goodtech-rnto-dos(5166) Reference: URL:http://xforce.iss.net/xforce/xfdb/5166 GoodTech FTP server allows remote attackers to cause a denial of service via a large number of RNTO commands. ====================================================== Name: CVE-2000-0718 Status: Entry Reference: BUGTRAQ:20000812 MDKSA-2000:034 MandrakeUpdate update Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0146.html Reference: BID:1567 Reference: URL:http://www.securityfocus.com/bid/1567 A race condition in MandrakeUpdate allows local users to modify RPM files while they are in the /tmp directory before they are installed. ====================================================== Name: CVE-2000-0720 Status: Entry Reference: BUGTRAQ:20000829 News Publisher CGI Vulnerability Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=003301c0123b$18f8c1a0$953b29d4@e8s9s4 Reference: BID:1621 Reference: URL:http://www.securityfocus.com/bid/1621 Reference: XF:news-publisher-add-author(5169) Reference: URL:http://xforce.iss.net/static/5169.php news.cgi in GWScripts News Publisher does not properly authenticate requests to add an author to the author index, which allows remote attackers to add new authors by directly posting an HTTP request to the new.cgi program with an addAuthor parameter, and setting the Referer to the news.cgi program. ====================================================== Name: CVE-2000-0725 Status: Entry Reference: CONFIRM:http://www.zope.org/Products/Zope/Hotfix_08_09_2000/security_alert Reference: REDHAT:RHSA-2000:052 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-052.html Reference: DEBIAN:20000821 zope: unauthorized escalation of privilege (update) Reference: URL:http://www.debian.org/security/2000/20000821 Reference: BUGTRAQ:20000821 Conectiva Linux Security Announcement - Zope Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0259.html Reference: BUGTRAQ:20000816 MDKSA-2000:035 Zope update Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0198.html Reference: BID:1577 Reference: URL:http://www.securityfocus.com/bid/1577 Zope before 2.2.1 does not properly restrict access to the getRoles method, which allows users who can edit DTML to add or modify roles by modifying the roles list that is included in a request. ====================================================== Name: CVE-2000-0726 Status: Entry Reference: BUGTRAQ:20000829 Stalker's CGImail Gives Read Access to All Server Files Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000829194618.H7744@thathost.com Reference: BID:1623 Reference: URL:http://www.securityfocus.com/bid/1623 Reference: XF:mailers-cgimail-spoof(5165) Reference: URL:http://xforce.iss.net/xforce/xfdb/5165 CGIMail.exe CGI program in Stalkerlab Mailers 1.1.2 allows remote attackers to read arbitrary files by specifying the file in the $Attach$ hidden form variable. ====================================================== Name: CVE-2000-0727 Status: Entry Reference: BUGTRAQ:20000829 MDKSA-2000:041 - xpdf update Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96766355023239&w=2 Reference: BUGTRAQ:20000913 Conectiva Linux Security Announcement - xpdf Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96886599829687&w=2 Reference: DEBIAN:20000910 xpdf: local exploit Reference: URL:http://www.debian.org/security/2000/20000910a Reference: REDHAT:RHSA-2000:060 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-060.html Reference: CALDERA:CSSA-2000-031.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-031.0.txt Reference: BID:1624 Reference: URL:http://www.securityfocus.com/bid/1624 xpdf PDF viewer client earlier than 0.91 does not properly launch a web browser for embedded URL's, which allows an attacker to execute arbitrary commands via a URL that contains shell metacharacters. ====================================================== Name: CVE-2000-0728 Status: Entry Reference: BUGTRAQ:20000829 MDKSA-2000:041 - xpdf update Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96766355023239&w=2 Reference: BUGTRAQ:20000913 Conectiva Linux Security Announcement - xpdf Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96886599829687&w=2 Reference: DEBIAN:20000910a Reference: REDHAT:RHSA-2000:060 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-060.html Reference: CALDERA:CSSA-2000-031.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-031.0.txt Reference: BID:1624 Reference: URL:http://www.securityfocus.com/bid/1624 xpdf PDF viewer client earlier than 0.91 allows local users to overwrite arbitrary files via a symlink attack. ====================================================== Name: CVE-2000-0729 Status: Entry Reference: FREEBSD:FreeBSD-SA-00:41 Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-08/0337.html Reference: BID:1625 Reference: URL:http://www.securityfocus.com/bid/1625 Reference: XF:freebsd-elf-dos(5967) Reference: URL:http://xforce.iss.net/xforce/xfdb/5967 Reference: OSVDB:1534 Reference: URL:http://www.osvdb.org/1534 FreeBSD 5.x, 4.x, and 3.x allows local users to cause a denial of service by executing a program with a malformed ELF image header. ====================================================== Name: CVE-2000-0730 Status: Entry Reference: HP:HPSBUX0008-118 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0144.html Reference: BID:1580 Reference: URL:http://www.securityfocus.com/bid/1580 Vulnerability in newgrp command in HP-UX 11.0 allows local users to gain privileges. ====================================================== Name: CVE-2000-0731 Status: Entry Reference: NTBUGTRAQ:20000825 DST2K0023: Directory Traversal Possible & Denial of Service in Wo rm HTTP Server Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0111.html Reference: BID:1626 Reference: URL:http://www.securityfocus.com/bid/1626 Reference: XF:wormhttp-dir-traverse(5148) Reference: URL:http://xforce.iss.net/static/5148.php Reference: OSVDB:1535 Reference: URL:http://www.osvdb.org/1535 Directory traversal vulnerability in Worm HTTP server allows remote attackers to read arbitrary files via a .. (dot dot) attack. ====================================================== Name: CVE-2000-0732 Status: Entry Reference: NTBUGTRAQ:20000825 DST2K0023: Directory Traversal Possible & Denial of Service in Wo rm HTTP Server Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0111.html Reference: BID:1626 Reference: URL:http://www.securityfocus.com/bid/1626 Reference: XF:wormhttp-filename-dos Reference: URL:http://xforce.iss.net/static/5149.php Worm HTTP server allows remote attackers to cause a denial of service via a long URL. ====================================================== Name: CVE-2000-0733 Status: Entry Reference: BUGTRAQ:20000814 [LSD] IRIX telnetd remote vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0154.html Reference: SGI:20000801-02-P Reference: URL:ftp://sgigate.sgi.com/security/20000801-02-P Reference: BID:1572 Reference: URL:http://www.securityfocus.com/bid/1572 Telnetd telnet server in IRIX 5.2 through 6.1 does not properly cleans user-injected format strings, which allows remote attackers to execute arbitrary commands via a long RLD variable in the IAC-SB-TELOPT_ENVIRON request. ====================================================== Name: CVE-2000-0737 Status: Entry Reference: MS:MS00-053 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-053.asp Reference: BID:1535 Reference: URL:http://www.securityfocus.com/bid/1535 The Service Control Manager (SCM) in Windows 2000 creates predictable named pipes, which allows a local user with console access to gain administrator privileges, aka the "Service Control Manager Named Pipe Impersonation" vulnerability. ====================================================== Name: CVE-2000-0738 Status: Entry Reference: NTBUGTRAQ:20000818 WebShield SMTP infinite loop DoS Attack Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0101.html Reference: BID:1589 Reference: URL:http://www.securityfocus.com/bid/1589 Reference: XF:webshield-smtp-dos Reference: URL:http://xforce.iss.net/static/5100.php WebShield SMTP 4.5 allows remote attackers to cause a denial of service by sending e-mail with a From: address that has a . (period) at the end, which causes WebShield to continuously send itself copies of the e-mail. ====================================================== Name: CVE-2000-0739 Status: Entry Reference: BUGTRAQ:20000802 NAI Net Tools PKI Server vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0473.html Reference: CONFIRM:http://download.nai.com/products/licensed/pgp/hf3pki10.txt Reference: BID:1537 Reference: URL:http://www.securityfocus.com/bid/1537 Reference: XF:nettools-pki-dir-traverse(5066) Reference: URL:http://xforce.iss.net/static/5066.php Reference: OSVDB:1489 Reference: URL:http://www.osvdb.org/1489 Directory traversal vulnerability in strong.exe program in NAI Net Tools PKI server 1.0 before HotFix 3 allows remote attackers to read arbitrary files via a .. (dot dot) attack in an HTTPS request to the enrollment server. ====================================================== Name: CVE-2000-0740 Status: Entry Reference: BUGTRAQ:20000802 NAI Net Tools PKI Server vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0473.html Reference: CONFIRM:http://download.nai.com/products/licensed/pgp/hf3pki10.txt Reference: BID:1536 Reference: URL:http://www.securityfocus.com/bid/1536 Reference: XF:nai-nettools-strong-bo(5026) Reference: URL:http://xforce.iss.net/static/5026.php Reference: OSVDB:1488 Reference: URL:http://www.osvdb.org/1488 Buffer overflow in strong.exe program in NAI Net Tools PKI server 1.0 before HotFix 3 allows remote attackers to execute arbitrary commands via a long URL in the HTTPS port. ====================================================== Name: CVE-2000-0741 Status: Entry Reference: BUGTRAQ:20000802 NAI Net Tools PKI Server vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0473.html Reference: CONFIRM:http://download.nai.com/products/licensed/pgp/hf3pki10.txt Reference: BID:1538 Reference: URL:http://www.securityfocus.com/bid/1538 Reference: OSVDB:1490 Reference: URL:http://www.osvdb.org/1490 Format string vulnerability in strong.exe program in NAI Net Tools PKI server 1.0 before HotFix 3 allows remote attackers to execute arbitrary code via format strings in a URL with a .XUDA extension. ====================================================== Name: CVE-2000-0742 Status: Entry Reference: BUGTRAQ:20000602 ipx storm Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&mid=63120 Reference: MS:MS00-054 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-054.asp Reference: BID:1544 Reference: URL:http://www.securityfocus.com/bid/1544 Reference: XF:win-ipx-ping-packet(5079) Reference: URL:http://xforce.iss.net/static/5079.php The IPX protocol implementation in Microsoft Windows 95 and 98 allows remote attackers to cause a denial of service by sending a ping packet with a source IP address that is a broadcast address, aka the "Malformed IPX Ping Packet" vulnerability. ====================================================== Name: CVE-2000-0743 Status: Entry Reference: BUGTRAQ:20000810 Remote vulnerability in Gopherd 2.x Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0112.html Reference: BID:1569 Reference: URL:http://www.securityfocus.com/bid/1569 Buffer overflow in University of Minnesota (UMN) gopherd 2.x allows remote attackers to execute arbitrary commands via a DES key generation request (GDESkey) that contains a long ticket value. ====================================================== Name: CVE-2000-0744 Status: Entry DEPRECATED. This entry has been deprecated. It is a duplicate of CVE-2000-0743. ====================================================== Name: CVE-2000-0745 Status: Entry Reference: BUGTRAQ:20000821 Vuln. in all sites using PHP-Nuke, versions less than 3 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0243.html Reference: BID:1592 Reference: URL:http://www.securityfocus.com/bid/1592 Reference: OSVDB:1521 Reference: URL:http://www.osvdb.org/1521 admin.php3 in PHP-Nuke does not properly verify the PHP-Nuke administrator password, which allows remote attackers to gain privileges by requesting a URL that does not specify the aid or pwd parameter. ====================================================== Name: CVE-2000-0747 Status: Entry Reference: BUGTRAQ:20000726 CONECTIVA LINUX SECURITY ANNOUNCEMENT - OPENLDAP Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0379.html Reference: XF:openldap-logrotate-script-dos(5036) Reference: URL:http://xforce.iss.net/xforce/xfdb/5036 The logrotate script for OpenLDAP before 1.2.11 in Conectiva Linux sends an improper signal to the kernel log daemon (klogd) and kills it. ====================================================== Name: CVE-2000-0749 Status: Entry Reference: FREEBSD:FreeBSD-SA-00:42 Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-08/0338.html Reference: BID:1628 Reference: URL:http://www.securityfocus.com/bid/1628 Reference: XF:freebsd-linux-module-bo(5968) Reference: URL:http://xforce.iss.net/xforce/xfdb/5968 Reference: OSVDB:1536 Reference: URL:http://www.osvdb.org/1536 Buffer overflow in the Linux binary compatibility module in FreeBSD 3.x through 5.x allows local users to gain root privileges via long filenames in the linux shadow file system. ====================================================== Name: CVE-2000-0750 Status: Entry Reference: BUGTRAQ:20000808 OpenBSD 2.7 / NetBSD 1.4.2 mopd buffer overflow Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0064.html Reference: FREEBSD:FreeBSD-SA-00:40 Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-08/0336.html Reference: OPENBSD:20000705 Mopd contained a buffer overflow. Reference: URL:http://www.openbsd.org/errata.html#mopd Reference: REDHAT:RHSA-2000:050 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-050.html Reference: MISC:http://cvsweb.netbsd.org/bsdweb.cgi/basesrc/usr.sbin/mopd/mopd/process.c.diff?r1=1.7&r2=1.8&f=h Reference: BID:1558 Reference: URL:http://www.securityfocus.com/bid/1558 Buffer overflow in mopd (Maintenance Operations Protocol loader daemon) allows remote attackers to execute arbitrary commands via a long file name. ====================================================== Name: CVE-2000-0751 Status: Entry Reference: BUGTRAQ:20000808 OpenBSD 2.7 / NetBSD 1.4.2 mopd buffer overflow Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0064.html Reference: FREEBSD:FreeBSD-SA-00:40 Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-08/0336.html Reference: OPENBSD:20000705 Mopd contained a buffer overflow. Reference: URL:http://www.openbsd.org/errata.html#mopd Reference: REDHAT:RHSA-2000:050 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-050.html Reference: MISC:http://cvsweb.netbsd.org/bsdweb.cgi/basesrc/usr.sbin/mopd/mopd/process.c.diff?r1=1.7&r2=1.8&f=h Reference: BID:1559 Reference: URL:http://www.securityfocus.com/bid/1559 mopd (Maintenance Operations Protocol loader daemon) does not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands. ====================================================== Name: CVE-2000-0753 Status: Entry Reference: BUGTRAQ:20000824 Outlook winmail.dat Reference: URL:http://www.securityfocus.com/archive/1/78240 Reference: BUGTRAQ:20010802 Outlook 2000 Rich Text information disclosure Reference: URL:http://www.securityfocus.com/archive/1/201422 Reference: BID:1631 Reference: URL:http://www.securityfocus.com/bid/1631 Reference: XF:outlook-reveal-path(5508) Reference: URL:http://xforce.iss.net/static/5508.php The Microsoft Outlook mail client identifies the physical path of the sender's machine within a winmail.dat attachment to Rich Text Format (RTF) files. ====================================================== Name: CVE-2000-0754 Status: Entry Reference: HP:HPSBUX0008-119 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0144.html Reference: BID:1581 Reference: URL:http://www.securityfocus.com/bid/1581 Vulnerability in HP OpenView Network Node Manager (NMM) version 6.1 related to passwords. ====================================================== Name: CVE-2000-0758 Status: Entry Reference: BUGTRAQ:20000811 Lyris List Manager Administration Hole Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0149.html Reference: CONFIRM:http://www.lyris.com/lm/lm_updates.html Reference: BID:1584 Reference: URL:http://www.securityfocus.com/bid/1584 The web interface for Lyris List Manager 3 and 4 allows list subscribers to obtain administrative access by modifying the value of the list_admin hidden form field. ====================================================== Name: CVE-2000-0761 Status: Entry Reference: BUGTRAQ:20000815 OS/2 Warp 4.5 FTP Server DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0166.html Reference: CONFIRM:ftp://ftp.software.ibm.com/ps/products/tcpip/fixes/v4.3os2/ic27721/README Reference: BID:1582 Reference: URL:http://www.securityfocus.com/bid/1582 OS2/Warp 4.5 FTP server allows remote attackers to cause a denial of service via a long username. ====================================================== Name: CVE-2000-0762 Status: Entry Reference: BUGTRAQ:20000811 eTrust Access Control - Root compromise for default install Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=004601c003a1$ba473260$ddeaa2cd@itradefair.net Reference: CONFIRM:http://support.ca.com/techbases/eTrust/etrust_access_control-response.html Reference: BID:1583 Reference: URL:http://www.securityfocus.com/bid/1583 Reference: XF:etrust-access-control-default Reference: URL:http://xforce.iss.net/static/5076.php Reference: OSVDB:1517 Reference: URL:http://www.osvdb.org/1517 The default installation of eTrust Access Control (formerly SeOS) uses a default encryption key, which allows remote attackers to spoof the eTrust administrator and gain privileges. ====================================================== Name: CVE-2000-0763 Status: Entry Reference: BUGTRAQ:20000816 xlock vulnerability Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000815231724.A14694@subterrain.net Reference: DEBIAN:20000816 xlockmore: possible shadow file compromise Reference: URL:http://www.debian.org/security/2000/20000816 Reference: FREEBSD:FreeBSD-SA-00:44.xlockmore Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-08/0340.html Reference: BUGTRAQ:20000817 Conectiva Linux Security Announcement - xlockmore Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0212.html Reference: BUGTRAQ:20000823 MDKSA-2000:038 - xlockmore update Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0294.html Reference: BID:1585 Reference: URL:http://www.securityfocus.com/bid/1585 xlockmore and xlockf do not properly cleanse user-injected format strings, which allows local users to gain root privileges via the -d option. ====================================================== Name: CVE-2000-0764 Status: Entry Reference: BUGTRAQ:20000828 Intel Express Switch 500 series DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0338.html Reference: BID:1609 Reference: URL:http://www.securityfocus.com/bid/1609 Reference: XF:intel-express-switch-dos Reference: URL:http://xforce.iss.net/static/5154.php Intel Express 500 series switches allow a remote attacker to cause a denial of service via a malformed IP packet. ====================================================== Name: CVE-2000-0765 Status: Entry Reference: MS:MS00-056 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-056.asp Reference: BID:1561 Reference: URL:http://www.securityfocus.com/bid/1561 Buffer overflow in the HTML interpreter in Microsoft Office 2000 allows an attacker to execute arbitrary commands via a long embedded object tag, aka the "Microsoft Office HTML Object Tag" vulnerability. ====================================================== Name: CVE-2000-0766 Status: Entry Reference: BUGTRAQ:20000819 D.o.S Vulnerability in vqServer Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200008270354.UAA10952@user4.hushmail.com Reference: BID:1610 Reference: URL:http://www.securityfocus.com/bid/1610 Reference: XF:vqserver-get-dos Reference: URL:http://xforce.iss.net/static/5152.php Buffer overflow in vqSoft vqServer 1.4.49 allows remote attackers to cause a denial of service or possibly gain privileges via a long HTTP GET request. ====================================================== Name: CVE-2000-0767 Status: Entry Reference: MS:MS00-055 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-055.asp Reference: BID:1564 Reference: URL:http://www.securityfocus.com/bid/1564 The ActiveX control for invoking a scriptlet in Internet Explorer 4.x and 5.x renders arbitrary file types instead of HTML, which allows an attacker to read arbitrary files, aka the "Scriptlet Rendering" vulnerability. ====================================================== Name: CVE-2000-0768 Status: Entry Reference: MS:MS00-055 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-055.asp Reference: BID:1564 Reference: URL:http://www.securityfocus.com/bid/1564 A function in Internet Explorer 4.x and 5.x does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files, aka a variant of the "Frame Domain Verification" vulnerability. ====================================================== Name: CVE-2000-0770 Status: Entry Reference: MS:MS00-057 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-057.asp Reference: BID:1565 Reference: URL:http://www.securityfocus.com/bid/1565 IIS 4.0 and 5.0 does not properly restrict access to certain types of files when their parent folders have less restrictive permissions, which could allow remote attackers to bypass access restrictions to some files, aka the "File Permission Canonicalization" vulnerability. ====================================================== Name: CVE-2000-0771 Status: Entry Reference: MS:MS00-062 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-062.asp Reference: BID:1613 Reference: URL:http://www.securityfocus.com/bid/1613 Microsoft Windows 2000 allows local users to cause a denial of service by corrupting the local security policy via malformed RPC traffic, aka the "Local Security Policy Corruption" vulnerability. ====================================================== Name: CVE-2000-0773 Status: Entry Reference: BUGTRAQ:20000731 Two security flaws in Bajie Webserver Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0426.html Reference: BID:1522 Reference: URL:http://www.securityfocus.com/bid/1522 Reference: XF:bajie-view-arbitrary-files(5021) Reference: URL:http://xforce.iss.net/xforce/xfdb/5021 Bajie HTTP web server 0.30a allows remote attackers to read arbitrary files via a URL that contains a "....", a variant of the dot dot directory traversal attack. ====================================================== Name: CVE-2000-0776 Status: Entry Reference: BUGTRAQ:20000810 [DeepZone Advisory] Statistics Server 5.02x stack overflow (Win2k remote exploit) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0118.html Reference: BID:1568 Reference: URL:http://www.securityfocus.com/bid/1568 Reference: XF:mediahouse-stats-livestats-bo(5113) Reference: URL:http://xforce.iss.net/static/5113.php Mediahouse Statistics Server 5.02x allows remote attackers to execute arbitrary commands via a long HTTP GET request. ====================================================== Name: CVE-2000-0777 Status: Entry Reference: MS:MS00-061 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-061.asp Reference: BID:1615 Reference: URL:http://www.securityfocus.com/bid/1615 The password protection feature of Microsoft Money can store the password in plaintext, which allows attackers with physical access to the system to obtain the password, aka the "Money Password" vulnerability. ====================================================== Name: CVE-2000-0778 Status: Entry Reference: MS:MS00-058 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-058.asp Reference: BUGTRAQ:20000815 Translate:f summary, history and thoughts Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=080D5336D882D211B56B0060080F2CD696A7C9@beta.mia.cz Reference: NTBUGTRAQ:20000816 Translate: f Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0008&L=ntbugtraq&F=&S=&P=5212 Reference: BID:1578 Reference: URL:http://www.securityfocus.com/bid/1578 Reference: OVAL:oval:org.mitre.oval:def:927 Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:927 IIS 5.0 allows remote attackers to obtain source code for .ASP files and other scripts via an HTTP GET request with a "Translate: f" header, aka the "Specialized Header" vulnerability. ====================================================== Name: CVE-2000-0779 Status: Entry Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#Improper_stderr Reference: BID:1534 Reference: URL:http://www.securityfocus.com/bid/1534 Reference: OSVDB:1487 Reference: URL:http://www.osvdb.org/1487 Checkpoint Firewall-1 with the RSH/REXEC setting enabled allows remote attackers to bypass access restrictions and connect to a RSH/REXEC client via malformed connection requests. ====================================================== Name: CVE-2000-0780 Status: Entry Reference: BUGTRAQ:20000830 Vulnerability Report On IPSWITCH's IMail Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96767207207553&w=2 Reference: CONFIRM:http://www.ipswitch.com/Support/IMail/news.html Reference: BID:1617 Reference: URL:http://www.securityfocus.com/bid/1617 The web server in IPSWITCH IMail 6.04 and earlier allows remote attackers to read and delete arbitrary files via a .. (dot dot) attack. ====================================================== Name: CVE-2000-0781 Status: Entry Reference: BUGTRAQ:20000728 Client Agent 6.62 for Unix Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0431.html Reference: BID:1519 Reference: URL:http://www.securityfocus.com/bid/1519 Reference: XF:arcserveit-clientagent-temp-file(5023) Reference: URL:http://xforce.iss.net/xforce/xfdb/5023 uagentsetup in ARCServeIT Client Agent 6.62 does not properly check for the existence or ownership of a temporary file which is moved to the agent.cfg configuration file, which allows local users to execute arbitrary commands by modifying the temporary file before it is moved. ====================================================== Name: CVE-2000-0782 Status: Entry Reference: BUGTRAQ:20000817 Netauth: Web Based Email Management System Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NEBBJCLKGNOGCOIOBJNAGEHLCPAA.marc@eeye.com Reference: CONFIRM:http://netwinsite.com/netauth/updates.htm Reference: BID:1587 Reference: URL:http://www.securityfocus.com/bid/1587 Reference: XF:netwin-netauth-dir-traverse(5090) Reference: URL:http://xforce.iss.net/xforce/xfdb/5090 netauth.cgi program in Netwin Netauth 4.2e and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack. ====================================================== Name: CVE-2000-0783 Status: Entry Reference: BUGTRAQ:20000815 Watchguard Firebox Authentication DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0162.html Reference: BID:1573 Reference: URL:http://www.securityfocus.com/bid/1573 Reference: XF:firebox-url-dos Reference: URL:http://xforce.iss.net/static/5098.php Watchguard Firebox II allows remote attackers to cause a denial of service by sending a malformed URL to the authentication service on port 4100. ====================================================== Name: CVE-2000-0786 Status: Entry Reference: BUGTRAQ:20000726 userv security boundary tool 1.0.1 (SECURITY FIX) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0389.html Reference: DEBIAN:20000727 userv: local exploit Reference: URL:http://www.debian.org/security/2000/20000727 Reference: CONFIRM:http://marc.theaimsgroup.com/?l=bugtraq&m=96473640717095&w=2 Reference: BID:1516 Reference: URL:http://www.securityfocus.com/bid/1516 GNU userv 1.0.0 and earlier does not properly perform file descriptor swapping, which can corrupt the USERV_GROUPS and USERV_GIDS environmental variables and allow local users to bypass some access restrictions. ====================================================== Name: CVE-2000-0787 Status: Entry Reference: BUGTRAQ: 20000817 XChat URL handler vulnerabilty Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0215.html Reference: BID:1601 Reference: URL:http://www.securityfocus.com/bid/1601 Reference: REDHAT:RHSA-2000:055 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-055.html Reference: BUGTRAQ:20000824 MDKSA-2000:039 - xchat update Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0301.html Reference: BUGTRAQ:20000825 Conectiva Linux Security Announcement - xchat Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0305.html IRC Xchat client versions 1.4.2 and earlier allows remote attackers to execute arbitrary commands by encoding shell metacharacters into a URL which XChat uses to launch a web browser. ====================================================== Name: CVE-2000-0788 Status: Entry Reference: BUGTRAQ:20000807 MS Word and MS Access vulnerability - executing arbitrary programs, may be exploited by IE/Outlook Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=398EB9CA.27E03A9C@nat.bg Reference: MS:MS00-071 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-071.asp Reference: BID:1566 Reference: URL:http://www.securityfocus.com/bid/1566 Reference: XF:word-mail-merge(5322) Reference: URL:http://xforce.iss.net/static/5322.php The Mail Merge tool in Microsoft Word does not prompt the user before executing Visual Basic (VBA) scripts in an Access database, which could allow an attacker to execute arbitrary commands. ====================================================== Name: CVE-2000-0790 Status: Entry Reference: BUGTRAQ:20000828 IE 5.5/5.x for Win98 may execute arbitrary files that can be accessed thru Microsoft Networking. Also local Administrator compromise at least on default Windows 2000. Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=3998370D.732A03F1@nat.bg Reference: BID:1571 Reference: URL:http://www.securityfocus.com/bid/1571 Reference: XF:ie-folder-remote-exe(5097) Reference: URL:http://xforce.iss.net/static/5097.php The web-based folder display capability in Microsoft Internet Explorer 5.5 on Windows 98 allows local users to insert Trojan horse programs by modifying the Folder.htt file and using the InvokeVerb method in the ShellDefView ActiveX control to specify a default execute option for the first file that is listed in the folder. ====================================================== Name: CVE-2000-0792 Status: Entry Reference: BUGTRAQ:20000819 Security update for Gnome-Lokkit Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0252.html Reference: BID:1590 Reference: URL:http://www.securityfocus.com/bid/1590 Reference: OSVDB:1520 Reference: URL:http://www.osvdb.org/1520 Gnome Lokkit firewall package before 0.41 does not properly restrict access to some ports, even if a user does not make any services available. ====================================================== Name: CVE-2000-0795 Status: Entry Reference: BUGTRAQ:20000802 [LSD] some unpublished LSD exploit codes Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200008021924.e72JOVs12558@ix.put.poznan.pl Reference: BID:1529 Reference: URL:http://www.securityfocus.com/bid/1529 Reference: OSVDB:1485 Reference: URL:http://www.osvdb.org/1485 Buffer overflow in lpstat in IRIX 6.2 and 6.3 allows local users to gain root privileges via a long -n option. ====================================================== Name: CVE-2000-0796 Status: Entry Reference: BUGTRAQ:20000802 [LSD] some unpublished LSD exploit codes Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200008021924.e72JOVs12558@ix.put.poznan.pl Reference: BID:1528 Reference: URL:http://www.securityfocus.com/bid/1528 Reference: OSVDB:1484 Reference: URL:http://www.osvdb.org/1484 Reference: XF:irix-dmplay-bo(5064) Reference: URL:http://xforce.iss.net/static/5064.php Buffer overflow in dmplay in IRIX 6.2 and 6.3 allows local users to gain root privileges via a long command line option. ====================================================== Name: CVE-2000-0797 Status: Entry Reference: BUGTRAQ:20000802 [LSD] some unpublished LSD exploit codes Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200008021924.e72JOVs12558@ix.put.poznan.pl Reference: SGI:20040104-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040104-01-P.asc Reference: BID:1526 Reference: URL:http://www.securityfocus.com/bid/1526 Reference: XF:irix-grosview-bo(5062) Reference: URL:http://xforce.iss.net/xforce/xfdb/5062 Reference: OSVDB:3815 Reference: URL:http://www.osvdb.org/3815 Buffer overflow in gr_osview in IRIX 6.2 and 6.3 allows local users to gain privileges via a long -D option. ====================================================== Name: CVE-2000-0799 Status: Entry Reference: BUGTRAQ:20000802 [LSD] some unpublished LSD exploit codes Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200008021924.e72JOVs12558@ix.put.poznan.pl Reference: SGI:20001101-01-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20001101-01-I Reference: BID:1530 Reference: URL:http://www.securityfocus.com/bid/1530 Reference: XF:irix-inpview-symlink(5065) Reference: URL:http://xforce.iss.net/static/5065.php inpview in InPerson in SGI IRIX 5.3 through IRIX 6.5.10 allows local users to gain privileges via a symlink attack on the .ilmpAAA temporary file. ====================================================== Name: CVE-2000-0803 Status: Entry Reference: ISS:20001004 GNU Groff utilities read untrusted commands from current working directory Reference: XF:gnu-groff-utilities(5280) Reference: URL:http://xforce.iss.net/xforce/xfdb/5280 GNU Groff uses the current working directory to find a device description file, which allows a local user to gain additional privileges by including a malicious postpro directive in the description file, which is executed when another user runs groff. ====================================================== Name: CVE-2000-0804 Status: Entry Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#One-way_Connection Reference: XF:fw1-remote-bypass Reference: URL:http://xforce.iss.net/static/5468.php Reference: OSVDB:4419 Reference: URL:http://www.osvdb.org/4419 Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to bypass the directionality check via fragmented TCP connection requests or reopening closed TCP connection requests, aka "One-way Connection Enforcement Bypass." ====================================================== Name: CVE-2000-0805 Status: Entry Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#Retransmission_of Reference: XF:fw1-client-spoof Reference: URL:http://xforce.iss.net/static/5469.php Reference: OSVDB:4415 Reference: URL:http://www.osvdb.org/4415 Check Point VPN-1/FireWall-1 4.1 and earlier improperly retransmits encapsulated FWS packets, even if they do not come from a valid FWZ client, aka "Retransmission of Encapsulated Packets." ====================================================== Name: CVE-2000-0806 Status: Entry Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#Inter-module_Communications Reference: XF:fw1-fwa1-auth-replay Reference: URL:http://xforce.iss.net/static/5162.php Reference: OSVDB:4413 Reference: URL:http://www.osvdb.org/4413 The inter-module authentication mechanism (fwa1) in Check Point VPN-1/FireWall-1 4.1 and earlier may allow remote attackers to conduct a denial of service, aka "Inter-module Communications Bypass." ====================================================== Name: CVE-2000-0807 Status: Entry Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#OPSEC_Authentication Reference: XF:fw1-opsec-auth-spoof Reference: URL:http://xforce.iss.net/static/5471.php Reference: OSVDB:4420 Reference: URL:http://www.osvdb.org/4420 The OPSEC communications authentication mechanism (fwn1) in Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to spoof connections, aka the "OPSEC Authentication Vulnerability." ====================================================== Name: CVE-2000-0808 Status: Entry Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#One-time_Password Reference: XF:fw1-localhost-auth Reference: URL:http://xforce.iss.net/static/5137.php Reference: OSVDB:4421 Reference: URL:http://www.osvdb.org/4421 The seed generation mechanism in the inter-module S/Key authentication mechanism in Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to bypass authentication via a brute force attack, aka "One-time (s/key) Password Authentication." ====================================================== Name: CVE-2000-0809 Status: Entry Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#Getkey_Buffer Reference: XF:fw1-getkey-bo Reference: URL:http://xforce.iss.net/static/5139.php Reference: OSVDB:4422 Reference: URL:http://www.osvdb.org/4422 Buffer overflow in Getkey in the protocol checker in the inter-module communication mechanism in Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to cause a denial of service. ====================================================== Name: CVE-2000-0810 Status: Entry Reference: BUGTRAQ:20001016 File deletion and other bugs in Auction Weaver LITE 1.0 - 1.04 Reference: BID:1782 Reference: URL:http://www.securityfocus.com/bid/1782 Reference: XF:auction-weaver-delete-files Reference: URL:http://xforce.iss.net/static/5371.php Reference: OSVDB:1600 Reference: URL:http://www.osvdb.org/1600 Auction Weaver 1.0 through 1.04 does not properly validate the names of form fields, which allows remote attackers to delete arbitrary files and directories via a .. (dot dot) attack. ====================================================== Name: CVE-2000-0811 Status: Entry Reference: BUGTRAQ:20001016 File deletion and other bugs in Auction Weaver LITE 1.0 - 1.04 Reference: BID:1783 Reference: URL:http://www.securityfocus.com/bid/1783 Reference: XF:auction-weaver-username-bidfile Reference: URL:http://xforce.iss.net/static/5372.php Reference: OSVDB:4053 Reference: URL:http://www.osvdb.org/4053 Auction Weaver 1.0 through 1.04 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the username or bidfile form fields. ====================================================== Name: CVE-2000-0813 Status: Entry Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#FTP_Connection Reference: XF:fw1-ftp-redirect Reference: URL:http://xforce.iss.net/static/5474.php Reference: OSVDB:4434 Reference: URL:http://www.osvdb.org/4434 Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to redirect FTP connections to other servers ("FTP Bounce") via invalid FTP commands that are processed improperly by FireWall-1, aka "FTP Connection Enforcement Bypass." ====================================================== Name: CVE-2000-0816 Status: Entry Reference: ISS:20001006 Insecure call of external programs in Red Hat Linux tmpwatch Reference: URL:http://xforce.iss.net/alerts/advise64.php Reference: REDHAT:RHSA-2000:080 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-080.html Reference: MANDRAKE:MDKSA-2000:056 Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-056.php3?dis=7.1 Reference: BID:1785 Reference: URL:http://www.securityfocus.com/bid/1785 Reference: XF:linux-tmpwatch-fuser(5320) Reference: URL:http://xforce.iss.net/xforce/xfdb/5320 Linux tmpwatch --fuser option allows local users to execute arbitrary commands by creating files whose names contain shell metacharacters. ====================================================== Name: CVE-2000-0818 Status: Entry Reference: ISS:20001025 Vulnerability in the Oracle Listener Program Reference: URL:http://xforce.iss.net/alerts/advise66.php Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/listener_alert.pdf Reference: XF:oracle-listener-connect-statements(5380) Reference: URL:http://xforce.iss.net/xforce/xfdb/5380 The default installation for the Oracle listener program 7.3.4, 8.0.6, and 8.1.6 allows an attacker to cause logging information to be appended to arbitrary files and execute commands via the SET TRC_FILE or SET LOG_FILE commands. ====================================================== Name: CVE-2000-0824 Status: Entry Reference: BUGTRAQ:19990917 A few bugs... Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93760201002154&w=2 Reference: BUGTRAQ:20000831 glibc unsetenv bug Reference: URL:http://www.securityfocus.com/archive/1/79537 Reference: CALDERA:CSSA-2000-028.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-028.0.txt Reference: DEBIAN:20000902 glibc: local root exploit Reference: URL:http://www.debian.org/security/2000/20000902 Reference: MANDRAKE:MDKSA-2000:040 Reference: URL:http://www.linux-mandrake.com/en/updates/MDKSA-2000-040.php3 Reference: MANDRAKE:MDKSA-2000:045 Reference: URL:http://www.linux-mandrake.com/en/updates/MDKSA-2000-045.php3 Reference: REDHAT:RHSA-2000:057 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-057.html Reference: TURBO:TLSA2000020-1 Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2000-September/000020.html Reference: SUSE:20000924 glibc locale security problem Reference: URL:http://www.novell.com/linux/security/advisories/adv5_draht_glibc_txt.html Reference: BUGTRAQ:20000902 Conectiva Linux Security Announcement - glibc Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0436.html Reference: BUGTRAQ:20000905 Conectiva Linux Security Announcement - glibc Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0509.html Reference: BUGTRAQ:20000906 [slackware-security]: glibc 2.1.3 vulnerabilities patched Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0525.html Reference: BID:648 Reference: URL:http://www.securityfocus.com/bid/648 Reference: BID:1639 Reference: URL:http://www.securityfocus.com/bid/1639 Reference: XF:glibc-ld-unsetenv Reference: URL:http://xforce.iss.net/static/5173.php The unsetenv function in glibc 2.1.1 does not properly unset an environmental variable if the variable is provided twice to a program, which could allow local users to execute arbitrary commands in setuid programs by specifying their own duplicate environmental variables such as LD_PRELOAD or LD_LIBRARY_PATH. ====================================================== Name: CVE-2000-0825 Status: Entry Reference: BUGTRAQ:20000817 Imail Web Service Remote DoS Attack v.2 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96659012127444&w=2 Reference: NTBUGTRAQ:20000817 Imail Web Service Remote DoS Attack v.2 Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=96654521004571&w=2 Reference: WIN2KSEC:20000817 Imail Web Service Remote DoS Attack v.2 Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q3/0071.html Reference: XF:ipswitch-imail-remote-dos(5475) Reference: URL:http://xforce.iss.net/static/5475.php Reference: BID:2011 Reference: URL:http://www.securityfocus.com/bid/2011 Ipswitch Imail 6.0 allows remote attackers to cause a denial of service via a large number of connections in which a long Host: header is sent, which causes a thread to crash. ====================================================== Name: CVE-2000-0829 Status: Entry Reference: BUGTRAQ:20000909 tmpwatch: local DoS : fork()bomb as root Reference: URL:http://www.securityfocus.com/archive/1/81364 Reference: REDHAT:RHSA-2000:080 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-080.html Reference: BID:1664 Reference: URL:http://www.securityfocus.com/bid/1664 Reference: XF:linux-tmpwatch-fork-dos Reference: URL:http://xforce.iss.net/static/5217.php The tmpwatch utility in Red Hat Linux forks a new process for each directory level, which allows local users to cause a denial of service by creating deeply nested directories in /tmp or /var/tmp/. ====================================================== Name: CVE-2000-0830 Status: Entry Reference: BUGTRAQ:20000913 trivial DoS in webTV Reference: URL:http://www.securityfocus.com/archive/1/81852 Reference: MS:MS00-074 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-074.asp Reference: BID:1671 Reference: URL:http://www.securityfocus.com/bid/1671 Reference: XF:webtv-udp-dos Reference: URL:http://xforce.iss.net/static/5216.php annclist.exe in webTV for Windows allows remote attackers to cause a denial of service by via a large, malformed UDP packet to ports 22701 through 22705. ====================================================== Name: CVE-2000-0834 Status: Entry Reference: ATSTAKE:A091400-1 Reference: URL:http://www.atstake.com/research/advisories/2000/a091400-1.txt Reference: MS:MS00-067 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-067.asp Reference: BID:1683 Reference: URL:http://www.securityfocus.com/bid/1683 Reference: XF:win2k-telnet-ntlm-authentication Reference: URL:http://xforce.iss.net/static/5242.php The Windows 2000 telnet client attempts to perform NTLM authentication by default, which allows remote attackers to capture and replay the NTLM challenge/response via a telnet:// URL that points to the malicious server, aka the "Windows 2000 Telnet Client NTLM Authentication" vulnerability. ====================================================== Name: CVE-2000-0837 Status: Entry Reference: BUGTRAQ:20000804 FTP Serv-U 2.5e vulnerability. Reference: URL:http://www.securityfocus.com/archive/1/73843 Reference: BID:1543 Reference: URL:http://www.securityfocus.com/bid/1543 Reference: XF:servu-null-character-dos Reference: URL:http://xforce.iss.net/static/5029.php FTP Serv-U 2.5e allows remote attackers to cause a denial of service by sending a large number of null bytes. ====================================================== Name: CVE-2000-0838 Status: Entry Reference: WIN2KSEC:20000914 DST2K0028: DoS in FUR HTTP Server v1.0b Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q3/0111.html Reference: XF:fur-get-dos(5237) Reference: URL:http://xforce.iss.net/static/5237.php Fastream FUR HTTP server 1.0b allows remote attackers to cause a denial of service via a long GET request. ====================================================== Name: CVE-2000-0839 Status: Entry Reference: BUGTRAQ:20000919 VIGILANTE-2000013: WinCOM LPD DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0212.html Reference: BID:1701 Reference: URL:http://www.securityfocus.com/bid/1701 Reference: XF:wincom-lpd-dos(5258) Reference: URL:http://xforce.iss.net/static/5258.php WinCOM LPD 1.00.90 allows remote attackers to cause a denial of service via a large number of LPD options to the LPD port (515). ====================================================== Name: CVE-2000-0844 Status: Entry Reference: BUGTRAQ:20000904 UNIX locale format string vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0457.html Reference: DEBIAN:20000902 glibc: local root exploit Reference: URL:http://www.debian.org/security/2000/20000902 Reference: CALDERA:CSSA-2000-030.