CVE version: 20061101 ====================================================== Name: CVE-1999-0002 Status: Entry Reference: SGI:19981006-01-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19981006-01-I Reference: CERT:CA-98.12.mountd Reference: CIAC:J-006 Reference: URL:http://www.ciac.org/ciac/bulletins/j-006.shtml Reference: BID:121 Reference: URL:http://www.securityfocus.com/bid/121 Reference: XF:linux-mountd-bo Buffer overflow in NFS mountd gives root access to remote attackers, mostly in Linux systems. ====================================================== Name: CVE-1999-0003 Status: Entry Reference: NAI:NAI-29 Reference: CERT:CA-98.11.tooltalk Reference: SGI:19981101-01-A Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19981101-01-A Reference: SGI:19981101-01-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19981101-01-PX Reference: XF:aix-ttdbserver Reference: XF:tooltalk Reference: BID:122 Reference: URL:http://www.securityfocus.com/bid/122 Execute commands as root via buffer overflow in Tooltalk database server (rpc.ttdbserverd). ====================================================== Name: CVE-1999-0005 Status: Entry Reference: CERT:CA-98.09.imapd Reference: SUN:00177 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/177 Reference: BID:130 Reference: URL:http://www.securityfocus.com/bid/130 Reference: XF:imap-authenticate-bo Arbitrary command execution via IMAP buffer overflow in authenticate command. ====================================================== Name: CVE-1999-0006 Status: Entry Reference: CERT:CA-98.08.qpopper_vul Reference: SGI:19980801-01-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980801-01-I Reference: AUSCERT:AA-98.01 Reference: XF:qpopper-pass-overflow Reference: BID:133 Reference: URL:http://www.securityfocus.com/bid/133 Buffer overflow in POP servers based on BSD/Qualcomm's qpopper allows remote attackers to gain root access using a long PASS command. ====================================================== Name: CVE-1999-0007 Status: Entry Reference: CERT:CA-98.07.PKCS Reference: MS:MS98-002 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms98-002.mspx Reference: XF:nt-ssl-fix Information from SSL-encrypted sessions via PKCS #1. ====================================================== Name: CVE-1999-0008 Status: Entry Reference: CERT:CA-98.06.nisd Reference: SUN:00170 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/170 Reference: ISS:June10,1998 Reference: XF:nisd-bo-check Buffer overflow in NIS+, in Sun's rpc.nisd program. ====================================================== Name: CVE-1999-0009 Status: Entry Reference: SGI:19980603-01-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980603-01-PX Reference: HP:HPSBUX9808-083 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9808-083 Reference: SUN:00180 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/180 Reference: CERT:CA-98.05.bind_problems Reference: XF:bind-bo Reference: BID:134 Reference: URL:http://www.securityfocus.com/bid/134 Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases. ====================================================== Name: CVE-1999-0010 Status: Entry Reference: CERT:CA-98.05.bind_problems Reference: SGI:19980603-01-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980603-01-PX Reference: HP:HPSBUX9808-083 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9808-083 Reference: XF:bind-dos Denial of Service vulnerability in BIND 8 Releases via maliciously formatted DNS messages. ====================================================== Name: CVE-1999-0011 Status: Entry Reference: CERT:CA-98.05.bind_problems Reference: SGI:19980603-01-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980603-01-PX Reference: HP:HPSBUX9808-083 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9808-083 Reference: SUN:00180 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/180 Reference: XF:bind-axfr-dos Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases via CNAME record and zone transfer. ====================================================== Name: CVE-1999-0012 Status: Entry Reference: CERT:CA-98.04.Win32.WebServers Reference: XF:nt-web8.3 Some web servers under Microsoft Windows allow remote attackers to bypass access restrictions for files with long file names. ====================================================== Name: CVE-1999-0013 Status: Entry Reference: CERT:CA-98.03.ssh-agent Reference: NAI:NAI-24 Reference: XF:ssh-agent Stolen credentials from SSH clients via ssh-agent program, allowing other local users to access remote accounts belonging to the ssh-agent user. ====================================================== Name: CVE-1999-0014 Status: Entry Reference: HP:HPSBUX9801-075 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9801-075 Reference: SUN:00185 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/185 Reference: CERT:CA-98.02.CDE Unauthorized privileged access or denial of service via dtappgather program in CDE. ====================================================== Name: CVE-1999-0016 Status: Entry Reference: CERT:CA-97.28.Teardrop_Land Reference: FREEBSD:FreeBSD-SA-98:01 Reference: HP:HPSBUX9801-076 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9801-076 Reference: CISCO:http://www.cisco.com/warp/public/770/land-pub.shtml Reference: XF:cisco-land Reference: XF:land Reference: XF:95-verv-tcp Reference: XF:land-patch Reference: XF:ver-tcpip-sys Land IP denial of service. ====================================================== Name: CVE-1999-0017 Status: Entry Reference: CERT:CA-97.27.FTP_bounce Reference: XF:ftp-bounce Reference: XF:ftp-privileged-port FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce. ====================================================== Name: CVE-1999-0018 Status: Entry Reference: CERT:CA-97.26.statd Reference: AUSCERT:AA-97.29 Reference: XF:statd Reference: BID:127 Reference: URL:http://www.securityfocus.com/bid/127 Buffer overflow in statd allows root privileges. ====================================================== Name: CVE-1999-0019 Status: Entry Reference: CERT:CA-96.09.rpc.statd Reference: XF:rpc-stat Reference: SUN:00135 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/135 Delete or create a file via rpc.statd, due to invalid information. ====================================================== Name: CVE-1999-0021 Status: Entry Reference: BUGTRAQ:19971010 Security flaw in Count.cgi (wwwcount) Reference: CERT:CA-97.24.Count_cgi Reference: XF:http-cgi-count Reference: BID:128 Reference: URL:http://www.securityfocus.com/bid/128 Arbitrary command execution via buffer overflow in Count.cgi (wwwcount) cgi-bin program. ====================================================== Name: CVE-1999-0022 Status: Entry Reference: CERT:CA-97.23.rdist Reference: SUN:00179 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/179 Reference: XF:rdist-bo3 Reference: XF:rdist-sept97 Local user gains root privileges via buffer overflow in rdist, via expstr() function. ====================================================== Name: CVE-1999-0023 Status: Entry Reference: CERT:CA-96.14.rdist_vul Reference: XF:rdist-bo Reference: XF:rdist-bo2 Local user gains root privileges via buffer overflow in rdist, via lookup() function. ====================================================== Name: CVE-1999-0024 Status: Entry Reference: CERT:CA-97.22.bind Reference: XF:bind Reference: NAI:NAI-11 DNS cache poisoning via BIND, by predictable query IDs. ====================================================== Name: CVE-1999-0025 Status: Entry Reference: CERT:CA-1997-21 Reference: URL:http://www.cert.org/advisories/CA-1997-21.html Reference: AUSCERT:AA-97.19.IRIX.df.buffer.overflow.vul Reference: SGI:SGI:19970505-01-A Reference: SGI:SGI:19970505-02-PX Reference: CERT-VN:VU#20851 Reference: URL:http://www.kb.cert.org/vuls/id/20851 Reference: BID:346 Reference: URL:http://www.securityfocus.com/bid/346 Reference: XF:df-bo(440) Reference: URL:http://xforce.iss.net/xforce/xfdb/440 root privileges via buffer overflow in df command on SGI IRIX systems. ====================================================== Name: CVE-1999-0026 Status: Entry Reference: CERT:CA-97.21.sgi_buffer_overflow Reference: AUSCERT:AA-97.20.IRIX.pset.buffer.overflow.vul Reference: XF:pset-bo root privileges via buffer overflow in pset command on SGI IRIX systems. ====================================================== Name: CVE-1999-0027 Status: Entry Reference: CERT:CA-97.21.sgi_buffer_overflow Reference: AUSCERT:AA-97.21.IRIX.eject.buffer.overflow.vul Reference: XF:eject-bo root privileges via buffer overflow in eject command on SGI IRIX systems. ====================================================== Name: CVE-1999-0028 Status: Entry Reference: CERT:CA-97.21.sgi_buffer_overflow Reference: AUSCERT:AA-97.22.IRIX.login.scheme.buffer.overflow.vul Reference: XF:sgi-schemebo root privileges via buffer overflow in login/scheme command on SGI IRIX systems. ====================================================== Name: CVE-1999-0029 Status: Entry Reference: CERT:CA-97.21.sgi_buffer_overflow Reference: AUSCERT:AA-97.23-IRIX.ordist.buffer.overflow.vul Reference: XF:ordist-bo root privileges via buffer overflow in ordist command on SGI IRIX systems. ====================================================== Name: CVE-1999-0031 Status: Entry Reference: CERT:CA-97.20.javascript Reference: HP:HPSBUX9707-065 Reference: URL:http://www.codetalker.com/advisories/vendor/hp/hpsbux9707-065.html JavaScript in Internet Explorer 3.x and 4.x, and Netscape 2.x, 3.x and 4.x, allows remote attackers to monitor a user's web activities, aka the Bell Labs vulnerability. ====================================================== Name: CVE-1999-0032 Status: Entry Reference: BUGTRAQ:19960813 Possible bufferoverflow condition in lpr, xterm and xload Reference: BUGTRAQ:19961025 Linux & BSD's lpr exploit Reference: MLIST:[freebsd-security] 19961025 Vadim Kolontsov: BoS: Linux & BSD's lpr exploit Reference: MLIST:[linux-security] 19961122 LSF Update#14: Vulnerability of the lpr program. Reference: CERT:CA-97.19.bsdlp Reference: AUSCERT:AA-96.12 Reference: CIAC:H-08 Reference: CIAC:I-042 Reference: URL:http://www.ciac.org/ciac/bulletins/i-042.shtml Reference: SGI:19980402-01-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980402-01-PX Reference: BID:707 Reference: URL:http://www.securityfocus.com/bid/707 Reference: XF:bsd-lprbo2 Reference: XF:bsd-lprbo Reference: XF:lpr-bo Buffer overflow in lpr, as used in BSD-based systems including Linux, allows local users to execute arbitrary code as root via a long -C (classification) command line option. ====================================================== Name: CVE-1999-0034 Status: Entry Reference: CERT:CA-97.17.sperl Reference: XF:perl-suid Buffer overflow in suidperl (sperl), Perl 4.x and 5.x. ====================================================== Name: CVE-1999-0035 Status: Entry Reference: XF:ftp-ftpd Reference: CERT:CA-97.16.ftpd Reference: AUSCERT:AA-97.03 Race condition in signal handling routine in ftpd, allowing read/write arbitrary files. ====================================================== Name: CVE-1999-0036 Status: Entry Reference: CERT:CA-97.15.sgi_login Reference: AUSCERT:AA-97.12 Reference: CIAC:H-106 Reference: URL:http://www.ciac.org/ciac/bulletins/h-106.shtml Reference: SGI:19970508-02-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19970508-02-PX Reference: OSVDB:990 Reference: URL:http://www.osvdb.org/990 Reference: XF:sgi-lockout(557) Reference: URL:http://xforce.iss.net/xforce/xfdb/557 IRIX login program with a nonzero LOCKOUT parameter allows creation or damage to files. ====================================================== Name: CVE-1999-0037 Status: Entry Reference: CERT:CA-97.14.metamail Reference: XF:metamail-header-commands Arbitrary command execution via metamail package using message headers, when user processes attacker's message using metamail. ====================================================== Name: CVE-1999-0038 Status: Entry Reference: CERT:CA-97.13.xlock Reference: XF:xlock-bo Buffer overflow in xlock program allows local users to execute commands as root. ====================================================== Name: CVE-1999-0039 Status: Entry Reference: BUGTRAQ:19970507 Re: SGI Security Advisory 19970501-01-A - Vulnerability in Reference: BUGTRAQ:19970507 Re: SGI Advisory: webdist.cgi Reference: CERT:CA-1997-12 Reference: URL:http://www.cert.org/advisories/CA-1997-12.html Reference: AUSCERT:AA-97.14 Reference: SGI:19970501-02-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19970501-02-PX Reference: BID:374 Reference: URL:http://www.securityfocus.com/bid/374 Reference: OSVDB:235 Reference: URL:http://www.osvdb.org/235 Reference: XF:http-sgi-webdist(333) Reference: URL:http://xforce.iss.net/xforce/xfdb/333 webdist CGI program (webdist.cgi) in SGI IRIX allows remote attackers to execute arbitrary commands via shell metacharacters in the distloc parameter. ====================================================== Name: CVE-1999-0040 Status: Entry Reference: CERT:CA-97.11.libXt Reference: XF:libXt-bo Buffer overflow in Xt library of X Windowing System allows local users to execute commands with root privileges. ====================================================== Name: CVE-1999-0041 Status: Entry Reference: CERT:CA-97.10.nls Reference: XF:nls-bo Buffer overflow in NLS (Natural Language Service). ====================================================== Name: CVE-1999-0042 Status: Entry Reference: NAI:NAI-21 Reference: CERT:CA-97.09.imap_pop Reference: XF:popimap-bo Buffer overflow in University of Washington's implementation of IMAP and POP servers. ====================================================== Name: CVE-1999-0043 Status: Entry Reference: CERT:CA-97.08.innd Reference: XF:inn-controlmsg Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others. ====================================================== Name: CVE-1999-0044 Status: Entry Reference: SGI:19970301-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19970301-01-P Reference: XF:sgi-fsdump fsdump command in IRIX allows local users to obtain root access by modifying sensitive files. ====================================================== Name: CVE-1999-0045 Status: Entry Reference: CERT:CA-97.07.nph-test-cgi_script Reference: XF:http-cgi-nph List of arbitrary files on Web host via nph-test-cgi script. ====================================================== Name: CVE-1999-0046 Status: Entry Reference: CERT:CA-97.06.rlogin-term Reference: XF:rlogin-termbo Buffer overflow of rlogin program using TERM environmental variable. ====================================================== Name: CVE-1999-0047 Status: Entry Reference: CERT:CA-97.05.sendmail Reference: BID:685 Reference: URL:http://www.securityfocus.com/bid/685 Reference: XF:sendmail-mime-bo2 MIME conversion buffer overflow in sendmail versions 8.8.3 and 8.8.4. ====================================================== Name: CVE-1999-0048 Status: Entry Reference: CERT:CA-97.04.talkd Reference: FREEBSD:FreeBSD-SA-96:21 Reference: AUSCERT:AA-97.01 Reference: SUN:00147 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/147 Reference: XF:talkd-bo Reference: XF:netkit-talkd Talkd, when given corrupt DNS information, can be used to execute arbitrary commands with root privileges. ====================================================== Name: CVE-1999-0049 Status: Entry Reference: XF:sgi-csetup Reference: CERT:CA-97.03.csetup Csetup under IRIX allows arbitrary file creation or overwriting. ====================================================== Name: CVE-1999-0050 Status: Entry Reference: CERT:CA-97.02.hp_newgrp Reference: AUSCERT:AA-96.16.HP-UX.newgrp.Buffer.Overrun.Vulnerability Reference: XF:hp-newgrpbo Buffer overflow in HP-UX newgrp program. ====================================================== Name: CVE-1999-0051 Status: Entry Reference: XF:sgi-licensemanager Reference: CERT:CA-97.01.flex_lm Reference: AUSCERT:AA-96.03 Arbitrary file creation and program execution using FLEXlm LicenseManager, from versions 4.0 to 5.0, in IRIX. ====================================================== Name: CVE-1999-0052 Status: Entry Reference: FREEBSD:FreeBSD-SA-98:08 Reference: OSVDB:908 Reference: URL:http://www.osvdb.org/908 Reference: XF:freebsd-ip-frag-dos(1389) Reference: URL:http://xforce.iss.net/xforce/xfdb/1389 IP fragmentation denial of service in FreeBSD allows a remote attacker to cause a crash. ====================================================== Name: CVE-1999-0053 Status: Entry Reference: FREEBSD:FreeBSD-SA-98:07 Reference: OSVDB:6094 Reference: URL:http://www.osvdb.org/6094 TCP RST denial of service in FreeBSD. ====================================================== Name: CVE-1999-0054 Status: Entry Reference: SUN:00171 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/171 Reference: XF:sun-ftpd Sun's ftpd daemon can be subjected to a denial of service. ====================================================== Name: CVE-1999-0055 Status: Entry Reference: SUN:00172 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/172 Reference: AIXAPAR:IX80543 Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IX80543&apar=only Reference: RSI:RSI.0005.05-14-98.SUN.LIBNSL Reference: XF:sun-libnsl Buffer overflows in Sun libnsl allow root access. ====================================================== Name: CVE-1999-0056 Status: Entry Reference: SUN:00174 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/174 Reference: XF:sun-ping Buffer overflow in Sun's ping program can give root access to local users. ====================================================== Name: CVE-1999-0057 Status: Entry Reference: NAI:NAI-19 Reference: XF:vacation Reference: HP:HPSBUX9811-087 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9811-087 Vacation program allows command execution by remote users through a sendmail command. ====================================================== Name: CVE-1999-0058 Status: Entry Reference: NAI:NAI-12 Reference: BID:712 Reference: URL:http://www.securityfocus.com/bid/712 Reference: XF:http-cgi-phpbo Buffer overflow in PHP cgi program, php.cgi allows shell access. ====================================================== Name: CVE-1999-0059 Status: Entry Reference: NAI:NAI-16 Reference: BID:353 Reference: URL:http://www.securityfocus.com/bid/353 Reference: OSVDB:164 Reference: URL:http://www.osvdb.org/164 Reference: XF:irix-fam(325) Reference: URL:http://xforce.iss.net/xforce/xfdb/325 IRIX fam service allows an attacker to obtain a list of all files on the server. ====================================================== Name: CVE-1999-0060 Status: Entry Reference: NAI:NAI-26 Reference: XF:ascend-config-kill Reference: ASCEND:http://www.ascend.com/2695.html Attackers can cause a denial of service in Ascend MAX and Pipeline routers with a malformed packet to the discard port, which is used by the Java Configurator tool. ====================================================== Name: CVE-1999-0062 Status: Entry Reference: XF:openbsd-chpass Reference: NAI:NAI-28 Reference: OSVDB:7559 Reference: URL:http://www.osvdb.org/7559 The chpass command in OpenBSD allows a local user to gain root access through file descriptor leakage. ====================================================== Name: CVE-1999-0063 Status: Entry Reference: AUSCERT:ESB-98.197 Reference: CISCO:http://www.cisco.com/warp/public/770/iossyslog-pub.shtml Reference: XF:cisco-syslog-crash Cisco IOS 12.0 and other versions can be crashed by malicious UDP packets to the syslog port. ====================================================== Name: CVE-1999-0064 Status: Entry Reference: BUGTRAQ:May28,1997 Reference: XF:lquerylv-bo Buffer overflow in AIX lquerylv program gives root access to local users. ====================================================== Name: CVE-1999-0065 Status: Entry Reference: SUN:00181 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/181 Reference: XF:hp-dtmail Multiple buffer overflows in how dtmail handles attachments allows a remote attacker to execute commands. ====================================================== Name: CVE-1999-0066 Status: Entry Reference: BUGTRAQ:19950731 SECURITY HOLE: "AnyForm" CGI Reference: BID:719 Reference: URL:http://www.securityfocus.com/bid/719 Reference: XF:http-cgi-anyform AnyForm CGI remote execution. ====================================================== Name: CVE-1999-0067 Status: Entry Reference: BUGTRAQ:19960923 PHF Attacks - Fun and games for the whole family Reference: CERT:CA-1996-06 Reference: URL:http://www.cert.org/advisories/CA-1996-06.html Reference: AUSCERT:AA-96.01 Reference: BID:629 Reference: URL:http://www.securityfocus.com/bid/629 Reference: OSVDB:136 Reference: URL:http://www.osvdb.org/136 Reference: XF:http-cgi-phf phf CGI program allows remote command execution through shell metacharacters. ====================================================== Name: CVE-1999-0068 Status: Entry Reference: BUGTRAQ:19971019 Vulnerability in PHP Example Logging Scripts Reference: XF:http-cgi-php-mylog Reference: BID:713 Reference: URL:http://www.securityfocus.com/bid/713 Reference: OSVDB:3396 Reference: URL:http://www.osvdb.org/3396 CGI PHP mylog script allows an attacker to read any file on the target server. ====================================================== Name: CVE-1999-0069 Status: Entry Reference: SUN:00169 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/169 Reference: XF:sun-ufsrestore Reference: OSVDB:8158 Reference: URL:http://www.osvdb.org/8158 Solaris ufsrestore buffer overflow. ====================================================== Name: CVE-1999-0070 Status: Entry Reference: XF:http-cgi-test test-cgi program allows an attacker to list files on the server. ====================================================== Name: CVE-1999-0071 Status: Entry Reference: XF:http-apache-cookie Reference: NAI:NAI-2 Apache httpd cookie buffer overflow for versions 1.1.1 and earlier. ====================================================== Name: CVE-1999-0072 Status: Entry Reference: ERS:ERS-SVA-E01-1997:004.1 Reference: XF:ibm-xdat Buffer overflow in AIX xdat gives root access to local users. ====================================================== Name: CVE-1999-0073 Status: Entry Reference: CERT:CA-95:14.Telnetd_Environment_Vulnerability Reference: XF:linkerbug Telnet allows a remote client to specify environment variables including LD_LIBRARY_PATH, allowing an attacker to bypass the normal system libraries and gain root access. ====================================================== Name: CVE-1999-0074 Status: Entry Reference: XF:seqport Listening TCP ports are sequentially allocated, allowing spoofing attacks. ====================================================== Name: CVE-1999-0075 Status: Entry Reference: BUGTRAQ:19961016 Re: ftpd bug? Was: bin/1805: Bug in ftpd Reference: XF:ftp-pasvcore Reference: OSVDB:5742 Reference: URL:http://www.osvdb.org/5742 PASV core dump in wu-ftpd daemon when attacker uses a QUOTE PASV command after specifying a username and password. ====================================================== Name: CVE-1999-0077 Status: Entry Reference: XF:tcp-seq-predict(139) Reference: URL:http://xforce.iss.net/static/139.php Predictable TCP sequence numbers allow spoofing. ====================================================== Name: CVE-1999-0079 Status: Entry Reference: XF:ftp-pasv-dos Reference: XF:ftp-pasvdos