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-030.0.txt Reference: REDHAT:RHSA-2000:057 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-057.html Reference: SUSE:20000906 glibc locale security problem Reference: URL:http://www.novell.com/linux/security/advisories/adv5_draht_glibc_txt.html Reference: TURBO:TLSA2000020-1 Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2000-September/000020.html Reference: AIXAPAR:IY13753 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0427.html Reference: COMPAQ:SSRT0689U Reference: URL:http://archives.neohapsis.com/archives/tru64/2000-q4/0000.html Reference: SGI:20000901-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20000901-01-P Reference: BUGTRAQ:20000902 Conectiva Linux Security Announcement - glibc Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0436.html Reference: BID:1634 Reference: URL:http://www.securityfocus.com/bid/1634 Reference: XF:unix-locale-format-string(5176) Reference: URL:http://xforce.iss.net/xforce/xfdb/5176 Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen. ====================================================== Name: CVE-2000-0846 Status: Entry Reference: BUGTRAQ:20000821 Darxite daemon remote exploit/DoS problem Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0256.html Reference: BID:1598 Reference: URL:http://www.securityfocus.com/bid/1598 Reference: XF:darxite-login-bo Reference: URL:http://xforce.iss.net/static/5134.php Buffer overflow in Darxite 0.4 and earlier allows a remote attacker to execute arbitrary commands via a long username or password. ====================================================== Name: CVE-2000-0847 Status: Entry Reference: BUGTRAQ:20000901 UW c-client library vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0425.html Reference: BUGTRAQ:20000901 More about UW c-client library Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0437.html Reference: FREEBSD:FreeBSD-SA-00:47.pine Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-09/0108.html Reference: BID:1646 Reference: URL:http://www.securityfocus.com/bid/1646 Reference: BID:1687 Reference: URL:http://www.securityfocus.com/bid/1687 Reference: XF:c-client-dos(5223) Reference: URL:http://xforce.iss.net/xforce/xfdb/5223 Buffer overflow in University of Washington c-client library (used by pine and other programs) allows remote attackers to execute arbitrary commands via a long X-Keywords header. ====================================================== Name: CVE-2000-0848 Status: Entry Reference: BUGTRAQ:20000915 WebSphere application server plugin issue & vendor fix Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0192.html Reference: MISC:http://www-4.ibm.com/software/webservers/appserv/doc/v3022/fxpklst.htm#Security Reference: BID:1691 Reference: URL:http://www.securityfocus.com/bid/1691 Reference: XF:websphere-header-dos Reference: URL:http://xforce.iss.net/static/5252.php Buffer overflow in IBM WebSphere web application server (WAS) allows remote attackers to execute arbitrary commands via a long Host: request header. ====================================================== Name: CVE-2000-0849 Status: Entry Reference: MS:MS00-064 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-064.asp Reference: BID:1655 Reference: URL:http://www.securityfocus.com/bid/1655 Reference: XF:unicast-service-dos(5193) Reference: URL:http://xforce.iss.net/xforce/xfdb/5193 Race condition in Microsoft Windows Media server allows remote attackers to cause a denial of service in the Windows Media Unicast Service via a malformed request, aka the "Unicast Service Race Condition" vulnerability. ====================================================== Name: CVE-2000-0850 Status: Entry Reference: ATSTAKE:A091100-1 Reference: URL:http://www.atstake.com/research/advisories/2000/a091100-1.txt Reference: BID:1681 Reference: URL:http://www.securityfocus.com/bid/1681 Reference: XF:siteminder-bypass-authentication Reference: URL:http://xforce.iss.net/static/5230.php Netegrity SiteMinder before 4.11 allows remote attackers to bypass its authentication mechanism by appending "$/FILENAME.ext" (where ext is .ccc, .class, or .jpg) to the requested URL. ====================================================== Name: CVE-2000-0851 Status: Entry Reference: ATSTAKE:A090700-1 Reference: URL:http://www.atstake.com/research/advisories/2000/a090700-1.txt Reference: MS:MS00-065 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-065.asp Reference: BID:1651 Reference: URL:http://www.securityfocus.com/bid/1651 Reference: XF:w2k-still-image-service Reference: URL:http://xforce.iss.net/static/5203.php Buffer overflow in the Still Image Service in Windows 2000 allows local users to gain additional privileges via a long WM_USER message, aka the "Still Image Service Privilege Escalation" vulnerability. ====================================================== Name: CVE-2000-0852 Status: Entry Reference: FREEBSD:FreeBSD-SA-00:49 Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-09/0110.html Reference: BID:1686 Reference: URL:http://www.securityfocus.com/bid/1686 Reference: XF:freebsd-eject-port Reference: URL:http://xforce.iss.net/static/5248.php Reference: OSVDB:1559 Reference: URL:http://www.osvdb.org/1559 Multiple buffer overflows in eject on FreeBSD and possibly other OSes allows local users to gain root privileges. ====================================================== Name: CVE-2000-0853 Status: Entry Reference: BUGTRAQ:20000909 YaBB 1.9.2000 Vulnerabilitie Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0072.html Reference: BID:1668 Reference: URL:http://www.securityfocus.com/bid/1668 Reference: XF:yabb-file-access Reference: URL:http://xforce.iss.net/static/5254.php YaBB Bulletin Board 9.1.2000 allows remote attackers to read arbitrary files via a .. (dot dot) attack. ====================================================== Name: CVE-2000-0854 Status: Entry Reference: WIN2KSEC:20000918 Double clicking on MS Office documents from Windows Explorer may execute arbitrary programs in some cases Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q3/0117.html Reference: BUGTRAQ:20000922 Eudora + riched20.dll affects WinZip v8.0 as well Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0277.html Reference: BID:1699 Reference: URL:http://www.securityfocus.com/bid/1699 Reference: NTBUGTRAQ:20000921 Mitigators for possible exploit of Eudora via Guninski #21,2000 Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0155.html Reference: XF:office-dll-execution(5263) Reference: URL:http://xforce.iss.net/static/5263.php When a Microsoft Office 2000 document is launched, the directory of that document is first used to locate DLL's such as riched20.dll and msi.dll, which could allow an attacker to execute arbitrary commands by inserting a Trojan Horse DLL into the same directory as the document. ====================================================== Name: CVE-2000-0856 Status: Entry Reference: BUGTRAQ:20000901 [EXPL] SunFTP vulnerable to two Denial-of-Service attacks (long buffer, half-open) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0408.html Reference: BID:1638 Reference: URL:http://www.securityfocus.com/bid/1638 Buffer overflow in SunFTP build 9(1) allows remote attackers to cause a denial of service or possibly execute arbitrary commands via a long GET request. ====================================================== Name: CVE-2000-0858 Status: Entry Reference: BUGTRAQ:20000906 VIGILANTE-2000009: "Invalid URL" DoS Reference: URL:http://www.securityfocus.com/archive/1/80413 Reference: MS:MS00-063 Reference: URL:http://archives.neohapsis.com/archives/vendor/2000-q3/0065.html Reference: BID:1642 Reference: URL:http://www.securityfocus.com/bid/1642 Reference: XF:iis-invald-url-dos Reference: URL:http://xforce.iss.net/static/5202.php Vulnerability in Microsoft Windows NT 4.0 allows remote attackers to cause a denial of service in IIS by sending it a series of malformed requests which cause INETINFO.EXE to fail, aka the "Invalid URL" vulnerability. ====================================================== Name: CVE-2000-0859 Status: Entry Reference: BUGTRAQ:20000904 VIGILANTE-2000008: NTMail Configuration Service DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0471.html Reference: BID:1640 Reference: URL:http://www.securityfocus.com/bid/1640 Reference: XF:ntmail-incomplete-http-requests Reference: URL:http://xforce.iss.net/static/5182.php The web configuration server for NTMail V5 and V6 allows remote attackers to cause a denial of service via a series of partial HTTP requests. ====================================================== Name: CVE-2000-0860 Status: Entry Reference: BUGTRAQ:20000903 (SRADV00001) Arbitrary file disclosure through PHP file upload Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0455.html Reference: BUGTRAQ:20000904 Re: [PHP-DEV] RE: (SRADV00001) Arbitrary file disclosure through PHP file upload Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0477.html Reference: CONFIRM:http://cvsweb.php.net/viewcvs.cgi/php4/main/rfc1867.c.diff?r1=1.38%3Aphp_4_0_2&tr1=1.1&r2=text&tr2=1.45&diff_format=u Reference: MANDRAKE:MDKSA-2000:048 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0150.html Reference: BID:1649 Reference: URL:http://www.securityfocus.com/bid/1649 Reference: XF:php-file-upload Reference: URL:http://xforce.iss.net/static/5190.php The file upload capability in PHP versions 3 and 4 allows remote attackers to read arbitrary files by setting hidden form fields whose names match the names of internal PHP script variables. ====================================================== Name: CVE-2000-0861 Status: Entry Reference: BUGTRAQ:20000907 Mailman 1.1 + external archiver vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0040.html Reference: FREEBSD:FreeBSD-SA-00:51 Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-09/0112.html Reference: BID:1667 Reference: URL:http://www.securityfocus.com/bid/1667 Reference: XF:mailman-execute-external-commands(5493) Reference: URL:http://xforce.iss.net/xforce/xfdb/5493 Mailman 1.1 allows list administrators to execute arbitrary commands via shell metacharacters in the %(listname) macro expansion. ====================================================== Name: CVE-2000-0862 Status: Entry Reference: ALLAIRE:ASB00-23 Reference: URL:http://archives.neohapsis.com/archives/vendor/2000-q3/0059.html Reference: XF:allaire-spectra-admin-access Reference: URL:http://xforce.iss.net/static/5466.php Vulnerability in an administrative interface utility for Allaire Spectra 1.0.1 allows remote attackers to read and modify sensitive configuration information. ====================================================== Name: CVE-2000-0863 Status: Entry Reference: FREEBSD:FreeBSD-SA-00:50 Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-09/0111.html Reference: XF:listmanager-port-bo Reference: URL:http://xforce.iss.net/static/5503.php Buffer overflow in listmanager earlier than 2.105.1 allows local users to gain additional privileges. ====================================================== Name: CVE-2000-0864 Status: Entry Reference: FREEBSD:FreeBSD-SA-00:45 Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-08/0365.html Reference: BUGTRAQ:20000911 Patch for esound-0.2.19 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0095.html Reference: MANDRAKE:MDKSA-2000:051 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0328.htm Reference: REDHAT:RHSA-2000:077 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-077.html Reference: DEBIAN:20001008 esound: race condition Reference: URL:http://www.debian.org/security/2000/20001008 Reference: BUGTRAQ:20001006 Immunix OS Security Update for esound Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0118.html Reference: SUSE:20001012 esound daemon race condition Reference: URL:http://www.novell.com/linux/security/advisories/esound_daemon_race_condition.html Reference: BID:1659 Reference: URL:http://www.securityfocus.com/bid/1659 Reference: XF:gnome-esound-symlink Reference: URL:http://xforce.iss.net/static/5213.php Race condition in the creation of a Unix domain socket in GNOME esound 0.2.19 and earlier allows a local user to change the permissions of arbitrary files and directories, and gain additional privileges, via a symlink attack. ====================================================== Name: CVE-2000-0865 Status: Entry Reference: BUGTRAQ:20000916 Advisory: Tridia DoubleVision / SCO UnixWare Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0185.html Reference: BID:1697 Reference: URL:http://www.securityfocus.com/bid/1697 Reference: XF:doublevision-dvtermtype-bo Reference: URL:http://xforce.iss.net/static/5261.php Buffer overflow in dvtermtype in Tridia Double Vision 3.07.00 allows local users to gain root privileges via a long terminal type argument. ====================================================== Name: CVE-2000-0867 Status: Entry Reference: BUGTRAQ:20000917 klogd format bug Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0193.html Reference: REDHAT:RHSA-2000:061 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-061.html Reference: DEBIAN:20000919 Reference: MANDRAKE:MDKSA-2000:050 Reference: URL:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2000:050 Reference: CALDERA:CSSA-2000-032.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2000-032.0.txt Reference: TURBO:TLSA2000022-2 Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2000-September/000023.html Reference: SUSE:20000920 syslogd + klogd format string parsing error Reference: URL:http://www.novell.com/linux/security/advisories/adv9_draht_syslogd_txt.html Reference: BUGTRAQ:20000918 Conectiva Linux Security Announcement - sysklogd Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97726239017741&w=2 Reference: XF:klogd-format-string Reference: URL:http://xforce.iss.net/static/5259.php Reference: OSVDB:5824 Reference: URL:http://www.osvdb.org/5824 Kernel logging daemon (klogd) in Linux does not properly cleanse user-injected format strings, which allows local users to gain root privileges by triggering malformed kernel messages. ====================================================== Name: CVE-2000-0868 Status: Entry Reference: ATSTAKE:A090700-2 Reference: URL:http://www.atstake.com/research/advisories/2000/a090700-2.txt Reference: SUSE:20000907 Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2000-q3/0906.html Reference: BID:1658 Reference: URL:http://www.securityfocus.com/bid/1658 Reference: XF:suse-apache-cgi-source-code Reference: URL:http://xforce.iss.net/static/5197.php The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/. ====================================================== Name: CVE-2000-0869 Status: Entry Reference: ATSTAKE:A090700-3 Reference: URL:http://www.atstake.com/research/advisories/2000/a090700-3.txt Reference: SUSE:20000907 Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2000-q3/0906.html Reference: BID:1656 Reference: URL:http://www.securityfocus.com/bid/1656 Reference: XF:apache-webdav-directory-listings Reference: URL:http://xforce.iss.net/static/5204.php The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method. ====================================================== Name: CVE-2000-0870 Status: Entry Reference: BUGTRAQ:20000911[EXPL] EFTP vulnerable to two DoS attacks Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0089.html Reference: BID:1675 Reference: URL:http://www.securityfocus.com/bid/1675 Reference: XF:eftp-bo Reference: URL:http://xforce.iss.net/static/5219.php Reference: OSVDB:1555 Reference: URL:http://www.osvdb.org/1555 Buffer overflow in EFTP allows remote attackers to cause a denial of service via a long string. ====================================================== Name: CVE-2000-0871 Status: Entry Reference: BUGTRAQ:20000911[EXPL] EFTP vulnerable to two DoS attacks Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0089.html Reference: BID:1677 Reference: URL:http://www.securityfocus.com/bid/1677 Reference: XF:eftp-newline-dos Reference: URL:http://xforce.iss.net/static/5220.php Reference: OSVDB:409 Reference: URL:http://www.osvdb.org/409 Buffer overflow in EFTP allows remote attackers to cause a denial of service by sending a string that does not contain a newline, then disconnecting from the server. ====================================================== Name: CVE-2000-0873 Status: Entry Reference: BUGTRAQ:20000903 aix allows clearing the interface stats Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0454.html Reference: BID:1660 Reference: URL:http://www.securityfocus.com/bid/1660 Reference: XF:aix-clear-netstat Reference: URL:http://xforce.iss.net/static/5214.php netstat in AIX 4.x.x does not properly restrict access to the -Zi option, which allows local users to clear network interface statistics and possibly hide evidence of unusual network activities. ====================================================== Name: CVE-2000-0874 Status: Entry Reference: BUGTRAQ:20000907 Eudora disclosure Reference: URL:http://www.securityfocus.com/archive/1/80888 Reference: BID:1653 Reference: URL:http://www.securityfocus.com/bid/1653 Reference: XF:eudora-path-disclosure Reference: URL:http://xforce.iss.net/static/5206.php Reference: OSVDB:1545 Reference: URL:http://www.osvdb.org/1545 Eudora mail client includes the absolute path of the sender's host within a virtual card (VCF). ====================================================== Name: CVE-2000-0875 Status: Entry Reference: BUGTRAQ:20000905 WFTPD/WFTPD Pro 2.41 RC12 vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0488.html Reference: CONFIRM:http://www.wftpd.com/bug_gpf.htm Reference: XF:wftpd-long-string-dos Reference: URL:http://xforce.iss.net/static/5194.php WFTPD and WFTPD Pro 2.41 RC12 allows remote attackers to cause a denial of service by sending a long string of unprintable characters. ====================================================== Name: CVE-2000-0876 Status: Entry Reference: BUGTRAQ:20000905 WFTPD/WFTPD Pro 2.41 RC12 vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0488.html Reference: XF:wftpd-path-disclosure Reference: URL:http://xforce.iss.net/static/5196.php Reference: OSVDB:5829 Reference: URL:http://www.osvdb.org/5829 WFTPD and WFTPD Pro 2.41 RC12 allows remote attackers to obtain the full pathname of the server via a "%C" command, which generates an error message that includes the pathname. ====================================================== Name: CVE-2000-0877 Status: Entry Reference: BUGTRAQ:20000911 Unsafe passing of variables to mailform.pl in MailForm V2.0 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0092.html Reference: BID:1670 Reference: URL:http://www.securityfocus.com/bid/1670 Reference: XF:mailform-attach-file Reference: URL:http://xforce.iss.net/static/5224.php mailform.pl CGI script in MailForm 2.0 allows remote attackers to read arbitrary files by specifying the file name in the XX-attach_file parameter, which MailForm then sends to the attacker. ====================================================== Name: CVE-2000-0878 Status: Entry Reference: BUGTRAQ:20000911 Fwd: Poor variable checking in mailto.cgi Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0088.html Reference: BID:1669 Reference: URL:http://www.securityfocus.com/bid/1669 Reference: XF:mailto-piped-address Reference: URL:http://xforce.iss.net/static/5241.php The mailto CGI script allows remote attacker to execute arbitrary commands via shell metacharacters in the emailadd form field. ====================================================== Name: CVE-2000-0883 Status: Entry Reference: MANDRAKE:MDKSA-2000:046 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0111.html Reference: BID:1678 Reference: URL:http://www.securityfocus.com/bid/1678 Reference: XF:linux-mod-perl Reference: URL:http://xforce.iss.net/static/5257.php The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory. ====================================================== Name: CVE-2000-0884 Status: Entry Reference: BUGTRAQ:20001017 IIS %c1%1c remote command execution Reference: MS:MS00-078 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-078.asp Reference: BID:1806 Reference: URL:http://www.securityfocus.com/bid/1806 Reference: XF:iis-unicode-translation Reference: URL:http://xforce.iss.net/static/5377.php Reference: OSVDB:436 Reference: URL:http://www.osvdb.org/436 Reference: OVAL:oval:org.mitre.oval:def:44 Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:44 IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the "Web Server Folder Traversal" vulnerability. ====================================================== Name: CVE-2000-0886 Status: Entry Reference: BUGTRAQ:20001107 NSFOCUS SA2000-07 : Microsoft IIS 4.0/5.0 CGI File Name Inspection Vulnerability Reference: URL:http://www.securityfocus.com/templates/archive.pike?mid=143604&list=1&fromthread=0&end=2000-11-11&threads=0&start=2000-11-05& Reference: MS:MS00-086 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-086.asp Reference: BID:1912 Reference: URL:http://www.securityfocus.com/bid/1912 Reference: XF:iis-invalid-filename-passing(5470) Reference: URL:http://xforce.iss.net/xforce/xfdb/5470 Reference: OVAL:oval:org.mitre.oval:def:191 Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:191 IIS 5.0 allows remote attackers to execute arbitrary commands via a malformed request for an executable file whose name is appended with operating system commands, aka the "Web Server File Request Parsing" vulnerability. ====================================================== Name: CVE-2000-0887 Status: Entry Reference: BUGTRAQ:20001107 BIND 8.2.2-P5 Possible DOS Reference: URL:http://www.securityfocus.com/archive/1/143843 Reference: VULN-DEV:20001107 Possible DOS in Bind 8.2.2-P5 Reference: VULN-DEV:20001109 Re: Possible DOS in Bind 8.2.2-P5 Reference: CERT:CA-2000-20 Reference: URL:http://www.cert.org/advisories/CA-2000-20.html Reference: REDHAT:RHSA-2000:107 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-107.html Reference: DEBIAN:20001112 bind: remote Denial of Service Reference: URL:http://www.debian.org/security/2000/20001112 Reference: BUGTRAQ:20001115 Trustix Security Advisory - bind and openssh (and modutils) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0217.html Reference: SUSE:SuSE-SA:2000:45 Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2000-q4/0657.html Reference: IBM:ERS-SVA-E01-2000:005.1 Reference: MANDRAKE:MDKSA-2000:067 Reference: URL:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2000:067 Reference: CONECTIVA:CLSA-2000:338 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000338 Reference: CONECTIVA:CLSA-2000:339 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000339 Reference: BID:1923 Reference: URL:http://www.securityfocus.com/bid/1923 Reference: XF:bind-zxfr-dos(5540) Reference: URL:http://xforce.iss.net/xforce/xfdb/5540 named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a denial of service by making a compressed zone transfer (ZXFR) request and performing a name service query on an authoritative record that is not cached, aka the "zxfr bug." ====================================================== Name: CVE-2000-0888 Status: Entry Reference: CERT:CA-2000-20 Reference: URL:http://www.cert.org/advisories/CA-2000-20.html Reference: REDHAT:RHSA-2000:107 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-107.html Reference: MANDRAKE:MDKSA-2000:067 Reference: URL:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2000:067 Reference: CONECTIVA:CLSA-2000:338 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000338 Reference: CONECTIVA:CLSA-2000:339 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000339 Reference: DEBIAN:20001112 bind: remote Denial of Service Reference: URL:http://www.debian.org/security/2000/20001112 Reference: IBM:ERS-SVA-E01-2000:005.1 Reference: SUSE:SuSE-SA:2000:45 Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2000-q4/0657.html Reference: XF:bind-srv-dos(5814) Reference: URL:http://xforce.iss.net/xforce/xfdb/5814 named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a denial of service by sending an SRV record to the server, aka the "srv bug." ====================================================== Name: CVE-2000-0890 Status: Entry Reference: CERT-VN:VU#626919 Reference: URL:http://www.kb.cert.org/vuls/id/626919 Reference: FREEBSD:FreeBSD-SA-01:12 Reference: XF:periodic-temp-file-symlink(6047) Reference: URL:http://xforce.iss.net/xforce/xfdb/6047 Reference: BID:2325 Reference: URL:http://www.securityfocus.com/bid/2325 Reference: OSVDB:1754 Reference: URL:http://www.osvdb.org/1754 periodic in FreeBSD 4.1.1 and earlier, and possibly other operating systems, allows local users to overwrite arbitrary files via a symlink attack. ====================================================== Name: CVE-2000-0891 Status: Entry Reference: CERT-VN:VU#5962 Reference: URL:http://www.kb.cert.org/vuls/id/5962 Reference: CONFIRM:http://www.notes.net/R5FixList.nsf/Search!SearchView&Query=CBAT45TU9S Reference: XF:lotus-notes-bypass-ecl(5045) Reference: URL:http://xforce.iss.net/static/5045.php A default ECL in Lotus Notes before 5.02 allows remote attackers to execute arbitrary commands by attaching a malicious program in an email message that is automatically executed when the user opens the email. ====================================================== Name: CVE-2000-0892 Status: Entry Reference: CERT-VN:VU#22404 Reference: URL:http://www.kb.cert.org/vuls/id/22404 Reference: XF:telnet-obtain-env-variable(6644) Reference: URL:http://xforce.iss.net/static/6644.php Some telnet clients allow remote telnet servers to request environment variables from the client that may contain sensitive information, or remote web servers to obtain the information via a telnet: URL. ====================================================== Name: CVE-2000-0894 Status: Entry Reference: ISS:20001214 Multiple vulnerabilities in the WatchGuard SOHO Firewall Reference: URL:http://xforce.iss.net/alerts/advise70.php Reference: XF:watchguard-soho-web-auth(5554) Reference: URL:http://xforce.iss.net/xforce/xfdb/5554 Reference: BID:2119 Reference: URL:http://www.securityfocus.com/bid/2119 Reference: OSVDB:4404 Reference: URL:http://www.osvdb.org/4404 HTTP server on the WatchGuard SOHO firewall does not properly restrict access to administrative functions such as password resets or rebooting, which allows attackers to cause a denial of service or conduct unauthorized activities. ====================================================== Name: CVE-2000-0895 Status: Entry Reference: ISS:20001214 Multiple vulnerabilities in the WatchGuard SOHO Firewall Reference: URL:http://xforce.iss.net/alerts/advise70.php Reference: BID:2114 Reference: URL:http://www.securityfocus.com/bid/2114 Reference: XF:watchguard-soho-web-dos(5218) Reference: URL:http://xforce.iss.net/xforce/xfdb/5218 Reference: OSVDB:4403 Reference: URL:http://www.osvdb.org/4403 Buffer overflow in HTTP server on the WatchGuard SOHO firewall allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long GET request. ====================================================== Name: CVE-2000-0896 Status: Entry Reference: ISS:20001214 Multiple vulnerabilities in the WatchGuard SOHO Firewall Reference: URL:http://xforce.iss.net/alerts/advise70.php Reference: XF:watchguard-soho-fragmented-packets Reference: URL:http://xforce.iss.net/static/5749.php Reference: BID:2113 Reference: URL:http://www.securityfocus.com/bid/2113 Reference: OSVDB:1690 Reference: URL:http://www.osvdb.org/1690 WatchGuard SOHO firewall allows remote attackers to cause a denial of service via a flood of fragmented IP packets, which causes the firewall to drop connections and stop forwarding packets. ====================================================== Name: CVE-2000-0897 Status: Entry Reference: BUGTRAQ:20001114 Vulnerabilites in SmallHTTP Server Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97421834001092&w=2 Reference: CONFIRM:http://home.lanck.net/mf/srv/index.htm Reference: BID:1941 Reference: URL:http://www.securityfocus.com/bid/1941 Reference: XF:small-http-nofile-dos(5524) Reference: URL:http://xforce.iss.net/static/5524.php Small HTTP Server 2.03 and earlier allows remote attackers to cause a denial of service by repeatedly requesting a URL that references a directory that does not contain an index.html file, which consumes memory that is not released after the request is completed. ====================================================== Name: CVE-2000-0900 Status: Entry Reference: BUGTRAQ:20001002 thttpd ssi: retrieval of arbitrary world-readable files Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0025.html Reference: FREEBSD:FreeBSD-SA-00:73 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:73.thttpd.asc Reference: XF:acme-thttpd-ssi Reference: URL:http://xforce.iss.net/static/5313.php Reference: BID:1737 Reference: URL:http://www.securityfocus.com/bid/1737 Directory traversal vulnerability in ssi CGI program in thttpd 2.19 and earlier allows remote attackers to read arbitrary files via a "%2e%2e" string, a variation of the .. (dot dot) attack. ====================================================== Name: CVE-2000-0901 Status: Entry Reference: BUGTRAQ:20000906 Screen-3.7.6 local compromise Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0530.html Reference: BUGTRAQ:20000905 screen 3.9.5 root vulnerability Reference: URL:http://www.securityfocus.com/archive/1/80178 Reference: DEBIAN:20000902a Reference: MANDRAKE:MDKSA-2000:044 Reference: URL:http://www.linux-mandrake.com/en/updates/MDKSA-2000-044.php3 Reference: SUSE:20000906 screen format string parsing security problem Reference: URL:http://www.novell.com/linux/security/advisories/adv6_draht_screen_txt.html Reference: REDHAT:RHSA-2000:058 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-058.html Reference: FREEBSD:FreeBSD-SA-00:46 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:46.screen.asc Reference: BID:1641 Reference: URL:http://www.securityfocus.com/bid/1641 Reference: XF:screen-format-string Reference: URL:http://xforce.iss.net/static/5188.php Format string vulnerability in screen 3.9.5 and earlier allows local users to gain root privileges via format characters in the vbell_msg initialization variable. ====================================================== Name: CVE-2000-0908 Status: Entry Reference: BUGTRAQ:20000921 DST2K0031: DoS in BrowseGate(Home) v2.80(H) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96956211605302&w=2 Reference: WIN2KSEC:20000921 DST2K0031: DoS in BrowseGate(Home) v2.80(H) Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q3/0128.html Reference: CONFIRM:http://www.netcplus.com/browsegate.htm#BGLatest Reference: XF:browsegate-http-dos Reference: URL:http://xforce.iss.net/static/5270.php Reference: BID:1702 Reference: URL:http://www.securityfocus.com/bid/1702 BrowseGate 2.80 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via long Authorization or Referer MIME headers in the HTTP request. ====================================================== Name: CVE-2000-0909 Status: Entry Reference: BUGTRAQ:20000922 [ no subject ] Reference: URL:http://www.securityfocus.com/archive/1/84901 Reference: BUGTRAQ:20001031 FW: Pine 4.30 now available Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0441.html Reference: FREEBSD:FreeBSD-SA-00:59 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:59.pine.asc Reference: REDHAT:RHSA-2000:102 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-102.html Reference: MANDRAKE:MDKSA-2000:073 Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-073.php3 Reference: BID:1709 Reference: URL:http://www.securityfocus.com/bid/1709 Reference: XF:pine-check-mail-bo Reference: URL:http://xforce.iss.net/static/5283.php Buffer overflow in the automatic mail checking component of Pine 4.21 and earlier allows remote attackers to execute arbitrary commands via a long From: header. ====================================================== Name: CVE-2000-0910 Status: Entry Reference: BUGTRAQ:20000908 horde library bug - unchecked from-address Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0051.html Reference: DEBIAN:20000910 imp: remote compromise Reference: URL:http://www.debian.org/security/2000/20000910 Reference: CONFIRM:http://ssl.coc-ag.de/sec/hordelib-1.2.0.frombug.patch Reference: BID:1674 Reference: URL:http://www.securityfocus.com/bid/1674 Reference: XF:horde-imp-sendmail-command Reference: URL:http://xforce.iss.net/static/5278.php Horde library 1.02 allows attackers to execute arbitrary commands via shell metacharacters in the "from" address. ====================================================== Name: CVE-2000-0911 Status: Entry Reference: BUGTRAQ:20000912 (SRADV00003) Arbitrary file disclosure through IMP Reference: URL:http://www.securityfocus.com/archive/1/82088 Reference: BID:1679 Reference: URL:http://www.securityfocus.com/bid/1679 Reference: XF:imp-attach-file Reference: URL:http://xforce.iss.net/static/5227.php IMP 2.2 and earlier allows attackers to read and delete arbitrary files by modifying the attachment_name hidden form variable, which causes IMP to send the file to the attacker as an attachment. ====================================================== Name: CVE-2000-0912 Status: Entry Reference: BUGTRAQ:20000913 MultiHTML vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0146.html Reference: XF:http-cgi-multihtml Reference: URL:http://xforce.iss.net/static/5285.php MultiHTML CGI script allows remote attackers to read arbitrary files and possibly execute arbitrary commands by specifying the file name to the "multi" parameter. ====================================================== Name: CVE-2000-0913 Status: Entry Reference: BUGTRAQ:20000929 Security vulnerability in Apache mod_rewrite Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0352.html Reference: MANDRAKE:MDKSA-2000:060 Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-060-2.php3?dis=7.1 Reference: REDHAT:RHSA-2000:088 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-088.html Reference: REDHAT:RHSA-2000:095 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-095.html Reference: CALDERA:CSSA-2000-035.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-035.0.txt Reference: HP:HPSBUX0010-126 Reference: URL:http://archives.neohapsis.com/archives/hp/2000-q4/0021.html Reference: BUGTRAQ:20001011 Conectiva Linux Security Announcement - apache Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0174.html Reference: BID:1728 Reference: URL:http://www.securityfocus.com/bid/1728 Reference: XF:apache-rewrite-view-files Reference: URL:http://xforce.iss.net/static/5310.php mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression. ====================================================== Name: CVE-2000-0914 Status: Entry Reference: BUGTRAQ:20001005 obsd_fun.c Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0078.html Reference: BID:1759 Reference: URL:http://www.securityfocus.com/bid/1759 Reference: XF:bsd-arp-request-dos Reference: URL:http://xforce.iss.net/static/5340.php Reference: OSVDB:1592 Reference: URL:http://www.osvdb.org/1592 OpenBSD 2.6 and earlier allows remote attackers to cause a denial of service by flooding the server with ARP requests. ====================================================== Name: CVE-2000-0915 Status: Entry Reference: BUGTRAQ:20001002 [sa2c@and.or.jp: bin/21704: enabling fingerd makes files world readable] Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0017.html Reference: FREEBSD:FreeBSD-SA-00:54 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:54.fingerd.asc Reference: BID:1803 Reference: URL:http://www.securityfocus.com/bid/1803 Reference: XF:freebsd-fingerd-files Reference: URL:http://xforce.iss.net/static/5385.php Reference: OSVDB:433 Reference: URL:http://www.osvdb.org/433 fingerd in FreeBSD 4.1.1 allows remote attackers to read arbitrary files by specifying the target file name instead of a regular user name. ====================================================== Name: CVE-2000-0917 Status: Entry Reference: BUGTRAQ:20000925 Format strings: bug #2: LPRng Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0293.html Reference: CERT:CA-2000-22 Reference: URL:http://www.cert.org/advisories/CA-2000-22.html Reference: CALDERA:CSSA-2000-033.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-033.0.txt Reference: REDHAT:RHSA-2000:065 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-065.html Reference: FREEBSD:FreeBSD-SA-00:56 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:56.lprng.asc Reference: XF:lprng-format-string Reference: URL:http://xforce.iss.net/static/5287.php Reference: BID:1712 Reference: URL:http://www.securityfocus.com/bid/1712 Format string vulnerability in use_syslog() function in LPRng 3.6.24 allows remote attackers to execute arbitrary commands. ====================================================== Name: CVE-2000-0919 Status: Entry Reference: BUGTRAQ:20001007 PHPix advisory Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0117.html Reference: BID:1773 Reference: URL:http://www.securityfocus.com/bid/1773 Reference: XF:phpix-dir-traversal Reference: URL:http://xforce.iss.net/static/5331.php Reference: OSVDB:472 Reference: URL:http://www.osvdb.org/472 Directory traversal vulnerability in PHPix Photo Album 1.0.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack. ====================================================== Name: CVE-2000-0920 Status: Entry Reference: BUGTRAQ:20001006 Vulnerability in BOA web server v0.94.8.2 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0092.html Reference: FREEBSD:FreeBSD-SA-00:60 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:60.boa.asc Reference: DEBIAN:20001009 boa: exposes contents of local files Reference: URL:http://www.debian.org/security/2000/20001009 Reference: BID:1770 Reference: URL:http://www.securityfocus.com/bid/1770 Reference: XF:boa-webserver-get-dir-traversal Reference: URL:http://xforce.iss.net/static/5330.php Directory traversal vulnerability in BOA web server 0.94.8.2 and earlier allows remote attackers to read arbitrary files via a modified .. (dot dot) attack in the GET HTTP request that uses a "%2E" instead of a "." ====================================================== Name: CVE-2000-0921 Status: Entry Reference: BUGTRAQ:20001007 Security Advisory: Hassan Consulting's shop.cgi Directory Traversal Vulnerability. Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0115.html Reference: BID:1777 Reference: URL:http://www.securityfocus.com/bid/1777 Reference: XF:hassan-shopping-cart-dir-traversal Reference: URL:http://xforce.iss.net/static/5342.php Reference: OSVDB:1596 Reference: URL:http://www.osvdb.org/1596 Directory traversal vulnerability in Hassan Consulting shop.cgi shopping cart program allows remote attackers to read arbitrary files via a .. (dot dot) attack on the page parameter. ====================================================== Name: CVE-2000-0922 Status: Entry Reference: BUGTRAQ:20001008 Security Advisory: Bytes Interactive's Web Shopper (shopper.cgi) Directory Traversal Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0120.html Reference: BID:1776 Reference: URL:http://www.securityfocus.com/bid/1776 Reference: XF:web-shopper-directory-traversal Reference: URL:http://xforce.iss.net/static/5351.php Directory traversal vulnerability in Bytes Interactive Web Shopper shopping cart program (shopper.cgi) 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack on the newpage parameter. ====================================================== Name: CVE-2000-0923 Status: Entry Reference: BUGTRAQ:20001006 Fwd: APlio PRO web shell Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0107.html Reference: XF:uclinux-apliophone-bin-execute Reference: URL:http://xforce.iss.net/static/5333.php Reference: BID:1784 Reference: URL:http://www.securityfocus.com/bid/1784 authenticate.cgi CGI program in Aplio PRO allows remote attackers to execute arbitrary commands via shell metacharacters in the password parameter. ====================================================== Name: CVE-2000-0924 Status: Entry Reference: BUGTRAQ:20001009 Master Index traverse advisory Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0141.html Reference: BID:1772 Reference: URL:http://www.securityfocus.com/bid/1772 Reference: XF:master-index-directory-traversal Reference: URL:http://xforce.iss.net/static/5355.php Reference: OSVDB:461 Reference: URL:http://www.osvdb.org/461 Directory traversal vulnerability in search.cgi CGI script in Armada Master Index allows remote attackers to read arbitrary files via a .. (dot dot) attack in the "catigory" parameter. ====================================================== Name: CVE-2000-0925 Status: Entry Reference: BUGTRAQ:20001002 DST2K0035: Credit card (customer) details exposed within CyberOff ice Shopping Cart v2 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97050819812055&w=2 Reference: WIN2KSEC:20001002 DST2K0035: Credit card (customer) details exposed within CyberOff ice Shopping Cart v2 Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q4/0001.html Reference: BID:1734 Reference: URL:http://www.securityfocus.com/bid/1734 Reference: XF:cyberoffice-world-readable-directory Reference: URL:http://xforce.iss.net/static/5318.php The default installation of SmartWin CyberOffice Shopping Cart 2 (aka CyberShop) installs the _private directory with world readable permissions, which allows remote attackers to obtain sensitive information. ====================================================== Name: CVE-2000-0926 Status: Entry Reference: BUGTRAQ:20001002 DST2K0036: Price modification possible in CyberOffice Shopping Cart Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97050627707128&w=2 Reference: WIN2KSEC:20001002 DST2K0036: Price modification possible in CyberOffice Shopping Ca rt Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q4/0000.html Reference: BID:1733 Reference: URL:http://www.securityfocus.com/bid/1733 Reference: XF:cyberoffice-price-modification Reference: URL:http://xforce.iss.net/static/5319.php SmartWin CyberOffice Shopping Cart 2 (aka CyberShop) allows remote attackers to modify price information by changing the "Price" hidden form variable. ====================================================== Name: CVE-2000-0927 Status: Entry Reference: NTBUGTRAQ:20000928 DST2K0037: QuotaAdvisor 4.1 by WQuinn is susceptible to alternati ve datastreams to bypass quotas. Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0173.html Reference: BUGTRAQ:20000928 DST2K0037: QuotaAdvisor 4.1 by WQuinn is susceptible to alternati ve datastreams to bypass quotas. Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09//0331.html Reference: BID:1724 Reference: URL:http://www.securityfocus.com/bid/1724 Reference: XF:quotaadvisor-quota-bypass Reference: URL:http://xforce.iss.net/static/5302.php WQuinn QuotaAdvisor 4.1 does not properly record file sizes if they are stored in alternative data streams, which allows users to bypass quota restrictions. ====================================================== Name: CVE-2000-0928 Status: Entry Reference: BUGTRAQ:20001006 DST2K0040: QuotaAdvisor 4.1 by WQuinn susceptible to any user bei ng able to list (not read) all files on any server running QuotaAdvisor. Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0091.html Reference: BID:1765 Reference: URL:http://www.securityfocus.com/bid/1765 Reference: XF:quotaadvisor-list-files Reference: URL:http://xforce.iss.net/static/5327.php WQuinn QuotaAdvisor 4.1 allows users to list directories and files by running a report on the targeted shares. ====================================================== Name: CVE-2000-0929 Status: Entry Reference: BUGTRAQ:20000929 Malformed Embedded Windows Media Player 7 "OCX Attachment" Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97024839222747&w=2 Reference: MS:MS00-068 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-068.asp Reference: BID:1714 Reference: URL:http://www.securityfocus.com/bid/1714 Reference: XF:mediaplayer-outlook-dos Reference: URL:http://xforce.iss.net/static/5309.php Microsoft Windows Media Player 7 allows attackers to cause a denial of service in RTF-enabled email clients via an embedded OCX control that is not closed properly, aka the "OCX Attachment" vulnerability. ====================================================== Name: CVE-2000-0930 Status: Entry Reference: BUGTRAQ:20001003 Pegasus mail file reading vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0039.html Reference: BUGTRAQ:20001030 Pegasus Mail file reading vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0436.html Reference: BID:1738 Reference: URL:http://www.securityfocus.com/bid/1738 Reference: XF:pegasus-file-forwarding Reference: URL:http://xforce.iss.net/static/5326.php Pegasus Mail 3.12 allows remote attackers to read arbitrary files via an embedded URL that calls the mailto: protocol with a -F switch. ====================================================== Name: CVE-2000-0932 Status: Entry Reference: NTBUGTRAQ:20000926 FW: DOS for Content Technologies' MAILsweeper for SMTP. Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0181.html Reference: XF:mailsweeper-smtp-dos Reference: URL:http://xforce.iss.net/static/5641.php MAILsweeper for SMTP 3.x does not properly handle corrupt CDA documents in a ZIP file and hangs, which allows remote attackers to cause a denial of service. ====================================================== Name: CVE-2000-0933 Status: Entry Reference: MS:MS00-069 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-069.asp Reference: BID:1729 Reference: URL:http://www.securityfocus.com/bid/1729 Reference: XF:win2k-simplified-chinese-ime Reference: URL:http://xforce.iss.net/static/5301.php The Input Method Editor (IME) in the Simplified Chinese version of Windows 2000 does not disable access to privileged functionality that should normally be restricted, which allows local users to gain privileges, aka the "Simplified Chinese IME State Recognition" vulnerability. ====================================================== Name: CVE-2000-0934 Status: Entry Reference: REDHAT:RHSA-2000:062 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-062.html Reference: BID:1703 Reference: URL:http://www.securityfocus.com/bid/1703 Reference: XF:glint-symlink Reference: URL:http://xforce.iss.net/static/5271.php Glint in Red Hat Linux 5.2 allows local users to overwrite arbitrary files and cause a denial of service via a symlink attack. ====================================================== Name: CVE-2000-0935 Status: Entry Reference: BUGTRAQ:20001030 Samba 2.0.7 SWAT vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0430.html Reference: BID:1872 Reference: URL:http://www.securityfocus.com/bid/1872 Reference: XF:samba-swat-logging-sym-link Reference: URL:http://xforce.iss.net/static/5443.php Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows local users to overwrite arbitrary files via a symlink attack on the cgi.log file. ====================================================== Name: CVE-2000-0936 Status: Entry Reference: BUGTRAQ:20001030 Samba 2.0.7 SWAT vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0430.html Reference: BID:1874 Reference: URL:http://www.securityfocus.com/bid/1874 Reference: XF:samba-swat-logfile-info Reference: URL:http://xforce.iss.net/static/5445.php Samba Web Administration Tool (SWAT) in Samba 2.0.7 installs the cgi.log logging file with world readable permissions, which allows local users to read sensitive information such as user names and passwords. ====================================================== Name: CVE-2000-0937 Status: Entry Reference: BUGTRAQ:20001030 Samba 2.0.7 SWAT vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0430.html Reference: BID:1873 Reference: URL:http://www.securityfocus.com/bid/1873 Reference: XF:samba-swat-brute-force Reference: URL:http://xforce.iss.net/static/5442.php Samba Web Administration Tool (SWAT) in Samba 2.0.7 does not log login attempts in which the username is correct but the password is wrong, which allows remote attackers to conduct brute force password guessing attacks. ====================================================== Name: CVE-2000-0938 Status: Entry Reference: BUGTRAQ:20001030 Samba 2.0.7 SWAT vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0430.html Reference: XF:samba-swat-brute-force(5442) Reference: URL:http://xforce.iss.net/xforce/xfdb/5442 Samba Web Administration Tool (SWAT) in Samba 2.0.7 supplies a different error message when a valid username is provided versus an invalid name, which allows remote attackers to identify valid users on the server. ====================================================== Name: CVE-2000-0941 Status: Entry Reference: BUGTRAQ:20001029 Remote command execution via KW Whois 1.0 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0419.html Reference: BUGTRAQ:20001029 Re: Remote command execution via KW Whois 1.0 (addition) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0420.html Reference: MISC:http://www.kootenayweb.bc.ca/scripts/whois.txt Reference: BID:1883 Reference: URL:http://www.securityfocus.com/bid/1883 Reference: XF:kw-whois-meta Reference: URL:http://xforce.iss.net/static/5438.php Kootenay Web KW Whois 1.0 CGI program allows remote attackers to execute arbitrary commands via shell metacharacters in the "whois" parameter. ====================================================== Name: CVE-2000-0942 Status: Entry Reference: BUGTRAQ:20001028 IIS 5.0 cross site scripting vulnerability - using .htw Reference: URL:http://www.securityfocus.com/archive/1/141903 Reference: MS:MS00-084 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-084.asp Reference: BID:1861 Reference: URL:http://www.securityfocus.com/bid/1861 Reference: XF:iis-htw-cross-scripting Reference: URL:http://xforce.iss.net/static/5441.php The CiWebHitsFile component in Microsoft Indexing Services for Windows 2000 allows remote attackers to conduct a cross site scripting (CSS) attack via a CiRestriction parameter in a .htw request, aka the "Indexing Services Cross Site Scripting" vulnerability. ====================================================== Name: CVE-2000-0943 Status: Entry Reference: BUGTRAQ:20001027 Potential Security Problem in bftpd-1.0.11 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0397.html Reference: BID:1858 Reference: URL:http://www.securityfocus.com/bid/1858 Reference: XF:bftpd-user-bo Reference: URL:http://xforce.iss.net/static/5426.php Buffer overflow in bftp daemon (bftpd) 1.0.11 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long USER command. ====================================================== Name: CVE-2000-0944 Status: Entry Reference: BUGTRAQ:20001027 CGI-Bug: News Update 1.1 administration password bug Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0402.html Reference: BID:1881 Reference: URL:http://www.securityfocus.com/bid/1881 Reference: XF:news-update-bypass-password Reference: URL:http://xforce.iss.net/static/5433.php CGI Script Center News Update 1.1 does not properly validate the original news administration password during a password change operation, which allows remote attackers to modify the password without knowing the original password. ====================================================== Name: CVE-2000-0945 Status: Entry Reference: BUGTRAQ:20001026 Advisory def-2000-02: Cisco Catalyst remote command execution Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0380.html Reference: BUGTRAQ:20001113 Re: 3500XL Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0194.html Reference: XF:cisco-catalyst-remote-commands(5415) Reference: URL:http://xforce.iss.net/static/5415.php Reference: BID:1846 Reference: URL:http://www.securityfocus.com/bid/1846 Reference: OSVDB:444 Reference: URL:http://www.osvdb.org/444 The web configuration interface for Catalyst 3500 XL switches allows remote attackers to execute arbitrary commands without authentication when the enable password is not set, via a URL containing the /exec/ directory. ====================================================== Name: CVE-2000-0946 Status: Entry Reference: NTBUGTRAQ:20001012 Security issue with Compaq Easy Access Keyboard software Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q4/0023.html Reference: CONFIRM:http://www5.compaq.com/support/files/desktops/us/revision/1723.html Reference: XF:compaq-ea-elevate-privileges Reference: URL:http://xforce.iss.net/static/5718.php Reference: OSVDB:5831 Reference: URL:http://www.osvdb.org/5831 Compaq Easy Access Keyboard software 1.3 does not properly disable access to custom buttons when the screen is locked, which could allow an attacker to gain privileges or execute programs without authorization. ====================================================== Name: CVE-2000-0947 Status: Entry Reference: BUGTRAQ:20001002 Very probable remote root vulnerability in cfengine Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0004.html Reference: MANDRAKE:MDKSA-2000:061 Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-061.php3?dis=7.1 Reference: NETBSD:NetBSD-SA2000-013 Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-013.txt.asc Reference: BID:1757 Reference: URL:http://www.securityfocus.com/bid/1757 Reference: XF:cfengine-cfd-format-string Reference: URL:http://xforce.iss.net/static/5630.php Format string vulnerability in cfd daemon in GNU CFEngine before 1.6.0a11 allows attackers to execute arbitrary commands via format characters in the CAUTH command. ====================================================== Name: CVE-2000-0948 Status: Entry Reference: BUGTRAQ:20001002 GnoRPM local /tmp vulnerability Reference: URL:http://www.securityfocus.com/archive/1/136866 Reference: BUGTRAQ:20001003 Conectiva Linux Security Announcement - gnorpm Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0043.html Reference: MANDRAKE:MDKSA-2000:055 Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-055.php3?dis=7.0 Reference: REDHAT:RHSA-2000:072 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-072.html Reference: BUGTRAQ:20001011 Immunix OS Security Update for gnorpm package Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0184.html Reference: BID:1761 Reference: URL:http://www.securityfocus.com/bid/1761 Reference: XF:gnorpm-temp-symlink Reference: URL:http://xforce.iss.net/static/5317.php GnoRPM before 0.95 allows local users to modify arbitrary files via a symlink attack. ====================================================== Name: CVE-2000-0949 Status: Entry Reference: BUGTRAQ:20000928 Very interesting traceroute flaw Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0344.html Reference: CALDERA:CSSA-2000-034.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-034.0.txt Reference: MANDRAKE:MDKSA-2000:053 Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-053.php3?dis=7.1 Reference: REDHAT:RHSA-2000:078 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-078.html Reference: DEBIAN:20001013 traceroute: local root exploit Reference: URL:http://www.debian.org/security/2000/20001013 Reference: TURBO:TLSA2000023-1 Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2000-October/000025.html Reference: BUGTRAQ:20000930 Conectiva Linux Security Announcement - traceroute Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0357.html Reference: BID:1739 Reference: URL:http://www.securityfocus.com/bid/1739 Reference: XF:traceroute-heap-overflow Reference: URL:http://xforce.iss.net/static/5311.php Heap overflow in savestr function in LBNL traceroute 1.4a5 and earlier allows a local user to execute arbitrary commands via the -g option. ====================================================== Name: CVE-2000-0951 Status: Entry Reference: ATSTAKE:A100400-1 Reference: URL:http://www.atstake.com/research/advisories/2000/a100400-1.txt Reference: MSKB:Q272079 Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=272079 Reference: BID:1756 Reference: URL:http://www.securityfocus.com/bid/1756 Reference: XF:iis-index-dir-traverse Reference: URL:http://xforce.iss.net/static/5335.php A misconfiguration in IIS 5.0 with Index Server enabled and the Index property set allows remote attackers to list directories in the web root via a Web Distributed Authoring and Versioning (WebDAV) search. ====================================================== Name: CVE-2000-0952 Status: Entry Reference: FREEBSD:FreeBSD-SA-00:64 Reference: NETBSD:NetBSD-SA2000-014 Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-014.txt.asc Reference: OSVDB:6486 Reference: URL:http://www.osvdb.org/6486 Reference: XF:global-execute-remote-commands Reference: URL:http://xforce.iss.net/static/5424.php global.cgi CGI program in Global 3.55 and earlier on NetBSD allows remote attackers to execute arbitrary commands via shell metacharacters. ====================================================== Name: CVE-2000-0953 Status: Entry Reference: BUGTRAQ:20001009 Shambala 4.5 vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0134.html Reference: BID:1778 Reference: URL:http://www.securityfocus.com/bid/1778 Reference: XF:shambala-connection-dos Reference: URL:http://xforce.iss.net/static/5345.php Shambala Server 4.5 allows remote attackers to cause a denial of service by opening then closing a connection. ====================================================== Name: CVE-2000-0956 Status: Entry Reference: REDHAT:RHSA-2000:094 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-094.html Reference: BID:1875 Reference: URL:http://www.securityfocus.com/bid/1875 Reference: XF:cyrus-sasl-gain-access Reference: URL:http://xforce.iss.net/static/5427.php cyrus-sasl before 1.5.24 in Red Hat Linux 7.0 does not properly verify the authorization for a local user, which could allow the users to bypass specified access restrictions. ====================================================== Name: CVE-2000-0957 Status: Entry Reference: BUGTRAQ:20001026 (SRADV00004) Remote and local vulnerabilities in pam_mysql Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0374.html Reference: XF:pammysql-auth-input Reference: URL:http://xforce.iss.net/static/5447.php The pluggable authentication module for mysql (pam_mysql) before 0.4.7 does not properly cleanse user input when constructing SQL statements, which allows attackers to obtain plaintext passwords or hashes. ====================================================== Name: CVE-2000-0958 Status: Entry Reference: BUGTRAQ:20001025 HotJava Browser 3.0 JavaScript security vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0349.html Reference: XF:hotjava-browser-dom-access Reference: URL:http://xforce.iss.net/static/5428.php HotJava Browser 3.0 allows remote attackers to access the DOM of a web page by opening a javascript: URL in a named window. ====================================================== Name: CVE-2000-0959 Status: Entry Reference: BUGTRAQ:20000926 ld.so bug - LD_DEBUG_OUTPUT follows symlinks Reference: URL:http://www.securityfocus.com/archive/1/85028 Reference: BID:1719 Reference: URL:http://www.securityfocus.com/bid/1719 Reference: XF:glibc-unset-symlink Reference: URL:http://xforce.iss.net/static/5299.php glibc2 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG environmental variables when a program is spawned from a setuid program, which could allow local users to overwrite files via a symlink attack. ====================================================== Name: CVE-2000-0960 Status: Entry Reference: BUGTRAQ:20001011 Netscape Messaging server 4.15 poor error strings Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97138100426121&w=2 Reference: BID:1787 Reference: URL:http://www.securityfocus.com/bid/1787 Reference: XF:netscape-messaging-email-verify Reference: URL:http://xforce.iss.net/static/5364.php The POP3 server in Netscape Messaging Server 4.15p1 generates different error messages for incorrect user names versus incorrect passwords, which allows remote attackers to determine valid users on the system and harvest email addresses for spam abuse. ====================================================== Name: CVE-2000-0961 Status: Entry Reference: BUGTRAQ:20000928 commercial products and security [ + new bug ] Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0334.html Reference: BID:1721 Reference: URL:http://www.securityfocus.com/bid/1721 Reference: XF:netscape-messaging-list-dos Reference: URL:http://xforce.iss.net/static/5292.php Buffer overflow in IMAP server in Netscape Messaging Server 4.15 Patch 2 allows local users to execute arbitrary commands via a long LIST command. ====================================================== Name: CVE-2000-0962 Status: Entry Reference: BUGTRAQ:20000925 Nmap Protocol Scanning DoS against OpenBSD IPSEC Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0299.html Reference: OPENBSD:20000918 Bad ESP/AH packets could cause a crash under certain conditions. Reference: BID:1723 Reference: URL:http://www.securityfocus.com/bid/1723 Reference: XF:openbsd-nmap-dos Reference: URL:http://xforce.iss.net/static/5634.php Reference: OSVDB:1574 Reference: URL:http://www.osvdb.org/1574 The IPSEC implementation in OpenBSD 2.7 does not properly handle empty AH/ESP packets, which allows remote attackers to cause a denial of service. ====================================================== Name: CVE-2000-0964 Status: Entry Reference: BUGTRAQ:20000928 Another thingy. Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0336.html Reference: BID:1727 Reference: URL:http://www.securityfocus.com/bid/1727 Reference: XF:hinet-ipphone-get-bo Reference: URL:http://xforce.iss.net/static/5298.php Buffer overflow in the web administration service for the HiNet LP5100 IP-phone allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request. ====================================================== Name: CVE-2000-0965 Status: Entry Reference: XF:hp-virtualvault-nsapi-dos Reference: URL:http://xforce.iss.net/static/5361.php Reference: HP:HPSBUX0010-124 Reference: URL:http://archives.neohapsis.com/archives/hp/2000-q4/0012.html The NSAPI plugins for TGA and the Java Servlet proxy in HP-UX VVOS 10.24 and 11.04 allows an attacker to cause a denial of service (high CPU utilization). ====================================================== Name: CVE-2000-0966 Status: Entry Reference: HP:HPSBUX0010-125 Reference: URL:http://archives.neohapsis.com/archives/hp/2000-q4/0020.html Reference: XF:hp-lpspooler-bo Reference: URL:http://xforce.iss.net/static/5379.php Reference: OSVDB:7244 Reference: URL:http://www.osvdb.org/7244 Buffer overflows in lpspooler in the fileset PrinterMgmt.LP-SPOOL of HP-UX 11.0 and earlier allows local users to gain privileges. ====================================================== Name: CVE-2000-0967 Status: Entry Reference: ATSTAKE:A101200-1 Reference: URL:http://www.atstake.com/research/advisories/2000/a101200-1.txt Reference: MANDRAKE:MDKSA-2000:062 Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-062.php3?dis=7.1 Reference: DEBIAN:20001014a Reference: DEBIAN:20001014b Reference: CALDERA:CSSA-2000-037.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-037.0.txt Reference: FREEBSD:FreeBSD-SA-00:75 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:75.php.asc Reference: REDHAT:RHSA-2000:088 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-088.html Reference: REDHAT:RHSA-2000:095 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-095.html Reference: BUGTRAQ:20001012 Conectiva Linux Security Announcement - mod_php3 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0204.html Reference: BID:1786 Reference: URL:http://www.securityfocus.com/bid/1786 Reference: XF:php-logging-format-string Reference: URL:http://xforce.iss.net/static/5359.php PHP 3 and 4 do not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands by triggering error messages that are improperly written to the error logs. ====================================================== Name: CVE-2000-0968 Status: Entry Reference: BUGTRAQ:20001016 Half-Life Dedicated Server Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0254.html Reference: BUGTRAQ:20001024 Tamandua Sekure Labs Security Advisory 2000-01 Reference: URL:http://www.securityfocus.com/archive/1/141060 Reference: BUGTRAQ:20001027 Re: Half Life dedicated server Patch Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0409.html Reference: BID:1799 Reference: URL:http://www.securityfocus.com/bid/1799 Reference: XF:halflife-server-changelevel-bo Reference: URL:http://xforce.iss.net/static/5375.php Buffer overflow in Half Life dedicated server before build 3104 allows remote attackers to execute arbitrary commands via a long rcon command. ====================================================== Name: CVE-2000-0969 Status: Entry Reference: BUGTRAQ:20001016 Half-Life Dedicated Server Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0254.html Reference: BUGTRAQ:20001024 Tamandua Sekure Labs Security Advisory 2000-01 Reference: URL:http://www.securityfocus.com/archive/1/141060 Reference: BUGTRAQ:20001027 Re: Half Life dedicated server Patch Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0409.html Reference: XF:halflife-rcon-format-string Reference: URL:http://xforce.iss.net/static/5413.php Reference: OSVDB:6983 Reference: URL:http://www.osvdb.org/6983 Format string vulnerability in Half Life dedicated server build 3104 and earlier allows remote attackers to execute arbitrary commands by injecting format strings into the changelevel command, via the system console or rcon. ====================================================== Name: CVE-2000-0970 Status: Entry Reference: MISC:http://www.acrossecurity.com/aspr/ASPR-2000-07-22-1-PUB.txt Reference: MS:MS00-080 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-080.asp Reference: XF:session-cookie-remote-retrieval Reference: URL:http://xforce.iss.net/static/5396.php Reference: OSVDB:7265 Reference: URL:http://www.osvdb.org/7265 IIS 4.0 and 5.0 .ASP pages send the same Session ID cookie for secure and insecure web sessions, which could allow remote attackers to hijack the secure web session of the user if that user moves to an insecure session, aka the "Session ID Cookie Marking" vulnerability. ====================================================== Name: CVE-2000-0972 Status: Entry Reference: BUGTRAQ:20001020 [ Hackerslab bug_paper ] HP-UX crontab temporary file symbolic link vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0317.html Reference: XF:hp-crontab-read-files Reference: URL:http://xforce.iss.net/static/5410.php HP-UX 11.00 crontab allows local users to read arbitrary files via the -e option by creating a symlink to the target file during the crontab session, quitting the session, and reading the error messages that crontab generates. ====================================================== Name: CVE-2000-0973 Status: Entry Reference: DEBIAN:20001013a Reference: REDHAT:RHBA-2000:092-01 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0331.html Reference: FREEBSD:FreeBSD-SA-00:72 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:72.curl.asc Reference: BID:1804 Reference: URL:http://www.securityfocus.com/bid/1804 Reference: XF:curl-error-bo Reference: URL:http://xforce.iss.net/static/5374.php Buffer overflow in curl earlier than 6.0-1.1, and curl-ssl earlier than 6.0-1.2, allows remote attackers to execute arbitrary commands by forcing a long error message to be generated. ====================================================== Name: CVE-2000-0974 Status: Entry Reference: BUGTRAQ:20001011 GPG 1.0.3 doesn't detect modifications to files with multiple signatures Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0201.html Reference: DEBIAN:20001111 gnupg: incorrect signature verification Reference: URL:http://www.debian.org/security/2000/20001111 Reference: FREEBSD:FreeBSD-SA-00:67 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:67.gnupg.asc Reference: REDHAT:RHSA-2000:089 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-089.html Reference: CALDERA:CSSA-2000-038.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2000-038.0.txt Reference: MANDRAKE:MDKSA-2000:063-1 Reference: CONECTIVA:CLSA-2000:334 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000334 Reference: BUGTRAQ:20001025 Immunix OS Security Update for gnupg package Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0361.html Reference: XF:gnupg-message-modify Reference: URL:http://xforce.iss.net/static/5386.php Reference: BID:1797 Reference: URL:http://www.securityfocus.com/bid/1797 Reference: OSVDB:1608 Reference: URL:http://www.osvdb.org/1608 GnuPG (gpg) 1.0.3 does not properly check all signatures of a file containing multiple documents, which allows an attacker to modify contents of all documents but the first without detection. ====================================================== Name: CVE-2000-0975 Status: Entry Reference: BUGTRAQ:20001012 Anaconda Advisory Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0210.html Reference: XF:anaconda-apexec-directory-traversal Reference: URL:http://xforce.iss.net/static/5750.php Reference: OSVDB:435 Reference: URL:http://www.osvdb.org/435 Directory traversal vulnerability in apexec.pl in Anaconda Foundation Directory allows remote attackers to read arbitrary files via a .. (dot dot) attack. ====================================================== Name: CVE-2000-0976 Status: Entry Reference: BUGTRAQ:20001012 another Xlib buffer overflow Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0211.html Reference: SGI:20020502-01-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020502-01-I Reference: BID:1805 Reference: URL:http://www.securityfocus.com/bid/1805 Reference: XF:xfree-xlib-bo(5751) Reference: URL:http://www.iss.net/security_center/static/5751.php Buffer overflow in xlib in XFree 3.3.x possibly allows local users to execute arbitrary commands via a long DISPLAY environment variable or a -display command line parameter. ====================================================== Name: CVE-2000-0977 Status: Entry Reference: BUGTRAQ:20001011 Mail File POST Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0172.html Reference: BID:1807 Reference: URL:http://www.securityfocus.com/bid/1807 Reference: XF:mailfile-post-file-read Reference: URL:http://xforce.iss.net/static/5358.php mailfile.cgi CGI program in MailFile 1.10 allows remote attackers to read arbitrary files by specifying the target file name in the "filename" parameter in a POST request, which is then sent by email to the address specified in the "email" parameter. ====================================================== Name: CVE-2000-0978 Status: Entry Reference: BUGTRAQ:20001010 Big Brother Systems and Network Monitor vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0162.html Reference: BID:1779 Reference: URL:http://www.securityfocus.com/bid/1779 Reference: XF:bb4-netmon-execute-commands Reference: URL:http://xforce.iss.net/static/5719.php bbd server in Big Brother System and Network Monitor before 1.5c2 allows remote attackers to execute arbitrary commands via the "&" shell metacharacter. ====================================================== Name: CVE-2000-0979 Status: Entry Reference: BUGTRAQ:20001012 NSFOCUS SA2000-05: Microsoft Windows 9x NETBIOS password Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97147777618139&w=2 Reference: MS:MS00-072 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-072.asp Reference: BID:1780 Reference: URL:http://www.securityfocus.com/bid/1780 Reference: XF:win9x-share-level-password Reference: URL:http://xforce.iss.net/static/5395.php Reference: OVAL:oval:org.mitre.oval:def:996 Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:996 File and Print Sharing service in Windows 95, Windows 98, and Windows Me does not properly check the password for a file share, which allows remote attackers to bypass share access controls by sending a 1-byte password that matches the first character of the real password, aka the "Share Level Password" vulnerability. ====================================================== Name: CVE-2000-0980 Status: Entry Reference: MS:MS00-073 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-073.asp Reference: BID:1781 Reference: URL:http://www.securityfocus.com/bid/1781 Reference: XF:win-nmpi-packet-dos Reference: URL:http://xforce.iss.net/static/5357.php NMPI (Name Management Protocol on IPX) listener in Microsoft NWLink does not properly filter packets from a broadcast address, which allows remote attackers to cause a broadcast storm and flood the network. ====================================================== Name: CVE-2000-0981 Status: Entry Reference: BUGTRAQ:20001023 [CORE SDI ADVISORY] MySQL weak authentication Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0318.html Reference: CONFIRM:http://www.mysql.com/documentation/mysql/commented/manual.php?section=Security Reference: XF:mysql-authentication Reference: URL:http://xforce.iss.net/static/5409.php MySQL Database Engine uses a weak authentication method which leaks information that could be used by a remote attacker to recover the password. ====================================================== Name: CVE-2000-0982 Status: Entry Reference: MISC:http://www.acrossecurity.com/aspr/ASPR-2000-07-22-2-PUB.txt Reference: MS:MS00-076 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-076.asp Reference: BID:1793 Reference: URL:http://www.securityfocus.com/bid/1793 Reference: XF:ie-cache-info Reference: URL:http://xforce.iss.net/static/5367.php Internet Explorer before 5.5 forwards cached user credentials for a secure web site to insecure pages on the same web site, which could allow remote attackers to obtain the credentials by monitoring connections to the web server, aka the "Cached Web Credentials" vulnerability. ====================================================== Name: CVE-2000-0983 Status: Entry Reference: BUGTRAQ:20001018 Denial of Service attack against computers running Microsoft NetMeeting Reference: URL:http://www.securityfocus.com/archive/1/140341 Reference: MS:MS00-077 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-077.asp Reference: MSKB:Q273854 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q273854 Reference: BID:1798 Reference: URL:http://www.securityfocus.com/bid/1798 Reference: XF:netmeeting-desktop-sharing-dos Reference: URL:http://xforce.iss.net/static/5368.php Microsoft NetMeeting with Remote Desktop Sharing enabled allows remote attackers to cause a denial of service (CPU utilization) via a sequence of null bytes to the NetMeeting port, aka the "NetMeeting Desktop Sharing" vulnerability. ====================================================== Name: CVE-2000-0984 Status: Entry Reference: BUGTRAQ:20001026 [CORE SDI ADVISORY] Cisco IOS HTTP server DoS Reference: CISCO:20001025 Cisco IOS HTTP Server Query Vulnerability Reference: URL:http://www.cisco.com/warp/public/707/ioshttpserverquery-pub.shtml Reference: BID:1838 Reference: URL:http://www.securityfocus.com/bid/1838 Reference: XF:cisco-ios-query-dos(5412) Reference: URL:http://xforce.iss.net/xforce/xfdb/5412 The HTTP server in Cisco IOS 12.0 through 12.1 allows local users to cause a denial of service (crash and reload) via a URL containing a "?/" string. ====================================================== Name: CVE-2000-0989 Status: Entry Reference: BUGTRAQ:20001020 DoS in Intel corporation 'InBusiness eMail Station' Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0293.html Reference: XF:intel-email-username-bo Reference: URL:http://xforce.iss.net/static/5414.php Reference: OSVDB:6488 Reference: URL:http://www.osvdb.org/6488 Buffer overflow in Intel InBusiness eMail Station 1.04.87 POP service allows remote attackers to cause a denial of service and possibly execute commands via a long username. ====================================================== Name: CVE-2000-0990 Status: Entry Reference: BUGTRAQ:20001016 Authentication failure in cmd5checkpw 0.21 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0258.html Reference: CONFIRM:http://members.elysium.pl/brush/cmd5checkpw/changes.html Reference: BID:1809 Reference: URL:http://www.securityfocus.com/bid/1809 Reference: XF:cmd5checkpw-qmail-bypass-authentication Reference: URL:http://xforce.iss.net/static/5382.php cmd5checkpw 0.21 and earlier allows remote attackers to cause a denial of service via an "SMTP AUTH" command with an unknown username. ====================================================== Name: CVE-2000-0991 Status: Entry Reference: MS:MS00-079 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-079.asp Reference: BID:1815 Reference: URL:http://www.securityfocus.com/bid/1815 Reference: XF:win-hyperterminal-telnet-bo Reference: URL:http://xforce.iss.net/static/5387.php Buffer overflow in Hilgraeve, Inc. HyperTerminal client on Windows 98, ME, and 2000 allows remote attackers to execute arbitrary commands via a long telnet URL, aka the "HyperTerminal Buffer Overflow" vulnerability. ====================================================== Name: CVE-2000-0992 Status: Entry Reference: BUGTRAQ:20000930 scp file transfer hole Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0359.html Reference: BUGTRAQ:20001001 openssh2.2.p1 - Re: scp file transfer hole Reference: MANDRAKE:MDKSA-2000:057 Reference: URL:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2000:057 Reference: BID:1742 Reference: URL:http://www.securityfocus.com/bid/1742 Reference: XF:scp-overwrite-files Reference: URL:http://xforce.iss.net/static/5312.php Directory traversal vulnerability in scp in sshd 1.2.xx allows a remote malicious scp server to overwrite arbitrary files via a .. (dot dot) attack. ====================================================== Name: CVE-2000-0993 Status: Entry Reference: OPENBSD:20001003 A format string vulnerability exists in the pw_error(3) function. Reference: URL:http://www.openbsd.org/errata27.html#pw_error Reference: NETBSD:NetBSD-SA2000-015 Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-015.txt.asc Reference: FREEBSD:FreeBSD-SA-00:58 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:58.chpass.asc Reference: BUGTRAQ:20001004 Re: OpenBSD Security Advisory Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97068555106135&w=2 Reference: BID:1744 Reference: URL:http://www.securityfocus.com/bid/1744 Reference: XF:bsd-libutil-format Reference: URL:http://xforce.iss.net/static/5339.php Format string vulnerability in pw_error function in BSD libutil library allows local users to gain root privileges via a malformed password in commands such as chpass or passwd. ====================================================== Name: CVE-2000-0994 Status: Entry Reference: BUGTRAQ:20001004 Re: OpenBSD Security Advisory Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97068555106135&w=2 Reference: OPENBSD:20001006 There are printf-style format string bugs in several privileged programs. Reference: MISC:ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/028_format_strings.patch Reference: BID:1746 Reference: URL:http://www.securityfocus.com/bid/1746 Reference: XF:bsd-fstat-format Reference: URL:http://xforce.iss.net/static/5338.php Format string vulnerability in OpenBSD fstat program (and possibly other BSD-based operating systems) allows local users to gain root privileges via the PWD environmental variable. ====================================================== Name: CVE-2000-0995 Status: Entry Reference: OPENBSD:20001006 There are printf-style format string bugs in several privileged programs. Reference: MISC:ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/028_format_strings.patch Reference: XF:bsd-yp-passwd-format Reference: URL:http://xforce.iss.net/static/5635.php Reference: OSVDB:6125 Reference: URL:http://www.osvdb.org/6125 Format string vulnerability in OpenBSD yp_passwd program (and possibly other BSD-based operating systems) allows attackers to gain root privileges a malformed name. ====================================================== Name: CVE-2000-0996 Status: Entry Reference: OPENBSD:20001006 There are printf-style format string bugs in several privileged programs. Reference: MISC:ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/028_format_strings.patch Reference: XF:bsd-su-format Reference: URL:http://xforce.iss.net/static/5636.php Reference: OSVDB:6124 Reference: URL:http://www.osvdb.org/6124 Format string vulnerability in OpenBSD su program (and possibly other BSD-based operating systems) allows local attackers to gain root privileges via a malformed shell. ====================================================== Name: CVE-2000-1000 Status: Entry Reference: BUGTRAQ:20001003 AOL Instant Messenger DoS Reference: URL:http://www.securityfocus.com/archive/1/137374 Reference: BID:1747 Reference: URL:http://www.securityfocus.com/bid/1747 Reference: XF:aim-file-transfer-dos Reference: URL:http://xforce.iss.net/static/5314.php Format string vulnerability in AOL Instant Messenger (AIM) 4.1.2010 allows remote attackers to cause a denial of service and possibly execute arbitrary commands by transferring a file whose name includes format characters. ====================================================== Name: CVE-2000-1001 Status: Entry Reference: BUGTRAQ:20001024 Price modification in Element InstantShop Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97240616129614&w=2 Reference: XF:instantshop-modify-price Reference: URL:http://xforce.iss.net/static/5402.php Reference: OSVDB:6487 Reference: URL:http://www.osvdb.org/6487 add_2_basket.asp in Element InstantShop allows remote attackers to modify price information via the "price" hidden form variable. ====================================================== Name: CVE-2000-1002 Status: Entry Reference: BUGTRAQ:20001012 Re: Netscape Messaging server 4.15 poor error strings Reference: URL:http://www.securityfocus.com/archive/1/139523 Reference: XF:communigate-email-verify Reference: URL:http://xforce.iss.net/static/5363.php Reference: BID:1792 Reference: URL:http://www.securityfocus.com/bid/1792 POP3 daemon in Stalker CommuniGate Pro 3.3.2 generates different error messages for invalid usernames versus invalid passwords, which allows remote attackers to determine valid email addresses on the server for SPAM attacks. ====================================================== Name: CVE-2000-1003 Status: Entry Reference: BUGTRAQ:20001012 NSFOCUS SA2000-04: Microsoft Win9x client driver type comparing vulnerability Reference: URL:http://www.securityfocus.com/archive/1/139511 Reference: BID:1794 Reference: URL:http://www.securityfocus.com/bid/1794 Reference: XF:win-netbios-driver-type-dos Reference: URL:http://xforce.iss.net/static/5370.php NETBIOS client in Windows 95 and Windows 98 allows a remote attacker to cause a denial of service by changing a file sharing service to return an unknown driver type, which causes the client to crash. ====================================================== Name: CVE-2000-1004 Status: Entry Reference: BUGTRAQ:20001004 Re: OpenBSD Security Advisory Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97068555106135&w=2 Reference: XF:bsd-photurisd-format Reference: URL:http://xforce.iss.net/static/5336.php Reference: OSVDB:6123 Reference: URL:http://www.osvdb.org/6123 Format string vulnerability in OpenBSD photurisd allows local users to execute arbitrary commands via a configuration file directory name that contains formatting characters. ====================================================== Name: CVE-2000-1005 Status: Entry Reference: BUGTRAQ:20001009 Security Advisory : eXtropia WebStore (web_store.cgi) Directory Traversal Vulnerability Reference: URL:http://www.securityfocus.com/archive/1/138495 Reference: BID:1774 Reference: URL:http://www.securityfocus.com/bid/1774 Reference: XF:extropia-webstore-fileread Reference: URL:http://xforce.iss.net/static/5347.php Directory traversal vulnerability in html_web_store.cgi and web_store.cgi CGI programs in eXtropia WebStore allows remote attackers to read arbitrary files via a .. (dot dot) attack on the page parameter. ====================================================== Name: CVE-2000-1006 Status: Entry Reference: MS:MS00-082 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-082.asp Reference: XF:ms-exchange-mime-dos Reference: URL:http://xforce.iss.net/static/5448.php Reference: BID:1869 Reference: URL:http://www.securityfocus.com/bid/1869 Microsoft Exchange Server 5.5 does not properly handle a MIME header with a blank charset specified, which allows remote attackers to cause a denial of service via a charset="" command, aka the "Malformed MIME Header" vulnerability. ====================================================== Name: CVE-2000-1007 Status: Entry Reference: NTBUGTRAQ:20001025 I-gear 3.5.x for Microsoft Proxy logging vulnerability + temporary fix. Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q4/0048.html Reference: XF:igear-invalid-log(5791) Reference: URL:http://xforce.iss.net/static/5791.php I-gear 3.5.7 and earlier does not properly process log entries in which a URL is longer than 255 characters, which allows an attacker to cause reporting errors. ====================================================== Name: CVE-2000-1010 Status: Entry Reference: BUGTRAQ:20001006 talkd [WAS: Re: OpenBSD Security Advisory] Reference: URL:http://www.securityfocus.com/archive/1/137890 Reference: BID:1764 Reference: URL:http://www.securityfocus.com/bid/1764 Reference: XF:linux-talkd-overwrite-root Reference: URL:http://xforce.iss.net/static/5344.php Format string vulnerability in talkd in OpenBSD and possibly other BSD-based OSes allows remote attackers to execute arbitrary commands via a user name that contains format characters. ====================================================== Name: CVE-2000-1011 Status: Entry Reference: FREEBSD:FreeBSD-SA-00:53 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:53.catopen.asc Reference: XF:freebsd-catopen-bo Reference: URL:http://xforce.iss.net/static/5638.php Reference: OSVDB:6070 Reference: URL:http://www.osvdb.org/6070 Buffer overflow in catopen() function in FreeBSD 5.0 and earlier, and possibly other OSes, allows local users to gain root privileges via a long environmental variable. ====================================================== Name: CVE-2000-1014 Status: Entry Reference: BUGTRAQ:20000927 Unixware SCOhelp http server format string vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0325.html Reference: BID:1717 Reference: URL:http://www.securityfocus.com/bid/1717 Reference: XF:unixware-scohelp-format Reference: URL:http://xforce.iss.net/static/5291.php Reference: OSVDB:3240 Reference: URL:http://www.osvdb.org/3240 Format string vulnerability in the search97.cgi CGI script in SCO help http server for Unixware 7 allows remote attackers to execute arbitrary commands via format characters in the queryText parameter. ====================================================== Name: CVE-2000-1016 Status: Entry Reference: BUGTRAQ:20000921 httpd.conf in Suse 6.4 Reference: URL:http://www.securityfocus.com/archive/1/84360 Reference: BID:1707 Reference: URL:http://www.securityfocus.com/bid/1707 Reference: XF:suse-installed-packages-exposed Reference: URL:http://xforce.iss.net/static/5276.php The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL. ====================================================== Name: CVE-2000-1018 Status: Entry Reference: BUGTRAQ:20001010 Shred 1.0 Bug Report Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97119799515246&w=2 Reference: BUGTRAQ:20001011 Shred v1.0 Fix Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97131166004145&w=2 Reference: BID:1788 Reference: URL:http://www.securityfocus.com/bid/1788 Reference: XF:shred-recover-files Reference: URL:http://xforce.iss.net/static/5722.php shred 1.0 file wiping utility does not properly open a file for overwriting or flush its buffers, which prevents shred from properly replacing the file's data and allows local users to recover the file. ====================================================== Name: CVE-2000-1019 Status: Entry Reference: BUGTRAQ:20001030 Ultraseek 3.1.x Remote DoS Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97301487015664&w=2 Reference: BID:1866 Reference: URL:http://www.securityfocus.com/bid/1866 Reference: XF:ultraseek-malformed-url-dos Reference: URL:http://xforce.iss.net/static/5439.php Search engine in Ultraseek 3.1 and 3.1.10 (aka Inktomi Search) allows remote attackers to cause a denial of service via a malformed URL. ====================================================== Name: CVE-2000-1022 Status: Entry Reference: BUGTRAQ:20000919 Cisco PIX Firewall (smtp content filtering hack) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0222.html Reference: BUGTRAQ:20000920 Re: Cisco PIX Firewall (smtp content filtering hack) - Version 4.2(1) not exploitable Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0241.html Reference: CISCO:20001005 Cisco Secure PIX Firewall Mailguard Vulnerability Reference: URL:http://www.cisco.com/warp/public/707/PIXfirewallSMTPfilter-pub.shtml Reference: BID:1698 Reference: URL:http://www.securityfocus.com/bid/1698 Reference: XF:cisco-pix-smtp-filtering Reference: URL:http://xforce.iss.net/static/5277.php The mailguard feature in Cisco Secure PIX Firewall 5.2(2) and earlier does not properly restrict access to SMTP commands, which allows remote attackers to execute restricted commands by sending a DATA command before sending the restricted commands. ====================================================== Name: CVE-2000-1024 Status: Entry Reference: BUGTRAQ:20001101 Unify eWave ServletExec upload Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97306581513537&w=2 Reference: BID:1876 Reference: URL:http://www.securityfocus.com/bid/1876 Reference: XF:ewave-servletexec-file-upload Reference: URL:http://xforce.iss.net/static/5450.php eWave ServletExec 3.0C and earlier does not restrict access to the UploadServlet Java/JSP servlet, which allows remote attackers to upload files and execute arbitrary commands. ====================================================== Name: CVE-2000-1026 Status: Entry Reference: FREEBSD:FreeBSD-SA-00:61 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:61.tcpdump.v1.1.asc Reference: SUSE:SuSE-SA:2000:46 Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2000-q4/0681.html Reference: DEBIAN:20001120a Reference: BID:1870 Reference: URL:http://www.securityfocus.com/bid/1870 Reference: XF:tcpdump-afs-packet-overflow(5480) Reference: URL:http://xforce.iss.net/xforce/xfdb/5480 Multiple buffer overflows in LBNL tcpdump allow remote attackers to execute arbitrary commands. ====================================================== Name: CVE-2000-1027 Status: Entry Reference: BUGTRAQ:20001003 Cisco PIX Firewall allow external users to discover internal IPs Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97059440000367&w=2 Reference: BID:1877 Reference: URL:http://www.securityfocus.com/bid/1877 Reference: XF:cisco-pix-reveal-address Reference: URL:http://xforce.iss.net/static/5646.php Reference: OSVDB:1623 Reference: URL:http://www.osvdb.org/1623 Cisco Secure PIX Firewall 5.2(2) allows remote attackers to determine the real IP address of a target FTP server by flooding the server with PASV requests, which includes the real IP address in the response when passive mode is established. ====================================================== Name: CVE-2000-1031 Status: Entry Reference: BUGTRAQ:20000810 Re: Possible vulnerability in HPUX ( Add vulnerability List ) Reference: URL:http://www.securityfocus.com/archive/1/75188 Reference: BUGTRAQ:20020902 Happy Labor Day from Snosoft Reference: URL:http://www.securityfocus.com/archive/1/290115 Reference: FULLDISC:20020919 iDEFENSE OSF1/Tru64 3.x vuln clarification Reference: URL:http://archives.neohapsis.com/archives/fulldisclosure/2002-q3/1203.html Reference: BUGTRAQ:20020919 iDEFENSE OSF1/Tru64 3.x vuln clarification Reference: URL:http://archives.neohapsis.com/archives/fulldisclosure/2002-q3/1203.html Reference: HP:HPSBUX0011-128 Reference: URL:http://archives.neohapsis.com/archives/hp/2000-q4/0034.html Reference: HP:SSRT2275 Reference: URL:http://wwss1pro.compaq.com/support/reference_library/viewdocument.asp?source=SRB0039W.xml&dt=11 Reference: HP:SSRT2280 Reference: CERT-VN:VU#320067 Reference: URL:http://www.kb.cert.org/vuls/id/320067 Reference: BID:1889 Reference: URL:http://www.securityfocus.com/bid/1889 Reference: XF:hp-dtterm(5461) Reference: URL:http://xforce.iss.net/xforce/xfdb/5461 Buffer overflow in dtterm in HP-UX 11.0 and HP Tru64 UNIX 4.0f through 5.1a allows local users to execute arbitrary code via a long -tn option. ====================================================== Name: CVE-2000-1032 Status: Entry Reference: BUGTRAQ:20001101 Re: Samba 2.0.7 SWAT vulnerabilities Reference: URL:http://www.securityfocus.com/archive/1/142808 Reference: BID:1890 Reference: URL:http://www.securityfocus.com/bid/1890 Reference: XF:fw1-login-response(5816) Reference: URL:http://xforce.iss.net/xforce/xfdb/5816 Reference: OSVDB:1632 Reference: URL:http://www.osvdb.org/1632 The client authentication interface for Check Point Firewall-1 4.0 and earlier generates different error messages for invalid usernames versus invalid passwords, which allows remote attackers to identify valid usernames on the firewall. ====================================================== Name: CVE-2000-1034 Status: Entry Reference: BUGTRAQ:20001106 System Monitor ActiveX Buffer Overflow Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97349782305448&w=2 Reference: MS:MS00-085 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-085.asp Reference: BID:1899 Reference: URL:http://www.securityfocus.com/bid/1899 Reference: XF:system-monitor-activex-bo(5467) Reference: URL:http://xforce.iss.net/xforce/xfdb/5467 Buffer overflow in the System Monitor ActiveX control in Windows 2000 allows remote attackers to execute arbitrary commands via a long LogFileName parameter in HTML source code, aka the "ActiveX Parameter Validation" vulnerability. ====================================================== Name: CVE-2000-1036 Status: Entry Reference: BUGTRAQ:20000920 Extent RBS directory Transversal. Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0252.html Reference: BID:1704 Reference: URL:http://www.securityfocus.com/bid/1704 Reference: XF:rbs-isp-directory-traversal Reference: URL:http://xforce.iss.net/static/5275.php Directory traversal vulnerability in Extent RBS ISP web server allows remote attackers to read sensitive information via a .. (dot dot) attack on the Image parameter. ====================================================== Name: CVE-2000-1038 Status: Entry Reference: AIXAPAR:SA90544 Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=SA90544&apar=only Reference: CONFIRM:http://as400service.rochester.ibm.com/n_dir/nas4apar.NSF/5ec6cdc6ab42894a862568f90073c74a/9ce636030a58807186256955003d128d?OpenDocument Reference: XF:as400-firewall-dos Reference: URL:http://xforce.iss.net/static/5266.php The web administration interface for IBM AS/400 Firewall allows remote attackers to cause a denial of service via an empty GET request. ====================================================== Name: CVE-2000-1040 Status: Entry Reference: DEBIAN:20001014 nis: local exploit Reference: URL:http://www.debian.org/security/2000/20001014 Reference: MANDRAKE:MDKSA-2000:064 Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-064.php3?dis=7.1 Reference: SUSE:SuSE-SA:2000:042 Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2000-q4/0262.html Reference: REDHAT:RHSA-2000:086 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-086.html Reference: CALDERA:CSSA-2000-039.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-039.0.txt Reference: BUGTRAQ:20001025 Immunix OS Security Update for ypbind package Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0356.html Reference: BUGTRAQ:20001030 Trustix Security Advisory - ping gnupg ypbind Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0429.html Reference: XF:ypbind-printf-format-string Reference: URL:http://xforce.iss.net/static/5394.php Reference: BID:1820 Reference: URL:http://www.securityfocus.com/bid/1820 Format string vulnerability in logging function of ypbind 3.3, while running in debug mode, leaks file descriptors and allows an attacker to cause a denial of service. ====================================================== Name: CVE-2000-1041 Status: Entry Reference: MANDRAKE:MDKSA-2000:064 Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-064.php3?dis=7.1 Reference: SUSE:SuSE-SA:2000:042 Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2000-q4/0262.html Reference: CALDERA:CSSA-2000-039.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-039.0.txt Reference: XF:ypbind-remote-bo Reference: URL:http://xforce.iss.net/static/5759.php Buffer overflow in ypbind 3.3 possibly allows an attacker to gain root privileges. ====================================================== Name: CVE-2000-1042 Status: Entry Reference: MANDRAKE:MDKSA-2000:064 Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-064.php3?dis=7.1 Reference: XF:linux-ypserv-bo Reference: URL:http://xforce.iss.net/static/5730.php Buffer overflow in ypserv in Mandrake Linux 7.1 and earlier, and possibly other Linux operating systems, allows an attacker to gain root privileges when ypserv is built without a vsyslog() function. ====================================================== Name: CVE-2000-1043 Status: Entry Reference: MANDRAKE:MDKSA-2000:064 Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-064.php3?dis=7.1 Reference: XF:linux-ypserv-format-string Reference: URL:http://xforce.iss.net/static/5731.php Format string vulnerability in ypserv in Mandrake Linux 7.1 and earlier, and possibly other Linux operating systems, allows an attacker to gain root privileges when ypserv is built without a vsyslog() function. ====================================================== Name: CVE-2000-1044 Status: Entry Reference: SUSE:SuSE-SA:2000:042 Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2000-q4/0262.html Reference: BID:1820 Reference: URL:http://www.securityfocus.com/bid/1820 Reference: XF:ypbind-printf-format-string Reference: URL:http://xforce.iss.net/static/5394.php Format string vulnerability in ypbind-mt in SuSE SuSE-6.2, and possibly other Linux operating systems, allows an attacker to gain root privileges. ====================================================== Name: CVE-2000-1045 Status: Entry Reference: REDHAT:RHSA-2000:024 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-024.html Reference: MANDRAKE:MDKSA-2000-066 Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-066-1.php3 Reference: BID:1863 Reference: URL:http://www.securityfocus.com/bid/1863 Reference: XF:nssldap-nscd-dos Reference: URL:http://xforce.iss.net/static/5449.php nss_ldap earlier than 121, when run with nscd (name service caching daemon), allows remote attackers to cause a denial of service via a flood of LDAP requests. ====================================================== Name: CVE-2000-1047 Status: Entry Reference: BUGTRAQ:20001103 [SAFER] Buffer overflow in Lotus Domino SMTP Server Reference: URL:http://www.securityfocus.com/archive/1/143071 Reference: XF:lotus-domino-smtp-envid(5488) Reference: URL:http://xforce.iss.net/static/5488.php Reference: BID:1905 Reference: URL:http://www.securityfocus.com/bid/1905 Reference: OSVDB:442 Reference: URL:http://www.osvdb.org/442 Buffer overflow in SMTP service of Lotus Domino 5.0.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long ENVID keyword in the "MAIL FROM" command. ====================================================== Name: CVE-2000-1049 Status: Entry Reference: BUGTRAQ:20001101 Allaire's JRUN DoS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97310314724964&w=2 Reference: ALLAIRE:ASB00-030 Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=18085&Method=Full Reference: XF:allaire-jrun-servlet-dos Reference: URL:http://xforce.iss.net/static/5452.php Allaire JRun 3.0 http servlet server allows remote attackers to cause a denial of service via a URL that contains a long string of "." characters. ====================================================== Name: CVE-2000-1050 Status: Entry Reference: BUGTRAQ:20001023 Allaire's JRUN Unauthenticated Access to WEB-INF directory Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97236316510117&w=2 Reference: ALLAIRE:ASB00-027 Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=17966&Method=Full Reference: XF:allaire-jrun-webinf-access Reference: URL:http://xforce.iss.net/static/5407.php Reference: OSVDB:500 Reference: URL:http://www.osvdb.org/500 Allaire JRun 3.0 http servlet server allows remote attackers to directly access the WEB-INF directory via a URL request that contains an extra "/" in the beginning of the request (aka the "extra leading slash"). ====================================================== Name: CVE-2000-1051 Status: Entry Reference: BUGTRAQ:20001023 Allaire JRUN 2.3 Arbitrary File Retrieval Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97236692714978&w=2 Reference: ALLAIRE:ASB00-028 Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=17968&Method=Full Reference: XF:allaire-jrun-ssifilter-url Reference: URL:http://xforce.iss.net/static/5405.php Directory traversal vulnerability in Allaire JRun 2.3 server allows remote attackers to read arbitrary files via the SSIFilter servlet. ====================================================== Name: CVE-2000-1054 Status: Entry Reference: CISCO:20000921 Multiple Vulnerabilities in CiscoSecure ACS for Windows NT Server Reference: URL:http://www.cisco.com/warp/public/707/csecureacsnt-pub.shtml Reference: BID:1705 Reference: URL:http://www.securityfocus.com/bid/1705 Reference: XF:ciscosecure-csadmin-bo Reference: URL:http://xforce.iss.net/static/5272.php Buffer overflow in CSAdmin module in CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large packet. ====================================================== Name: CVE-2000-1055 Status: Entry Reference: CISCO:20000921 Multiple Vulnerabilities in CiscoSecure ACS for Windows NT Server Reference: URL:http://www.cisco.com/warp/public/707/csecureacsnt-pub.shtml Reference: BID:1706 Reference: URL:http://www.securityfocus.com/bid/1706 Reference: XF:ciscosecure-tacacs-dos Reference: URL:http://xforce.iss.net/static/5273.php Reference: OSVDB:1569 Reference: URL:http://www.osvdb.org/1569 Buffer overflow in CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large TACACS+ packet. ====================================================== Name: CVE-2000-1056 Status: Entry Reference: CISCO:20000921 Multiple Vulnerabilities in CiscoSecure ACS for Windows NT Server Reference: URL:http://www.cisco.com/warp/public/707/csecureacsnt-pub.shtml Reference: BID:1708 Reference: URL:http://www.securityfocus.com/bid/1708 Reference: XF:ciscosecure-ldap-bypass-authentication Reference: URL:http://xforce.iss.net/static/5274.php CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to bypass LDAP authentication on the server if the LDAP server allows null passwords. ====================================================== Name: CVE-2000-1057 Status: Entry Reference: HP:HPSBUX0009-120 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0140.html Reference: BID:1682 Reference: URL:http://www.securityfocus.com/bid/1682 Reference: XF:hp-openview-nnm-scripts Reference: URL:http://xforce.iss.net/static/5229.php Vulnerabilities in database configuration scripts in HP OpenView Network Node Manager (NNM) 6.1 and earlier allows local users to gain privileges, possibly via insecure permissions. ====================================================== Name: CVE-2000-1058 Status: Entry Reference: BUGTRAQ:20000926 DST2K0014: BufferOverrun in HP Openview Network Node Manager v6.1 (Round2) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97004856403173&w=2 Reference: HP:HPSBUX0009-121 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0274.html Reference: XF:openview-nmm-snmp-bo Reference: URL:http://xforce.iss.net/static/5282.php Buffer overflow in OverView5 CGI program in HP OpenView Network Node Manager (NNM) 6.1 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, in the SNMP service (snmp.exe), aka the "Java SNMP MIB Browser Object ID parsing problem." ====================================================== Name: CVE-2000-1059 Status: Entry Reference: BUGTRAQ:20000929 Mandrake 7.1 bypasses Xauthority X session security. Reference: URL:http://www.securityfocus.com/archive/1/136495 Reference: MANDRAKE:MDKSA-2000:052 Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-052.php3 Reference: BID:1735 Reference: URL:http://www.securityfocus.com/bid/1735 Reference: XF:xinitrc-bypass-xauthority Reference: URL:http://xforce.iss.net/static/5305.php The default configuration of the Xsession file in Mandrake Linux 7.1 and 7.0 bypasses the Xauthority access control mechanism with an "xhost + localhost" command, which allows local users to sniff X Windows events and gain privileges. ====================================================== Name: CVE-2000-1060 Status: Entry Reference: BUGTRAQ:20001002 Local vulnerability in XFCE 3.5.1 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0022.html Reference: FREEBSD:FreeBSD-SA-00:65 Reference: BID:1736 Reference: URL:http://www.securityfocus.com/bid/1736 Reference: XF:xinitrc-bypass-xauthority Reference: URL:http://xforce.iss.net/static/5305.php The default configuration of XFCE 3.5.1 bypasses the Xauthority access control mechanism with an "xhost + localhost" command in the xinitrc program, which allows local users to sniff X Windows traffic and gain privileges. ====================================================== Name: CVE-2000-1061 Status: Entry Reference: MS:MS00-075 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-075.asp Reference: XF:java-vm-applet Reference: URL:http://xforce.iss.net/static/5127.php Microsoft Virtual Machine (VM) in Internet Explorer 4.x and 5.x allows an unsigned applet to create and use ActiveX controls, which allows a remote attacker to bypass Internet Explorer's security settings and execute arbitrary commands via a malicious web page or email, aka the "Microsoft VM ActiveX Component" vulnerability. ====================================================== Name: CVE-2000-1068 Status: Entry Reference: BUGTRAQ:20001023 Re: Poll It v2.0 cgi (again) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97236719315352&w=2 Reference: CONFIRM:http://www.cgi-world.com/pollit.html Reference: XF:pollit-polloptions-execute-commands Reference: URL:http://xforce.iss.net/static/5792.php pollit.cgi in Poll It 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the poll_options parameter. ====================================================== Name: CVE-2000-1069 Status: Entry Reference: BUGTRAQ:20001023 Re: Poll It v2.0 cgi (again) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97236719315352&w=2 Reference: XF:pollit-admin-password-var Reference: URL:http://xforce.iss.net/static/5419.php pollit.cgi in Poll It 2.01 and earlier allows remote attackers to access administrative functions without knowing the real password by specifying the same value to the entered_password and admin_password parameters. ====================================================== Name: CVE-2000-1070 Status: Entry Reference: BUGTRAQ:20001023 Re: Poll It v2.0 cgi (again) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97236719315352&w=2 Reference: XF:pollit-webroot-gain-access Reference: URL:http://xforce.iss.net/static/5794.php pollit.cgi in Poll It 2.01 and earlier uses data files that are located under the web document root, which allows remote attackers to access sensitive or private information. ====================================================== Name: CVE-2000-1071 Status: Entry Reference: ATSTAKE:A100900-1 Reference: URL:http://www.atstake.com/research/advisories/2000/a100900-1.txt Reference: BID:1767 Reference: URL:http://www.securityfocus.com/bid/1767 Reference: XF:ical-xhost-gain-privileges Reference: URL:http://xforce.iss.net/static/5752.php Reference: OSVDB:7213 Reference: URL:http://www.osvdb.org/7213 The GUI installation for iCal 2.1 Patch 2 disables access control for the X server using an "xhost +" command, which allows remote attackers to monitor X Windows events and gain privileges. ====================================================== Name: CVE-2000-1072 Status: Entry Reference: ATSTAKE:A100900-1 Reference: URL:http://www.atstake.com/research/advisories/2000/a100900-1.txt Reference: BID:1768 Reference: URL:http://www.securityfocus.com/bid/1768 Reference: XF:ical-iplncal-gain-access Reference: URL:http://xforce.iss.net/static/5756.php Reference: OSVDB:7212 Reference: URL:http://www.osvdb.org/7212 iCal 2.1 Patch 2 installs many files with world-writeable permissions, which allows local users to modify the iCal configuration and execute arbitrary commands by replacing the iplncal.sh program with a Trojan horse. ====================================================== Name: CVE-2000-1073 Status: Entry Reference: ATSTAKE:A100900-1 Reference: URL:http://www.atstake.com/research/advisories/2000/a100900-1.txt Reference: BID:1769 Reference: URL:http://www.securityfocus.com/bid/1769 Reference: XF:ical-csstart-gain-access Reference: URL:http://xforce.iss.net/static/5757.php Reference: OSVDB:7210 Reference: URL:http://www.osvdb.org/7210 csstart program in iCal 2.1 Patch 2 searches for the cshttpd program in the current working directory, which allows local users to gain root privileges by creating a Trojan Horse cshttpd program in a directory and calling csstart from that directory. ====================================================== Name: CVE-2000-1074 Status: Entry Reference: ATSTAKE:A100900-1 Reference: URL:http://www.atstake.com/research/advisories/2000/a100900-1.txt Reference: BID:1769 Reference: URL:http://www.securityfocus.com/bid/1769 Reference: XF:ical-csstart-gain-access Reference: URL:http://xforce.iss.net/static/5757.php Reference: OSVDB:7209 Reference: URL:http://www.osvdb.org/7209 csstart program in iCal 2.1 Patch 2 uses relative pathnames to install the libsocket and libnsl libraries, which could allow the icsuser account to gain root privileges by creating a Trojan Horse library in the current or parent directory. ====================================================== Name: CVE-2000-1075 Status: Entry Reference: BUGTRAQ:20001026 [CORE SDI ADVISORY] iPlanet Certificate Management System 4.2 path traversal bug Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0383.html Reference: CONFIRM:http://www.iplanet.com/downloads/patches/0122.html Reference: BID:1839 Reference: URL:http://www.securityfocus.com/bid/1839 Reference: XF:iplanet-netscape-directory-traversal Reference: URL:http://xforce.iss.net/static/5421.php Reference: OSVDB:4086 Reference: URL:http://www.osvdb.org/4086 Reference: OSVDB:486 Reference: URL:http://www.osvdb.org/486 Directory traversal vulnerability in iPlanet Certificate Management System 4.2 and Directory Server 4.12 allows remote attackers to read arbitrary files via a .. (dot dot) attack in the Agent, End Entity, or Administrator services. ====================================================== Name: CVE-2000-1077 Status: Entry Reference: BUGTRAQ:20001026 Buffer overflow in iPlanet Web Server 4 server side SHTML parsing module Reference: URL:http://www.securityfocus.com/archive/1/141435 Reference: XF:iplanet-web-server-shtml-bo Reference: URL:http://xforce.iss.net/static/5446.php Buffer overflow in the SHTML logging functionality of iPlanet Web Server 4.x allows remote attackers to execute arbitrary commands via a long filename with a .shtml extension. ====================================================== Name: CVE-2000-1080 Status: Entry Reference: BUGTRAQ:20001102 dos on quake1 servers Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97318797630246&w=2 Reference: CONFIRM:http://proquake.ai.mit.edu/ Reference: BID:1900 Reference: URL:http://www.securityfocus.com/bid/1900 Reference: XF:quake-empty-udp-dos(5527) Reference: URL:http://xforce.iss.net/xforce/xfdb/5527 Quake 1 (quake1) and ProQuake 1.01 and earlier allow remote attackers to cause a denial of service via a malformed (empty) UDP packet. ====================================================== Name: CVE-2000-1089 Status: Entry Reference: ATSTAKE:A120400-1 Reference: URL:http://www.stake.com/research/advisories/2000/a120400-1.txt Reference: MS:MS00-094 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-094.asp Reference: BID:2048 Reference: URL:http://www.securityfocus.com/bid/2048 Reference: XF:phone-book-service-bo(5623) Reference: URL:http://xforce.iss.net/xforce/xfdb/5623 Buffer overflow in Microsoft Phone Book Service allows local users to execute arbitrary commands, aka the "Phone Book Service Buffer Overflow" vulnerability. ====================================================== Name: CVE-2000-1094 Status: Entry Reference: ATSTAKE:A121200-1 Reference: URL:http://www.atstake.com/research/advisories/2000/a121200-1.txt Reference: BUGTRAQ:20001213 Administrivia & AOL IM Advisory Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97668265628917&w=2 Reference: BUGTRAQ:20001214 Re: AIM & @stake's advisory Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97683774417132&w=2 Reference: XF:aolim-buddyicon-bo Reference: OSVDB:1692 Reference: URL:http://www.osvdb.org/1692 Buffer overflow in AOL Instant Messenger (AIM) before 4.3.2229 allows remote attackers to execute arbitrary commands via a "buddyicon" command with a long "src" argument. ====================================================== Name: CVE-2000-1095 Status: Entry Reference: BUGTRAQ:20001112 RedHat 7.0 (and SuSE): modutils + netkit = root compromise. (fwd) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0179.html Reference: SUSE:SuSE-SA:2000:44 Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2000-q4/0596.html Reference: MANDRAKE:MDKSA-2000:071 Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-071-1.php3?dis=7.1 Reference: REDHAT:RHSA-2000:108 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-108.html Reference: DEBIAN:20001120 modutils: local exploit Reference: URL:http://www.debian.org/security/2000/20001120 Reference: CONECTIVA:CLSA-2000:340 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000340 Reference: BID:1936 Reference: URL:http://www.securityfocus.com/bid/1936 Reference: XF:linux-modprobe-execute-code Reference: URL:http://xforce.iss.net/static/5516.php modprobe in the modutils 2.3.x package on Linux systems allows a local user to execute arbitrary commands via shell metacharacters. ====================================================== Name: CVE-2000-1096 Status: Entry Reference: BUGTRAQ:20001116 vixie cron... Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0237.html Reference: DEBIAN:20001118a Reference: BID:1960 Reference: URL:http://www.securityfocus.com/bid/1960 Reference: XF:vixie-cron-execute-commands(5543) Reference: URL:http://xforce.iss.net/xforce/xfdb/5543 crontab by Paul Vixie uses predictable file names for a temporary file and does not properly ensure that the file is owned by the user executing the crontab -e command, which allows local users with write access to the crontab spool directory to execute arbitrary commands by creating world-writeable temporary files and modifying them while the victim is editing the file. ====================================================== Name: CVE-2000-1097 Status: Entry Reference: BUGTRAQ:20001129 DoS in Sonicwall SOHO firewall Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0406.html Reference: BUGTRAQ:20001201 FW: SonicWALL SOHO Vulnerability (fwd) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0435.html Reference: BID:2013 Reference: URL:http://www.securityfocus.com/bid/2013 Reference: XF:sonicwall-soho-dos(5596) Reference: URL:http://xforce.iss.net/xforce/xfdb/5596 Reference: OSVDB:1667 Reference: URL:http://www.osvdb.org/1667 The web server for the SonicWALL SOHO firewall allows remote attackers to cause a denial of service via a long username in the authentication page. ====================================================== Name: CVE-2000-1099 Status: Entry Reference: SUN:00199 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/199&type=0&nav=sec.sba Reference: HP:HPSBUX0011-132 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0011-132 Reference: XF:jdk-untrusted-java-class(5605) Reference: URL:http://xforce.iss.net/xforce/xfdb/5605 Reference: OSVDB:7255 Reference: URL:http://www.osvdb.org/7255 Java Runtime Environment in Java Development Kit (JDK) 1.2.2_05 and earlier can allow an untrusted Java class to call into a disallowed class, which could allow an attacker to escape the Java sandbox and conduct unauthorized activities. ====================================================== Name: CVE-2000-1101 Status: Entry Reference: BUGTRAQ:20001127 Vulnerability in Winsock FTPD 2.41/3.00 (Pro) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0386.html Reference: BID:2005 Reference: URL:http://www.securityfocus.com/bid/2005 Reference: XF:wftpd-dir-traverse(5608) Reference: URL:http://www.iss.net/security_center/static/5608.php Directory traversal vulnerability in Winsock FTPd (WFTPD) 3.00 and 2.41 with the "Restrict to home directory" option enabled allows local users to escape the home directory via a "/../" string, a variation of the .. (dot dot) attack. ====================================================== Name: CVE-2000-1106 Status: Entry Reference: BUGTRAQ:20001128 TrendMicro InterScan VirusWall shared folder problem Reference: URL:http://www.securityfocus.com/archive/1/147563 Reference: BUGTRAQ:20001201 Responding to BugTraq ID 2014 - "Trend Micro InterScan VirusWall Shared Directory Vulnerability" Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0016.html Reference: BID:2014 Reference: URL:http://www.securityfocus.com/bid/2014 Reference: XF:interscan-viruswall-unauth-access Reference: URL:http://xforce.iss.net/static/5606.php Trend Micro InterScan VirusWall creates an "Intscan" share to the "InterScan" directory with permissions that grant Full Control permissions to the Everyone group, which allows attackers to gain privileges by modifying the VirusWall programs. ====================================================== Name: CVE-2000-1107 Status: Entry Reference: BUGTRAQ:20001128 SuSE Linux 6.x 7.0 Ident buffer overflow Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0387.html Reference: BID:2015 Reference: URL:http://www.securityfocus.com/bid/2015 Reference: XF:linux-ident-bo Reference: URL:http://xforce.iss.net/static/5590.php in.identd ident server in SuSE Linux 6.x and 7.0 allows remote attackers to cause a denial of service via a long request, which causes the server to access a NULL pointer and crash. ====================================================== Name: CVE-2000-1108 Status: Entry Reference: BUGTRAQ:20001113 Problems with cons.saver Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0192.html Reference: DEBIAN:20001125 mc: local DoS Reference: URL:http://www.debian.org/security/2000/20001125 Reference: MANDRAKE:MDKSA-2000:078 Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-078.php3 Reference: BID:1945 Reference: URL:http://www.securityfocus.com/bid/1945 Reference: XF:midnight-commander-conssaver-symlink(5519) Reference: URL:http://xforce.iss.net/xforce/xfdb/5519 cons.saver in Midnight Commander (mc) 4.5.42 and earlier does not properly verify if an output file descriptor is a TTY, which allows local users to corrupt files by creating a symbolic link to the target file, calling mc, and specifying that link as a TTY argument. ====================================================== Name: CVE-2000-1109 Status: Entry Reference: BUGTRAQ:20001127 Midnight Commander Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0373.html Reference: DEBIAN:DSA-036 Reference: URL:http://www.debian.org/security/2001/dsa-036 Reference: SUSE:SuSE-SA:2001:11 Reference: URL:http://www.novell.com/linux/security/advisories/2001_011_mc.html Reference: BID:2016 Reference: URL:http://www.securityfocus.com/bid/2016 Reference: XF:midnight-commander-elevate-privileges(5929) Reference: URL:http://xforce.iss.net/static/5929.php Midnight Commander (mc) 4.5.51 and earlier does not properly process malformed directory names when a user opens a directory, which allows other local users to gain privileges by creating directories that contain special characters followed by the commands to be executed. ====================================================== Name: CVE-2000-1111 Status: Entry Reference: BUGTRAQ:20001129 Windows 2000 Telnet Service DoS Reference: URL:http://www.securityfocus.com/archive/1/147914 Reference: BID:2018 Reference: URL:http://www.securityfocus.com/bid/2018 Reference: XF:win2k-telnet-dos(5598) Reference: URL:http://xforce.iss.net/static/5598.php Telnet Service for Windows 2000 Professional does not properly terminate incomplete connection attempts, which allows remote attackers to cause a denial of service by connecting to the server and not providing any input. ====================================================== Name: CVE-2000-1112 Status: Entry Reference: MS:MS00-090 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-090.asp Reference: BID:1976 Reference: URL:http://www.securityfocus.com/bid/1976 Reference: XF:mediaplayer-wms-script-exe Reference: URL:http://xforce.iss.net/static/5575.php Microsoft Windows Media Player 7 executes scripts in custom skin (.WMS) files, which could allow remote attackers to gain privileges via a skin that contains a malicious script, aka the ".WMS Script Execution" vulnerability. ====================================================== Name: CVE-2000-1113 Status: Entry Reference: ATSTAKE:A112300-1 Reference: URL:http://www.atstake.com/research/advisories/2000/a112300-1.txt Reference: MS:MS00-090 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-090.asp Reference: BID:1980 Reference: URL:http://www.securityfocus.com/bid/1980 Reference: XF:mediaplayer-asx-bo Reference: URL:http://xforce.iss.net/static/5574.php Buffer overflow in Microsoft Windows Media Player allows remote attackers to execute arbitrary commands via a malformed Active Stream Redirector (.ASX) file, aka the ".ASX Buffer Overrun" vulnerability. ====================================================== Name: CVE-2000-1115 Status: Entry Reference: BUGTRAQ:20001122 602Pro Lan Suite Web Admin Overflow Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0299.html Reference: CONFIRM:http://www.software602.com/products/ls/support/newbuild.html Reference: BID:1979 Reference: URL:http://www.securityfocus.com/bid/1979 Reference: XF:software602-lan-suite-bo Reference: URL:http://xforce.iss.net/static/5583.php Buffer overflow in remote web administration component (webprox.dll) of 602Pro LAN SUITE before 2000.0.1.33 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request. ====================================================== Name: CVE-2000-1119 Status: Entry Reference: BUGTRAQ:20001201 Fixed local AIX V43 vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97569466809056&w=2 Reference: AIXAPAR:IY08812 Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY08812&apar=only Reference: AIXAPAR:IY10721 Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY10721&apar=only Reference: BID:2032 Reference: URL:http://www.securityfocus.com/bid/2032 Reference: XF:aix-setsenv-bo(5621) Reference: URL:http://xforce.iss.net/xforce/xfdb/5621 Reference: OSVDB:1676 Reference: URL:http://www.osvdb.org/1676 Buffer overflow in setsenv command in IBM AIX 4.3.x and earlier allows local users to execute arbitrary commands via a long "x=" argument. ====================================================== Name: CVE-2000-1120 Status: Entry Reference: BUGTRAQ:20001201 Fixed local AIX V43 vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97569466809056&w=2 Reference: AIXAPAR:IY08143 Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY08143&apar=only Reference: AIXAPAR:IY08287 Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY08287&apar=only Reference: BID:2033 Reference: URL:http://www.securityfocus.com/bid/2033 Reference: XF:aix-digest-bo(5620) Reference: URL:http://xforce.iss.net/xforce/xfdb/5620 Buffer overflow in digest command in IBM AIX 4.3.x and earlier allows local users to execute arbitrary commands. ====================================================== Name: CVE-2000-1121 Status: Entry Reference: BUGTRAQ:20001201 Fixed local AIX V43 vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97569466809056&w=2 Reference: AIXAPAR:IY08143 Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY08143&apar=only Reference: AIXAPAR:IY08287 Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY08287&apar=only Reference: BID:2034 Reference: URL:http://www.securityfocus.com/bid/2034 Reference: XF:aix-enq-bo(5619) Reference: URL:http://xforce.iss.net/xforce/xfdb/5619 Buffer overflow in enq command in IBM AIX 4.3.x and earlier may allow local users to execute arbitrary commands via a long -M argument. ====================================================== Name: CVE-2000-1122 Status: Entry Reference: BUGTRAQ:20001201 Fixed local AIX V43 vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97569466809056&w=2 Reference: AIXAPAR:IY07831 Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY07831&apar=only Reference: AIXAPAR:IY07790 Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY07790&apar=only Reference: BID:2035 Reference: URL:http://www.securityfocus.com/bid/2035 Buffer overflow in setclock command in IBM AIX 4.3.x and earlier may allow local users to execute arbitrary commands via a long argument. ====================================================== Name: CVE-2000-1123 Status: Entry Reference: BUGTRAQ:20001201 Fixed local AIX V43 vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97569466809056&w=2 Reference: AIXAPAR:IY12638 Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY12638&apar=only Reference: BID:2036 Reference: URL:http://www.securityfocus.com/bid/2036 Reference: XF:aix-pioout-bo Reference: URL:http://xforce.iss.net/static/5617.php Buffer overflow in pioout command in IBM AIX 4.3.x and earlier may allow local users to execute arbitrary commands. ====================================================== Name: CVE-2000-1124 Status: Entry Reference: BUGTRAQ:20001201 Fixed local AIX V43 vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97569466809056&w=2 Reference: AIXAPAR:IY12638 Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY12638&apar=only Reference: BID:2037 Reference: URL:http://www.securityfocus.com/bid/2037 Reference: XF:aix-piobe-bo(5616) Reference: URL:http://xforce.iss.net/static/5616.php Buffer overflow in piobe command in IBM AIX 4.3.x allows local users to gain privileges via long environmental variables. ====================================================== Name: CVE-2000-1131 Status: Entry Reference: BUGTRAQ:20001110 [hacksware] gbook.cgi remote command execution vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0144.html Reference: BID:1940 Reference: URL:http://www.securityfocus.com/bid/1940 Reference: XF:gbook-cgi-remote-execution Reference: URL:http://xforce.iss.net/static/5509.php Bill Kendrick web site guestbook (GBook) allows remote attackers to execute arbitrary commands via shell metacharacters in the _MAILTO form variable. ====================================================== Name: CVE-2000-1132 Status: Entry Reference: BUGTRAQ:20001114 Cgisecurity.com advisory on dcforum Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0218.html Reference: BID:1951 Reference: URL:http://www.securityfocus.com/bid/1951 Reference: CONFIRM:http://www.dcscripts.com/dcforum/dcfNews/124.html#1 Reference: XF:dcforum-cgi-view-files(5533) Reference: URL:http://xforce.iss.net/xforce/xfdb/5533 Reference: OSVDB:1646 Reference: URL:http://www.osvdb.org/1646 DCForum cgforum.cgi CGI script allows remote attackers to read arbitrary files, and delete the program itself, via a malformed "forum" variable. ====================================================== Name: CVE-2000-1135 Status: Entry Reference: DEBIAN:20001130 DSA-002-1 fsh: symlink attack Reference: URL:http://www.debian.org/security/2000/20001130 Reference: XF:linux-fsh-symlink(5633) Reference: URL:http://xforce.iss.net/xforce/xfdb/5633 Reference: OSVDB:7208 Reference: URL:http://www.osvdb.org/7208 fshd (fsh daemon) in Debian GNU/Linux allows local users to overwrite files of other users via a symlink attack. ====================================================== Name: CVE-2000-1136 Status: Entry Reference: BUGTRAQ:20001122 New version of elvis-tiny released Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97502995616099&w=2 Reference: BID:1984 Reference: URL:http://www.securityfocus.com/bid/1984 Reference: XF:linux-tinyelvis-tmpfiles Reference: URL:http://xforce.iss.net/static/5632.php elvis-tiny before 1.4-10 in Debian GNU/Linux, and possibly other Linux operating systems, allows local users to overwrite files of other users via a symlink attack. ====================================================== Name: CVE-2000-1137 Status: Entry Reference: DEBIAN:20001129 DSA-001-1 ed: symlink attack Reference: URL:http://www.debian.org/security/2000/20001129 Reference: MANDRAKE:MDKSA-2000:076 Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-076.php3 Reference: REDHAT:RHSA-2000:123 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-123.html Reference: BUGTRAQ:20001211 Immunix OS Security update for ed Reference: CONECTIVA:CLA-2000:359-2 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000359 Reference: XF:gnu-ed-symlink(5723) Reference: URL:http://xforce.iss.net/xforce/xfdb/5723 Reference: OSVDB:6491 Reference: URL:http://www.osvdb.org/6491 GNU ed before 0.2-18.1 allows local users to overwrite the files of other users via a symlink attack. ====================================================== Name: CVE-2000-1139 Status: Entry Reference: MS:MS00-088 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-088.asp Reference: BID:1958 Reference: URL:http://www.securityfocus.com/bid/1958 Reference: XF:ms-exchange-username-pwd(5537) Reference: URL:http://xforce.iss.net/xforce/xfdb/5537 The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known password, which could allow attackers to gain privileges, aka the "Exchange User Account" vulnerability. ====================================================== Name: CVE-2000-1140 Status: Entry Reference: BUGTRAQ:20001102 Mantrap By Recourse Technologies - Fate Advisory (11-01-00) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0041.html Reference: BUGTRAQ:20001107 Vendor Response Re: Mantrap Advisory Vendor Followup - Fate Research Labs Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0100.html Reference: BID:1908 Reference: URL:http://www.securityfocus.com/bid/1908 Reference: XF:mantrap-hidden-processes Reference: URL:http://xforce.iss.net/static/5473.php Recourse ManTrap 1.6 does not properly hide processes from attackers, which could allow attackers to determine that they are in a honeypot system by comparing the results from kill commands with the process listing in the /proc filesystem. ====================================================== Name: CVE-2000-1141 Status: Entry Reference: BUGTRAQ:20001102 Mantrap By Recourse Technologies - Fate Advisory (11-01-00) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0041.html Reference: BUGTRAQ:20001107 Vendor Response Re: Mantrap Advisory Vendor Followup - Fate Research Labs Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0100.html Reference: BUGTRAQ:20001105 Mantrap Advisory Vendor Followup - Fate Research Labs Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97349791405580&w=2 Reference: XF:mantrap-hidden-processes Reference: URL:http://xforce.iss.net/static/5473.php Recourse ManTrap 1.6 modifies the kernel so that ".." does not appear in the /proc listing, which allows attackers to determine that they are in a honeypot system. ====================================================== Name: CVE-2000-1142 Status: Entry Reference: BUGTRAQ:20001102 Mantrap By Recourse Technologies - Fate Advisory (11-01-00) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0041.html Reference: BUGTRAQ:20001107 Vendor Response Re: Mantrap Advisory Vendor Followup - Fate Research Labs Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0100.html Reference: BUGTRAQ:20001105 Mantrap Advisory Vendor Followup - Fate Research Labs Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97349791405580&w=2 Reference: XF:mantrap-pwd-reveal-information Reference: URL:http://xforce.iss.net/static/5949.php Recourse ManTrap 1.6 generates an error when an attacker cd's to /proc/self/cwd and executes the pwd command, which allows attackers to determine that they are in a honeypot system. ====================================================== Name: CVE-2000-1143 Status: Entry Reference: BUGTRAQ:20001102 Mantrap By Recourse Technologies - Fate Advisory (11-01-00) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0041.html Reference: BUGTRAQ:20001107 Vendor Response Re: Mantrap Advisory Vendor Followup - Fate Research Labs Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0100.html Reference: BUGTRAQ:20001105 Mantrap Advisory Vendor Followup - Fate Research Labs Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97349791405580&w=2 Reference: XF:mantrap-hidden-processes Reference: URL:http://xforce.iss.net/static/5473.php Recourse ManTrap 1.6 hides the first 4 processes that run on a Solaris system, which allows attackers to determine that they are in a honeypot system. ====================================================== Name: CVE-2000-1144 Status: Entry Reference: BUGTRAQ:20001102 Mantrap By Recourse Technologies - Fate Advisory (11-01-00) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0041.html Reference: BUGTRAQ:20001107 Vendor Response Re: Mantrap Advisory Vendor Followup - Fate Research Labs Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0100.html Reference: BID:1909 Reference: URL:http://www.securityfocus.com/bid/1909 Reference: BUGTRAQ:20001105 Mantrap Advisory Vendor Followup - Fate Research Labs Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97349791405580&w=2 Reference: XF:mantrap-inode-disclosure Reference: URL:http://xforce.iss.net/static/5472.php Recourse ManTrap 1.6 sets up a chroot environment to hide the fact that it is running, but the inode number for the resulting "/" file system is higher than normal, which allows attackers to determine that they are in a chroot environment. ====================================================== Name: CVE-2000-1145 Status: Entry Reference: BUGTRAQ:20001102 Mantrap By Recourse Technologies - Fate Advisory (11-01-00) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0041.html Reference: BUGTRAQ:20001107 Vendor Response Re: Mantrap Advisory Vendor Followup - Fate Research Labs Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0100.html Reference: BUGTRAQ:20001105 Mantrap Advisory Vendor Followup - Fate Research Labs Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97349791405580&w=2 Reference: XF:mantrap-identify-processes Reference: URL:http://xforce.iss.net/static/5950.php Recourse ManTrap 1.6 allows attackers who have gained root access to use utilities such as crash or fsdb to read /dev/mem and raw disk devices to identify ManTrap processes or modify arbitrary data files. ====================================================== Name: CVE-2000-1146 Status: Entry Reference: BUGTRAQ:20001102 Mantrap By Recourse Technologies - Fate Advisory (11-01-00) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0041.html Reference: BUGTRAQ:20001107 Vendor Response Re: Mantrap Advisory Vendor Followup - Fate Research Labs Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0100.html Reference: BID:1913 Reference: URL:http://www.securityfocus.com/bid/1913 Reference: BUGTRAQ:20001105 Mantrap Advisory Vendor Followup - Fate Research Labs Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97349791405580&w=2 Reference: XF:mantrap-dir-dos Reference: URL:http://xforce.iss.net/static/5528.php Recourse ManTrap 1.6 allows attackers to cause a denial of service via a sequence of commands that navigate into and out of the /proc/self directory and executing various commands such as ls or pwd. ====================================================== Name: CVE-2000-1148 Status: Entry Reference: BUGTRAQ:20001104 Filesystem Access + VolanoChat = VChat admin (fwd) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0072.html Reference: BUGTRAQ:20001106 Re: FW: Filesystem Access + VolanoChat = VChat admin (fwd) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0085.html Reference: BID:1906 Reference: URL:http://www.securityfocus.com/bid/1906 Reference: XF:volanochatpro-plaintext-password Reference: URL:http://xforce.iss.net/static/5465.php The installation of VolanoChatPro chat server sets world-readable permissions for its configuration file and stores the server administrator passwords in plaintext, which allows local users to gain privileges on the server. ====================================================== Name: CVE-2000-1149 Status: Entry Reference: BUGTRAQ:20001108 [CORE SDI ADVISORY] MS NT4.0 Terminal Server Edition GINA buffer overflow Reference: URL:http://www.securityfocus.com/archive/1/143991 Reference: MS:MS00-087 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-087.asp Reference: BID:1924 Reference: URL:http://www.securityfocus.com/bid/1924 Reference: XF:nt-termserv-gina-bo Reference: URL:http://xforce.iss.net/static/5489.php Buffer overflow in RegAPI.DLL used by Windows NT 4.0 Terminal Server allows remote attackers to execute arbitrary commands via a long username, aka the "Terminal Server Login Buffer Overflow" vulnerability. ====================================================== Name: CVE-2000-1162 Status: Entry Reference: CALDERA:CSSA-2000-041 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-041.0.txt Reference: MANDRAKE:MDKSA-2000:074 Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-074.php3 Reference: CONECTIVA:CLSA-2000:343 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000343 Reference: REDHAT:RHSA-2000:114 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-114.html Reference: DEBIAN:20001123 ghostscript: symlink attack Reference: URL:http://www.debian.org/security/2000/20001123 Reference: BID:1990 Reference: URL:http://www.securityfocus.com/bid/1990 Reference: XF:ghostscript-sym-link Reference: URL:http://xforce.iss.net/static/5563.php ghostscript before 5.10-16 allows local users to overwrite files of other users via a symlink attack. ====================================================== Name: CVE-2000-1163 Status: Entry Reference: CALDERA:CSSA-2000-041 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-041.0.txt Reference: MANDRAKE:MDKSA-2000:074 Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-074.php3 Reference: CONECTIVA:CLSA-2000:343 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000343 Reference: DEBIAN:20001123 ghostscript: symlink attack Reference: URL:http://www.debian.org/security/2000/20001123 Reference: BID:1991 Reference: URL:http://www.securityfocus.com/bid/1991 Reference: XF:ghostscript-env-variable Reference: URL:http://xforce.iss.net/static/5564.php ghostscript before 5.10-16 uses an empty LD_RUN_PATH environmental variable to find libraries in the current directory, which could allow local users to execute commands as other users by placing a Trojan horse library into a directory from which another user executes ghostscript. ====================================================== Name: CVE-2000-1164 Status: Entry Reference: BUGTRAQ:20001118 WinVNC 3.3.x Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0253.html Reference: BID:1961 Reference: URL:http://www.securityfocus.com/bid/1961 Reference: XF:winvnc-modify-registry(5545) Reference: URL:http://xforce.iss.net/xforce/xfdb/5545 WinVNC installs the WinVNC3 registry key with permissions that give Special Access (read and modify) to the Everybody group, which allows users to read and modify sensitive information such as passwords and gain access to the system. ====================================================== Name: CVE-2000-1165 Status: Entry Reference: BUGTRAQ:20001122 DoS possibility in syslog-ng Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0300.html Reference: FREEBSD:FreeBSD-SA-01:02 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:02.syslog-ng.asc Reference: CONFIRM:http://www.balabit.hu/products/syslog-ng/ Reference: BID:1981 Reference: URL:http://www.securityfocus.com/bid/1981 Reference: XF:balabit-syslog-ng-dos(5576) Reference: URL:http://xforce.iss.net/xforce/xfdb/5576 Balabit syslog-ng allows remote attackers to cause a denial of service (application crash) via a malformed log message that does not have a closing > in the priority specifier. ====================================================== Name: CVE-2000-1166 Status: Entry Reference: BUGTRAQ:20001124 Security problems with TWIG webmail system Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0351.html Reference: CONFIRM:http://twig.screwdriver.net/file.php3?file=CHANGELOG Reference: BID:1998 Reference: URL:http://www.securityfocus.com/bid/1998 Reference: XF:twig-php3-script-execute(5581) Reference: URL:http://xforce.iss.net/xforce/xfdb/5581 Twig webmail system does not properly set the "vhosts" variable if it is not configured on the site, which allows remote attackers to insert arbitrary PHP (PHP3) code by specifying an alternate vhosts as an argument to the index.php3 program. ====================================================== Name: CVE-2000-1167 Status: Entry Reference: FREEBSD:FreeBSD-SA-00:70 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:70.ppp-nat.asc Reference: BID:1974 Reference: URL:http://www.securityfocus.com/bid/1974 Reference: XF:freebsd-ppp-bypass-gateway(5584) Reference: URL:http://xforce.iss.net/xforce/xfdb/5584 Reference: OSVDB:1655 Reference: URL:http://www.osvdb.org/1655 ppp utility in FreeBSD 4.1.1 and earlier does not properly restrict access as specified by the "nat deny_incoming" command, which allows remote attackers to connect to the target system. ====================================================== Name: CVE-2000-1169 Status: Entry Reference: BUGTRAQ:20001123 OpenSSH Security Advisory (adv.fwd) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0195.html Reference: MANDRAKE:MDKSA-2000:068 Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-068.php3 Reference: BUGTRAQ:20001115 Trustix Security Advisory - bind and openssh (and modutils) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0217.html Reference: DEBIAN:20001118 openssh: possible remote exploit Reference: URL:http://www.debian.org/security/2000/20001118 Reference: CONECTIVA:CLSA-2000:345 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000345 Reference: REDHAT:RHSA-2000:111 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-111.html Reference: SUSE:SuSE-SA:2000:47 Reference: URL:http://lists.suse.com/archives/suse-security-announce/2000-Nov/0004.html Reference: BID:1949 Reference: URL:http://www.securityfocus.com/bid/1949 Reference: XF:openssh-unauthorized-access(5517) Reference: URL:http://xforce.iss.net/xforce/xfdb/5517 Reference: OSVDB:2114 Reference: URL:http://www.osvdb.org/2114 Reference: OSVDB:6248 Reference: URL:http://www.osvdb.org/6248 OpenSSH SSH client before 2.3.0 does not properly disable X11 or agent forwarding, which could allow a malicious SSH server to gain access to the X11 display and sniff X11 events, or gain access to the ssh-agent. ====================================================== Name: CVE-2000-1170 Status: Entry Reference: BUGTRAQ:20001115 Netsnap Webcam Software Remote Overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97439536016554&w=2 Reference: CONFIRM:http://www.netsnap.com/new.htm Reference: BID:1956 Reference: URL:http://www.securityfocus.com/bid/1956 Reference: XF:netsnap-remote-bo(5534) Reference: URL:http://xforce.iss.net/xforce/xfdb/5534 Buffer overflow in Netsnap webcam HTTP server before 1.2.9 allows remote attackers to execute arbitrary commands via a long GET request. ====================================================== Name: CVE-2000-1171 Status: Entry Reference: BUGTRAQ:20001120 CGIForum 1.0 Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0263.html Reference: XF:cgiforum-view-files(5553) Reference: URL:http://xforce.iss.net/xforce/xfdb/5553 Reference: BID:1963 Reference: URL:http://www.securityfocus.com/bid/1963 Directory traversal vulnerability in cgiforum.pl script in CGIForum 1.0 allows remote attackers to ready arbitrary files via a .. (dot dot) attack in the "thesection" parameter. ====================================================== Name: CVE-2000-1174 Status: Entry Reference: BUGTRAQ:20001118 [hacksware] Ethereal 0.8.13 AFS ACL parsing buffer overflow bug Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0251.html Reference: DEBIAN:20001121 ethereal: remote exploit Reference: URL:http://www.debian.org/security/2000/20001122a Reference: CONECTIVA:CLSA-2000:342 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000342 Reference: REDHAT:RHSA-2000:116 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-116.html Reference: FREEBSD:FreeBSD-SA-00:81 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:81.ethereal.asc Reference: XF:ethereal-afs-bo(5557) Reference: URL:http://xforce.iss.net/xforce/xfdb/5557 Reference: BID:1972 Reference: URL:http://www.securityfocus.com/bid/1972 Multiple buffer overflows in AFS ACL parser for Ethereal 0.8.13 and earlier allows remote attackers to execute arbitrary commands via a packet with a long username. ====================================================== Name: CVE-2000-1178 Status: Entry Reference: BUGTRAQ:20001116 Joe's Own Editor File Link Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0227.html Reference: REDHAT:RHSA-2000:110 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-110.html Reference: MANDRAKE:MDKSA-2000:072 Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-072.php3 Reference: CONECTIVA:CLA-2000:356 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000356 Reference: DEBIAN:20001122 Reference: DEBIAN:20001201 DSA-003-1 joe: symlink attack Reference: URL:http://www.debian.org/security/2000/20001201 Reference: BUGTRAQ:20001121 Immunix OS Security update for joe Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97500174210821&w=2 Reference: BID:1959 Reference: URL:http://www.securityfocus.com/bid/1959 Reference: XF:joe-symlink-corruption(5546) Reference: URL:http://xforce.iss.net/xforce/xfdb/5546 Joe text editor follows symbolic links when creating a rescue copy called DEADJOE during an abnormal exit, which allows local users to overwrite the files of other users whose joe session crashes. ====================================================== Name: CVE-2000-1179 Status: Entry Reference: BUGTRAQ:20001115 Netopia ISDN Router 650-ST: Viewing of all system logs without login Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97440068130051&w=2 Reference: BID:1952 Reference: URL:http://www.securityfocus.com/bid/1952 Reference: XF:netopia-view-system-log(5536) Reference: URL:http://xforce.iss.net/xforce/xfdb/5536 Netopia ISDN Router 650-ST before 4.3.5 allows remote attackers to read system logs without authentication by directly connecting to the login screen and typing certain control characters. ====================================================== Name: CVE-2000-1180 Status: Entry Reference: BUGTRAQ:20001120 vulnerability in Connection Manager Control binary in Oracle Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97474521003453&w=2 Reference: BUGTRAQ:20010118 Patch for Potential Security Vulnerability in Oracle Connection Manager Control Reference: BID:1968 Reference: URL:http://www.securityfocus.com/bid/1968 Reference: XF:oracle-cmctl-bo(5551) Reference: URL:http://xforce.iss.net/xforce/xfdb/5551 Buffer overflow in cmctl program in Oracle 8.1.5 Connection Manager Control allows local users to gain privileges via a long command line argument. ====================================================== Name: CVE-2000-1181 Status: Entry Reference: BUGTRAQ:20001116 [CORE SDI ADVISORY] RealServer memory contents disclosure Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0236.html Reference: CONFIRM:http://service.real.com/help/faq/security/memory.html Reference: BID:1957 Reference: URL:http://www.securityfocus.com/bid/1957 Reference: XF:realserver-gain-access(5538) Reference: URL:http://xforce.iss.net/xforce/xfdb/5538 Real Networks RealServer 7 and earlier allows remote attackers to obtain portions of RealServer's memory contents, possibly including sensitive information, by accessing the /admin/includes/ URL. ====================================================== Name: CVE-2000-1182 Status: Entry Reference: BUGTRAQ:20001116 Possible Watchguard Firebox II DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0224.html Reference: CONFIRM:https://www.watchguard.com/support/patches.html Reference: BID:1953 Reference: URL:http://www.securityfocus.com/bid/1953 Reference: XF:watchguard-firebox-ftp-dos(5535) Reference: URL:http://xforce.iss.net/xforce/xfdb/5535 WatchGuard Firebox II allows remote attackers to cause a denial of service by flooding the Firebox with a large number of FTP or SMTP requests, which disables proxy handling. ====================================================== Name: CVE-2000-1184 Status: Entry Reference: FREEBSD:FreeBSD-SA-00:69 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:69.telnetd.v1.1.asc Reference: XF:telnetd-termcap-dos(5959) Reference: URL:http://xforce.iss.net/xforce/xfdb/5959 Reference: OSVDB:6083 Reference: URL:http://www.osvdb.org/6083 telnetd in FreeBSD 4.2 and earlier, and possibly other operating systems, allows remote attackers to cause a denial of service by specifying an arbitrary large file in the TERMCAP environmental variable, which consumes resources as the server processes the file. ====================================================== Name: CVE-2000-1187 Status: Entry Reference: REDHAT:RHSA-2000:109 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-109.html Reference: CONECTIVA:CLSA-2000:344 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000344 Reference: SUSE:SuSE-SA:2000:48 Reference: URL:http://lists.suse.com/archives/suse-security-announce/2000-Nov/0005.html Reference: FREEBSD:FreeBSD-SA-00:66 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:66.netscape.asc Reference: BUGTRAQ:20001121 Immunix OS Security update for netscape Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97500270012529&w=2 Reference: XF:netscape-client-html-bo Reference: URL:http://xforce.iss.net/static/5542.php Reference: OSVDB:7207 Reference: URL:http://www.osvdb.org/7207 Buffer overflow in the HTML parser for Netscape 4.75 and earlier allows remote attackers to execute arbitrary commands via a long password value in a form field. ====================================================== Name: CVE-2000-1189 Status: Entry Reference: REDHAT:RHSA-2000:120 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-120.html Reference: CONECTIVA:CLA-2000:358 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000358 Reference: MANDRAKE:MDKSA-2000:082-1 Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-082.php3 Reference: XF:pam-localuser-bo(5747) Reference: URL:http://xforce.iss.net/xforce/xfdb/5747 Buffer overflow in pam_localuser PAM module in Red Hat Linux 7.x and 6.x allows attackers to gain privileges. ====================================================== Name: CVE-2000-1190 Status: Entry Reference: BUGTRAQ:20000531 Re: strike#2 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95984116811100&w=2 Reference: REDHAT:RHSA-2000:016 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-016.html Reference: XF:linux-imwheel-symlink(4941) Reference: URL:http://www.iss.net/security_center/static/4941.php imwheel-solo in imwheel package allows local users to modify arbitrary files via a symlink attack from the .imwheelrc file. ====================================================== Name: CVE-2000-1193 Status: Entry Reference: BUGTRAQ:20000412 Performance Copilot for IRIX 6.5 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0056.html Reference: XF:irix-pcp-pmcd-dos(4284) Reference: URL:http://xforce.iss.net/static/4284.php Reference: SGI:20020407-01-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020407-01-I Performance Metrics Collector Daemon (PMCD) in Performance Copilot in IRIX 6.x allows remote attackers to cause a denial of service (resource exhaustion) via an extremely long string to the PMCD port. ====================================================== Name: CVE-2000-1195 Status: Entry Reference: CALDERA:CSSA-2000-008.0 Reference: URL:http://www.caldera.com/support/security/advisories/CSSA-2000-008.0.txt Reference: XF:telnetd-login-bypass(4225) Reference: URL:http://xforce.iss.net/static/4225.php telnet daemon (telnetd) from the Linux netkit package before netkit-telnet-0.16 allows remote attackers to bypass authentication when telnetd is running with the -L command line option. ====================================================== Name: CVE-2000-1196 Status: Entry Reference: CONFIRM:http://docs.iplanet.com/docs/manuals/pubx/2.5.2_Relnotes.html Reference: MISC:http://packetstormsecurity.org/0004-exploits/ooo1.txt Reference: XF:publishingxpert-pscoerrpage-url(7362) Reference: URL:http://xforce.iss.net/static/7362.php PSCOErrPage.htm in Netscape PublishingXpert 2.5 before SP2 allows remote attackers to read arbitrary files by specifying the target file in the errPagePath parameter. ====================================================== Name: CVE-2000-1200 Status: Entry Reference: BUGTRAQ:20000201 Windows NT and account list leak ! A new SID usage Reference: URL:http://www.securityfocus.com/archive/1/44430 Reference: XF:nt-lsa-domain-sid(4015) Reference: URL:http://xforce.iss.net/static/4015.php Reference: BID:959 Reference: URL:http://www.securityfocus.com/bid/959 Windows NT allows remote attackers to list all users in a domain by obtaining the domain SID with the LsaQueryInformationPolicy policy function via a null session and using the SID to list the users. ====================================================== Name: CVE-2000-1203 Status: Entry Reference: VULN-DEV:20000520 Infinite loop in LOTUS NOTE 5.0.3. SMTP SERVER Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=95886062521327&w=2 Reference: BUGTRAQ:20010820 Lotus Domino DoS Reference: URL:http://www.securityfocus.com/cgi-bin/archive.pl?id=1&start=2002-01-21&end=2002-01-27&mid=209116&threads=1 Reference: BUGTRAQ:20010823 Lotus Domino DoS solution Reference: URL:http://www.securityfocus.com/archive/1/209754 Reference: BID:3212 Reference: URL:http://www.securityfocus.com/bid/3212 Reference: XF:lotus-domino-bounced-message-dos(7012) Reference: URL:http://xforce.iss.net/xforce/xfdb/7012 Lotus Domino SMTP server 4.63 through 5.08 allows remote attackers to cause a denial of service (CPU consumption) by forging an email message with the sender as bounce@[127.0.0.1] (localhost), which causes Domino to enter a mail loop. ====================================================== Name: CVE-2000-1210 Status: Entry Reference: BUGTRAQ:20000322 Security bug in Apache project: Jakarta Tomcat Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95371672300045&w=2 Reference: XF:apache-tomcat-file-contents(4205) Reference: URL:http://www.iss.net/security_center/static/4205.php Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp. ====================================================== Name: CVE-2000-1211 Status: Entry Reference: BUGTRAQ:20001222 Zope DTML Role Issue Reference: REDHAT:RHSA-2000:125 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-125.html Reference: CONFIRM:http://www.zope.org/Products/Zope/Hotfix_2000-12-08/security_alert Reference: MANDRAKE:MDKSA-2000:083 Reference: URL:http://www.linux-mandrake.com/en/security/2000/MDKSA-2000-083.php3 Reference: XF:zope-legacy-names(5824) Reference: URL:http://www.iss.net/security_center/static/5824.php Reference: OSVDB:6282 Reference: URL:http://www.osvdb.org/6282 Zope 2.2.0 through 2.2.4 does not properly perform security registration for legacy names of object constructors such as DTML method objects, which could allow attackers to perform unauthorized activities. ====================================================== Name: CVE-2000-1212 Status: Entry Reference: MANDRAKE:MDKSA-2000:086 Reference: URL:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2000:086 Reference: CONECTIVA:CLA-2000:365 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000365 Reference: DEBIAN:DSA-007 Reference: URL:http://www.debian.org/security/2001/dsa-007 Reference: CONFIRM:http://www.zope.org/Products/Zope/Hotfix_2000-12-18/security_alert Reference: REDHAT:RHSA-2000:135 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-135.html Reference: XF:zope-image-file(5778) Reference: URL:http://xforce.iss.net/xforce/xfdb/5778 Reference: OSVDB:6283 Reference: URL:http://www.osvdb.org/6283 Zope 2.2.0 through 2.2.4 does not properly protect a data updating method on Image and File objects, which allows attackers with DTML editing privileges to modify the raw data of these objects. ====================================================== Name: CVE-2001-0001 Status: Entry Reference: BUGTRAQ:20010213 RFP2101: RFPlutonium to fuel your PHP-Nuke Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0257.html Reference: XF:php-nuke-elevate-privileges(6183) Reference: URL:http://xforce.iss.net/static/6183.php cookiedecode function in PHP-Nuke 4.4 allows users to bypass authentication and gain access to other user accounts by extracting the authentication information from a cookie. ====================================================== Name: CVE-2001-0002 Status: Entry Reference: MS:MS01-015 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-015.asp Reference: BUGTRAQ:20001120 IE 5.x/Outlook allows executing arbitrary programs using .chm files and temporary internet files folder Reference: MISC:http://www.guninski.com/chmtempmain.html Reference: BID:2456 Reference: URL:http://www.securityfocus.com/bid/2456 Reference: OSVDB:7823 Reference: URL:http://www.osvdb.org/7823 Reference: OVAL:oval:org.mitre.oval:def:920 Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:920 Reference: XF:ie-chm-execute-files(5567) Reference: URL:http://xforce.iss.net/xforce/xfdb/5567 Internet Explorer 5.5 and earlier allows remote attackers to obtain the physical location of cached content and open the content in the Local Computer Zone, then use compiled HTML help (.chm) files to execute arbitrary programs. ====================================================== Name: CVE-2001-0003 Status: Entry Reference: MS:MS01-001 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-001.asp Reference: XF:wec-ntlm-authentication Reference: URL:http://xforce.iss.net/static/5920.php Reference: BID:2199 Reference: URL:http://www.securityfocus.com/bid/2199 Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and Windows Me does not properly process Internet Explorer security settings for NTLM authentication, which allows attackers to obtain NTLM credentials and possibly obtain the password, aka the "Web Client NTLM Authentication" vulnerability. ====================================================== Name: CVE-2001-0004 Status: Entry Reference: BUGTRAQ:20010108 IIS 5.0 allows viewing files using %3F+.htr Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97897954625305&w=2 Reference: MS:MS01-004 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-004.asp Reference: BID:2313 Reference: URL:http://www.securityfocus.com/bid/2313 Reference: XF:iis-read-files(5903) Reference: URL:http://xforce.iss.net/static/5903.php IIS 5.0 and 4.0 allows remote attackers to read the source code for executable web server programs by appending "%3F+.htr" to the requested URL, which causes the files to be parsed by the .HTR ISAPI extension, aka a variant of the "File Fragment Reading via .HTR" vulnerability. ====================================================== Name: CVE-2001-0005 Status: Entry Reference: ATSTAKE:A012301-1 Reference: URL:http://www.atstake.com/research/advisories/2001/a012301-1.txt Reference: MS:MS01-002 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-002.asp Reference: XF:powerpoint-execute-code(5996) Reference: URL:http://xforce.iss.net/xforce/xfdb/5996 Buffer overflow in the parsing mechanism of the file loader in Microsoft PowerPoint 2000 allows attackers to execute arbitrary commands. ====================================================== Name: CVE-2001-0006 Status: Entry Reference: BUGTRAQ:20010126 ntsecurity.nu advisory: Winsock Mutex Vulnerability in Windows NT 4.0 SP6 and below Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98075221915234&w=2 Reference: MS:MS01-003 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-003.asp Reference: XF:winnt-mutex-dos(6006) Reference: URL:http://xforce.iss.net/xforce/xfdb/6006 The Winsock2ProtocolCatalogMutex mutex in Windows NT 4.0 has inappropriate Everyone/Full Control permissions, which allows local users to modify the permissions to "No Access" and disable Winsock network connectivity to cause a denial of service, aka the "Winsock Mutex" vulnerability. ====================================================== Name: CVE-2001-0007 Status: Entry Reference: BUGTRAQ:20010109 NSFOCUS SA2001-01: NetScreen Firewall WebUI Buffer Overflow vulnerability Reference: URL:http://www.securityfocus.com/archive/1/155149 Reference: BID:2176 Reference: URL:http://www.securityfocus.com/bid/2176 Reference: XF:netscreen-webui-bo(5908) Reference: URL:http://xforce.iss.net/static/5908.php Reference: OSVDB:1707 Reference: URL:http://www.osvdb.org/1707 Buffer overflow in NetScreen Firewall WebUI allows remote attackers to cause a denial of service via a long URL request to the web administration interface. ====================================================== Name: CVE-2001-0008 Status: Entry Reference: CERT:CA-2001-01 Reference: URL:http://www.cert.org/advisories/CA-2001-01.html Reference: BID:2192 Reference: URL:http://www.securityfocus.com/bid/2192 Reference: XF:interbase-backdoor-account(5911) Reference: URL:http://xforce.iss.net/static/5911.php Backdoor account in Interbase database server allows remote attackers to overwrite arbitrary files using stored procedures. ====================================================== Name: CVE-2001-0009 Status: Entry Reference: BUGTRAQ:20010105 Lotus Domino 5.0.5 Web Server vulnerability - reading files outside the web root Reference: URL:http://www.securityfocus.com/archive/1/154537 Reference: BUGTRAQ:20010109 bugtraq id 2173 Lotus Domino Server Reference: URL:http://www.securityfocus.com/archive/1/155124 Reference: BID:2173 Reference: URL:http://www.securityfocus.com/bid/2173 Reference: XF:lotus-domino-directory-traversal(5899) Reference: URL:http://xforce.iss.net/static/5899.php Reference: OSVDB:1703 Reference: URL:http://www.osvdb.org/1703 Directory traversal vulnerability in Lotus Domino 5.0.5 web server allows remote attackers to read arbitrary files via a .. attack. ====================================================== Name: CVE-2001-0010 Status: Entry Reference: NAI:20010129 Vulnerabilities in BIND 4 and 8 Reference: URL:http://www.nai.com/research/covert/advisories/047.asp Reference: CERT:CA-2001-02 Reference: URL:http://www.cert.org/advisories/CA-2001-02.html Reference: IBM:ERS-SVA-E01-2001:002.1 Reference: DEBIAN:DSA-026 Reference: URL:http://www.debian.org/security/2001/dsa-026 Reference: MANDRAKE:MDKSA-2001-017 Reference: REDHAT:RHSA-2001:007 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-007.html Reference: CONECTIVA:000377 Reference: FREEBSD:FreeBSD-SA-01:18 Reference: XF:bind-tsig-bo Reference: BID:2302 Reference: URL:http://www.securityfocus.com/bid/2302 Buffer overflow in transaction signature (TSIG) handling code in BIND 8 allows remote attackers to gain root privileges. ====================================================== Name: CVE-2001-0011 Status: Entry Reference: NAI:20010129 Vulnerabilities in BIND 4 and 8 Reference: URL:http://www.nai.com/research/covert/advisories/047.asp Reference: CERT:CA-2001-02 Reference: URL:http://www.cert.org/advisories/CA-2001-02.html Reference: IBM:ERS-SVA-E01-2001:002.1 Reference: MANDRAKE:MDKSA-2001-017 Reference: REDHAT:RHSA-2001:007 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-007.html Reference: CONECTIVA:000377 Reference: FREEBSD:FreeBSD-SA-01:18 Reference: XF:bind-complain-bo Reference: BID:2307 Reference: URL:http://www.securityfocus.com/bid/2307 Buffer overflow in nslookupComplain function in BIND 4 allows remote attackers to gain root privileges. ====================================================== Name: CVE-2001-0012 Status: Entry Reference: NAI:20010129 Vulnerabilities in BIND 4 and 8 Reference: URL:http://www.nai.com/research/covert/advisories/047.asp Reference: CERT:CA-2001-02 Reference: URL:http://www.cert.org/advisories/CA-2001-02.html Reference: DEBIAN:DSA-026 Reference: URL:http://www.debian.org/security/2001/dsa-026 Reference: IBM:ERS-SVA-E01-2001:002.1 Reference: MANDRAKE:MDKSA-2001-017 Reference: REDHAT:RHSA-2001:007 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-007.html Reference: CONECTIVA:000377 Reference: FREEBSD:FreeBSD-SA-01:18 Reference: XF:bind-inverse-query-disclosure Reference: BID:2321 Reference: URL:http://www.securityfocus.com/bid/2321 BIND 4 and BIND 8 allow remote attackers to access sensitive information such as environment variables. ====================================================== Name: CVE-2001-0013 Status: Entry Reference: NAI:20010129 Vulnerabilities in BIND 4 and 8 Reference: URL:http://www.nai.com/research/covert/advisories/047.asp Reference: CERT:CA-2001-02 Reference: URL:http://www.cert.org/advisories/CA-2001-02.html Reference: IBM:ERS-SVA-E01-2001:002.1 Reference: MANDRAKE:MDKSA-2001-017 Reference: REDHAT:RHSA-2001:007 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-007.html Reference: CONECTIVA:000377 Reference: FREEBSD:FreeBSD-SA-01:18 Reference: XF:bind-complain-format-string Reference: BID:2309 Reference: URL:http://www.securityfocus.com/bid/2309 Format string vulnerability in nslookupComplain function in BIND 4 allows remote attackers to gain root privileges. ====================================================== Name: CVE-2001-0014 Status: Entry Reference: MS:MS01-006 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-006.asp Reference: XF:win2k-rdp-dos Reference: BID:2326 Reference: URL:http://www.securityfocus.com/bid/2326 Remote Data Protocol (RDP) in Windows 2000 Terminal Service does not properly handle certain malformed packets, which allows remote attackers to cause a denial of service, aka the "Invalid RDP Data" vulnerability. ====================================================== Name: CVE-2001-0015 Status: Entry Reference: ATSTAKE:A020501-1 Reference: URL:http://www.atstake.com/research/advisories/2001/a020501-1.txt Reference: MS:MS01-007 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-007.asp Reference: BID:2341 Reference: URL:http://www.securityfocus.com/bid/2341 Reference: XF:win-dde-elevate-privileges(6062) Reference: URL:http://xforce.iss.net/xforce/xfdb/6062 Network Dynamic Data Exchange (DDE) in Windows 2000 allows local users to gain SYSTEM privileges via a "WM_COPYDATA" message to an invisible window that is running with the privileges of the WINLOGON process. ====================================================== Name: CVE-2001-0016 Status: Entry Reference: BINDVIEW:20010207 Local promotion vulnerability in NT4's NTLM Security Support Provider Reference: URL:http://razor.bindview.com/publish/advisories/adv_NTLMSSP.html Reference: MS:MS01-008 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-008.asp Reference: BID:2348 Reference: URL:http://www.securityfocus.com/bid/2348 Reference: XF:ntlm-ssp-elevate-privileges(6076) Reference: URL:http://xforce.iss.net/xforce/xfdb/6076 NTLM Security Support Provider (NTLMSSP) service does not properly check the function number in an LPC request, which could allow local users to gain administrator level access. ====================================================== Name: CVE-2001-0017 Status: Entry Reference: MS:MS01-009 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-009.asp Reference: BID:2368 Reference: URL:http://www.securityfocus.com/bid/2368 Reference: XF:winnt-pptp-dos(6103) Reference: URL:http://xforce.iss.net/xforce/xfdb/6103 Memory leak in PPTP server in Windows NT 4.0 allows remote attackers to cause a denial of service via a malformed data packet, aka the "Malformed PPTP Packet Stream" vulnerability. ====================================================== Name: CVE-2001-0018 Status: Entry Reference: VULN-DEV:20001202 UDP Ping-pong in Win2k Reference: URL:http://online.securityfocus.com/archive/82/148411 Reference: MS:MS01-011 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-011.asp Reference: XF:win2k-domain-controller-dos(6136) Reference: URL:http://xforce.iss.net/static/6136.php Reference: CIAC:L-049 Reference: URL:http://www.ciac.org/ciac/bulletins/l-049.shtml Windows 2000 domain controller in Windows 2000 Server, Advanced Server, or Datacenter Server allows remote attackers to cause a denial of service via a flood of malformed service requests. ====================================================== Name: CVE-2001-0020 Status: Entry Reference: ATSTAKE:A013101-1 Reference: URL:http://www.atstake.com/research/advisories/2001/a013101-1.txt Reference: CISCO:20010131 Cisco Content Services Switch Vulnerability Reference: URL:http://www.cisco.com/warp/public/707/arrowpoint-cli-filesystem-pub.shtml Reference: XF:cisco-ccs-file-access(6031) Reference: URL:http://xforce.iss.net/static/6031.php Reference: BID:2331 Reference: URL:http://www.securityfocus.com/bid/2331 Reference: OSVDB:1757 Reference: URL:http://www.osvdb.org/1757 Directory traversal vulnerability in Arrowpoint (aka Cisco Content Services, or CSS) allows local unprivileged users to read arbitrary files via a .. (dot dot) attack. ====================================================== Name: CVE-2001-0021 Status: Entry Reference: BUGTRAQ:20001206 (SRADV00005) Remote command execution vulnerabilities in MailMan Webmail Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0057.html Reference: CONFIRM:http://www.endymion.com/products/mailman/history.htm Reference: BID:2063 Reference: URL:http://www.securityfocus.com/bid/2063 Reference: XF:mailman-alternate-templates Reference: URL:http://xforce.iss.net/static/5649.php MailMan Webmail 3.0.25 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the alternate_template parameter. ====================================================== Name: CVE-2001-0026 Status: Entry Reference: BUGTRAQ:20001211 DoS vulnerability in rp-pppoe versions <= 2.4 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0134.html Reference: CONECTIVA:CLA-2000:357 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000357 Reference: MANDRAKE:MDKSA-2000:084 Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-084.php3 Reference: REDHAT:RHSA-2000:130 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-130.html Reference: BID:2098 Reference: URL:http://www.securityfocus.com/bid/2098 Reference: XF:rppppoe-zero-length-dos Reference: URL:http://xforce.iss.net/static/5727.php rp-pppoe PPPoE client allows remote attackers to cause a denial of service via the Clamp MSS option and a TCP packet with a zero-length TCP option. ====================================================== Name: CVE-2001-0028 Status: Entry Reference: BUGTRAQ:20001211 [pkc] remote heap buffer overflow in oops Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0127.html Reference: FREEBSD:FreeBSD-SA-00:79 Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-12/0418.html Reference: BID:2099 Reference: URL:http://www.securityfocus.com/bid/2099 Reference: XF:oops-ftputils-bo Reference: URL:http://xforce.iss.net/static/5725.php Buffer overflow in the HTML parsing code in oops WWW proxy server 1.5.2 and earlier allows remote attackers to execute arbitrary commands via a large number of " (quotation) characters. ====================================================== Name: CVE-2001-0033 Status: Entry Reference: BUGTRAQ:20001208 Vulnerabilities in KTH Kerberos IV Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0093.html Reference: BUGTRAQ:20001210 KTH upgrade and FIX Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0105.html Reference: XF:kerberos4-user-config Reference: URL:http://xforce.iss.net/static/5738.php KTH Kerberos IV allows local users to change the configuration of a Kerberos server running at an elevated privilege by specifying an alternate directory using with the KRBCONFDIR environmental variable, which allows the user to gain additional privileges. ====================================================== Name: CVE-2001-0034 Status: Entry Reference: BUGTRAQ:20001208 Vulnerabilities in KTH Kerberos IV Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0093.html Reference: BUGTRAQ:20001210 KTH upgrade and FIX Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0105.html Reference: XF:kerberos4-arbitrary-proxy Reference: URL:http://xforce.iss.net/static/5733.php KTH Kerberos IV allows local users to specify an alternate proxy using the krb4_proxy variable, which allows the user to generate false proxy responses and possibly gain privileges. ====================================================== Name: CVE-2001-0035 Status: Entry Reference: BUGTRAQ:20001208 Vulnerabilities in KTH Kerberos IV Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0093.html Reference: BUGTRAQ:20001210 KTH upgrade and FIX Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0105.html Reference: BUGTRAQ:20010130 Buffer overflow in old ssh-1.2.2x-afs-kerberosv4 patches Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0511.html Reference: XF:kerberos4-auth-packet-overflow Reference: URL:http://xforce.iss.net/static/5734.php Buffer overflow in the kdc_reply_cipher function in KTH Kerberos IV allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long authentication request. ====================================================== Name: CVE-2001-0036 Status: Entry Reference: BUGTRAQ:20001208 Vulnerabilities in KTH Kerberos IV Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0093.html Reference: BUGTRAQ:20001210 KTH upgrade and FIX Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0105.html Reference: REDHAT:RHSA-2001:025 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-025.html Reference: XF:kerberos4-tmpfile-dos Reference: URL:http://xforce.iss.net/static/5754.php KTH Kerberos IV allows local users to overwrite arbitrary files via a symlink attack on a ticket file. ====================================================== Name: CVE-2001-0039 Status: Entry Reference: BUGTRAQ:20001206 DoS by SMTP AUTH command in IPSwitch IMail server Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0071.html Reference: BID:2083 Reference: URL:http://www.securityfocus.com/bid/2083 Reference: CONFIRM:http://www.ipswitch.com/Support/IMail/news.html Reference: XF:imail-smtp-auth-dos Reference: URL:http://xforce.iss.net/static/5674.php IPSwitch IMail 6.0.5 allows remote attackers to cause a denial of service using the SMTP AUTH command by sending a base64-encoded user password whose length is between 80 and 136 bytes. ====================================================== Name: CVE-2001-0040 Status: Entry Reference: BUGTRAQ:20001206 apcupsd 3.7.2 Denial of Service Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0066.html Reference: MANDRAKE:MDKSA-2000:077 Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-077.php3 Reference: BID:2070 Reference: URL:http://www.securityfocus.com/bid/2070 Reference: XF:apc-apcupsd-dos Reference: URL:http://xforce.iss.net/static/5654.php APC UPS daemon, apcupsd, saves its process ID in a world-writable file, which allows local users to kill an arbitrary process by specifying the target process ID in the apcupsd.pid file. ====================================================== Name: CVE-2001-0041 Status: Entry Reference: CISCO:20001206 Cisco Catalyst Memory Leak Vulnerability Reference: URL:http://www.cisco.com/warp/public/707/catalyst-memleak-pub.shtml Reference: BID:2072 Reference: URL:http://www.securityfocus.com/bid/2072 Reference: XF:cisco-catalyst-telnet-dos Reference: URL:http://xforce.iss.net/static/5656.php Reference: OSVDB:801 Reference: URL:http://www.osvdb.org/801 Memory leak in Cisco Catalyst 4000, 5000, and 6000 series switches allows remote attackers to cause a denial of service via a series of failed telnet authentication attempts. ====================================================== Name: CVE-2001-0042 Status: Entry Reference: BUGTRAQ:20001206 CHINANSL Security Advisory(CSA-200011) Reference: URL:http://www.securityfocus.com/archive/1/149210 Reference: BID:2060 Reference: URL:http://www.securityfocus.com/bid/2060 Reference: XF:apache-php-disclose-files Reference: URL:http://xforce.iss.net/static/5659.php PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences. ====================================================== Name: CVE-2001-0043 Status: Entry Reference: BUGTRAQ:20001206 (SRADV00006) Remote command execution vulnerabilities in phpGroupWare Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0053.html Reference: MISC:http://sourceforge.net/project/shownotes.php?release_id=17604 Reference: BID:2069 Reference: URL:http://www.securityfocus.com/bid/2069 Reference: XF:phpgroupware-include-files Reference: URL:http://xforce.iss.net/static/5650.php Reference: OSVDB:1682 Reference: URL:http://www.osvdb.org/1682 phpGroupWare before 0.9.7 allows remote attackers to execute arbitrary PHP commands by specifying a malicious include file in the phpgw_info parameter of the phpgw.inc.php program. ====================================================== Name: CVE-2001-0050 Status: Entry Reference: BUGTRAQ:20001207 BitchX DNS Overflow Patch Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0081.html Reference: BUGTRAQ:20001207 bitchx/ircd DNS overflow demonstration Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0086.html Reference: REDHAT:RHSA-2000:126 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-126.html Reference: MANDRAKE:MDKSA-2000:079 Reference: URL:http://www.linux-mandrake.com/en/security/2000/MDKSA-2000-079.php3 Reference: FREEBSD:FreeBSD-SA-00:78 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:78.bitchx.v1.1.asc Reference: CONECTIVA:CLA-2000:364 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000364 Reference: BID:2087 Reference: URL:http://www.securityfocus.com/bid/2087 Reference: XF:irc-bitchx-dns-bo Reference: URL:http://xforce.iss.net/static/5701.php Buffer overflow in BitchX IRC client allows remote attackers to cause a denial of service and possibly execute arbitrary commands via an IP address that resolves to a long DNS hostname or domain name. ====================================================== Name: CVE-2001-0053 Status: Entry Reference: OPENBSD:20001218 Reference: URL:http://www.openbsd.org/advisories/ftpd_replydirname.txt Reference: NETBSD:NetBSD-SA2000-018 Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-018.txt.asc Reference: BUGTRAQ:20001218 Trustix Security Advisory - ed, tcsh, and ftpd-BSD Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0275.html Reference: BID:2124 Reference: URL:http://www.securityfocus.com/bid/2124 Reference: XF:bsd-ftpd-replydirname-bo Reference: URL:http://xforce.iss.net/static/5776.php One-byte buffer overflow in replydirname function in BSD-based ftpd allows remote attackers to gain root privileges. ====================================================== Name: CVE-2001-0054 Status: Entry Reference: BUGTRAQ:20001205 Serv-U FTP directory traversal vunerability (all versions) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97604119024280&w=2 Reference: BUGTRAQ:20001205 (no subject) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0043.html Reference: BID:2052 Reference: URL:http://www.securityfocus.com/bid/2052 Reference: XF:ftp-servu-homedir-travers Reference: URL:http://xforce.iss.net/static/5639.php Reference: OSVDB:464 Reference: URL:http://www.osvdb.org/464 Directory traversal vulnerability in FTP Serv-U before 2.5i allows remote attackers to escape the FTP root and read arbitrary files by appending a string such as "/..