Remote attackers can cause a denial of service in FTP by issuing multiple PASV commands, causing the server to run out of available ports. ====================================================== Name: CVE-1999-0080 Status: Entry Reference: BUGTRAQ:19950531 SECURITY: problem with some wu-ftpd-2.4 binaries (fwd) Reference: CERT:CA-95:16.wu-ftpd.vul Reference: XF:ftp-execdotdot Certain configurations of wu-ftp FTP server 2.4 use a _PATH_EXECPATH setting to a directory with dangerous commands, such as /bin, which allows remote authenticated users to gain root access via the "site exec" command. ====================================================== Name: CVE-1999-0081 Status: Entry Reference: XF:ftp-rnfr wu-ftp allows files to be overwritten via the rnfr command. ====================================================== Name: CVE-1999-0082 Status: Entry Reference: XF:ftp-cwd Reference: FarmerVenema:Improving the Security of Your Site by Breaking Into it Reference: URL:http://www.alw.nih.gov/Security/Docs/admin-guide-to-cracking.101.html CWD ~root command in ftpd allows root access. ====================================================== Name: CVE-1999-0083 Status: Entry Reference: XF:cwdleak getcwd() file descriptor leak in FTP. ====================================================== Name: CVE-1999-0084 Status: Entry Reference: XF:nfs-mknod(78) Reference: URL:http://xforce.iss.net/xforce/xfdb/78 Certain NFS servers allow users to use mknod to gain privileges by creating a writable kmem device and setting the UID to 0. ====================================================== Name: CVE-1999-0085 Status: Entry Reference: BUGTRAQ:19960821 rwhod buffer overflow Reference: XF:rwhod(119) Reference: URL:http://xforce.iss.net/xforce/xfdb/119 Reference: XF:rwhod-vuln(118) Reference: URL:http://xforce.iss.net/xforce/xfdb/118 Buffer overflow in rwhod on AIX and other operating systems allows remote attackers to execute arbitrary code via a UDP packet with a long hostname. ====================================================== Name: CVE-1999-0087 Status: Entry Reference: XF:ibm-telnetdos Reference: ERS:ERS-SVA-E01-1998:003.1 Reference: OSVDB:7992 Reference: URL:http://www.osvdb.org/7992 Denial of service in AIX telnet can freeze a system and prevent users from accessing the server. ====================================================== Name: CVE-1999-0090 Status: Entry Reference: ERS:ERS-SVA-E01-1997:005.1 Reference: XF:ibm-rcp Buffer overflow in AIX rcp command allows local users to obtain root access. ====================================================== Name: CVE-1999-0091 Status: Entry Reference: ERS:ERS-SVA-E01-1997:005.1 Reference: XF:ibm-writesrv Buffer overflow in AIX writesrv command allows local users to obtain root access. ====================================================== Name: CVE-1999-0093 Status: Entry Reference: ERS:ERS-SVA-E01-1997:008.1 Reference: XF:ibm-nslookup AIX nslookup command allows local users to obtain root access by not dropping privileges correctly. ====================================================== Name: CVE-1999-0094 Status: Entry Reference: ERS:ERS-SVA-E01-1997:007.1 Reference: XF:ibm-piodmgrsu AIX piodmgrsu command allows local users to gain additional group privileges. ====================================================== Name: CVE-1999-0095 Status: Entry Reference: CERT:CA-88.01 Reference: CERT:CA-93.14 Reference: BID:1 Reference: URL:http://www.securityfocus.com/bid/1 Reference: OSVDB:195 Reference: URL:http://www.osvdb.org/195 Reference: XF:smtp-debug The debug command in Sendmail is enabled, allowing attackers to execute commands as root. ====================================================== Name: CVE-1999-0096 Status: Entry Reference: CERT:CA-93.16 Reference: CERT:CA-95.05 Reference: CIAC:A-13 Reference: CIAC:A-14 Reference: SUN:00122 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/122&type=0&nav=sec.sba Reference: XF:smtp-dcod Sendmail decode alias can be used to overwrite sensitive files. ====================================================== Name: CVE-1999-0097 Status: Entry Reference: ERS:ERS-SVA-E01-1997:009.1 Reference: XF:ibm-ftp The AIX FTP client can be forced to execute commands from a malicious server through shell metacharacters (e.g. a pipe character). ====================================================== Name: CVE-1999-0099 Status: Entry Reference: CERT:CA-95.13.syslog.vul Reference: XF:smtp-syslog Buffer overflow in syslog utility allows local or remote attackers to gain root privileges. ====================================================== Name: CVE-1999-0100 Status: Entry Reference: ERS:ERS-SVA-E01-1997:002.1 Reference: XF:inn-controlmsg Remote access in AIX innd 1.5.1, using control messages. ====================================================== Name: CVE-1999-0101 Status: Entry Reference: ERS:ERS-SVA-E01-1997:001.1 Reference: ERS:ERS-SVA-E01-1996:007.1 Reference: SUN:00137a Reference: CIAC:H-13 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/h-13.shtml Reference: NAI:NAI-1 Reference: XF:ghbn-bo Buffer overflow in AIX and Solaris "gethostbyname" library call allows root access through corrupt DNS host names. ====================================================== Name: CVE-1999-0102 Status: Entry Reference: XF:slmail-fromheader-overflow Buffer overflow in SLmail 3.x allows attackers to execute commands using a large FROM line. ====================================================== Name: CVE-1999-0103 Status: Entry Reference: CERT:CA-96.01.UDP_service_denial Reference: XF:echo Reference: XF:chargen Reference: XF:chargen-patch Echo and chargen, or other combinations of UDP services, can be used in tandem to flood the server, a.k.a. UDP bomb or UDP packet storm. ====================================================== Name: CVE-1999-0108 Status: Entry Reference: BUGTRAQ:another day, another buffer overflow... Reference: XF:printers-bo The printers program in IRIX has a buffer overflow that gives root access to local users. ====================================================== Name: CVE-1999-0109 Status: Entry Reference: SUN:00140 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/140 Reference: AUSCERT:AA-97.06 Reference: XF:ffbconfig-bo Buffer overflow in ffbconfig in Solaris 2.5.1. ====================================================== Name: CVE-1999-0111 Status: Entry Reference: XF:rip RIP v1 is susceptible to spoofing. ====================================================== Name: CVE-1999-0112 Status: Entry Reference: BUGTRAQ:19970520 AIX 4.2 dtterm exploit Reference: XF:dtterm-bo(878) Reference: URL:http://xforce.iss.net/xforce/xfdb/878 Buffer overflow in AIX dtterm program for the CDE. ====================================================== Name: CVE-1999-0113 Status: Entry Reference: BUGTRAQ:19940729 -froot??? (AIX rlogin bug) Reference: CERT:CA-94.09.bin.login.vulnerability Reference: CIAC:E-26 Reference: BID:458 Reference: URL:http://www.securityfocus.com/bid/458 Reference: XF:rlogin-froot Some implementations of rlogin allow root access if given a -froot parameter. ====================================================== Name: CVE-1999-0115 Status: Entry Reference: BUGTRAQ:19970909 AIX bugfiler Reference: XF:ibm-bugfiler Reference: BID:1800 Reference: URL:http://www.securityfocus.com/bid/1800 AIX bugfiler program allows local users to gain root access. ====================================================== Name: CVE-1999-0116 Status: Entry Reference: CERT:CA-96.21.tcp_syn.flooding Reference: SGI:19961202-01-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19961202-01-PX Reference: SUN:00136 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/136 Denial of service when an attacker sends many SYN packets to create multiple connections without ever sending an ACK to complete the connection, aka SYN flood. ====================================================== Name: CVE-1999-0117 Status: Entry Reference: XF:ibm-passwd Reference: CERT:CA-92:07.AIX.passwd.vulnerability AIX passwd allows local users to gain root access. ====================================================== Name: CVE-1999-0118 Status: Entry Reference: BUGTRAQ:19981119 RSI.0011.11-09-98.AIX.INFOD Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91158980826979&w=2 Reference: XF:aix-infod AIX infod allows local users to gain root access through an X display. ====================================================== Name: CVE-1999-0120 Status: Entry Reference: SUN:00126 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/126 Reference: CERT:CA-94.06.utmp.vulnerability Reference: XF:utmp-write Sun/Solaris utmp file allows local users to gain root access if it is writable by users other than root. ====================================================== Name: CVE-1999-0122 Status: Entry Reference: BUGTRAQ:Jul21,1999 Reference: XF:lchangelv-bo Buffer overflow in AIX lchangelv gives root access. ====================================================== Name: CVE-1999-0124 Status: Entry Reference: CERT:CA-93:11.UMN.UNIX.gopher.vulnerability Reference: XF:gopher-vuln Vulnerabilities in UMN gopher and gopher+ versions 1.12 and 2.0x allow an intruder to read any files that can be accessed by the gopher daemon. ====================================================== Name: CVE-1999-0125 Status: Entry Reference: XF:sgi-mailx-bo Reference: SGI:19980605-01-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980605-01-PX Buffer overflow in SGI IRIX mailx program. ====================================================== Name: CVE-1999-0126 Status: Entry Reference: CERT:VB-98.04.xterm.Xaw Reference: CIAC:J-010 Reference: URL:http://www.ciac.org/ciac/bulletins/j-010.shtml Reference: XF:xfree86-xterm-xaw Reference: XF:xfree86-xaw SGI IRIX buffer overflow in xterm and Xaw allows root access. ====================================================== Name: CVE-1999-0128 Status: Entry Reference: XF:ping-death Reference: CERT:CA-96.26.ping Oversized ICMP ping packets can result in a denial of service, aka Ping o' Death. ====================================================== Name: CVE-1999-0129 Status: Entry Reference: CERT:CA-96.25.sendmail_groups Sendmail allows local users to write to a file and gain group permissions via a .forward or :include: file. ====================================================== Name: CVE-1999-0130 Status: Entry Reference: CERT:CA-96.24.sendmail.daemon.mode Reference: BID:716 Reference: URL:http://www.securityfocus.com/bid/716 Reference: XF:sendmail-daemon-mode Local users can start Sendmail in daemon mode and gain root privileges. ====================================================== Name: CVE-1999-0131 Status: Entry Reference: CERT:CA-96.20.sendmail_vul Reference: XF:smtp-875bo Reference: BID:717 Reference: URL:http://www.securityfocus.com/bid/717 Buffer overflow and denial of service in Sendmail 8.7.5 and earlier through GECOS field gives root access to local users. ====================================================== Name: CVE-1999-0132 Status: Entry Reference: CERT:CA-1996-19 Reference: URL:http://www.cert.org/advisories/CA-1996-19.html Reference: OSVDB:11723 Reference: URL:http://www.osvdb.org/11723 Reference: XF:expreserve(401) Reference: URL:http://xforce.iss.net/xforce/xfdb/401 Expreserve, as used in vi and ex, allows local users to overwrite arbitrary files and gain root access. ====================================================== Name: CVE-1999-0133 Status: Entry Reference: CERT:CA-96.18.fm_fls Reference: XF:fmaker-logfile fm_fls license server for Adobe Framemaker allows local users to overwrite arbitrary files and gain root access. ====================================================== Name: CVE-1999-0134 Status: Entry Reference: XF:sol-voldtmp Reference: CERT:CA-96.17.Solaris_vold_vul Reference: AUSCERT:AL-96.04 Reference: OSVDB:8159 Reference: URL:http://www.osvdb.org/8159 vold in Solaris 2.x allows local users to gain root access. ====================================================== Name: CVE-1999-0135 Status: Entry Reference: XF:sun-admintool Reference: CERT:CA-96.16.Solaris_admintool_vul Reference: AUSCERT:AL-96.03 admintool in Solaris allows a local user to write to arbitrary files and gain root access. ====================================================== Name: CVE-1999-0136 Status: Entry Reference: XF:sol-KCMSvuln Reference: AUSCERT:AL-96.02 Reference: CERT:CA-96.15.Solaris_KCMS_vul Kodak Color Management System (KCMS) on Solaris allows a local user to write to arbitrary files and gain root access. ====================================================== Name: CVE-1999-0137 Status: Entry Reference: XF:linux-dipbo Reference: CERT:CA-96.13.dip_vul Reference: XF:dip-bo The dip program on many Linux systems allows local users to gain root access via a buffer overflow. ====================================================== Name: CVE-1999-0138 Status: Entry Reference: CERT:CA-96.12.suidperl_vul Reference: XF:sperl-suid The suidperl and sperl program do not give up root privileges when changing UIDs back to the original users, allowing root access. ====================================================== Name: CVE-1999-0139 Status: Entry Reference: XF:sol-mkcookie Reference: RSI:RSI.0012.12-03-98.SOLARIS.MKCOOKIE Reference: OSVDB:8205 Reference: URL:http://www.osvdb.org/8205 Buffer overflow in Solaris x86 mkcookie allows local users to obtain root access. ====================================================== Name: CVE-1999-0141 Status: Entry Reference: XF:http-java-applet Reference: CERT:CA-96.07.java_bytecode_verifier Reference: SUN:00134 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/134 Java Bytecode Verifier allows malicious applets to execute arbitrary commands as the user of the applet. ====================================================== Name: CVE-1999-0142 Status: Entry Reference: CERT:CA-96.05.java_applet_security_mgr Reference: XF:http-java-appletsecmgr The Java Applet Security Manager implementation in Netscape Navigator 2.0 and Java Developer's Kit 1.0 allows an applet to connect to arbitrary hosts. ====================================================== Name: CVE-1999-0143 Status: Entry Reference: CERT:CA-96.03.kerberos_4_key_server Reference: XF:kerberos-bf Kerberos 4 key servers allow a user to masquerade as another by breaking and generating session keys. ====================================================== Name: CVE-1999-0145 Status: Entry Reference: CERT:CA-1990-11 Reference: URL:http://www.cert.org/advisories/CA-1990-11.html Reference: CERT:CA-1993-14 Reference: URL:http://www.cert.org/advisories/CA-1993-14.html Reference: BUGTRAQ:19950206 sendmail wizard thing... Reference: URL:http://www2.dataguard.no/bugtraq/1995_1/0332.html Reference: FarmerVenema:Improving the Security of Your Site by Breaking Into it Reference: URL:http://www.alw.nih.gov/Security/Docs/admin-guide-to-cracking.101.html Sendmail WIZ command enabled, allowing root access. ====================================================== Name: CVE-1999-0146 Status: Entry Reference: BUGTRAQ:19970715 Bug CGI campas Reference: BID:1975 Reference: URL:http://www.securityfocus.com/bid/1975 Reference: XF:http-cgi-campas(298) Reference: URL:http://xforce.iss.net/xforce/xfdb/298 The campas CGI program provided with some NCSA web servers allows an attacker to execute arbitrary commands via encoded carriage return characters in the query string, as demonstrated by reading the password file. ====================================================== Name: CVE-1999-0147 Status: Entry Reference: XF:http-cgi-glimpse Reference: AUSCERT:AA-97.28 The aglimpse CGI program of the Glimpse package allows remote execution of arbitrary