%20." to a CD command, a variant of a .. (dot dot) attack. ====================================================== Name: CVE-2001-0055 Status: Entry Reference: CISCO:20001204 Multiple Vulnerabilities in CBOS Reference: URL:http://www.cisco.com/warp/public/707/CBOS-multiple.shtml Reference: XF:cisco-cbos-syn-packets Reference: URL:http://xforce.iss.net/static/5627.php CBOS 2.4.1 and earlier in Cisco 600 routers allows remote attackers to cause a denial of service via a slow stream of TCP SYN packets. ====================================================== Name: CVE-2001-0056 Status: Entry Reference: CISCO:20001204 Multiple Vulnerabilities in CBOS Reference: URL:http://www.cisco.com/warp/public/707/CBOS-multiple.shtml Reference: XF:cisco-cbos-invalid-login Reference: URL:http://xforce.iss.net/static/5628.php The Cisco Web Management interface in routers running CBOS 2.4.1 and earlier does not log invalid logins, which allows remote attackers to guess passwords without detection. ====================================================== Name: CVE-2001-0057 Status: Entry Reference: CISCO:20001204 Multiple Vulnerabilities in CBOS Reference: URL:http://www.cisco.com/warp/public/707/CBOS-multiple.shtml Reference: XF:cisco-cbos-icmp-echo Reference: URL:http://xforce.iss.net/static/5629.php Cisco 600 routers running CBOS 2.4.1 and earlier allow remote attackers to cause a denial of service via a large ICMP echo (ping) packet. ====================================================== Name: CVE-2001-0058 Status: Entry Reference: CISCO:20001204 Multiple Vulnerabilities in CBOS Reference: URL:http://www.cisco.com/warp/public/707/CBOS-multiple.shtml Reference: XF:cisco-cbos-web-access Reference: URL:http://xforce.iss.net/static/5626.php Reference: OSVDB:460 Reference: URL:http://www.osvdb.org/460 The Web interface to Cisco 600 routers running CBOS 2.4.1 and earlier allow remote attackers to cause a denial of service via a URL that does not end in a space character. ====================================================== Name: CVE-2001-0059 Status: Entry Reference: BUGTRAQ:20001218 Solaris patchadd(1) (3) symlink vulnerabilty Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97720205217707&w=2 Reference: BID:2127 Reference: URL:http://www.securityfocus.com/bid/2127 Reference: XF:solaris-patchadd-symlink Reference: URL:http://xforce.iss.net/static/5789.php patchadd in Solaris allows local users to overwrite arbitrary files via a symlink attack. ====================================================== Name: CVE-2001-0060 Status: Entry Reference: BUGTRAQ:20001218 Stunnel format bug Reference: URL:http://www.securityfocus.com/archive/1/151719 Reference: REDHAT:RHSA-2000:129 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-129.html Reference: CONECTIVA:CLA-2000:363 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000363 Reference: BUGTRAQ:20001209 Trustix Security Advisory - stunnel Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0337.html Reference: DEBIAN:DSA-009 Reference: URL:http://www.debian.org/security/2001/dsa-009 Reference: FREEBSD:FreeBSD-SA-01:05 Reference: XF:stunnel-format-logfile Reference: URL:http://xforce.iss.net/static/5807.php Reference: BID:2128 Reference: URL:http://www.securityfocus.com/bid/2128 Format string vulnerability in stunnel 3.8 and earlier allows attackers to execute arbitrary commands via a malformed ident username. ====================================================== Name: CVE-2001-0061 Status: Entry Reference: FREEBSD:FreeBSD-SA-00:77 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:77.procfs.v1.1.asc Reference: BID:2130 Reference: URL:http://www.securityfocus.com/bid/2130 Reference: XF:procfs-elevate-privileges(6106) Reference: URL:http://xforce.iss.net/xforce/xfdb/6106 Reference: OSVDB:1697 Reference: URL:http://www.osvdb.org/1697 procfs in FreeBSD and possibly other operating systems does not properly restrict access to per-process mem and ctl files, which allows local users to gain root privileges by forking a child process and executing a privileged process from the child, while the parent retains access to the child's address space. ====================================================== Name: CVE-2001-0062 Status: Entry Reference: FREEBSD:FreeBSD-SA-00:77 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:77.procfs.v1.1.asc Reference: BID:2131 Reference: URL:http://www.securityfocus.com/bid/2131 Reference: XF:procfs-mmap-dos(6107) Reference: URL:http://xforce.iss.net/xforce/xfdb/6107 Reference: OSVDB:1698 Reference: URL:http://www.osvdb.org/1698 Reference: OSVDB:6082 Reference: URL:http://www.osvdb.org/6082 procfs in FreeBSD and possibly other operating systems allows local users to cause a denial of service by calling mmap on the process' own mem file, which causes the kernel to hang. ====================================================== Name: CVE-2001-0063 Status: Entry Reference: FREEBSD:FreeBSD-SA-00:77 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:77.procfs.v1.1.asc Reference: BID:2132 Reference: URL:http://www.securityfocus.com/bid/2132 Reference: XF:procfs-access-control-bo(6108) Reference: URL:http://xforce.iss.net/xforce/xfdb/6108 Reference: OSVDB:1691 Reference: URL:http://www.osvdb.org/1691 procfs in FreeBSD and possibly other operating systems allows local users to bypass access control restrictions for a jail environment and gain additional privileges. ====================================================== Name: CVE-2001-0066 Status: Entry Reference: BUGTRAQ:20001126 [MSY] S(ecure)Locate heap corruption vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0356.html Reference: DEBIAN:DSA-005-1 Reference: URL:http://www.debian.org/security/2000/20001217a Reference: DEBIAN:20001217a Reference: MANDRAKE:MDKSA-2000:085 Reference: URL:http://www.linux-mandrake.com/en/security/2000/MDKSA-2000-085.php3 Reference: REDHAT:RHSA-2000:128 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-128.html Reference: CONECTIVA:CLA-2001:369 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000369 Reference: TURBO:TLSA2001002-1 Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2001-February/000144.html Reference: XF:slocate-heap-execute-code(5594) Reference: URL:http://xforce.iss.net/static/5594.php Reference: BID:2004 Reference: URL:http://www.securityfocus.com/bid/2004 Secure Locate (slocate) allows local users to corrupt memory via a malformed database file that specifies an offset value that accesses memory outside of the intended buffer. ====================================================== Name: CVE-2001-0069 Status: Entry Reference: DEBIAN:DSA-008-1 Reference: URL:http://www.debian.org/security/2000/20001225 Reference: BID:2151 Reference: URL:http://www.securityfocus.com/bid/2151 Reference: XF:dialog-symlink Reference: URL:http://xforce.iss.net/static/5809.php dialog before 0.9a-20000118-3bis in Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack. ====================================================== Name: CVE-2001-0071 Status: Entry Reference: REDHAT:RHSA-2000:131 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-131.html Reference: MANDRAKE:MDKSA-2000-087 Reference: URL:http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-087.php3 Reference: DEBIAN:DSA-010-1 Reference: URL:http://www.debian.org/security/2000/20001225b Reference: XF:gnupg-detached-sig-modify Reference: URL:http://xforce.iss.net/static/5802.php Reference: CONECTIVA:CLA-2000:368 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000368 Reference: BID:2141 Reference: URL:http://www.securityfocus.com/bid/2141 Reference: BUGTRAQ:20001220 Trustix Security Advisory - gnupg, ftpd-BSD Reference: URL:http://www.securityfocus.com/archive/1/152197 Reference: OSVDB:1699 Reference: URL:http://www.osvdb.org/1699 gpg (aka GnuPG) 1.0.4 and other versions does not properly verify detached signatures, which allows attackers to modify the contents of a file without detection. ====================================================== Name: CVE-2001-0072 Status: Entry Reference: REDHAT:RHSA-2000:131 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-131.html Reference: MANDRAKE:MDKSA-2000-087 Reference: URL:http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-087.php3 Reference: DEBIAN:DSA-010-1 Reference: URL:http://www.debian.org/security/2000/20001225b Reference: CONECTIVA:CLA-2000:368 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000368 Reference: BUGTRAQ:20001220 Trustix Security Advisory - gnupg, ftpd-BSD Reference: URL:http://www.securityfocus.com/archive/1/152197 Reference: BID:2153 Reference: URL:http://www.securityfocus.com/bid/2153 Reference: XF:gnupg-reveal-private Reference: URL:http://xforce.iss.net/static/5803.php Reference: OSVDB:1702 Reference: URL:http://www.osvdb.org/1702 gpg (aka GnuPG) 1.0.4 and other versions imports both public and private keys from public key servers without notifying the user about the private keys, which could allow an attacker to break the web of trust. ====================================================== Name: CVE-2001-0077 Status: Entry Reference: BUGTRAQ:20001212 Two Holes in Sun Cluster 2.x Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0180.html Reference: XF:clustmon-no-authentication(6123) Reference: URL:http://xforce.iss.net/static/6123.php The clustmon service in Sun Cluster 2.x does not require authentication, which allows remote attackers to obtain sensitive information such as system logs and cluster configurations. ====================================================== Name: CVE-2001-0078 Status: Entry Reference: BUGTRAQ:20001212 Two Holes in Sun Cluster 2.x Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0180.html Reference: XF:ha-nfs-symlink(6125) Reference: URL:http://xforce.iss.net/static/6125.php Reference: OSVDB:6437 Reference: URL:http://www.osvdb.org/6437 in.mond in Sun Cluster 2.x allows local users to read arbitrary files via a symlink attack on the status file of a host running HA-NFS. ====================================================== Name: CVE-2001-0080 Status: Entry Reference: CISCO:20001213 Cisco Catalyst SSH Protocol Mismatch Vulnerability Reference: URL:http://www.cisco.com/warp/public/707/catalyst-ssh-protocolmismatch-pub.shtml Reference: BID:2117 Reference: URL:http://www.securityfocus.com/bid/2117 Reference: XF:cisco-catalyst-ssh-mismatch Reference: URL:http://xforce.iss.net/static/5760.php Cisco Catalyst 6000, 5000, or 4000 switches allow remote attackers to cause a denial of service by connecting to the SSH service with a non-SSH client, which generates a protocol mismatch error. ====================================================== Name: CVE-2001-0081 Status: Entry Reference: BUGTRAQ:20001212 nCipher Security Advisory: Operator Cards unexpectedly recoverable Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0152.html Reference: CONFIRM:http://active.ncipher.com/updates/advisory.txt Reference: XF:ncipher-recover-operator-cards(5999) Reference: URL:http://xforce.iss.net/static/5999.php Reference: OSVDB:4849 Reference: URL:http://www.osvdb.org/4849 swinit in nCipher does not properly disable the Operator Card Set recovery feature even when explicitly disabled by the user, which could allow attackers to gain access to application keys. ====================================================== Name: CVE-2001-0083 Status: Entry Reference: MS:MS00-097 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-097.asp Reference: MSKB:Q281256 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q281256 Reference: XF:mediaservices-dropped-connection-dos Reference: URL:http://xforce.iss.net/static/5785.php Windows Media Unicast Service in Windows Media Services 4.0 and 4.1 does not properly shut down some types of connections, producing a memory leak that allows remote attackers to cause a denial of service via a series of severed connections, aka the "Severed Windows Media Server Connection" vulnerability. ====================================================== Name: CVE-2001-0085 Status: Entry Reference: HP:HPSBUX0012-135 Reference: URL:http://archives.neohapsis.com/archives/hp/2000-q4/0083.html Reference: BID:2170 Reference: URL:http://www.securityfocus.com/bid/2170 Reference: XF:hpux-kermit-bo Reference: URL:http://xforce.iss.net/static/5793.php Buffer overflow in Kermit communications software in HP-UX 11.0 and earlier allows local users to cause a denial of service and possibly execute arbitrary commands. ====================================================== Name: CVE-2001-0089 Status: Entry Reference: MS:MS00-093 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-093.asp Reference: XF:ie-form-file-upload Reference: URL:http://xforce.iss.net/static/5615.php Internet Explorer 5.0 through 5.5 allows remote attackers to read arbitrary files from the client via the INPUT TYPE element in an HTML form, aka the "File Upload via Form" vulnerability. ====================================================== Name: CVE-2001-0090 Status: Entry Reference: MS:MS00-093 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-093.asp Reference: BID:2046 Reference: URL:http://www.securityfocus.com/bid/2046 Reference: XF:ie-print-template(5614) Reference: URL:http://xforce.iss.net/static/5614.php The Print Templates feature in Internet Explorer 5.5 executes arbitrary custom print templates without prompting the user, which could allow an attacker to execute arbitrary ActiveX controls, aka the "Browser Print Template" vulnerability. ====================================================== Name: CVE-2001-0091 Status: Entry Reference: MS:MS00-093 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-093.asp Reference: XF:ie-scriptlet-rendering-read-files(6085) Reference: URL:http://xforce.iss.net/static/6085.php Reference: OSVDB:7820 Reference: URL:http://www.osvdb.org/7820 The ActiveX control for invoking a scriptlet in Internet Explorer 5.0 through 5.5 renders arbitrary file types instead of HTML, which allows an attacker to read arbitrary files, aka a variant of the "Scriptlet Rendering" vulnerability. ====================================================== Name: CVE-2001-0092 Status: Entry Reference: MS:MS00-093 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-093.asp Reference: XF:ie-frame-verification-read-files(6086) Reference: URL:http://xforce.iss.net/xforce/xfdb/6086 Reference: OSVDB:7817 Reference: URL:http://www.osvdb.org/7817 A function in Internet Explorer 5.0 through 5.5 does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files, aka a new variant of the "Frame Domain Verification" vulnerability. ====================================================== Name: CVE-2001-0094 Status: Entry Reference: NETBSD:NetBSD-SA2000-017 Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-017.txt.asc Reference: FREEBSD:FreeBSD-SA-01:25 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:25.kerberosIV.asc Reference: XF:kerberos4-auth-packet-overflow(5734) Reference: URL:http://xforce.iss.net/static/5734.php Buffer overflow in kdc_reply_cipher of libkrb (Kerberos 4 authentication library) in NetBSD 1.5 and FreeBSD 4.2 and earlier, as used in Kerberised applications such as telnetd and login, allows local users to gain root privileges. ====================================================== Name: CVE-2001-0095 Status: Entry Reference: BUGTRAQ:20001218 Catman file clobbering vulnerability Solaris 2.x Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0313.html Reference: SUNBUG:4392144 Reference: XF:solaris-catman-symlink(5788) Reference: URL:http://xforce.iss.net/static/5788.php Reference: OSVDB:6024 Reference: URL:http://www.osvdb.org/6024 catman in Solaris 2.7 and 2.8 allows local users to overwrite arbitrary files via a symlink attack on the sman_PID temporary file. ====================================================== Name: CVE-2001-0096 Status: Entry Reference: MS:MS00-100 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-100.asp Reference: XF:iis-web-form-submit Reference: URL:http://xforce.iss.net/static/5823.php FrontPage Server Extensions (FPSE) in IIS 4.0 and 5.0 allows remote attackers to cause a denial of service via a malformed form, aka the "Malformed Web Form Submission" vulnerability. ====================================================== Name: CVE-2001-0099 Status: Entry Reference: BUGTRAQ:20001221 BS Scripts Vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0390.html Reference: MISC:http://www.stanback.net/ Reference: XF:bsguest-cgi-execute-commands Reference: URL:http://xforce.iss.net/static/5796.php bsguest.cgi guestbook script allows remote attackers to execute arbitrary commands via shell metacharacters in the email address. ====================================================== Name: CVE-2001-0100 Status: Entry Reference: BUGTRAQ:20001221 BS Scripts Vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0390.html Reference: MISC:http://www.stanback.net/ Reference: XF:bslist-cgi-execute-commands Reference: URL:http://xforce.iss.net/static/5797.php bslist.cgi mailing list script allows remote attackers to execute arbitrary commands via shell metacharacters in the email address. ====================================================== Name: CVE-2001-0105 Status: Entry Reference: HP:HPSBUX0012-134 Reference: URL:http://archives.neohapsis.com/archives/hp/2000-q4/0079.html Reference: XF:hp-top-sys-files Reference: URL:http://xforce.iss.net/static/5773.php Vulnerability in top in HP-UX 11.04 and earlier allows local users to overwrite files owned by the "sys" group. ====================================================== Name: CVE-2001-0106 Status: Entry Reference: HP:HPSBUX0101-136 Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q1/0009.html Reference: XF:hp-inetd-swait-dos(5904) Reference: URL:http://xforce.iss.net/static/5904.php Vulnerability in inetd server in HP-UX 11.04 and earlier allows attackers to cause a denial of service when the "swait" state is used by a server. ====================================================== Name: CVE-2001-0108 Status: Entry Reference: BUGTRAQ:20010112 PHP Security Advisory - Apache Module bugs Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97957961212852 Reference: MANDRAKE:MDKSA-2001:013 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-013.php3 Reference: CONECTIVA:CLA-2001:373 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000373 Reference: DEBIAN:DSA-020 Reference: URL:http://www.debian.org/security/2001/dsa-020 Reference: REDHAT:RHSA-2000:136 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-136.html Reference: XF:php-htaccess-unauth-access(5940) Reference: URL:http://xforce.iss.net/static/5940.php Reference: BID:2206 Reference: URL:http://www.securityfocus.com/bid/2206 PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested. ====================================================== Name: CVE-2001-0109 Status: Entry Reference: BUGTRAQ:20010113 Serious security flaw in SuSE rctab Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0226.html Reference: BUGTRAQ:20010117 Re: Serious security flaw in SuSE rctab Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0272.html Reference: BID:2207 Reference: URL:http://www.securityfocus.com/bid/2207 Reference: XF:rctab-elevate-privileges(5945) Reference: URL:http://xforce.iss.net/static/5945.php rctab in SuSE 7.0 and earlier allows local users to create or overwrite arbitrary files via a symlink attack on the rctmp temporary file. ====================================================== Name: CVE-2001-0110 Status: Entry Reference: BUGTRAQ:20010114 Vulnerability in jaZip. Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0228.html Reference: DEBIAN:DSA-017 Reference: URL:http://www.debian.org/security/2001/dsa-017 Reference: XF:jazip-display-bo(5942) Reference: URL:http://xforce.iss.net/static/5942.php Reference: BID:2209 Reference: URL:http://www.securityfocus.com/bid/2209 Buffer overflow in jaZip Zip/Jaz drive manager allows local users to gain root privileges via a long DISPLAY environmental variable. ====================================================== Name: CVE-2001-0111 Status: Entry Reference: BUGTRAQ:20010114 [MSY] Multiple vulnerabilities in splitvt Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97958269320974&w=2 Reference: DEBIAN:DSA-014-1 Reference: URL:http://www.debian.org/security/2001/dsa-014 Reference: XF:splitvt-perserc-format-string(5948) Reference: URL:http://xforce.iss.net/static/5948.php Reference: BID:2210 Reference: URL:http://www.securityfocus.com/bid/2210 Format string vulnerability in splitvt before 1.6.5 allows local users to execute arbitrary commands via the -rcfile command line argument. ====================================================== Name: CVE-2001-0115 Status: Entry Reference: BUGTRAQ:20010111 Solaris Arp Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97934312727101&w=2 Reference: BUGTRAQ:20010112 arp exploit Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97957435729702&w=2 Reference: SUN:00200 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/200&type=0&nav=sec.sba Reference: XF:solaris-arp-bo(5928) Reference: URL:http://xforce.iss.net/static/5928.php Reference: BID:2193 Reference: URL:http://www.securityfocus.com/bid/2193 Buffer overflow in arp command in Solaris 7 and earlier allows local users to execute arbitrary commands via a long -f parameter. ====================================================== Name: CVE-2001-0116 Status: Entry Reference: BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97916374410647&w=2 Reference: MANDRAKE:MDKSA-2001:006 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-006.php3 Reference: BID:2188 Reference: URL:http://www.securityfocus.com/bid/2188 Reference: XF:linux-gpm-symlink(5917) Reference: URL:http://xforce.iss.net/static/5917.php gpm 1.19.3 allows local users to overwrite arbitrary files via a symlink attack. ====================================================== Name: CVE-2001-0117 Status: Entry Reference: BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97916374410647&w=2 Reference: IMMUNIX:IMNX-2000-70-028-01 Reference: URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2000-70-028-01 Reference: MANDRAKE:MDKSA-2001:008-1 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-008.php3 Reference: REDHAT:RHSA-2001:116 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-116.html Reference: CERT-VN:VU#579928 Reference: URL:http://www.kb.cert.org/vuls/id/579928 Reference: XF:linux-diffutils-sdiff-symlink(5914) Reference: URL:http://xforce.iss.net/static/5914.php Reference: BID:2191 Reference: URL:http://www.securityfocus.com/bid/2191 sdiff 2.7 in the diffutils package allows local users to overwrite files via a symlink attack. ====================================================== Name: CVE-2001-0118 Status: Entry Reference: BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97916374410647&w=2 Reference: MANDRAKE:MDKSA-2001-005 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-005.php3 Reference: BID:2195 Reference: URL:http://www.securityfocus.com/bid/2195 Reference: XF:rdist-symlink(5925) Reference: URL:http://xforce.iss.net/static/5925.php rdist 6.1.5 allows local users to overwrite arbitrary files via a symlink attack. ====================================================== Name: CVE-2001-0119 Status: Entry Reference: BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97916374410647&w=2 Reference: MANDRAKE:MDKSA-2001:004 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-004.php3 Reference: BID:2194 Reference: URL:http://www.securityfocus.com/bid/2194 Reference: XF:gettyps-symlink(5924) Reference: URL:http://xforce.iss.net/static/5924.php getty_ps 2.0.7j allows local users to overwrite arbitrary files via a symlink attack. ====================================================== Name: CVE-2001-0120 Status: Entry Reference: BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97916374410647&w=2 Reference: MANDRAKE:MDKSA-2001:007 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-007.php3 Reference: BID:2196 Reference: URL:http://www.securityfocus.com/bid/2196 Reference: XF:shadow-utils-useradd-symlink(5927) Reference: URL:http://xforce.iss.net/static/5927.php useradd program in shadow-utils program may allow local users to overwrite arbitrary files via a symlink attack. ====================================================== Name: CVE-2001-0121 Status: Entry Reference: BUGTRAQ:20010108 def-2001-01: ImageCast IC3 Control Center DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0071.html Reference: XF:storagesoft-imagecast-dos(5901) Reference: URL:http://xforce.iss.net/static/5901.php Reference: BID:2174 Reference: URL:http://www.securityfocus.com/bid/2174 ImageCast Control Center 4.1.0 allows remote attackers to cause a denial of service (resource exhaustion or system crash) via a long string to port 12002. ====================================================== Name: CVE-2001-0122 Status: Entry Reference: BUGTRAQ:20010108 def-2001-02: IBM Websphere 3.52 Kernel Leak DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0079.html Reference: BUGTRAQ:20010307 def-2001-02: IBM HTTP Server Kernel Leak DoS (re-release) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0061.html Reference: CONFIRM:http://www-4.ibm.com/software/webservers/security.html Reference: BID:2175 Reference: URL:http://www.securityfocus.com/bid/2175 Reference: XF:ibm-websphere-dos(5900) Reference: URL:http://xforce.iss.net/static/5900.php Kernel leak in AfpaCache module of the Fast Response Cache Accelerator (FRCA) component of IBM HTTP Server 1.3.x and Websphere 3.52 allows remote attackers to cause a denial of service via a series of malformed HTTP requests that generate a "bad request" error. ====================================================== Name: CVE-2001-0123 Status: Entry Reference: BUGTRAQ:20010107 Cgisecurity.com Advisory #3.1 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97905792214999&w=2 Reference: CONFIRM:http://www.extropia.com/hacks/bbs_security.html Reference: BID:2177 Reference: URL:http://www.securityfocus.com/bid/2177 Reference: XF:http-cgi-bbs-forum(5906) Reference: URL:http://xforce.iss.net/static/5906.php Reference: OSVDB:3546 Reference: URL:http://www.osvdb.org/3546 Directory traversal vulnerability in eXtropia bbs_forum.cgi 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the file parameter. ====================================================== Name: CVE-2001-0124 Status: Entry Reference: BUGTRAQ:20010109 Solaris /usr/lib/exrecover buffer overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97908386502156&w=2 Reference: SUNBUG:4161925 Reference: XF:solaris-exrecover-bo(5913) Reference: URL:http://xforce.iss.net/static/5913.php Reference: BID:2179 Reference: URL:http://www.securityfocus.com/bid/2179 Buffer overflow in exrecover in Solaris 2.6 and earlier possibly allows local users to gain privileges via a long command line argument. ====================================================== Name: CVE-2001-0125 Status: Entry Reference: BUGTRAQ:20001231 Advisory: exmh symlink vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97846489313059&w=2 Reference: BUGTRAQ:20010112 exmh security vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97958594330100&w=2 Reference: CONFIRM:http://www.beedub.com/exmh/symlink.html Reference: FREEBSD:FreeBSD-SA-01:17 Reference: URL:http://archives.neohapsis.com/archives/freebsd/2001-01/0543.html Reference: MANDRAKE:MDKSA-2001:015 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-015.php3 Reference: DEBIAN:DSA-022 Reference: URL:http://www.debian.org/security/2001/dsa-022 Reference: XF:exmh-error-symlink Reference: URL:http://xforce.iss.net/static/5829.php exmh 2.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the exmhErrorMsg temporary file. ====================================================== Name: CVE-2001-0126 Status: Entry Reference: BUGTRAQ:20010109 Oracle XSQL servlet and xml-stylesheet allow executing java on the web server Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97906670012796&w=2 Reference: BUGTRAQ:20010123 Patch for Potential Vulnerability in Oracle XSQL Servlet Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98027700625521&w=2 Reference: XF:oracle-xsql-execute-code(5905) Reference: URL:http://xforce.iss.net/static/5905.php Oracle XSQL servlet 1.0.3.0 and earlier allows remote attackers to execute arbitrary Java code by redirecting the XSQL server to another source via the xml-stylesheet parameter in the xslt stylesheet. ====================================================== Name: CVE-2001-0128 Status: Entry Reference: MANDRAKE:MDKSA-2000-083 Reference: URL:http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-083.php3 Reference: CONECTIVA:CLA-2000:365 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000365 Reference: REDHAT:RHSA-2000:127 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-127.html Reference: DEBIAN:DSA-006-1 Reference: URL:http://www.debian.org/security/2000/20001219 Reference: FREEBSD:FreeBSD-SA-01:06 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:06.zope.asc Reference: XF:zope-calculate-roles Reference: URL:http://xforce.iss.net/static/5777.php Reference: OSVDB:6284 Reference: URL:http://www.osvdb.org/6284 Zope before 2.2.4 does not properly compute local roles, which could allow users to bypass specified access restrictions and gain privileges. ====================================================== Name: CVE-2001-0129 Status: Entry Reference: BUGTRAQ:20010117 [pkc] remote heap overflow in tinyproxy Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97975486527750&w=2 Reference: DEBIAN:DSA-018 Reference: URL:http://www.debian.org/security/2001/dsa-018 Reference: FREEBSD:FreeBSD-SA-01:15 Reference: BID:2217 Reference: URL:http://www.securityfocus.com/bid/2217 Reference: XF:tinyproxy-remote-bo(5954) Reference: URL:http://xforce.iss.net/static/5954.php Buffer overflow in Tinyproxy HTTP proxy 1.3.3 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long connect request. ====================================================== Name: CVE-2001-0130 Status: Entry Reference: MISC:http://service1.symantec.com/sarc/sarc.nsf/info/html/Lotus.Domino.Denial.of.Service.Malformed.HTML.Email.html Reference: XF:lotus-html-bo(6207) Reference: URL:http://xforce.iss.net/static/6207.php Buffer overflow in HTML parser of the Lotus R5 Domino Server before 5.06, and Domino Client before 5.05, allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a malformed font size specifier. ====================================================== Name: CVE-2001-0136 Status: Entry Reference: BUGTRAQ:20001220 ProFTPD 1.2.0 Memory leakage - denial of service Reference: URL:http://www.securityfocus.com/archive/1/152206 Reference: BUGTRAQ:20010109 Memory leakage in ProFTPd leads to remote DoS (SIZE FTP); (Exploit Code) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0122.html Reference: BUGTRAQ:20010110 Re: Memory leakage in ProFTPd leads to remote DoS (SIZE FTP); (Exploit Code) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0132.html Reference: MANDRAKE:MDKSA-2001:021 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-021.php3 Reference: DEBIAN:DSA-029 Reference: URL:http://www.debian.org/security/2001/dsa-029 Reference: CONECTIVA:CLA-2001:380 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000380 Reference: BUGTRAQ:20010213 Trustix Security Advisory - proftpd, kernel Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0267.html Reference: XF:proftpd-size-memory-leak Reference: URL:http://xforce.iss.net/static/5801.php Memory leak in ProFTPd 1.2.0rc2 allows remote attackers to cause a denial of service via a series of USER commands, and possibly SIZE commands if the server has been improperly installed. ====================================================== Name: CVE-2001-0137 Status: Entry Reference: BUGTRAQ:20010115 Windows Media Player 7 and IE java vulnerability - executing arbitrary programs Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97958100816503&w=2 Reference: MS:MS01-010 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-010.asp Reference: XF:win-mediaplayer-arbitrary-code(5937) Reference: URL:http://xforce.iss.net/static/5937.php Reference: BID:2203 Reference: URL:http://www.securityfocus.com/bid/2203 Windows Media Player 7 allows remote attackers to execute malicious Java applets in Internet Explorer clients by enclosing the applet in a skin file named skin.wmz, then referencing that skin in the codebase parameter to an applet tag, aka the Windows Media Player Skins File Download" vulnerability. ====================================================== Name: CVE-2001-0138 Status: Entry Reference: BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97916374410647&w=2 Reference: MANDRAKE:MDKSA-2001-001 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-001.php3 Reference: DEBIAN:DSA-016 Reference: URL:http://www.debian.org/security/2001/dsa-016 Reference: BID:2189 Reference: URL:http://www.securityfocus.com/bid/2189 Reference: XF:linux-wuftpd-privatepw-symlink(5915) Reference: URL:http://xforce.iss.net/static/5915.php privatepw program in wu-ftpd before 2.6.1-6 allows local users to overwrite arbitrary files via a symlink attack. ====================================================== Name: CVE-2001-0139 Status: Entry Reference: BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97916374410647&w=2 Reference: MANDRAKE:MDKSA-2001:010 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-010.php3 Reference: CALDERA:CSSA-2001-001.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-001.0.txt Reference: XF:linux-inn-symlink(5916) Reference: URL:http://xforce.iss.net/static/5916.php Reference: BID:2190 Reference: URL:http://www.securityfocus.com/bid/2190 inn 2.2.3 allows local users to overwrite arbitrary files via a symlink attack in some configurations. ====================================================== Name: CVE-2001-0140 Status: Entry Reference: BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97916374410647&w=2 Reference: MANDRAKE:MDKSA-2001:002 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-002.php3 Reference: XF:tcpdump-arpwatch-symlink(5922) Reference: URL:http://xforce.iss.net/static/5922.php Reference: BID:2183 Reference: URL:http://www.securityfocus.com/bid/2183 arpwatch 2.1a4 allows local users to overwrite arbitrary files via a symlink attack in some configurations. ====================================================== Name: CVE-2001-0141 Status: Entry Reference: BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97916374410647&w=2 Reference: MANDRAKE:MDKSA-2001:009 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-009.php3 Reference: DEBIAN:DSA-011 Reference: URL:http://www.debian.org/security/2001/dsa-011 Reference: CALDERA:CSSA-2001-002.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-002.0.txt Reference: REDHAT:RHSA-2001:050 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-050.html Reference: BID:2187 Reference: URL:http://www.securityfocus.com/bid/2187 Reference: XF:linux-mgetty-symlink(5918) Reference: URL:http://xforce.iss.net/static/5918.php mgetty 1.1.22 allows local users to overwrite arbitrary files via a symlink attack in some configurations. ====================================================== Name: CVE-2001-0142 Status: Entry Reference: BUGTRAQ:20010112 Trustix Security Advisory - diffutils squid Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0212.html Reference: BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97916374410647&w=2 Reference: MANDRAKE:MDKSA-2001:003 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-003.php3 Reference: DEBIAN:DSA-019 Reference: URL:http://www.debian.org/security/2001/dsa-019 Reference: XF:squid-email-symlink(5921) Reference: URL:http://xforce.iss.net/static/5921.php Reference: BID:2184 Reference: URL:http://www.securityfocus.com/bid/2184 squid 2.3 and earlier allows local users to overwrite arbitrary files via a symlink attack in some configurations. ====================================================== Name: CVE-2001-0143 Status: Entry Reference: BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97916374410647&w=2 Reference: MANDRAKE:MDKSA-2001:011 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-011.php3 Reference: BID:2186 Reference: URL:http://www.securityfocus.com/bid/2186 Reference: XF:linuxconf-vpop3d-symlink(5923) Reference: URL:http://xforce.iss.net/static/5923.php vpop3d program in linuxconf 1.23r and earlier allows local users to overwrite arbitrary files via a symlink attack. ====================================================== Name: CVE-2001-0144 Status: Entry Reference: BINDVIEW:20010208 Remote vulnerability in SSH daemon crc32 compensation attack detector Reference: URL:http://razor.bindview.com/publish/advisories/adv_ssh1crc.html Reference: BUGTRAQ:20010208 [CORE SDI ADVISORY] SSH1 CRC-32 compensation attack detector Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98168366406903&w=2 Reference: BUGTRAQ:20011122 Secure Computing SafeWord uses vulnerable ssh server Reference: CERT:CA-2001-35 Reference: URL:http://www.cert.org/advisories/CA-2001-35.html Reference: BID:2347 Reference: URL:http://www.securityfocus.com/bid/2347 Reference: OSVDB:503 Reference: URL:http://www.osvdb.org/503 Reference: OSVDB:795 Reference: URL:http://www.osvdb.org/795 Reference: XF:ssh-deattack-overwrite-memory(6083) Reference: URL:http://xforce.iss.net/static/6083.php CORE SDI SSH1 CRC-32 compensation attack detector allows remote attackers to execute arbitrary commands on an SSH server or client via an integer overflow. ====================================================== Name: CVE-2001-0147 Status: Entry Reference: MS:MS01-013 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-013.asp Buffer overflow in Windows 2000 event viewer snap-in allows attackers to execute arbitrary commands via a malformed field that is improperly handled during the detailed view of event records. ====================================================== Name: CVE-2001-0148 Status: Entry Reference: BUGTRAQ:20010101 Windows Media Player 7 and IE vulnerability - executing arbitrary programs Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0000.html Reference: MS:MS01-015 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-015.asp Reference: XF:media-player-execute-commands(6227) Reference: URL:http://xforce.iss.net/static/6227.php The WMP ActiveX Control in Windows Media Player 7 allows remote attackers to execute commands in Internet Explorer via javascript URLs, a variant of the "Frame Domain Verification" vulnerability. ====================================================== Name: CVE-2001-0149 Status: Entry Reference: BUGTRAQ:20000926 IE 5.5/Outlook Express security vulnerability - GetObject() expose user's files Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0305.html Reference: NTBUGTRAQ:20000926 IE 5.5/Outlook Express security vulnerability - GetObject() expose user's files Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=96999020527583&w=2 Reference: MS:MS01-015 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-015.asp Reference: BID:1718 Reference: URL:http://www.securityfocus.com/bid/1718 Reference: XF:ie-getobject-expose-files(5293) Reference: URL:http://xforce.iss.net/xforce/xfdb/5293 Windows Scripting Host in Internet Explorer 5.5 and earlier allows remote attackers to read arbitrary files via the GetObject Javascript function and the htmlfile ActiveX object. ====================================================== Name: CVE-2001-0150 Status: Entry Reference: BUGTRAQ:20010313 Internet Explorer and Services for Unix 2.0 Telnet Client Reference: MS:MS01-015 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-015.asp Reference: BID:2463 Reference: URL:http://www.securityfocus.com/bid/2463 Reference: OSVDB:7816 Reference: URL:http://www.osvdb.org/7816 Reference: XF:ie-telnet-execute-commands(6230) Reference: URL:http://xforce.iss.net/xforce/xfdb/6230 Internet Explorer 5.5 and earlier executes Telnet sessions using command line arguments that are specified by the web site, which could allow remote attackers to execute arbitrary commands if the IE client is using the Telnet client provided in Services for Unix (SFU) 2.0, which creates session transcripts. ====================================================== Name: CVE-2001-0151 Status: Entry Reference: MS:MS01-016 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-016.asp Reference: XF:iis-webdav-dos(6205) Reference: URL:http://xforce.iss.net/xforce/xfdb/6205 Reference: OVAL:oval:org.mitre.oval:def:90 Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:90 IIS 5.0 allows remote attackers to cause a denial of service via a series of malformed WebDAV requests. ====================================================== Name: CVE-2001-0152 Status: Entry Reference: MS:MS01-019 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-019.asp The password protection option for the Compressed Folders feature in Plus! for Windows 98 and Windows Me writes password information to a file, which allows local users to recover the passwords and read the compressed folders. ====================================================== Name: CVE-2001-0153 Status: Entry Reference: BINDVIEW:20010327 Remote buffer overflow in DCOM VB T-SQL debugger Reference: URL:http://razor.bindview.com/publish/advisories/adv_vbtsql.html Reference: MS:MS01-018 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-018.asp Buffer overflow in VB-TSQL debugger object (vbsdicli.exe) in Visual Studio 6.0 Enterprise Edition allows remote attackers to execute arbitrary commands. ====================================================== Name: CVE-2001-0154 Status: Entry Reference: BUGTRAQ:20010330 Incorrect MIME Header Can Cause IE to Execute E-mail Attachment Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98596775905044&w=2 Reference: MS:MS01-020 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-020.asp Reference: CERT:CA-2001-06 Reference: URL:http://www.cert.org/advisories/CA-2001-06.html Reference: CIAC:L-066 Reference: URL:http://www.ciac.org/ciac/bulletins/l-066.shtml Reference: BID:2524 Reference: URL:http://www.securityfocus.com/bid/2524 Reference: OSVDB:7806 Reference: URL:http://www.osvdb.org/7806 Reference: OVAL:oval:org.mitre.oval:def:141 Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:141 Reference: SECTRACK:1001197 Reference: URL:http://securitytracker.com/id?1001197 Reference: XF:ie-mime-execute-code(6306) Reference: URL:http://xforce.iss.net/xforce/xfdb/6306 HTML e-mail feature in Internet Explorer 5.5 and earlier allows attackers to execute attachments by setting an unusual MIME type for the attachment, which Internet Explorer does not process correctly. ====================================================== Name: CVE-2001-0155 Status: Entry Reference: ATSTAKE:A021601-1 Reference: URL:http://www.atstake.com/research/advisories/2001/a021601-1.txt Reference: CONFIRM:http://www.vandyke.com/products/vshell/security102.html Format string vulnerability in VShell SSH gateway 1.0.1 and earlier allows remote attackers to execute arbitrary commands via a user name that contains format string specifiers. ====================================================== Name: CVE-2001-0156 Status: Entry Reference: ATSTAKE:A021601-1 Reference: URL:http://www.atstake.com/research/advisories/2001/a021601-1.txt Reference: CONFIRM:http://www.vandyke.com/products/vshell/security102.html Reference: XF:vshell-port-forwarding-rule(6148) Reference: URL:http://xforce.iss.net/static/6148.php Reference: BID:2402 Reference: URL:http://www.securityfocus.com/bid/2402 VShell SSH gateway 1.0.1 and earlier has a default port forwarding rule of 0.0.0.0/0.0.0.0, which could allow local users conduct arbitrary port forwarding to other systems. ====================================================== Name: CVE-2001-0157 Status: Entry Reference: ATSTAKE:A030101-1 Reference: URL:http://www.atstake.com/research/advisories/2001/a030101-1.txt Reference: XF:palm-debug-bypass-password(6196) Reference: URL:http://xforce.iss.net/xforce/xfdb/6196 Debugging utility in the backdoor mode of Palm OS 3.5.2 and earlier allows attackers with physical access to a Palm device to bypass access restrictions and obtain passwords, even if the system lockout mechanism is enabled. ====================================================== Name: CVE-2001-0164 Status: Entry Reference: ATSTAKE:A030701-1 Reference: URL:http://www.atstake.com/research/advisories/2001/a030701-1.txt Reference: XF:netscape-directory-server-bo(6233) Reference: URL:http://xforce.iss.net/static/6233.php Buffer overflow in Netscape Directory Server 4.12 and earlier allows remote attackers to cause a denial of service or execute arbitrary commands via a malformed recipient field. ====================================================== Name: CVE-2001-0165 Status: Entry Reference: BUGTRAQ:20010131 [SPSadvisory#40]Solaris7/8 ximp40 shared library buffer overflow Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0517.html Reference: SUNBUG:4409148 Reference: XF:solaris-ximp40-bo Reference: URL:http://xforce.iss.net/static/6039.php Reference: BID:2322 Reference: URL:http://www.securityfocus.com/bid/2322 Buffer overflow in ximp40 shared library in Solaris 7 and Solaris 8 allows local users to gain privileges via a long "arg0" (process name) argument. ====================================================== Name: CVE-2001-0166 Status: Entry Reference: BUGTRAQ:20001229 Shockwave Flash buffer overflow Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0491.html Reference: XF:shockwave-flash-swf-bo Reference: URL:http://xforce.iss.net/static/5826.php Macromedia Shockwave Flash plugin version 8 and earlier allows remote attackers to cause a denial of service via malformed tag length specifiers in a SWF file. ====================================================== Name: CVE-2001-0169 Status: Entry Reference: MANDRAKE:MDKSA-2001:012 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-012.php3?dis=7.2 Reference: SUSE:SuSE-SA:2001:01 Reference: URL:http://www.novell.com/linux/security/advisories/2001_001_glibc_txt.html Reference: CALDERA:CSSA-2001-007 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-007.0.txt Reference: REDHAT:RHSA-2001:002 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-002.html Reference: DEBIAN:DSA-039 Reference: URL:http://www.debian.org/security/2001/dsa-039 Reference: TURBO:TLSA2000021-2 Reference: URL:http://archives.neohapsis.com/archives/linux/turbolinux/2001-q1/0004.html Reference: BUGTRAQ:20010121 Trustix Security Advisory - glibc Reference: URL:http://www.securityfocus.com/archive/1/157650 Reference: BID:2223 Reference: URL:http://www.securityfocus.com/bid/2223 Reference: XF:linux-glibc-preload-overwrite Reference: URL:http://xforce.iss.net/static/5971.php When using the LD_PRELOAD environmental variable in SUID or SGID applications, glibc does not verify that preloaded libraries in /etc/ld.so.cache are also SUID/SGID, which could allow a local user to overwrite arbitrary files by loading a library from /lib or /usr/lib. ====================================================== Name: CVE-2001-0170 Status: Entry Reference: BUGTRAQ:20010110 Glibc Local Root Exploit Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0131.html Reference: BUGTRAQ:20010110 [slackware-security] glibc 2.2 local vulnerability on setuid binaries Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0186.html Reference: REDHAT:RHSA-2001:001 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-001.html Reference: BID:2181 Reference: URL:http://www.securityfocus.com/bid/2181 Reference: XF:linux-glibc-read-files Reference: URL:http://xforce.iss.net/static/5907.php glibc 2.1.9x and earlier does not properly clear the RESOLV_HOST_CONF, HOSTALIASES, or RES_OPTIONS environmental variables when executing setuid/setgid programs, which could allow local users to read arbitrary files. ====================================================== Name: CVE-2001-0174 Status: Entry Reference: BUGTRAQ:20010130 Security hole in Virus Buster 2001 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0500.html Reference: XF:virusbuster-mua-bo(6034) Reference: URL:http://xforce.iss.net/static/6034.php Reference: OSVDB:6138 Reference: URL:http://www.osvdb.org/6138 Buffer overflow in Trend Micro Virus Buster 2001 8.00 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a large "To" address. ====================================================== Name: CVE-2001-0175 Status: Entry Reference: BUGTRAQ:20010122 def-2001-05: Netscape Fasttrack Server Caching DoS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98021351718874&w=2 Reference: BUGTRAQ:20010124 iPlanet FastTrack/Enterprise 4.1 DoS clarifications Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98035833331446&w=2 Reference: BID:2273 Reference: URL:http://www.securityfocus.com/bid/2273 Reference: XF:netscape-fasttrack-cache-dos(5985) Reference: URL:http://xforce.iss.net/static/5985.php The caching module in Netscape Fasttrack Server 4.1 allows remote attackers to cause a denial of service (resource exhaustion) by requesting a large number of non-existent URLs. ====================================================== Name: CVE-2001-0176 Status: Entry Reference: BUGTRAQ:20001218 More Sonata Conferencing software vulnerabilities. Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0278.html Reference: BID:2125 Reference: URL:http://www.securityfocus.com/bid/2125 Reference: XF:sonata-command-execute(5787) Reference: URL:http://xforce.iss.net/static/5787.php The setuid doroot program in Voyant Sonata 3.x executes arbitrary command line arguments, which allows local users to gain root privileges. ====================================================== Name: CVE-2001-0178 Status: Entry Reference: MANDRAKE:MDKSA-2001:018 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-018.php3?dis=7.2 Reference: CALDERA:CSSA-2001-005.