commands. ====================================================== Name: CVE-1999-0148 Status: Entry Reference: SGI:19970501-02-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19970501-02-PX Reference: BID:380 Reference: URL:http://www.securityfocus.com/bid/380 Reference: XF:http-sgi-handler The handler CGI program in IRIX allows arbitrary command execution. ====================================================== Name: CVE-1999-0149 Status: Entry Reference: BUGTRAQ:19970420 IRIX 6.x /cgi-bin/wrap bug Reference: SGI:19970501-02-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19970501-02-PX Reference: BID:373 Reference: URL:http://www.securityfocus.com/bid/373 Reference: OSVDB:247 Reference: URL:http://www.osvdb.org/247 Reference: XF:http-sgi-wrap(290) Reference: URL:http://xforce.iss.net/xforce/xfdb/290 The wrap CGI program in IRIX allows remote attackers to view arbitrary directory listings via a .. (dot dot) attack. ====================================================== Name: CVE-1999-0150 Status: Entry Reference: XF:perl-fingerd The Perl fingerd program allows arbitrary command execution from remote users. ====================================================== Name: CVE-1999-0151 Status: Entry Reference: CERT:CA-95.07a.REVISED.satan.vul Reference: CERT:CA-95.06.satan.vul The SATAN session key may be disclosed if the user points the web browser to other sites, possibly allowing root access. ====================================================== Name: CVE-1999-0152 Status: Entry Reference: BUGTRAQ:19970811 dgux in.fingerd vulnerability Reference: XF:dgux-fingerd The DG/UX finger daemon allows remote command execution through shell metacharacters. ====================================================== Name: CVE-1999-0153 Status: Entry Reference: XF:win-oob Reference: OSVDB:1666 Reference: URL:http://www.osvdb.org/1666 Windows 95/NT out of band (OOB) data denial of service through NETBIOS port, aka WinNuke. ====================================================== Name: CVE-1999-0155 Status: Entry Reference: XF:gscript-dsafer Reference: CERT:CA-95.10.ghostscript The ghostscript command with the -dSAFER option allows remote attackers to execute commands. ====================================================== Name: CVE-1999-0157 Status: Entry Reference: CISCO:http://www.cisco.com/warp/public/770/nifrag.shtml Reference: XF:cisco-fragmented-attacks Reference: OSVDB:1097 Reference: URL:http://www.osvdb.org/1097 Cisco PIX firewall and CBAC IP fragmentation attack results in a denial of service. ====================================================== Name: CVE-1999-0158 Status: Entry Reference: CISCO:20010913 Cisco PIX Firewall Manager File Exposure Reference: URL:http://www.cisco.com/warp/public/770/pixmgrfile-pub.shtml Reference: XF:cisco-pix-file-exposure Reference: OSVDB:685 Reference: URL:http://www.osvdb.org/685 Cisco PIX firewall manager (PFM) on Windows NT allows attackers to connect to port 8080 on the PFM server and retrieve any file whose name and location is known. ====================================================== Name: CVE-1999-0159 Status: Entry Reference: CISCO:http://www.cisco.com/warp/public/770/ioslogin-pub.shtml Reference: XF:cisco-ios-crash Attackers can crash a Cisco IOS router or device, provided they can get to an interactive prompt (such as a login). This applies to some IOS 9.x, 10.x, and 11.x releases. ====================================================== Name: CVE-1999-0160 Status: Entry Reference: CISCO:19971001 Vulnerabilities in Cisco CHAP Authentication Reference: CIAC:I-002A Reference: OSVDB:1099 Reference: URL:http://www.osvdb.org/1099 Reference: XF:cisco-chap Some classic Cisco IOS devices have a vulnerability in the PPP CHAP authentication to establish unauthorized PPP connections. ====================================================== Name: CVE-1999-0161 Status: Entry Reference: CISCO:http://www.cisco.com/warp/public/707/1.html Reference: XF:cisco-acl-tacacs Reference: OSVDB:797 Reference: URL:http://www.osvdb.org/797 In Cisco IOS 10.3, with the tacacs-ds or tacacs keyword, an extended IP access control list could bypass filtering. ====================================================== Name: CVE-1999-0162 Status: Entry Reference: CISCO:19950601 "Established" Keyword May Allow Packets to Bypass Filter Reference: XF:cisco-acl-established The "established" keyword in some Cisco IOS software allowed an attacker to bypass filtering. ====================================================== Name: CVE-1999-0164 Status: Entry Reference: XF:sol-pstmprace Reference: AUSCERT:AA-95.07 Reference: CERT:CA-95.09.Solaris.ps.vul Reference: OSVDB:8346 Reference: URL:http://www.osvdb.org/8346 A race condition in the Solaris ps command allows an attacker to overwrite critical files. ====================================================== Name: CVE-1999-0166 Status: Entry Reference: XF:nfs-cd NFS allows users to use a "cd .." command to access other directories besides the exported file system. ====================================================== Name: CVE-1999-0167 Status: Entry Reference: XF:nfs-guess Reference: CERT:CA-91.21.SunOS.NFS.Jumbo.and.fsirand In SunOS, NFS file handles could be guessed, giving unauthorized access to the exported file system. ====================================================== Name: CVE-1999-0168 Status: Entry Reference: XF:nfs-portmap The portmapper may act as a proxy and redirect service requests from an attacker, making the request appear to come from the local host, possibly bypassing authentication that would otherwise have taken place. For example, NFS file systems could be mounted through the portmapper despite export restrictions. ====================================================== Name: CVE-1999-0170 Status: Entry Reference: XF:nfs-ultrix Remote attackers can mount an NFS file system in Ultrix or OSF, even if it is denied on the access list. ====================================================== Name: CVE-1999-0172 Status: Entry Reference: XF:http-cgi-formmail-exe Reference: BUGTRAQ:Aug02,1995 FormMail CGI program allows remote execution of commands. ====================================================== Name: CVE-1999-0173 Status: Entry Reference: XF:http-cgi-formmail-use FormMail CGI program can be used by web servers other than the host server that the program resides on. ====================================================== Name: CVE-1999-0174 Status: Entry Reference: BUGTRAQ:19970208 view-source Reference: XF:http-cgi-viewsrc The view-source CGI program allows remote attackers to read arbitrary files via a .. (dot dot) attack. ====================================================== Name: CVE-1999-0175 Status: Entry Reference: XF:http-nov-convert The convert.bas program in the Novell web server allows a remote attackers to read any file on the system that is internally accessible by the web server. ====================================================== Name: CVE-1999-0176 Status: Entry Reference: BUGTRAQ:Jul10,1997 Reference: XF:http-webgais-query The Webgais program allows a remote user to execute arbitrary commands. ====================================================== Name: CVE-1999-0177 Status: Entry Reference: NTBUGTRAQ:19970904 [Alert] Website's uploader.exe (from demo) vulnerable Reference: NTBUGTRAQ:19970905 Re: FW: [Alert] Website's uploader.exe (from demo) vulnerable Reference: BUGTRAQ:19970904 [Alert] Website's uploader.exe (from demo) vulnerable Reference: XF:http-website-uploader The uploader program in the WebSite web server allows a remote attacker to execute arbitrary programs. ====================================================== Name: CVE-1999-0178 Status: Entry Reference: BUGTRAQ:19970106 Re: signal handling Reference: URL:http://archives.neohapsis.com/archives/bugtraq/1997_1/0021.html Reference: BID:2078 Reference: URL:http://www.securityfocus.com/bid/2078 Reference: OSVDB:8 Reference: URL:http://www.osvdb.org/8 Reference: XF:http-website-winsample(295) Reference: URL:http://xforce.iss.net/xforce/xfdb/295 Buffer overflow in the win-c-sample program (win-c-sample.exe) in the WebSite web server 1.1e allows remote attackers to execute arbitrary code via a long query string. ====================================================== Name: CVE-1999-0179 Status: Entry Reference: MSKB:Q140818 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q140818 Reference: XF:nt-samba-dotdot Reference: XF:nt-351 Reference: XF:nt-35 Windows NT crashes or locks up when a Samba client executes a "cd .." command on a file share. ====================================================== Name: CVE-1999-0180 Status: Entry Reference: XF:rsh-null in.rshd allows users to login with a NULL username and execute commands. ====================================================== Name: CVE-1999-0181 Status: Entry Reference: XF:walld The wall daemon can be used for denial of service, social engineering attacks, or to execute remote commands. ====================================================== Name: CVE-1999-0182 Status: Entry Reference: CIAC:H-110 Reference: URL:http://www.ciac.org/ciac/bulletins/h-110.shtml Reference: CERT:VB-97.10.samba Reference: XF:nt-samba-bo Samba has a buffer overflow which allows a remote attacker to obtain root access by specifying a long password. ====================================================== Name: CVE-1999-0183 Status: Entry Reference: XF:linux-tftp Linux implementations of TFTP would allow access to files outside the restricted directory. ====================================================== Name: CVE-1999-0184 Status: Entry Reference: XF:dns-updates When compiled with the -DALLOW_UPDATES option, bind allows dynamic updates to the DNS server, allowing for malicious modification of DNS records. ====================================================== Name: CVE-1999-0185 Status: Entry Reference: SUN:00156 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/156 Reference: XF:sun-ftpd/logind In SunOS or Solaris, a remote user could connect from an FTP server's data port to an rlogin server on a host that trusts the FTP server, allowing remote command execution. ====================================================== Name: CVE-1999-0188 Status: Entry Reference: SUN:00182 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/182 Reference: XF:sun-passwd-dos The passwd command in Solaris can be subjected to a denial of service. ====================================================== Name: CVE-1999-0189 Status: Entry Reference: NAI:NAI-15 Reference: SUN:00142 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/142 Reference: XF:rpc-32771 Solaris rpcbind listens on a high numbered UDP port, which may not be filtered since the standard port number is 111. ====================================================== Name: CVE-1999-0190 Status: Entry Reference: SUN:00167 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/167 Reference: XF:sun-rpcbind Solaris rpcbind can be exploited to overwrite arbitrary files and gain root access. ====================================================== Name: CVE-1999-0191 Status: Entry Reference: XF:http-cgi-newdsn Reference: OSVDB:275 Reference: URL:http://www.osvdb.org/275 IIS newdsn.exe CGI script allows remote users to overwrite files. ====================================================== Name: CVE-1999-0192 Status: Entry Reference: SNI:SNI-20 Reference: XF:bsd-tel-tgetent Buffer overflow in telnet daemon tgetent routing allows remote attackers to gain root access via the TERMCAP environmental variable. ====================================================== Name: CVE-1999-0194 Status: Entry Reference: XF:comsat Denial of service in in.comsat allows attackers to generate messages. ====================================================== Name: CVE-1999-0196 Status: Entry Reference: BUGTRAQ:19970704 Vulnerability in websendmail Reference: BID:2077 Reference: URL:http://www.securityfocus.com/bid/2077 Reference: OSVDB:237 Reference: URL:http://www.osvdb.org/237 Reference: XF:http-webgais-smail websendmail in Webgais 1.0 allows a remote user to access arbitrary files and execute arbitrary code via the receiver parameter ($VAR_receiver variable). ====================================================== Name: CVE-1999-0201 Status: Entry Reference: XF:ftp-home A quote cwd command on FTP servers can reveal the full path of the home directory of the "ftp" user. ====================================================== Name: CVE-1999-0202 Status: Entry Reference: XF:ftp-exectar The GNU tar command, when used in FTP sessions, may allow an attacker to execute arbitrary commands. ====================================================== Name: CVE-1999-0203 Status: Entry Reference: CERT:CA-95.08 Reference: CIAC:E-03 Reference: XF:smtp-sendmail-version5 In Sendmail, attackers can gain root privileges via SMTP by specifying an improper "mail from" address and an invalid "rcpt to" address that would cause the mail to bounce to a program. ====================================================== Name: CVE-1999-0204 Status: Entry Reference: XF:ident-bo Reference: CIAC:F-13 Sendmail 8.6.9 allows remote attackers to execute root commands, using ident. ====================================================== Name: CVE-1999-0206 Status: Entry Reference: XF:sendmail-mime-bo Reference: AUSCERT:AA-96.06a MIME buffer overflow in Sendmail 8.8.0 and 8.8.1 gives root access. ====================================================== Name: CVE-1999-0207 Status: Entry Reference: XF:majordomo-exe Reference: CERT:CA-94.11.majordomo.vulnerabilities Remote attacker can execute commands through Majordomo using the Reply-To field and a "lists" command. ====================================================== Name: CVE-1999-0208 Status: Entry Reference: XF:rpc-update Reference: CERT:CA-95.17.rpc.ypupdated.vul rpc.ypupdated (NIS) allows remote users to execute arbitrary commands. ====================================================== Name: CVE-1999-0209 Status: Entry Reference: CERT:CA-90.05.sunselection.vulnerability Reference: BID:8 Reference: URL:http://www.securityfocus.com/bid/8 Reference: XF:selsvc The SunView (SunTools) selection_svc facility allows remote users to read files. ====================================================== Name: CVE-1999-0210 Status: Entry Reference: BUGTRAQ:19971126 Solaris 2.5.1 automountd exploit (fwd) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88053459921223&w=2 Reference: BUGTRAQ:19990103 SUN almost has a clue! (automountd) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91547759121289&w=2 Reference: HP:HPSBUX9910-104 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9910-104 Reference: CERT:CA-99-05 Reference: URL:http://www.cert.org/advisories/CA-99-05-statd-automountd.html Reference: BID:235 Reference: URL:http://www.securityfocus.com/bid/235 Automount daemon automountd allows local or remote users to gain privileges via shell metacharacters. ====================================================== Name: CVE-1999-0211 Status: Entry Reference: CERT:CA-94.02.REVISED.SunOS.rpc.mountd.vulnerability Reference: BID:24 Reference: URL:http://www.securityfocus.com/bid/24 Extra long export lists over 256 characters in some mount daemons allows NFS directories to be mounted by anyone. ====================================================== Name: CVE-1999-0212 Status: Entry Reference: SUN:00168 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/168 Reference: CIAC:I-048 Reference: URL:http://www.ciac.org/ciac/bulletins/i-048.shtml Reference: XF:sun-mountd Solaris rpc.mountd generates error messages that allow a remote attacker to determine what files are on the