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-005.0.txt Reference: SUSE:SuSE-SA:2001:02 Reference: URL:http://www.novell.com/linux/security/advisories/2001_002_kdesu_txt.html Reference: XF:kde2-kdesu-retrieve-passwords Reference: URL:http://xforce.iss.net/static/5995.php kdesu program in KDE2 (KDE before 2.2.0-6) does not properly verify the owner of a UNIX socket that is used to send a password, which allows local users to steal passwords and gain privileges. ====================================================== Name: CVE-2001-0179 Status: Entry Reference: ALLAIRE:ASB01-02 Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=19546&Method=Full Reference: XF:jrun-webinf-file-retrieval Reference: URL:http://xforce.iss.net/static/6008.php Allaire JRun 3.0 allows remote attackers to list contents of the WEB-INF directory, and the web.xml file in the WEB-INF directory, via a malformed URL that contains a "." ====================================================== Name: CVE-2001-0182 Status: Entry Reference: BUGTRAQ:20010117 Licensing Firewall-1 DoS Attack Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0298.html Reference: XF:fw1-limited-license-dos Reference: URL:http://xforce.iss.net/static/5966.php Reference: BID:2238 Reference: URL:http://www.securityfocus.com/bid/2238 Reference: OSVDB:1733 Reference: URL:http://www.osvdb.org/1733 FireWall-1 4.1 with a limited-IP license allows remote attackers to cause a denial of service by sending a large number of spoofed IP packets with various source addresses to the inside interface, which floods the console with warning messages and consumes CPU resources. ====================================================== Name: CVE-2001-0183 Status: Entry Reference: BUGTRAQ:20010125 ecepass - proof of concept code for FreeBSD ipfw bypass Reference: URL:http://www.security-express.com/archives/bugtraq/2001-01/0424.html Reference: FREEBSD:FreeBSD-SA-01:08 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:08.ipfw.asc Reference: CIAC:L-029 Reference: URL:http://www.ciac.org/ciac/bulletins/l-029.shtml Reference: BID:2293 Reference: URL:http://www.securityfocus.com/bid/2293 Reference: OSVDB:1743 Reference: URL:http://www.osvdb.org/1743 Reference: XF:ipfw-bypass-firewall(5998) Reference: URL:http://xforce.iss.net/xforce/xfdb/5998 ipfw and ip6fw in FreeBSD 4.2 and earlier allows remote attackers to bypass access restrictions by setting the ECE flag in a TCP packet, which makes the packet appear to be part of an established connection. ====================================================== Name: CVE-2001-0185 Status: Entry Reference: BUGTRAQ:20010123 Make The Netopia R9100 Router To Crash Reference: URL:http://www.securityfocus.com/archive/1/157952 Reference: BID:2287 Reference: URL:http://www.securityfocus.com/bid/2287 Reference: XF:netopia-telnet-dos Reference: URL:http://xforce.iss.net/static/6001.php Netopia R9100 router version 4.6 allows authenticated users to cause a denial of service by using the router's telnet program to connect to the router's IP address, which causes a crash. ====================================================== Name: CVE-2001-0187 Status: Entry Reference: DEBIAN:DSA-016 Reference: URL:http://www.debian.org/security/2001/dsa-016 Reference: CONFIRM:ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_current/missing_format_strings.patch Reference: CONECTIVA:CLA-2001:443 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000443 Reference: BID:2296 Reference: URL:http://www.securityfocus.com/bid/2296 Reference: XF:wuftp-debug-format-string Reference: URL:http://xforce.iss.net/static/6020.php Format string vulnerability in wu-ftp 2.6.1 and earlier, when running with debug mode enabled, allows remote attackers to execute arbitrary commands via a malformed argument that is recorded in a PASV port assignment. ====================================================== Name: CVE-2001-0189 Status: Entry Reference: BUGTRAQ:20010119 LocalWEB2000 Directory Traversal Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0346.html Reference: BID:2268 Reference: URL:http://www.securityfocus.com/bid/2268 Reference: XF:localweb2k-directory-traversal Reference: URL:http://xforce.iss.net/static/5982.php Directory traversal vulnerability in LocalWEB2000 HTTP server allows remote attackers to read arbitrary commands via a .. (dot dot) attack in an HTTP GET request. ====================================================== Name: CVE-2001-0190 Status: Entry Reference: BUGTRAQ:20010117 Solaris /usr/bin/cu Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97983943716311&w=2 Reference: BUGTRAQ:20010123 Solaris /usr/bin/cu Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98028642319440&w=2 Reference: SUNBUG:4406722 Reference: XF:cu-argv-bo(6224) Reference: URL:http://xforce.iss.net/xforce/xfdb/6224 Buffer overflow in /usr/bin/cu in Solaris 2.8 and earlier, and possibly other operating systems, allows local users to gain privileges by executing cu with a long program name (arg0). ====================================================== Name: CVE-2001-0191 Status: Entry Reference: BUGTRAQ:20010202 Remote vulnerability in gnuserv/XEmacs Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0030.html Reference: REDHAT:RHSA-2001:010 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-010.html Reference: REDHAT:RHSA-2001:011 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-011.html Reference: MANDRAKE:MDKSA-2001:019 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-019.php3 Reference: XF:gnuserv-tcp-cookie-overflow(6056) Reference: URL:http://xforce.iss.net/xforce/xfdb/6056 gnuserv before 3.12, as shipped with XEmacs, does not properly check the specified length of an X Windows MIT-MAGIC-COOKIE cookie, which allows remote attackers to execute arbitrary commands via a buffer overflow, or brute force authentication by using a short cookie length. ====================================================== Name: CVE-2001-0193 Status: Entry Reference: BUGTRAQ:20010131 SuSe / Debian man package format string vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98096782126481&w=2 Reference: DEBIAN:DSA-028 Reference: URL:http://www.debian.org/security/2001/dsa-028 Reference: BID:2327 Reference: URL:http://www.securityfocus.com/bid/2327 Reference: XF:man-i-format-string(6059) Reference: URL:http://xforce.iss.net/xforce/xfdb/6059 Format string vulnerability in man in some Linux distributions allows local users to gain privileges via a malformed -l parameter. ====================================================== Name: CVE-2001-0194 Status: Entry Reference: MANDRAKE:MDKSA-2001:020-1 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-020.php3 Reference: XF:cups-httpgets-dos(6043) Reference: URL:http://xforce.iss.net/xforce/xfdb/6043 Reference: OSVDB:6064 Reference: URL:http://www.osvdb.org/6064 Buffer overflow in httpGets function in CUPS 1.1.5 allows remote attackers to execute arbitrary commands via a long input line. ====================================================== Name: CVE-2001-0195 Status: Entry Reference: DEBIAN:DSA-015 Reference: URL:http://www.debian.org/security/2001/dsa-015 Reference: XF:linux-sash-shadow-readable Reference: URL:http://xforce.iss.net/static/5994.php sash before 3.4-4 in Debian GNU/Linux does not properly clone /etc/shadow, which makes it world-readable and could allow local users to gain privileges via password cracking. ====================================================== Name: CVE-2001-0196 Status: Entry Reference: FREEBSD:FreeBSD-SA-01:11 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:11.inetd.v1.1.asc Reference: BID:2324 Reference: URL:http://www.securityfocus.com/bid/2324 Reference: XF:inetd-ident-read-files(6052) Reference: URL:http://xforce.iss.net/xforce/xfdb/6052 Reference: OSVDB:1753 Reference: URL:http://www.osvdb.org/1753 inetd ident server in FreeBSD 4.x and earlier does not properly set group permissions, which allows remote attackers to read the first 16 bytes of files that are accessible by the wheel group. ====================================================== Name: CVE-2001-0197 Status: Entry Reference: BUGTRAQ:20010121 [pkc] format bugs in icecast 1.3.8b2 and prior Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0348.html Reference: CONECTIVA:CLA-2001:374 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000374 Reference: REDHAT:RHSA-2001:004 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-004.html Reference: XF:icecast-format-string Reference: URL:http://xforce.iss.net/static/5978.php Reference: BID:2264 Reference: URL:http://www.securityfocus.com/bid/2264 Format string vulnerability in print_client in icecast 1.3.8beta2 and earlier allows remote attackers to execute arbitrary commands. ====================================================== Name: CVE-2001-0203 Status: Entry Reference: BUGTRAQ:20010120 Watchguard Firewall Elevated Privilege Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0342.html Reference: BID:2284 Reference: URL:http://www.securityfocus.com/bid/2284 Reference: XF:watchguard-firebox-obtain-passphrase Reference: URL:http://xforce.iss.net/static/5979.php Watchguard Firebox II firewall allows users with read-only access to gain read-write access, and administrative privileges, by accessing a file that contains hashed passphrases, and using the hashes during authentication. ====================================================== Name: CVE-2001-0204 Status: Entry Reference: BUGTRAQ:20010214 def-2001-07: Watchguard Firebox II PPTP DoS Reference: URL:http://www.securityfocus.com/archive/1/162965 Reference: BID:2369 Reference: URL:http://www.securityfocus.com/bid/2369 Reference: XF:firebox-pptp-dos(6109) Reference: URL:http://xforce.iss.net/static/6109.php Watchguard Firebox II allows remote attackers to cause a denial of service by establishing multiple connections and sending malformed PPTP packets. ====================================================== Name: CVE-2001-0207 Status: Entry Reference: BUGTRAQ:20010119 Buffer overflow in bing Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0330.html Reference: XF:linux-bing-bo Reference: URL:http://xforce.iss.net/static/6036.php Reference: BID:2279 Reference: URL:http://www.securityfocus.com/bid/2279 Buffer overflow in bing allows remote attackers to execute arbitrary commands via a long hostname, which is copied to a small buffer after a reverse DNS lookup using the gethostbyaddr function. ====================================================== Name: CVE-2001-0215 Status: Entry Reference: BUGTRAQ:20010212 ROADS search system "show files" Vulnerability with "null bite" bug Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0213.html Reference: CONFIRM:http://www.roads.lut.ac.uk/lists/open-roads/2001/02/0001.html Reference: XF:roads-search-view-files(6097) Reference: URL:http://xforce.iss.net/static/6097.php Reference: BID:2371 Reference: URL:http://www.securityfocus.com/bid/2371 ROADS search.pl program allows remote attackers to read arbitrary files by specifying the file name in the form parameter and terminating the filename with a null byte. ====================================================== Name: CVE-2001-0218 Status: Entry Reference: BUGTRAQ:20010126 format string vulnerability in mars_nwe 0.99pl19 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0456.html Reference: FREEBSD:FreeBSD-SA-01:20 Reference: URL:http://archives.neohapsis.com/archives/freebsd/2001-02/0081.html Reference: XF:mars-nwe-format-string(6019) Reference: URL:http://xforce.iss.net/static/6019.php Format string vulnerability in mars_nwe 0.99.pl19 allows remote attackers to execute arbitrary commands. ====================================================== Name: CVE-2001-0219 Status: Entry Reference: HP:HPSBUX0101-137 Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q1/0016.html Reference: XF:hp-stm-dos Reference: URL:http://xforce.iss.net/static/5957.php Reference: BID:2239 Reference: URL:http://www.securityfocus.com/bid/2239 Reference: OSVDB:6991 Reference: URL:http://www.osvdb.org/6991 Reference: OSVDB:7029 Reference: URL:http://www.osvdb.org/7029 Reference: OSVDB:7030 Reference: URL:http://www.osvdb.org/7030 Vulnerability in Support Tools Manager (xstm,cstm,stm) in HP-UX 11.11 and earlier allows local users to cause a denial of service. ====================================================== Name: CVE-2001-0221 Status: Entry Reference: FREEBSD:FreeBSD-SA-01:19 Reference: URL:http://archives.neohapsis.com/archives/freebsd/2001-02/0079.html Reference: XF:ja-xklock-bo(6073) Reference: URL:http://xforce.iss.net/xforce/xfdb/6073 Buffer overflow in ja-xklock 2.7.1 and earlier allows local users to gain root privileges. ====================================================== Name: CVE-2001-0222 Status: Entry Reference: MANDRAKE:MDKSA-2001-016 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-016.php3 Reference: CALDERA:CSSA-2001-004.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-004.0.txt Reference: XF:linux-webmin-tmpfiles Reference: URL:http://xforce.iss.net/static/6011.php webmin 0.84 and earlier allows local users to overwrite and create arbitrary files via a symlink attack. ====================================================== Name: CVE-2001-0230 Status: Entry Reference: FREEBSD:FreeBSD-SA-01:22 Reference: URL:http://archives.neohapsis.com/archives/freebsd/2001-02/0083.html Reference: XF:dc20ctrl-port-bo(6077) Reference: URL:http://xforce.iss.net/xforce/xfdb/6077 Reference: OSVDB:6081 Reference: URL:http://www.osvdb.org/6081 Buffer overflow in dc20ctrl before 0.4_1 in FreeBSD, and possibly other operating systems, allows local users to gain privileges. ====================================================== Name: CVE-2001-0233 Status: Entry Reference: BUGTRAQ:20010124 patch Re: [PkC] Advisory #003: micq-0.4.6 remote buffer overflow Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0395.html Reference: BUGTRAQ:20010118 [PkC] Advisory #003: micq-0.4.6 remote buffer overflow Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0307.html Reference: DEBIAN:DSA-012 Reference: URL:http://www.debian.org/security/2001/dsa-012 Reference: FREEBSD:FreeBSD-SA-01:14 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:14.micq.asc Reference: REDHAT:RHSA-2001:005 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-005.html Reference: XF:micq-sprintf-remote-bo(5962) Reference: URL:http://xforce.iss.net/static/5962.php Buffer overflow in micq client 0.4.6 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long Description field. ====================================================== Name: CVE-2001-0234 Status: Entry Reference: BUGTRAQ:20010126 NewsDaemon remote administrator access Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0460.html Reference: CONFIRM:http://sourceforge.net/forum/forum.php?forum_id=60570 Reference: XF:newsdaemon-gain-admin-access Reference: URL:http://xforce.iss.net/static/6010.php NewsDaemon before 0.21b allows remote attackers to execute arbitrary SQL queries and gain privileges via a malformed user_username parameter. ====================================================== Name: CVE-2001-0235 Status: Entry Reference: DEBIAN:DSA-024 Reference: URL:http://www.debian.org/security/2001/dsa-024 Reference: FREEBSD:FreeBSD-SA-01:09 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:09.crontab.v1.1.asc Reference: BID:2332 Reference: URL:http://www.securityfocus.com/bid/2332 Reference: XF:crontab-read-files(6225) Reference: URL:http://xforce.iss.net/xforce/xfdb/6225 Vulnerability in crontab allows local users to read crontab files of other users by replacing the temporary file that is being edited while crontab is running. ====================================================== Name: CVE-2001-0236 Status: Entry Reference: BUGTRAQ:20010314 Solaris /usr/lib/dmi/snmpXdmid vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98462536724454&w=2 Reference: CERT:CA-2001-05 Reference: URL:http://www.cert.org/advisories/CA-2001-05.html Reference: CIAC:L-065 Reference: URL:http://www.ciac.org/ciac/bulletins/l-065.shtml Reference: SUN:00207 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/207 Reference: XF:solaris-snmpxdmid-bo(6245) Reference: URL:http://xforce.iss.net/static/6245.php Reference: BID:2417 Reference: URL:http://www.securityfocus.com/bid/2417 Buffer overflow in Solaris snmpXdmid SNMP to DMI mapper daemon allows remote attackers to execute arbitrary commands via a long "indication" event. ====================================================== Name: CVE-2001-0237 Status: Entry Reference: BUGTRAQ:20010509 def-2001-24: Windows 2000 Kerberos DoS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98942093221908&w=2 Reference: MS:MS01-024 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-024.asp Reference: CIAC:L-079 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/l-079.shtml Reference: XF:win2k-kerberos-dos(6506) Reference: URL:http://xforce.iss.net/static/6506.php Reference: BID:2707 Reference: URL:http://www.securityfocus.com/bid/2707 Memory leak in Microsoft 2000 domain controller allows remote attackers to cause a denial of service by repeatedly connecting to the Kerberos service and then disconnecting without sending any data. ====================================================== Name: CVE-2001-0238 Status: Entry Reference: MS:MS01-022 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-022.asp Reference: CIAC:L-074 Reference: URL:http://www.ciac.org/ciac/bulletins/l-074.shtml Reference: XF:ms-dacipp-webdav-access(6405) Reference: URL:http://xforce.iss.net/static/6405.php Microsoft Data Access Component Internet Publishing Provider 8.103.2519.0 and earlier allows remote attackers to bypass Security Zone restrictions via WebDAV requests. ====================================================== Name: CVE-2001-0239 Status: Entry Reference: BUGTRAQ:20010416 [SX-20010320-2] - Microsoft ISA Server Denial of Service Reference: URL:http://www.securityfocus.com/archive/1/176912 Reference: BUGTRAQ:20010427 Microsoft ISA Server Vulnerability Reference: URL:http://www.securityfocus.com/archive/1/179986 Reference: BUGTRAQ:20010417 [SX-20010320-2b] - Followup re. Microsoft ISA Server Denial of Service Reference: URL:http://www.securityfocus.com/archive/1/177160 Reference: MS:MS01-021 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-021.asp Reference: CIAC:L-073 Reference: URL:http://www.ciac.org/ciac/bulletins/l-073.shtml Reference: BID:2600 Reference: URL:http://www.securityfocus.com/bid/2600 Reference: XF:isa-web-proxy-dos(6383) Reference: URL:http://xforce.iss.net/static/6383.php Microsoft Internet Security and Acceleration (ISA) Server 2000 Web Proxy allows remote attackers to cause a denial of service via a long web request with a specific type. ====================================================== Name: CVE-2001-0240 Status: Entry Reference: MS:MS01-028 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-028.asp Reference: XF:word-rtf-macro-execution(6571) Reference: URL:http://xforce.iss.net/static/6571.php Reference: BID:2753 Reference: URL:http://www.securityfocus.com/bid/2753 Microsoft Word before Word 2002 allows attackers to automatically execute macros without warning the user via a Rich Text Format (RTF) document that links to a template with the embedded macro. ====================================================== Name: CVE-2001-0241 Status: Entry Reference: BUGTRAQ:20010501 Windows 2000 IIS 5.0 Remote buffer overflow vulnerability (Remote SYSTEM Level Access) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98874912915948&w=2 Reference: MS:MS01-023 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-023.asp Reference: CERT:CA-2001-10 Reference: URL:http://www.cert.org/advisories/CA-2001-10.html Reference: BID:2674 Reference: URL:http://www.securityfocus.com/bid/2674 Reference: XF:iis-isapi-printer-bo(6485) Reference: URL:http://xforce.iss.net/static/6485.php Reference: OSVDB:3323 Reference: URL:http://www.osvdb.org/3323 Reference: OVAL:oval:org.mitre.oval:def:1068 Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1068 Buffer overflow in Internet Printing ISAPI extension in Windows 2000 allows remote attackers to gain root privileges via a long print request that is passed to the extension through IIS 5.0. ====================================================== Name: CVE-2001-0243 Status: Entry Reference: MS:MS01-029 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-029.asp Reference: XF:mediaplayer-html-shortcut(6584) Reference: URL:http://xforce.iss.net/static/6584.php Reference: BID:2765 Reference: URL:http://www.securityfocus.com/bid/2765 Windows Media Player 7 and earlier stores Internet shortcuts in a user's Temporary Files folder with a fixed filename instead of in the Internet Explorer cache, which causes the HTML in those shortcuts to run in the Local Computer Zone instead of the Internet Zone, which allows remote attackers to read certain files. ====================================================== Name: CVE-2001-0244 Status: Entry Reference: MS:MS01-025 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-025.asp Reference: BID:2709 Reference: URL:http://www.securityfocus.com/bid/2709 Reference: XF:winnt-indexserver-search-bo(6517) Reference: URL:http://xforce.iss.net/static/6517.php Buffer overflow in Microsoft Index Server 2.0 allows remote attackers to execute arbitrary commands via a long search parameter. ====================================================== Name: CVE-2001-0245 Status: Entry Reference: MS:MS01-025 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-025.asp Reference: XF:win-indexserver-view-files(6518) Reference: URL:http://xforce.iss.net/static/6518.php Microsoft Index Server 2.0 in Windows NT 4.0, and Indexing Service in Windows 2000, allows remote attackers to read server-side include files via a malformed search request, aka a new variant of the "Malformed Hit-Highlighting" vulnerability. ====================================================== Name: CVE-2001-0252 Status: Entry Reference: BUGTRAQ:20010122 def-2001-04: Netscape Enterprise Server Dot-DoS Reference: URL:http://www.securityfocus.com/archive/1/157641 Reference: BUGTRAQ:20010124 iPlanet FastTrack/Enterprise 4.1 DoS clarifications Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98035833331446&w=2 Reference: BID:2282 Reference: URL:http://www.securityfocus.com/bid/2282 Reference: XF:netscape-enterprise-dot-dos Reference: URL:http://xforce.iss.net/static/5983.php iPlanet (formerly Netscape) Enterprise Server 4.1 allows remote attackers to cause a denial of service via a long HTTP GET request that contains many "/../" (dot dot) sequences. ====================================================== Name: CVE-2001-0259 Status: Entry Reference: BUGTRAQ:20010116 Bug in SSH1 secure-RPC support can expose users' private keys Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0262.html Reference: CONFIRM:http://www.ssh.com/products/ssh/patches/secureRPCvulnerability.html Reference: BID:2222 Reference: URL:http://www.securityfocus.com/bid/2222 Reference: XF:ssh-rpc-private-key Reference: URL:http://xforce.iss.net/static/5963.php ssh-keygen in ssh 1.2.27 - 1.2.30 with Secure-RPC can allow local attackers to recover a SUN-DES-1 magic phrase generated by another user, which the attacker can use to decrypt that user's private key file. ====================================================== Name: CVE-2001-0260 Status: Entry Reference: BUGTRAQ:20010123 [SAFER] Security Bulletin 010123.EXP.1.10 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0360.html Reference: XF:lotus-domino-smtp-bo Reference: URL:http://xforce.iss.net/static/5993.php Reference: BID:2283 Reference: URL:http://www.securityfocus.com/bid/2283 Reference: OSVDB:3321 Reference: URL:http://www.osvdb.org/3321 Buffer overflow in Lotus Domino Mail Server 5.0.5 and earlier allows a remote attacker to crash the server or execute arbitrary code via a long "RCPT TO" command. ====================================================== Name: CVE-2001-0265 Status: Entry Reference: ATSTAKE:A040901-1 Reference: URL:http://www.atstake.com/research/advisories/2001/a040901-1.txt Reference: XF:pgp-armor-code-execution(6643) Reference: URL:http://xforce.iss.net/static/6643.php Reference: BID:2556 Reference: URL:http://www.securityfocus.com/bid/2556 Reference: OSVDB:1782 Reference: URL:http://www.osvdb.org/1782 ASCII Armor parser in Windows PGP 7.0.3 and earlier allows attackers to create files in arbitrary locations via a malformed ASCII armored file. ====================================================== Name: CVE-2001-0266 Status: Entry Reference: HP:HPSBUX0102-143 Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q1/0069.html Reference: OSVDB:6033 Reference: URL:http://www.osvdb.org/6033 Vulnerability in Software Distributor SD-UX in HP-UX 11.0 and earlier allows local users to gain privileges. ====================================================== Name: CVE-2001-0267 Status: Entry Reference: HP:HPSBMP0102-008 Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q1/0050.html Reference: XF:hp-nmdebug-gain-privileges(6226) Reference: URL:http://xforce.iss.net/xforce/xfdb/6226 Reference: OSVDB:6032 Reference: URL:http://www.osvdb.org/6032 NM debug in HP MPE/iX 6.5 and earlier does not properly handle breakpoints, which allows local users to gain privileges. ====================================================== Name: CVE-2001-0268 Status: Entry Reference: CALDERA:CSSA-2001-SCO.35 Reference: URL:http://archives.neohapsis.com/archives/linux/caldera/2001-q4/0014.html Reference: NETBSD:NetBSD-SA:2001-002 Reference: URL:http://archives.neohapsis.com/archives/netbsd/2001-q1/0093.html Reference: BUGTRAQ:20010219 Re: your mail Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0353.html Reference: OPENBSD:20010302 The USER_LDT kernel option allows an attacker to gain access to privileged areas of kernel memory. Reference: URL:http://www.openbsd.org/errata.html#userldt Reference: CERT-VN:VU#358960 Reference: URL:http://www.kb.cert.org/vuls/id/358960 Reference: BID:2739 Reference: URL:http://www.securityfocus.com/bid/2739 Reference: OSVDB:6141 Reference: URL:http://www.osvdb.org/6141 Reference: XF:user-ldt-validation(6222) Reference: URL:http://xforce.iss.net/xforce/xfdb/6222 The i386_set_ldt system call in NetBSD 1.5 and earlier, and OpenBSD 2.8 and earlier, when the USER_LDT kernel option is enabled, does not validate a call gate target, which allows local users to gain root privileges by creating a segment call gate in the Local Descriptor Table (LDT) with a target that specifies an arbitrary kernel address. ====================================================== Name: CVE-2001-0269 Status: Entry Reference: BUGTRAQ:20010217 Solaris 8 pam_ldap.so.1 module broken Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0344.html Reference: SUNBUG:4384816 Reference: XF:solaris-pamldap-bypass-authentication(6440) Reference: URL:http://xforce.iss.net/static/6440.php Reference: OSVDB:6030 Reference: URL:http://www.osvdb.org/6030 pam_ldap authentication module in Solaris 8 allows remote attackers to bypass authentication via a NULL password. ====================================================== Name: CVE-2001-0274 Status: Entry Reference: BUGTRAQ:20010214 Security hole in kicq Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0276.html Reference: BUGTRAQ:20010303 Re: Security hole in kicq Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0536.html Reference: XF:kicq-execute-commands(6112) Reference: URL:http://xforce.iss.net/xforce/xfdb/6112 kicq IRC client 1.0.0, and possibly later versions, allows remote attackers to execute arbitrary commands via shell metacharacters in a URL. ====================================================== Name: CVE-2001-0276 Status: Entry Reference: BUGTRAQ:20010217 BadBlue Web Server Ext.dll Vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98263019502565&w=2 Reference: CONFIRM:http://www.badblue.com/p010219.htm Reference: BID:2390 Reference: URL:http://www.securityfocus.com/bid/2390 Reference: XF:badblue-ext-reveal-path(6130) Reference: URL:http://xforce.iss.net/static/6130.php ext.dll in BadBlue 1.02.07 Personal Edition web server allows remote attackers to determine the physical path of the server by directly calling ext.dll without any arguments, which produces an error message that contains the path. ====================================================== Name: CVE-2001-0278 Status: Entry Reference: HP:HPSBMP0102-009 Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q1/0050.html Reference: XF:hp-linkeditor-gain-privileges(6223) Reference: URL:http://xforce.iss.net/xforce/xfdb/6223 Vulnerability in linkeditor in HP MPE/iX 6.5 and earlier allows local users to gain privileges. ====================================================== Name: CVE-2001-0279 Status: Entry Reference: BUGTRAQ:20010222 Sudo version 1.6.3p6 now available (fwd) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0414.html Reference: MANDRAKE:MDKSA-2001:024 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-024.php3 Reference: DEBIAN:DSA-031 Reference: URL:http://www.debian.org/security/2001/dsa-031 Reference: CONECTIVA:CLA-2001:381 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000381 Reference: REDHAT:RHSA-2001:018 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-018.html Reference: REDHAT:RHSA-2001:019 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-019.html Reference: BUGTRAQ:20010225 [slackware-security] buffer overflow in sudo fixed Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0437.html Reference: BUGTRAQ:20010226 Trustix Security Advisory - sudo Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0427.html Buffer overflow in sudo earlier than 1.6.3p6 allows local users to gain root privileges. ====================================================== Name: CVE-2001-0280 Status: Entry Reference: BUGTRAQ:20010223 Mercur Mailserver 3.3 buffer overflow with EXPN Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0413.html Reference: XF:mercur-expn-bo(6149) Reference: URL:http://xforce.iss.net/static/6149.php Reference: OSVDB:6027 Reference: URL:http://www.osvdb.org/6027 Buffer overflow in MERCUR SMTP server 3.30 allows remote attackers to execute arbitrary commands via a long EXPN command. ====================================================== Name: CVE-2001-0284 Status: Entry Reference: OPENBSD:20010302 Insufficient checks in the IPSEC AH IPv4 option handling code can lead to a buffer overrun in the kernel. Reference: URL:http://www.openbsd.org/errata.html#ipsec_ah Reference: OSVDB:6026 Reference: URL:http://www.osvdb.org/6026 Buffer overflow in IPSEC authentication mechanism for OpenBSD 2.8 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a malformed Authentication header (AH) IPv4 option. ====================================================== Name: CVE-2001-0287 Status: Entry Reference: BUGTRAQ:20010302 Option to VERITAS Cluster Server (VCS) lltstat command will panic system. Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0528.html Reference: CONFIRM:http://seer.support.veritas.com/docs/234326.htm Reference: OSVDB:6025 Reference: URL:http://www.osvdb.org/6025 VERITAS Cluster Server (VCS) 1.3.0 on Solaris allows local users to cause a denial of service (system panic) via the -L option to the lltstat command. ====================================================== Name: CVE-2001-0288 Status: Entry Reference: CISCO:20010228 Cisco IOS Software TCP Initial Sequence Number Randomization Improvements Reference: URL:http://www.cisco.com/warp/public/707/ios-tcp-isn-random-pub.shtml Cisco switches and routers running IOS 12.1 and earlier produce predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections. ====================================================== Name: CVE-2001-0289 Status: Entry Reference: BUGTRAQ:20010228 Joe's Own Editor File Handling Error Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0490.html Reference: MANDRAKE:MDKSA-2001:026 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-026.php3 Reference: DEBIAN:DSA-041 Reference: URL:http://www.debian.org/security/2001/dsa-041 Reference: REDHAT:RHSA-2001:024 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-024.html Joe text editor 2.8 searches the current working directory (CWD) for the .joerc configuration file, which could allow local users to gain privileges of other users by placing a Trojan Horse .joerc file into a directory, then waiting for users to execute joe from that directory. ====================================================== Name: CVE-2001-0290 Status: Entry Reference: BUGTRAQ:20010306 [Mailman-Announce] ANNOUNCE Mailman 2.0.2 (important privacy patch) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0031.html Vulnerability in Mailman 2.0.1 and earlier allows list administrators to obtain user passwords. ====================================================== Name: CVE-2001-0295 Status: Entry Reference: BUGTRAQ:20010306 Warftp 1.67b04 Directory Traversal Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98390925726814&w=2 Reference: CONFIRM:http://support.jgaa.com/?cmd=ShowArticle&ID=31 Reference: BID:2444 Reference: URL:http://www.securityfocus.com/bid/2444 Reference: OSVDB:874 Reference: URL:http://www.osvdb.org/874 Directory traversal vulnerability in War FTP 1.67.04 allows remote attackers to list directory contents and possibly read files via a "dir *./../.." command. ====================================================== Name: CVE-2001-0299 Status: Entry Reference: BUGTRAQ:20001127 Nokia firewalls Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97535202912588&w=2 Reference: BUGTRAQ:20001205 Nokia firewalls - Response from Nokia Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97603879517777&w=2 Reference: XF:nokia-ip440-bo(5640) Reference: URL:http://xforce.iss.net/xforce/xfdb/5640 Reference: BID:2054 Reference: URL:http://www.securityfocus.com/bid/2054 Reference: OSVDB:6020 Reference: URL:http://www.osvdb.org/6020 Buffer overflow in Voyager web administration server for Nokia IP440 allows local users to cause a denial of service, and possibly execute arbitrary commands, via a long URL. ====================================================== Name: CVE-2001-0301 Status: Entry Reference: BUGTRAQ:20010213 Security advisory for analog Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0264.html Reference: CONFIRM:http://www.analog.cx/security2.html Reference: REDHAT:RHSA-2001:017 Reference: URL:http://archives.neohapsis.com/archives/linux/redhat/2001-q1/0056.html Reference: DEBIAN:DSA-033 Reference: URL:http://www.debian.org/security/2001/dsa-033 Reference: BID:2377 Reference: URL:http://www.securityfocus.com/bid/2377 Reference: XF:analog-alias-bo(6105) Reference: URL:http://xforce.iss.net/xforce/xfdb/6105 Reference: OSVDB:1762 Reference: URL:http://www.osvdb.org/1762 Buffer overflow in Analog before 4.16 allows remote attackers to execute arbitrary commands by using the ALIAS command to construct large strings. ====================================================== Name: CVE-2001-0309 Status: Entry Reference: REDHAT:RHSA-2001:006 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-006.html Reference: XF:inetd-internal-socket-dos(6380) Reference: URL:http://xforce.iss.net/xforce/xfdb/6380 inetd in Red Hat 6.2 does not properly close sockets for internal services such as chargen, daytime, echo, etc., which allows remote attackers to cause a denial of service via a series of connections to the internal services. ====================================================== Name: CVE-2001-0310 Status: Entry Reference: FREEBSD:FreeBSD-SA-01:13 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:13.sort.asc Reference: BID:3960 Reference: URL:http://www.securityfocus.com/bid/3960 Reference: XF:sort-temp-file-abort Reference: URL:http://xforce.iss.net/static/6038.php sort in FreeBSD 4.1.1 and earlier, and possibly other operating systems, uses predictable temporary file names and does not properly handle when the temporary file already exists, which causes sort to crash and possibly impacts security-sensitive scripts. ====================================================== Name: CVE-2001-0311 Status: Entry Reference: HP:HPSBUX0102-142 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0102-142 Reference: HPBUG:PHSS_22914 Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q1/0022.html Reference: HPBUG:PHSS_22915 Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q1/0023.html Reference: XF:omniback-unauthorized-access(6434) Reference: URL:http://xforce.iss.net/xforce/xfdb/6434 Vulnerability in OmniBackII A.03.50 in HP 11.x and earlier allows attackers to gain unauthorized access to an OmniBack client. ====================================================== Name: CVE-2001-0316 Status: Entry Reference: REDHAT:RHSA-2001:013 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-013.html Reference: CALDERA:CSSA-2001-009 Reference: URL:http://www.caldera.com/support/security/advisories/CSSA-2001-009.0.txt Reference: BUGTRAQ:20010213 Trustix Security Advisory - proftpd, kernel Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0267.html Reference: BID:2364 Reference: URL:http://www.securityfocus.com/bid/2364 Reference: OSVDB:6017 Reference: URL:http://www.osvdb.org/6017 Reference: XF:linux-sysctl-read-memory(6079) Reference: URL:http://xforce.iss.net/xforce/xfdb/6079 Linux kernel 2.4 and 2.2 allows local users to read kernel memory and possibly gain privileges via a negative argument to the sysctl call. ====================================================== Name: CVE-2001-0317 Status: Entry Reference: BUGTRAQ:20010213 Trustix Security Advisory - proftpd, kernel Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0267.html Reference: REDHAT:RHSA-2001:013 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-013.html Reference: CALDERA:CSSA-2001-009 Reference: URL:http://www.caldera.com/support/security/advisories/CSSA-2001-009.0.txt Reference: XF:linux-ptrace-modify-process(6080) Reference: URL:http://xforce.iss.net/xforce/xfdb/6080 Race condition in ptrace in Linux kernel 2.4 and 2.2 allows local users to gain privileges by using ptrace to track and modify a running setuid process. ====================================================== Name: CVE-2001-0318 Status: Entry Reference: BUGTRAQ:20010110 proftpd 1.2.0rc2 -- example of bad coding Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97916525715657&w=2 Reference: BUGTRAQ:20010206 Response to ProFTPD issues Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0117.html Reference: MANDRAKE:MDKSA-2001:021 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-021.php3 Reference: DEBIAN:DSA-029 Reference: URL:http://www.debian.org/security/2001/dsa-029 Reference: CONECTIVA:CLA-2001:380 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000380 Reference: XF:proftpd-format-string(6433) Reference: URL:http://xforce.iss.net/xforce/xfdb/6433 Format string vulnerability in ProFTPD 1.2.0rc2 may allow attackers to execute arbitrary commands by shutting down the FTP server while using a malformed working directory (cwd). ====================================================== Name: CVE-2001-0319 Status: Entry Reference: BUGTRAQ:20010205 IBM NetCommerce Security Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0072.html Reference: CONFIRM:http://www-4.ibm.com/software/webservers/commerce/netcomletter.html Reference: BID:2350 Reference: URL:http://www.securityfocus.com/bid/2350 Reference: XF:ibm-netcommerce-reveal-information(6067) Reference: URL:http://xforce.iss.net/xforce/xfdb/6067 orderdspc.d2w macro in IBM Net.Commerce 3.x allows remote attackers to execute arbitrary SQL queries by inserting them into the order_rn option of the report capability. ====================================================== Name: CVE-2001-0321 Status: Entry Reference: BUGTRAQ:20010212 Fwd: Re: phpnuke, security problem... Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0214.html Reference: XF:phpnuke-opendir-read-files(6512) Reference: URL:http://xforce.iss.net/static/6512.php opendir.php script in PHP-Nuke allows remote attackers to read arbitrary files by specifying the filename as an argument to the requesturl parameter. ====================================================== Name: CVE-2001-0326 Status: Entry Reference: BUGTRAQ:20010212 Solution for Potential Vunerability in Granting FilePermission to Oracle Java Virtual Machine Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0255.html Reference: XF:oracle-jvm-file-permissions(6438) Reference: URL:http://xforce.iss.net/xforce/xfdb/6438 Reference: OSVDB:5706 Reference: URL:http://www.osvdb.org/5706 Oracle Java Virtual Machine (JVM ) for Oracle 8.1.7 and Oracle Application Server 9iAS Release 1.0.2.0.1 allows remote attackers to read arbitrary files via the .jsp and .sqljsp file extensions when the server is configured to use the <<ALL FILES>> FilePermission. ====================================================== Name: CVE-2001-0327 Status: Entry Reference: ATSTAKE:A041601-1 Reference: URL:http://www.atstake.com/research/advisories/2001/a041601-1.txt Reference: CONFIRM:http://www.iplanet.com/products/iplanet_web_enterprise/iwsalert4.16.html Reference: CERT-VN:VU#276767 Reference: URL:http://www.kb.cert.org/vuls/id/276767 Reference: OSVDB:5704 Reference: URL:http://www.osvdb.org/5704 iPlanet Web Server Enterprise Edition 4.1 and earlier allows remote attackers to retrieve sensitive data from memory allocation pools, or cause a denial of service, via a URL-encoded Host: header in the HTTP request, which reveals memory in the Location: header that is returned by the server. ====================================================== Name: CVE-2001-0330 Status: Entry Reference: ATSTAKE:A043001-1 Reference: URL:http://www.atstake.com/research/advisories/2001/a043001-1.txt Reference: BID:2671 Reference: URL:http://www.securityfocus.com/bid/2671 Reference: XF:bugzilla-gobalpl-gain-information(6489) Reference: URL:http://xforce.iss.net/static/6489.php Bugzilla 2.10 allows remote attackers to access sensitive information, including the database username and password, via an HTTP request for the globals.pl file, which is normally returned by the web server without being executed. ====================================================== Name: CVE-2001-0331 Status: Entry Reference: ISS:20010509 Remote Buffer Overflow Vulnerability in IRIX Embedded Support Partner Infrastructure Reference: URL:http://xforce.iss.net/alerts/advise76.php Reference: SGI:20010501-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20010501-01-P Reference: CERT-VN:VU#258632 Reference: URL:http://www.kb.cert.org/vuls/id/258632 Reference: BID:2714 Reference: URL:http://www.securityfocus.com/bid/2714 Reference: OSVDB:1822 Reference: URL:http://www.osvdb.org/1822 Reference: XF:irix-espd-bo(6502) Reference: URL:http://xforce.iss.net/static/6502.php Buffer overflow in Embedded Support Partner (ESP) daemon (rpc.espd) in IRIX 6.5.8 and earlier allows remote attackers to execute arbitrary commands. ====================================================== Name: CVE-2001-0333 Status: Entry Reference: BUGTRAQ:20010515 NSFOCUS SA2001-02 : Microsoft IIS CGI Filename Decode Error Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98992056521300&w=2 Reference: MS:MS01-026 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-026.asp Reference: CERT:CA-2001-12 Reference: URL:http://www.cert.org/advisories/CA-2001-12.html Reference: XF:iis-url-decoding(6534) Reference: URL:http://xforce.iss.net/static/6534.php Reference: BID:2708 Reference: URL:http://www.securityfocus.com/bid/2708 Reference: OVAL:oval:org.mitre.oval:def:1018 Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1018 Reference: OVAL:oval:org.mitre.oval:def:1051 Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1051 Reference: OVAL:oval:org.mitre.oval:def:37 Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:37 Reference: OVAL:oval:org.mitre.oval:def:78 Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:78 Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice. ====================================================== Name: CVE-2001-0334 Status: Entry Reference: MS:MS01-026 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-026.asp Reference: XF:iis-ftp-wildcard-dos(6535) Reference: URL:http://xforce.iss.net/static/6535.php FTP service in IIS 5.0 and earlier allows remote attackers to cause a denial of service via a wildcard sequence that generates a long string when it is expanded. ====================================================== Name: CVE-2001-0335 Status: Entry Reference: MS:MS01-026 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-026.asp Reference: XF:iis-ftp-domain-authentication(6545) Reference: URL:http://xforce.iss.net/static/6545.php Reference: BID:2719 Reference: URL:http://www.securityfocus.com/bid/2719 FTP service in IIS 5.0 and earlier allows remote attackers to enumerate Guest accounts in trusted domains by preceding the username with a special sequence of characters. ====================================================== Name: CVE-2001-0336 Status: Entry Reference: MS:MS01-026 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-026.asp Reference: XF:iis-crosssitescripting-patch-dos(6858) Reference: URL:http://xforce.iss.net/static/6858.php Reference: OSVDB:5693 Reference: URL:http://www.osvdb.org/5693 The Microsoft MS00-060 patch for IIS 5.0 and earlier introduces an error which allows attackers to cause a denial of service via a malformed request. ====================================================== Name: CVE-2001-0338 Status: Entry Reference: MS:MS01-027 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-027.asp Reference: CIAC:L-087 Reference: URL:http://www.ciac.org/ciac/bulletins/l-087.shtml Reference: XF:ie-crl-certificate-spoofing(6555) Reference: URL:http://xforce.iss.net/static/6555.php Reference: BID:2735 Reference: URL:http://www.securityfocus.com/bid/2735 Internet Explorer 5.5 and earlier does not properly validate digital certificates when Certificate Revocation List (CRL) checking is enabled, which could allow remote attackers to spoof trusted web sites, aka the "Server certificate validation vulnerability." ====================================================== Name: CVE-2001-0339 Status: Entry Reference: MS:MS01-027 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-027.asp Reference: CIAC:L-087 Reference: URL:http://www.ciac.org/ciac/bulletins/l-087.shtml Reference: XF:ie-html-url-spoofing(6556) Reference: URL:http://xforce.iss.net/static/6556.php Reference: BID:2737 Reference: URL:http://www.securityfocus.com/bid/2737 Reference: OSVDB:5694 Reference: URL:http://www.osvdb.org/5694 Reference: OVAL:oval:org.mitre.oval:def:1096 Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1096 Internet Explorer 5.5 and earlier allows remote attackers to display a URL in the address bar that is different than the URL that is actually being displayed, which could be used in web site spoofing attacks, aka the "Web page spoofing vulnerability." ====================================================== Name: CVE-2001-0340 Status: Entry Reference: MS:MS01-030 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-030.asp Reference: CIAC:L-091 Reference: URL:http://www.ciac.org/ciac/bulletins/l-091.shtml Reference: XF:exchange-owa-script-execution(6652) Reference: URL:http://xforce.iss.net/static/6652.php An interaction between the Outlook Web Access (OWA) service in Microsoft Exchange 2000 Server and Internet Explorer allows attackers to execute malicious script code against a user's mailbox via a message attachment that contains HTML code, which is executed automatically. ====================================================== Name: CVE-2001-0341 Status: Entry Reference: BUGTRAQ:20010625 NSFOCUS SA2001-03 : Microsoft FrontPage 2000 Server Extensions Buffer Overflow Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99348216322147&w=2 Reference: MS:MS01-035 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-035.asp Reference: BID:2906 Reference: URL:http://www.securityfocus.com/bid/2906 Reference: XF:frontpage-ext-rad-bo(6730) Reference: URL:http://xforce.iss.net/static/6730.php Reference: OSVDB:577 Reference: URL:http://www.osvdb.org/577 Buffer overflow in Microsoft Visual Studio RAD Support sub-component of FrontPage Server Extensions allows remote attackers to execute arbitrary commands via a long registration request (URL) to fp30reg.dll. ====================================================== Name: CVE-2001-0344 Status: Entry Reference: MS:MS01-032 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-032.asp Reference: CIAC:L-095 Reference: URL:http://www.ciac.org/ciac/bulletins/l-095.shtml Reference: XF:mssql-cached-connection-access(6684) Reference: URL:http://xforce.iss.net/static/6684.php Reference: OVAL:oval:org.mitre.oval:def:71 Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:71 An SQL query method in Microsoft SQL Server 2000 Gold and 7.0 using Mixed Mode allows local database users to gain privileges by reusing a cached connection of the sa administrator account. ====================================================== Name: CVE-2001-0345 Status: Entry Reference: MS:MS01-031 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-031.asp Reference: BID:2843 Reference: URL:http://www.securityfocus.com/bid/2843 Reference: XF:win2k-telnet-idle-sessions-dos(6667) Reference: URL:http://xforce.iss.net/static/6667.php Microsoft Windows 2000 telnet service allows attackers to prevent idle Telnet sessions from timing out, causing a denial of service by creating a large number of idle sessions. ====================================================== Name: CVE-2001-0346 Status: Entry Reference: MS:MS01-031 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-031.asp Reference: XF:win2k-telnet-handle-leak-dos(6668) Reference: URL:http://xforce.iss.net/static/6668.php Handle leak in Microsoft Windows 2000 telnet service allows attackers to cause a denial of service by starting a large number of sessions and terminating them. ====================================================== Name: CVE-2001-0347 Status: Entry Reference: MS:MS01-031 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-031.asp Reference: CIAC:L-092 Reference: URL:http://www.ciac.org/ciac/bulletins/l-092.shtml Reference: BID:2847 Reference: URL:http://www.securityfocus.com/bid/2847 Reference: XF:win2k-telnet-domain-authentication(6665) Reference: URL:http://xforce.iss.net/static/6665.php Reference: OSVDB:5686 Reference: URL:http://www.osvdb.org/5686 Information disclosure vulnerability in Microsoft Windows 2000 telnet service allows remote attackers to determine the existence of user accounts such as Guest, or log in to the server without specifying the domain name, via a malformed userid. ====================================================== Name: CVE-2001-0348 Status: Entry Reference: BUGTRAQ:20050511 Microsoft Windows 2000 Telnet server vulnerability Reference: BINDVIEW:20010608 Range checking fault condition in Microsoft Windows 2000 Telnet server Reference: URL:http://razor.bindview.com/publish/advisories/adv_mstelnet.html Reference: MS:MS01-031 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-031.asp Reference: CIAC:L-092 Reference: URL:http://www.ciac.org/ciac/bulletins/l-092.shtml Reference: BID:2838 Reference: XF:win2k-telnet-username-dos(6666) Reference: URL:http://xforce.iss.net/static/6666.php Microsoft Windows 2000 telnet service allows attackers to cause a denial of service (crash) via a long logon command that contains a backspace. ====================================================== Name: CVE-2001-0351 Status: Entry Reference: MS:MS01-031 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-031.asp Reference: CIAC:L-092 Reference: URL:http://www.ciac.org/ciac/bulletins/l-092.shtml Reference: XF:win2k-telnet-system-call-dos(6669) Reference: URL:http://xforce.iss.net/static/6669.php Reference: BID:2846 Reference: URL:http://www.securityfocus.com/bid/2846 Microsoft Windows 2000 telnet service allows a local user to make a certain system call that allows the user to terminate a Telnet session and cause a denial of service. ====================================================== Name: CVE-2001-0353 Status: Entry Reference: ISS:20010619 Remote Buffer Overflow Vulnerability in Solaris Print Protocol Daemon Reference: URL:http://xforce.iss.net/alerts/advise80.php Reference: SUN:00206 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/206 Reference: CERT:CA-2001-15 Reference: URL:http://www.cert.org/advisories/CA-2001-15.html Reference: XF:solaris-lpd-bo(6718) Reference: URL:http://xforce.iss.net/static/6718.php Reference: BID:2894 Reference: URL:http://www.securityfocus.com/bid/2894 Buffer overflow in the line printer daemon (in.lpd) for Solaris 8 and earlier allows local and remote attackers to gain root privileges via a "transfer job" routine. ====================================================== Name: CVE-2001-0361 Status: Entry Reference: BUGTRAQ:20010207 [CORE SDI ADVISORY] SSH1 session key recovery vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98158450021686&w=2 Reference: CIAC:L-047 Reference: URL:http://www.ciac.org/ciac/bulletins/l-047.shtml Reference: FREEBSD:FreeBSD-SA-01:24 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:24.ssh.asc Reference: DEBIAN:DSA-023 Reference: URL:http://www.debian.org/security/2001/dsa-023 Reference: DEBIAN:DSA-027 Reference: URL:http://www.debian.org/security/2001/dsa-027 Reference: DEBIAN:DSA-086 Reference: URL:http://www.debian.org/security/2001/dsa-086 Reference: CISCO:20010627 Multiple SSH Vulnerabilities Reference: SUSE:SuSE-SA:2001:04 Reference: URL:http://www.novell.com/linux/security/advisories/adv004_ssh.html Reference: XF:ssh-session-key-recovery(6082) Reference: URL:http://xforce.iss.net/static/6082.php Reference: BID:2344 Reference: URL:http://www.securityfocus.com/bid/2344 Reference: OSVDB:2116 Reference: URL:http://www.osvdb.org/2116 Implementations of SSH version 1.5, including (1) OpenSSH up to version 2.3.0, (2) AppGate, and (3) ssh-1 up to version 1.2.31, in certain configurations, allow a remote attacker to decrypt and/or alter traffic via a "Bleichenbacher attack" on PKCS#1 version 1.5. ====================================================== Name: CVE-2001-0364 Status: Entry Reference: BUGTRAQ:20010315 Remote DoS attack against SSH Secure Shell for Windows Servers Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98467799732241&w=2 Reference: BID:2477 Reference: URL:http://www.securityfocus.com/bid/2477 Reference: XF:ssh-ssheloop-dos(6241) Reference: URL:http://xforce.iss.net/static/6241.php SSH Communications Security sshd 2.4 for Windows allows remote attackers to create a denial of service via a large number of simultaneous connections. ====================================================== Name: CVE-2001-0365 Status: Entry Reference: BUGTRAQ:20010318 feeble.you!dora.exploit Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98503741910995&w=2 Reference: XF:eudora-html-execute-code(6262) Reference: URL:http://xforce.iss.net/static/6262.php Reference: BID:2490 Reference: URL:http://www.securityfocus.com/bid/2490 Eudora before 5.1 allows a remote attacker to execute arbitrary code, when the 'Use Microsoft Viewer' and 'allow executables in HTML content' options are enabled, via an HTML email message containing Javascript, with ActiveX controls and malicious code within IMG tags. ====================================================== Name: CVE-2001-0366 Status: Entry Reference: BUGTRAQ:20010429 SAP R/3 Web Application Server Demo for Linux: root exploit Reference: URL:http://www.securityfocus.com/archive/1/180498 Reference: CONFIRM:ftp://ftp.sap.com/pub/linuxlab/saptools/README.saposcol Reference: BID:2662 Reference: URL:http://www.securityfocus.com/bid/2662 Reference: XF:linux-sap-execute-code(6487) Reference: URL:http://xforce.iss.net/static/6487.php saposcol in SAP R/3 Web Application Server Demo before 1.5 trusts the PATH environmental variable to find and execute the expand program, which allows local users to obtain root access by modifying the PATH to point to a Trojan horse expand program. ====================================================== Name: CVE-2001-0368 Status: Entry Reference: BUGTRAQ:20010430 A Serious Security Vulnerability Found in BearShare (Directory Traversal) Reference: URL:http://www.securityfocus.com/archive/1/180644 Reference: BID:2672 Reference: URL:http://www.securityfocus.com/bid/2672 Reference: XF:bearshare-dot-download-files(6481) Reference: URL:http://xforce.iss.net/static/6481.php Reference: OSVDB:1810 Reference: URL:http://www.osvdb.org/1810 Directory traversal vulnerability in BearShare 2.2.2 and earlier allows a remote attacker to read certain files via a URL containing a series of . characters, a variation of the .. (dot dot) attack. ====================================================== Name: CVE-2001-0371 Status: Entry Reference: FREEBSD:FreeBSD-SA-01:30 Reference: URL:http://archives.neohapsis.com/archives/freebsd/2001-03/0403.html Reference: XF:ufs-ext2fs-data-disclosure(6268) Reference: URL:http://xforce.iss.net/static/6268.php Reference: OSVDB:5682 Reference: URL:http://www.osvdb.org/5682 Race condition in the UFS and EXT2FS file systems in FreeBSD 4.2 and earlier, and possibly other operating systems, makes deleted data available to user processes before it is zeroed out, which allows a local user to access otherwise restricted information. ====================================================== Name: CVE-2001-0373 Status: Entry Reference: BUGTRAQ:20010323 NT crash dump files insecure by default Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0336.html Reference: BID:2501 Reference: URL:http://www.securityfocus.com/bid/2501 Reference: XF:win-userdmp-insecure-permission(6275) Reference: URL:http://xforce.iss.net/static/6275.php Reference: OSVDB:5683 Reference: URL:http://www.osvdb.org/5683 The default configuration of the Dr. Watson program in Windows NT and Windows 2000 generates user.dmp crash dump files with world-readable permissions, which could allow a local user to gain access to sensitive information. ====================================================== Name: CVE-2001-0375 Status: Entry Reference: BUGTRAQ:20010406 PIX Firewall 5.1 DoS Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98658271707833&w=2 Reference: CISCO:20011003 Cisco PIX Firewall Authentication Denial of Service Vulnerability Reference: URL:http://www.cisco.com/warp/public/707/pixfirewall-authen-flood-pub.shtml Reference: XF:cisco-pix-tacacs-dos(6353) Reference: URL:http://xforce.iss.net/xforce/xfdb/6353 Reference: BID:2551 Reference: URL:http://www.securityfocus.com/bid/2551 Cisco PIX Firewall 515 and 520 with 5.1.4 OS running aaa authentication to a TACACS+ server allows remote attackers to cause a denial of service via a large number of authentication requests. ====================================================== Name: CVE-2001-0377 Status: Entry Reference: BUGTRAQ:20010328 Inframail Denial of Service Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0428.html Reference: XF:inframail-post-dos(6297) Reference: URL:http://xforce.iss.net/static/6297.php Reference: OSVDB:5685 Reference: URL:http://www.osvdb.org/5685 Infradig Inframail prior to 3.98a allows a remote attacker to create a denial of service via a malformed POST request which includes a space followed by a large string. ====================================================== Name: CVE-2001-0378 Status: Entry Reference: CONFIRM:ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/024_readline.patch Reference: XF:bsd-readline-permissions(6586) Reference: URL:http://xforce.iss.net/static/6586.php Reference: OSVDB:5680 Reference: URL:http://www.osvdb.org/5680 readline prior to 4.1, in OpenBSD 2.8 and earlier, creates history files with insecure permissions, which allows a local attacker to recover potentially sensitive information via readline history files. ====================================================== Name: CVE-2001-0379 Status: Entry Reference: HP:HPSBUX0103-147 Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q1/0101.html Reference: CERT-VN:VU#249224 Reference: URL:http://www.kb.cert.org/vuls/id/249224 Reference: XF:hp-newgrp-additional-privileges(6282) Reference: URL:http://xforce.iss.net/static/6282.php Reference: OSVDB:5681 Reference: URL:http://www.osvdb.org/5681 Vulnerability in the newgrp program included with HP9000 servers running HP-UX 11.11 allows a local attacker to obtain higher access rights. ====================================================== Name: CVE-2001-0383 Status: Entry Reference: BUGTRAQ:20010401 Php-nuke exploit... Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0017.html Reference: CONFIRM:http://phpnuke.org/download.php?dcategory=Fixes Reference: XF:php-nuke-url-redirect(6342) Reference: URL:http://xforce.iss.net/static/6342.php Reference: BID:2544 Reference: URL:http://www.securityfocus.com/bid/2544 banners.php in PHP-Nuke 4.4 and earlier allows remote attackers to modify banner ad URLs by directly calling the Change operation, which does not require authentication. ====================================================== Name: CVE-2001-0386 Status: Entry Reference: BUGTRAQ:20010417 Advisory for SimpleServer:WWW (analogX) Reference: URL:http://www.securityfocus.com/archive/1/177156 Reference: BID:2608 Reference: URL:http://www.securityfocus.com/bid/2608 Reference: XF:analogx-simpleserver-aux-dos(6395) Reference: URL:http://xforce.iss.net/static/6395.php Reference: OSVDB:3781 Reference: URL:http://www.osvdb.org/3781 AnalogX SimpleServer:WWW 1.08 allows remote attackers to cause a denial of service via an HTTP request to the /aux directory. ====================================================== Name: CVE-2001-0387 Status: Entry Reference: BUGTRAQ:20010412 HylaFAX vulnerability Reference: URL:http://www.securityfocus.com/archive/1/175963 Reference: BUGTRAQ:20010415 **SECURITY ADVISORY** - HylaFAX format string vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0236.html Reference: FREEBSD:FreeBSD-SA-01:34 Reference: URL:http://archives.neohapsis.com/archives/freebsd/2001-04/0606.html Reference: SUSE:SuSE-SA:2001:15 Reference: URL:http://lists.suse.com/archives/suse-security-announce/2001-Apr/0005.html Reference: MANDRAKE:MDKSA-2001:041 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-041.php3 Reference: BID:2574 Reference: URL:http://www.securityfocus.com/bid/2574 Reference: XF:hylafax-hfaxd-format-string(6377) Reference: URL:http://xforce.iss.net/static/6377.php Reference: OSVDB:5679 Reference: URL:http://www.osvdb.org/5679 Format string vulnerability in hfaxd in HylaFAX before 4.1.b2_2 allows local users to gain privileges via the -q command line argument. ====================================================== Name: CVE-2001-0388 Status: Entry Reference: FREEBSD:FreeBSD-SA-01:28 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:28.timed.asc Reference: MANDRAKE:MDKSA-2001:034 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-034.php3 Reference: SUSE:SuSE-SA:2001:07 Reference: URL:http://www.novell.com/linux/security/advisories/2001_007_nkitserv.html Reference: XF:timed-remote-dos(6228) Reference: URL:http://xforce.iss.net/static/6228.php time server daemon timed allows remote attackers to cause a denial of service via malformed packets. ====================================================== Name: CVE-2001-0394 Status: Entry Reference: BUGTRAQ:20010328 def-2001-15: Website Pro Remote Manager DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0425.html Reference: XF:website-pro-remote-dos(6295) Reference: URL:http://xforce.iss.net/static/6295.php Reference: OSVDB:5669 Reference: URL:http://www.osvdb.org/5669 Remote manager service in Website Pro 3.0.37 allows remote attackers to cause a denial of service via a series of malformed HTTP requests to the /dyn directory. ====================================================== Name: CVE-2001-0402 Status: Entry Reference: BUGTRAQ:20010408 A fragmentation attack against IP Filter Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98679734015538&w=2 Reference: FREEBSD:FreeBSD-SA-01:32 Reference: URL:http://archives.neohapsis.com/archives/freebsd/2001-04/0338.html Reference: XF:ipfilter-access-ports(6331) Reference: URL:http://xforce.iss.net/static/6331.php IPFilter 3.4.16 and earlier does not include sufficient session information in its cache, which allows remote attackers to bypass access restrictions by sending fragmented packets to a restricted port after sending unfragmented packets to an unrestricted port. ====================================================== Name: CVE-2001-0405 Status: Entry Reference: BUGTRAQ:20010416 Tempest Security Techonologies -- Adivsory #01/2001 -- Linux IPTables Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0271.html Reference: REDHAT:RHSA-2001:052 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-052.html Reference: REDHAT:RHSA-2001:084 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-084.html Reference: MANDRAKE:MDKSA-2001:071 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-071.php3 Reference: BID:2602 Reference: URL:http://www.securityfocus.com/bid/2602 Reference: XF:linux-netfilter-iptables(6390) Reference: URL:http://xforce.iss.net/static/6390.php ip_conntrack_ftp in the IPTables firewall for Linux 2.4 allows remote attackers to bypass access restrictions for an FTP server via a PORT command that lists an arbitrary IP address and port number, which is added to the RELATED table and allowed by the firewall. ====================================================== Name: CVE-2001-0407 Status: Entry Reference: BUGTRAQ:20010318 potential vulnerability of mysqld running with root privileges (can be used as good DoS or r00t expoloit) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0237.html Reference: BUGTRAQ:20010327 MySQL 3.23.36 is relased (fwd) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0396.html Reference: XF:mysql-dot-directory-traversal(6617) Reference: URL:http://xforce.iss.net/static/6617.php Reference: BID:2522 Reference: URL:http://www.securityfocus.com/bid/2522 Directory traversal vulnerability in MySQL before 3.23.36 allows local users to modify arbitrary files and gain privileges by creating a database whose name starts with .. (dot dot). ====================================================== Name: CVE-2001-0408 Status: Entry Reference: MANDRAKE:MDKSA-2001:035 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-035.php3 Reference: REDHAT:RHSA-2001:008 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-008.html Reference: SUSE:SuSE-SA:2001:12 Reference: URL:http://www.novell.com/linux/security/advisories/2001_012_vim.html Reference: CALDERA:CSSA-2001-014.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-014.0.txt Reference: BUGTRAQ:20010329 Immunix OS Security update for vim Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98593106111968&w=2 Reference: BID:2510 Reference: URL:http://www.securityfocus.com/bid/2510 Reference: XF:vim-elevate-privileges(6259) Reference: URL:http://xforce.iss.net/static/6259.php vim (aka gvim) processes VIM control codes that are embedded in a file, which could allow attackers to execute arbitrary commands when another user opens a file containing malicious VIM control codes. ====================================================== Name: CVE-2001-0409 Status: Entry Reference: SUSE:SuSE-SA:2001:12 Reference: URL:http://www.novell.com/linux/security/advisories/2001_012_vim.html Reference: CALDERA:CSSA-2001-014.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-014.0.txt Reference: XF:vim-tmp-symlink(6628) Reference: URL:http://xforce.iss.net/static/6628.php vim (aka gvim) allows local users to modify files being edited by other users via a symlink attack on the backup and swap files, when the victim is editing the file in a world writable directory. ====================================================== Name: CVE-2001-0412 Status: Entry Reference: CISCO:20010404 Cisco Content Services Switch User Account Vulnerability Reference: URL:http://www.cisco.com/warp/public/707/arrowpoint-useraccnt-debug-pub.shtml Reference: BID:2559 Reference: URL:http://www.securityfocus.com/bid/2559 Reference: XF:cisco-css-elevate-privileges(6322) Reference: URL:http://xforce.iss.net/static/6322.php Reference: OSVDB:1784 Reference: URL:http://www.osvdb.org/1784 Cisco Content Services (CSS) switch products 11800 and earlier, aka Arrowpoint, allows local users to gain privileges by entering debug mode. ====================================================== Name: CVE-2001-0413 Status: Entry Reference: BUGTRAQ:20010404 BinTec X4000 Access Router DoS Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98644414226344&w=2 Reference: BUGTRAQ:20010406 X4000 DoS: Details and workaround Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98659862317070&w=2 Reference: BUGTRAQ:20010410 BinTec Router DoS: Workaround and Details Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0145.html Reference: BUGTRAQ:20010409 BINTEC X1200 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98697054804197&w=2 Reference: XF:bintec-x4000-nmap-dos(6323) Reference: URL:http://xforce.iss.net/static/6323.php BinTec X4000 Access router, and possibly other versions, allows remote attackers to cause a denial of service via a SYN port scan, which causes the router to hang. ====================================================== Name: CVE-2001-0414 Status: Entry Reference: BUGTRAQ:20010404 ntpd =< 4.0.99k remote buffer overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98642418618512&w=2 Reference: BUGTRAQ:20010405 Re: ntpd =< 4.0.99k remote buffer overflow] Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98654963328381&w=2 Reference: REDHAT:RHSA-2001:045 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-045.html Reference: CALDERA:CSSA-2001-013 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-013.0.txt Reference: MANDRAKE:MDKSA-2001:036 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-036.php3 Reference: DEBIAN:DSA-045 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98651866104663&w=2 Reference: NETBSD:NetBSD-SA2001-004 Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2001-004.txt.asc Reference: SUSE:SuSE-SA:2001:10 Reference: URL:http://lists.suse.com/archives/suse-security-announce/2001-Apr/0000.html Reference: CONECTIVA:CLA-2001:392 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000392 Reference: FREEBSD:FreeBSD-SA-01:31 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:31.ntpd.asc Reference: SCO:SSE073 Reference: URL:ftp://ftp.sco.com/SSE/sse073.ltr Reference: SCO:SSE074 Reference: URL:ftp://ftp.sco.com/SSE/sse074.ltr Reference: BUGTRAQ:20010408 [slackware-security] buffer overflow fix for NTP Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98679815917014&w=2 Reference: BUGTRAQ:20010409 PROGENY-SA-2001-02: ntpd remote buffer overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98684202610470&w=2 Reference: BUGTRAQ:20010409 ntpd - new Debian 2.2 (potato) version is also vulnerable Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98684532921941&w=2 Reference: BUGTRAQ:20010406 Immunix OS Security update for ntp and xntp3 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98659782815613&w=2 Reference: BUGTRAQ:20010409 ntp-4.99k23.tar.gz is available Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98683952401753&w=2 Reference: BUGTRAQ:20010418 IBM MSS Outside Advisory Redistribution: IBM AIX: Buffer Overflow Vulnerability in (x)ntp Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0314.html Reference: BUGTRAQ:20010409 [ESA-20010409-01] xntp buffer overflow Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0127.html Reference: BUGTRAQ:20010413 PROGENY-SA-2001-02A: [UPDATE] ntpd remote buffer overflow Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0225.html Reference: BID:2540 Reference: URL:http://www.securityfocus.com/bid/2540 Reference: OSVDB:805 Reference: URL:http://www.osvdb.org/805 Reference: OVAL:oval:org.mitre.oval:def:3831 Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:3831 Reference: XF:ntpd-remote-bo(6321) Reference: URL:http://xforce.iss.net/static/6321.php Buffer overflow in ntpd ntp daemon 4.0.99k and earlier (aka xntpd and xntp3) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long readvar argument. ====================================================== Name: CVE-2001-0416 Status: Entry Reference: DEBIAN:DSA-038 Reference: URL:http://www.debian.org/security/2001/dsa-038 Reference: REDHAT:RHSA-2001:027 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-027.html Reference: BUGTRAQ:20010316 Immunix OS Security update for sgml-tools Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98477491130367&w=2 Reference: MANDRAKE:MDKSA-2001:030 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-030.php3 Reference: CONECTIVA:CLA-2001:390 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000390 Reference: XF:sgmltools-symlink Reference: URL:http://xforce.iss.net/static/6201.php Reference: SUSE:SuSE-SA:2001:16 Reference: URL:http://www.novell.com/linux/security/advisories/2001_016_sgmltool_txt.html Reference: BID:2683 Reference: URL:http://www.securityfocus.com/bid/2683 Reference: BID:2506 Reference: URL:http://www.securityfocus.com/bid/2506 sgml-tools (aka sgmltools) before 1.0.9-15 creates temporary files with insecure permissions, which allows other users to read files that are being processed by sgml-tools. ====================================================== Name: CVE-2001-0422 Status: Entry Reference: BUGTRAQ:20010410 Solaris Xsun buffer overflow vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0158.html Reference: SUNBUG:4356377 Reference: SUNBUG:4425845 Reference: SUNBUG:4440161 Reference: BID:2561 Reference: URL:http://www.securityfocus.com/bid/2561 Reference: OVAL:oval:org.mitre.oval:def:555 Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:555 Reference: XF:solaris-xsun-home-bo(6343) Reference: URL:http://xforce.iss.net/static/6343.php Buffer overflow in Xsun in Solaris 8 and earlier allows local users to execute arbitrary commands via a long HOME environmental variable. ====================================================== Name: CVE-2001-0423 Status: Entry Reference: BUGTRAQ:20010412 Solaris ipcs vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0217.html Reference: BID:2581 Reference: URL:http://www.securityfocus.com/bid/2581 Reference: XF:solaris-ipcs-bo(6369) Reference: URL:http://xforce.iss.net/xforce/xfdb/6369 Buffer overflow in ipcs in Solaris 7 x86 allows local users to execute arbitrary code via a long TZ (timezone) environmental variable, a different vulnerability than CAN-2002-0093. ====================================================== Name: CVE-2001-0427 Status: Entry Reference: CISCO:20010328 VPN3000 Concentrator TELNET Vulnerability Reference: URL:http://www.cisco.com/warp/public/707/vpn3k-telnet-vuln-pub.shtml Reference: XF:cisco-vpn-telnet-dos(6298) Reference: URL:http://xforce.iss.net/static/6298.php Reference: OSVDB:5643 Reference: URL:http://www.osvdb.org/5643 Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via a flood of invalid login requests to (1) the SSL service, or (2) the telnet service, which do not properly disconnect the user after several failed login attempts. ====================================================== Name: CVE-2001-0428 Status: Entry Reference: CISCO:20010412 VPN 3000 Concentrator IP Options Vulnerability Reference: URL:http://www.cisco.com/warp/public/707/vpn3k-ipoptions-vuln-pub.shtml Reference: BID:2573 Reference: URL:http://www.securityfocus.com/bid/2573 Reference: XF:cisco-vpn-ip-dos(6360) Reference: URL:http://xforce.iss.net/static/6360.php Reference: OSVDB:1786 Reference: URL:http://www.osvdb.org/1786 Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via an IP packet with an invalid IP option. ====================================================== Name: CVE-2001-0429 Status: Entry Reference: CISCO:20010416 Catalyst 5000 Series 802.1x Vulnerability Reference: URL:http://www.cisco.com/warp/public/707/cat5k-8021x-vuln-pub.shtml Reference: CIAC:L-072 Reference: URL:http://www.ciac.org/ciac/bulletins/l-072.shtml Reference: BID:2604 Reference: URL:http://www.securityfocus.com/bid/2604 Reference: XF:cisco-catalyst-8021x-dos(6379) Reference: URL:http://xforce.iss.net/static/6379.php Cisco Catalyst 5000 series switches 6.1(2) and earlier will forward an 802.1x frame on a Spanning Tree Protocol (STP) blocked port, which causes a network storm and a denial of service. ====================================================== Name: CVE-2001-0430 Status: Entry Reference: DEBIAN:DSA-046 Reference: URL:http://archives.neohapsis.com/archives/vendor/2001-q2/0005.html Reference: XF:exuberant-ctags-symlink(6388) Reference: URL:http://xforce.iss.net/static/6388.php Reference: OSVDB:5642 Reference: URL:http://www.osvdb.org/5642 Vulnerability in exuberant-ctags before 3.2.4-0.1 insecurely creates temporary files. ====================================================== Name: CVE-2001-0434 Status: Entry Reference: COMPAQ:SSRT0716 Reference: URL:http://ftp.support.compaq.com/patches/.new/html/SSRT0716-01.shtml Reference: XF:compaq-activex-dos(6355) Reference: URL:http://xforce.iss.net/static/6355.php The LogDataListToFile ActiveX function used in (1) Knowledge Center and (2) Back web components of Compaq Presario computers allows remote attackers to modify arbitrary files and cause a denial of service. ====================================================== Name: CVE-2001-0439 Status: Entry Reference: CONECTIVA:CLA-2001:389 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000389 Reference: MANDRAKE:MDKSA-2001:032 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-032.php3 Reference: FREEBSD:FreeBSD-SA-01:35 Reference: URL:http://archives.neohapsis.com/archives/freebsd/2001-04/0607.html Reference: REDHAT:RHSA-2001:022 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-022.html Reference: REDHAT:RHSA-2001:023 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-023.html Reference: XF:licq-url-execute-commands(6261) Reference: URL:http://xforce.iss.net/static/6261.php Reference: OSVDB:5641 Reference: URL:http://www.osvdb.org/5641 licq before 1.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a URL. ====================================================== Name: CVE-2001-0440 Status: Entry Reference: CONECTIVA:CLA-2001:389 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000389 Reference: MANDRAKE:MDKSA-2001:032 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-032.php3 Reference: FREEBSD:FreeBSD-SA-01:35 Reference: URL:http://archives.neohapsis.com/archives/freebsd/2001-04/0607.html Reference: REDHAT:RHSA-2001:022 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-022.html Reference: REDHAT:RHSA-2001:023 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-023.html Reference: XF:licq-logging-bo(6645) Reference: URL:http://xforce.iss.net/static/6645.php Reference: OSVDB:5601 Reference: URL:http://www.osvdb.org/5601 Buffer overflow in logging functions of licq before 1.0.3 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands. ====================================================== Name: CVE-2001-0442 Status: Entry Reference: BUGTRAQ:20010421 Mercury for NetWare POP3 server vulnerable to remote buffer overflow Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0378.html Reference: BUGTRAQ:20010424 Re: Mercury for NetWare POP3 server vulnerable to remote buffer overflow Reference: URL:http://online.securityfocus.com/archive/1/179217 Reference: BID:2641 Reference: URL:http://www.securityfocus.com/bid/2641 Reference: XF:mercury-mta-bo(6444) Reference: URL:http://www.iss.net/security_center/static/6444.php Buffer overflow in Mercury MTA POP3 server for NetWare 1.48 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long APOP command. ====================================================== Name: CVE-2001-0444 Status: Entry Reference: BUGTRAQ:20010420 Bug in Cisco CBOS v2.3.0.053 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0380.html Reference: XF:cisco-cbos-gain-information(6453) Reference: URL:http://xforce.iss.net/static/6453.php Reference: BID:2635 Reference: URL:http://www.securityfocus.com/bid/2635 Reference: OSVDB:1796 Reference: URL:http://www.osvdb.org/1796 Cisco CBOS 2.3.0.053 sends output of the "sh nat" (aka "show nat") command to the terminal of the next user who attempts to connect to the router via telnet, which could allow that user to obtain sensitive information. ====================================================== Name: CVE-2001-0449 Status: Entry Reference: BUGTRAQ:20010302 def-2001-09: Winzip32 zipandemail Buffer Overflow Reference: URL:http://www.securityfocus.com/archive/1/166211 Reference: XF:winzip-zipandemail-bo(6191) Reference: URL:http://xforce.iss.net/static/6191.php Buffer overflow in WinZip 8.0 allows attackers to execute arbitrary commands via a long file name that is processed by the /zipandemail command line option. ====================================================== Name: CVE-2001-0455 Status: Entry Reference: CISCO:20010307 Access to the Cisco Aironet 340 Series Wireless Bridge via Web Interface Reference: URL:http://www.cisco.com/warp/public/707/Aironet340-pub.shtml Reference: XF:cisco-aironet-web-access(6200) Reference: URL:http://xforce.iss.net/static/6200.php Reference: OSVDB:5597 Reference: URL:http://www.osvdb.org/5597 Cisco Aironet 340 Series wireless bridge before 8.55 does not properly disable access to the web interface, which allows remote attackers to modify its configuration. ====================================================== Name: CVE-2001-0456 Status: Entry Reference: DEBIAN:DSA-032 Reference: URL:http://www.debian.org/security/2001/dsa-032 Reference: XF:proftpd-postinst-root(6208) Reference: URL:http://xforce.iss.net/static/6208.php postinst installation script for Proftpd in Debian 2.2 does not properly change the "run as uid/gid root" configuration when the user enables anonymous access, which causes the server to run at a higher privilege than intended. ====================================================== Name: CVE-2001-0457 Status: Entry Reference: DEBIAN:DSA-035 Reference: URL:http://www.debian.org/security/2001/dsa-035 Reference: XF:man2html-remote-dos(6211) Reference: URL:http://xforce.iss.net/static/6211.php Reference: OSVDB:5631 Reference: URL:http://www.osvdb.org/5631 man2html before 1.5-22 allows remote attackers to cause a denial of service (memory exhaustion). ====================================================== Name: CVE-2001-0461 Status: Entry Reference: BUGTRAQ:20010309 Cgisecurity.com advisory #4 The Free On-line Dictionary of Computing Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0109.html Reference: CONFIRM:http://wombat.doc.ic.ac.uk/foldoc/index.html Reference: XF:foldoc-cgi-execute-commands Reference: URL:http://xforce.iss.net/static/6217.php Reference: OSVDB:5591 Reference: URL:http://www.osvdb.org/5591 template.cgi in Free On-Line Dictionary of Computing (FOLDOC) allows remote attackers to read files and execute commands via shell metacharacters in the argument to template.cgi. ====================================================== Name: CVE-2001-0462 Status: Entry Reference: BUGTRAQ:20010424 Advisory for perl webserver Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0426.html Reference: XF:perl-webserver-directory-traversal(6451) Reference: URL:http://xforce.iss.net/static/6451.php Reference: BID:2648 Reference: URL:http://www.securityfocus.com/bid/2648 Directory traversal vulnerability in Perl web server 0.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the URL. ====================================================== Name: CVE-2001-0463 Status: Entry Reference: BUGTRAQ:20010427 PerlCal (CGI) show files vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0506.html Reference: CONFIRM:http://www.perlcal.com/calendar/docs/bugs.txt Reference: BID:2663 Reference: URL:http://www.securityfocus.com/bid/2663 Reference: XF:perlcal-calmake-directory-traversal(6480) Reference: URL:http://xforce.iss.net/static/6480.php Directory traversal vulnerability in cal_make.pl in PerlCal allows remote attackers to read arbitrary files via a .. (dot dot) in the p0 parameter. ====================================================== Name: CVE-2001-0465 Status: Entry Reference: BUGTRAQ:20010405 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98653594732053&w=2 Reference: CONFIRM:http://www.turbotax.com/atr/update/ Reference: XF:turbotax-save-passwords(6622) Reference: URL:http://xforce.iss.net/static/6622.php TurboTax saves passwords in a temporary file when a user imports investment tax information from a financial institution, which could allow local users to obtain sensitive information. ====================================================== Name: CVE-2001-0467 Status: Entry Reference: BUGTRAQ:20010423 Vulnerability in Viking Web Server Reference: URL:http://www.securityfocus.com/archive/1/178935 Reference: CONFIRM:http://www.robtex.com/files/viking/beta/chglog.txt Reference: BID:2643 Reference: URL:http://www.securityfocus.com/bid/2643 Reference: XF:viking-dot-directory-traversal(6450) Reference: URL:http://xforce.iss.net/static/6450.php Directory traversal vulnerability in RobTex Viking Web server before 1.07-381 allows remote attackers to read arbitrary files via a \... (modified dot dot) in an HTTP URL request. ====================================================== Name: CVE-2001-0469 Status: Entry Reference: FREEBSD:FreeBSD-SA-01:29 Reference: URL:http://archives.neohapsis.com/archives/freebsd/2001-03/0163.html Reference: BID:2473 Reference: URL:http://www.securityfocus.com/bid/2473 Reference: XF:rwhod-remote-dos(6229) Reference: URL:http://xforce.iss.net/static/6229.php rwho daemon rwhod in FreeBSD 4.2 and earlier, and possibly other operating systems, allows remote attackers to cause a denial of service via malformed packets with a short length. ====================================================== Name: CVE-2001-0473 Status: Entry Reference: MANDRAKE:MDKSA-2001-031 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-031.php3 Reference: REDHAT:RHSA-2001:029 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-029.html Reference: BUGTRAQ:20010315 Immunix OS Security update for mutt Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98473109630421&w=2 Reference: CONECTIVA:CLA-2001:385 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000385 Reference: BUGTRAQ:20010320 Trustix Security Advisory - mutt Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0246.html Reference: XF:mutt-imap-format-string(6235) Reference: URL:http://xforce.iss.net/static/6235.php Reference: OSVDB:5615 Reference: URL:http://www.osvdb.org/5615 Format string vulnerability in Mutt before 1.2.5 allows a remote malicious IMAP server to execute arbitrary commands. ====================================================== Name: CVE-2001-0474 Status: Entry Reference: MANDRAKE:MDKSA-2001:029 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-029.php3 Reference: XF:mesa-utahglx-symlink(6231) Reference: URL:http://xforce.iss.net/static/6231.php Utah-glx in Mesa before 3.3-14 on Mandrake Linux 7.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/glxmemory file. ====================================================== Name: CVE-2001-0475 Status: Entry Reference: BUGTRAQ:20010315 vBulletin allows arbitrary code execution Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0180.html Reference: BID:2474 Reference: URL:http://www.securityfocus.com/bid/2474 Reference: CONFIRM:http://www.vbulletin.com/forum/showthread.php?s=b20af207b5b908ecf7a4ecf56fbe3cd3&threadid=10839 Reference: XF:vbulletin-php-elevate-privileges(6237) Reference: URL:http://xforce.iss.net/static/6237.php index.php in Jelsoft vBulletin does not properly initialize a PHP variable that is used to store template information, which allows remote attackers to execute arbitrary PHP code via special characters in the templatecache parameter. ====================================================== Name: CVE-2001-0481 Status: Entry Reference: MANDRAKE:MDKSA-2001:043 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-043.php3 Reference: XF:linux-rpmdrake-temp-file(6494) Reference: URL:http://xforce.iss.net/static/6494.php Reference: OSVDB:5612 Reference: URL:http://www.osvdb.org/5612 Vulnerability in rpmdrake in Mandrake Linux 8.0 related to insecure temporary file handling. ====================================================== Name: CVE-2001-0482 Status: Entry Reference: BUGTRAQ:20010330 Serious Pitbull LX Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0475.html Reference: XF:pitbull-lx-modify-kernel(6623) Reference: URL:http://xforce.iss.net/static/6623.php Configuration error in Argus PitBull LX allows root users to bypass specified access control restrictions and cause a denial of service or execute arbitrary commands by modifying kernel variables such as MaxFiles, MaxInodes, and ModProbePath in /proc/sys via calls to sysctl. ====================================================== Name: CVE-2001-0485 Status: Entry Reference: BUGTRAQ:20010426 IRIX /usr/lib/print/netprint local root symbols exploit. Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0475.html Reference: BUGTRAQ:20010427 Re: IRIX /usr/lib/print/netprint local root symbols exploit. Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0502.html Reference: SGI:20010701-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20010701-01-P Reference: BID:2656 Reference: URL:http://www.securityfocus.com/bid/2656 Reference: OSVDB:8571 Reference: URL:http://www.osvdb.org/8571 Reference: XF:irix-netprint-shared-library(6473) Reference: URL:http://xforce.iss.net/xforce/xfdb/6473 Unknown vulnerability in netprint in IRIX 6.2, and possibly other versions, allows local users with lp privileges attacker to execute arbitrary commands via the -n option. ====================================================== Name: CVE-2001-0486 Status: Entry Reference: VULN-DEV:20010402 (no subject) Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2001-q2/0020.html Reference: BUGTRAQ:20010420 Novell BorderManager 3.5 VPN Denial of Service Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98779821207867&w=2 Reference: CONFIRM:http://support.novell.com/cgi-bin/search/searchtid.cgi?/2959062.htm Reference: BUGTRAQ:20010429 Proof of concept DoS against novell border manager enterprise Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98865027328391&w=2 Reference: BUGTRAQ:20010501 Re: Proof of concept DoS against novell border manager enterprise edition 3.5 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0000.html Reference: BID:2623 Reference: URL:http://www.securityfocus.com/bid/2623 Reference: XF:bordermanager-vpn-syn-dos(6429) Reference: URL:http://xforce.iss.net/static/6429.php Remote attackers can cause a denial of service in Novell BorderManager 3.6 and earlier by sending TCP SYN flood to port 353. ====================================================== Name: CVE-2001-0487 Status: Entry Reference: AIXAPAR:IY17630 Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY17630&apar=only Reference: XF:aix-snmpd-rst-dos(6996) Reference: URL:http://www.iss.net/security_center/static/6996.php Reference: OSVDB:5611 Reference: URL:http://www.osvdb.org/5611 AIX SNMP server snmpd allows remote attackers to cause a denial of service via a RST during the TCP connection. ====================================================== Name: CVE-2001-0488 Status: Entry Reference: HP:HPSBUX0104-149 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0104-149 Reference: BID:2646 Reference: URL:http://www.securityfocus.com/bid/2646 Reference: XF:hp-pcltotiff-insecure-permissions(6447) Reference: URL:http://xforce.iss.net/static/6447.php Reference: OSVDB:2188 Reference: URL:http://www.osvdb.org/2188 pcltotiff in HP-UX 10.x has unnecessary set group id permissions, which allows local users to cause a denial of service. ====================================================== Name: CVE-2001-0489 Status: Entry Reference: VULN-DEV:20010417 gftp exploitable? Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2001-q2/0231.html Reference: REDHAT:RHSA-2001:053 Reference: URL:http://archives.neohapsis.com/archives/linux/redhat/2001-q2/0043.html Reference: MANDRAKE:MDKSA-2001-044 Reference: DEBIAN:DSA-057 Reference: URL:http://www.debian.org/security/2001/dsa-057 Reference: BID:2657 Reference: URL:http://www.securityfocus.com/bid/2657 Refer