server. ====================================================== Name: CVE-1999-0214 Status: Entry Reference: XF:icmp-unreachable Denial of service by sending forged ICMP unreachable packets. ====================================================== Name: CVE-1999-0215 Status: Entry Reference: SGI:19981004-01-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19981004-01-PX Reference: CIAC:J-012 Reference: URL:http://www.ciac.org/ciac/bulletins/j-012.shtml Reference: XF:ripapp Routed allows attackers to append data to files. ====================================================== Name: CVE-1999-0217 Status: Entry Reference: XF:udp-bomb Malicious option settings in UDP packets could force a reboot in SunOS 4.1.3 systems. ====================================================== Name: CVE-1999-0218 Status: Entry Reference: XF:portmaster-reboot Livingston portmaster machines could be rebooted via a series of commands. ====================================================== Name: CVE-1999-0219 Status: Entry Reference: NTBUGTRAQ:19990503 Buffer overflows in FTP Serv-U 2.5 Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92574916930144&w=2 Reference: NTBUGTRAQ:19990504 Re: Buffer overflows in FTP Serv-U 2.5 Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92582581330282&w=2 Reference: BUGTRAQ:19990909 Exploit: Serv-U Ver2.5 FTPd Win9x/NT Reference: BID:269 Reference: URL:http://www.securityfocus.com/bid/269 Reference: XF:ftp-servu(205) Reference: URL:http://xforce.iss.net/xforce/xfdb/205 Buffer overflow in FTP Serv-U 2.5 allows remote authenticated users to cause a denial of service (crash) via a long (1) CWD or (2) LS (list) command. ====================================================== Name: CVE-1999-0221 Status: Entry Reference: XF:ascend-150-kill Denial of service of Ascend routers through port 150 (remote administration). ====================================================== Name: CVE-1999-0223 Status: Entry Reference: BUGTRAQ:19961109 Syslogd and Solaris 2.4 Reference: SUNBUG:1249320 Reference: CONFIRM:http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?patchid=103291&collection=fpatches Reference: XF:sol-syslogd-crash Reference: BID:1878 Reference: URL:http://www.securityfocus.com/bid/1878 Solaris syslogd crashes when receiving a message from a host that doesn't have an inverse DNS entry. ====================================================== Name: CVE-1999-0224 Status: Entry Reference: XF:nt-messenger Denial of service in Windows NT messenger service through a long username. ====================================================== Name: CVE-1999-0225 Status: Entry Reference: NAI:19980214 Windows NT Logon Denial of Service Reference: URL:http://www.nai.com/nai_labs/asp_set/advisory/25_windows_nt_dos_adv.asp Reference: MSKB:Q180963 Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=180963 Reference: XF:nt-logondos Windows NT 4.0 allows remote attackers to cause a denial of service via a malformed SMB logon request in which the actual data size does not match the specified size. ====================================================== Name: CVE-1999-0227 Status: Entry Reference: MSKB:Q154087 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q154087 Reference: XF:nt-lsass-crash Access violation in LSASS.EXE (LSA/LSARPC) program in Windows NT allows a denial of service. ====================================================== Name: CVE-1999-0228 Status: Entry Reference: XF:nt-rpc-ver Reference: MSKB:Q162567 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q162567 Denial of service in RPCSS.EXE program (RPC Locator) in Windows NT. ====================================================== Name: CVE-1999-0230 Status: Entry Reference: CISCO:http://www.cisco.com/warp/public/770/pwbuf-pub.shtml Reference: OSVDB:1102 Reference: URL:http://www.osvdb.org/1102 Buffer overflow in Cisco 7xx routers through the telnet service. ====================================================== Name: CVE-1999-0233 Status: Entry Reference: MSKB:Q148188 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q148188 Reference: MSKB:Q155056 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q155056 Reference: XF:http-iis-cmd IIS 1.0 allows users to execute arbitrary commands using .bat or .cmd files. ====================================================== Name: CVE-1999-0234 Status: Entry Reference: XF:bash-cmd Reference: CERT:CA-96.22.bash_vuls Bash treats any character with a value of 255 as a command separator. ====================================================== Name: CVE-1999-0236 Status: Entry Reference: XF:http-scriptalias ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs. ====================================================== Name: CVE-1999-0237 Status: Entry Reference: XF:http-cgi-guestbook Reference: CERT:VB-97.02 Remote execution of arbitrary commands through Guestbook CGI program. ====================================================== Name: CVE-1999-0239 Status: Entry Reference: XF:fastrack-get-directory-list Reference: OSVDB:122 Reference: URL:http://www.osvdb.org/122 Netscape FastTrack Web server lists files when a lowercase "get" command is used instead of an uppercase GET. ====================================================== Name: CVE-1999-0244 Status: Entry Reference: NAI:NAI-23 Reference: XF:radius-accounting-overflow Livingston RADIUS code has a buffer overflow which can allow remote execution of commands as root. ====================================================== Name: CVE-1999-0245 Status: Entry Reference: BUGTRAQ:19950907 Linux NIS security problem hole and fix Reference: XF:linux-plus Some configurations of NIS+ in Linux allowed attackers to log in as the user "+". ====================================================== Name: CVE-1999-0247 Status: Entry Reference: NAI:19970721 INN news server vulnerabilities Reference: URL:http://www.nai.com/nai_labs/asp_set/advisory/17_inn_avd.asp Reference: BID:1443 Reference: URL:http://www.securityfocus.com/bid/1443 Reference: XF:inn-bo Buffer overflow in nnrpd program in INN up to version 1.6 allows remote users to execute arbitrary commands. ====================================================== Name: CVE-1999-0248 Status: Entry Reference: MISC:http://oliver.efri.hr/~crv/security/bugs/mUNIXes/ssh2.html Reference: CONFIRM:http://www.uni-karlsruhe.de/~ig25/ssh-faq/ssh-faq-6.html#ss6.1 A race condition in the authentication agent mechanism of sshd 1.2.17 allows an attacker to steal another user's credentials. ====================================================== Name: CVE-1999-0251 Status: Entry Reference: XF:talkd-flash Denial of service in talk program allows remote attackers to disrupt a user's display. ====================================================== Name: CVE-1999-0252 Status: Entry Reference: XF:smtp-listserv Buffer overflow in listserv allows arbitrary command execution. ====================================================== Name: CVE-1999-0256 Status: Entry Reference: XF:war-ftpd Reference: OSVDB:875 Reference: URL:http://www.osvdb.org/875 Buffer overflow in War FTP allows remote execution of commands. ====================================================== Name: CVE-1999-0259 Status: Entry Reference: BUGTRAQ:19970523 cfingerd vulnerability Reference: XF:cfinger-user-enumeration cfingerd lists all users on a system via search.**@target. ====================================================== Name: CVE-1999-0260 Status: Entry Reference: BUGTRAQ:19961224 jj cgi Reference: XF:http-cgi-jj The jj CGI program allows command execution via shell metacharacters. ====================================================== Name: CVE-1999-0262 Status: Entry Reference: BUGTRAQ:19980804 remote exploit in faxsurvey cgi-script Reference: BUGTRAQ:19980804 PATCH: faxsurvey Reference: BID:2056 Reference: URL:http://www.securityfocus.com/bid/2056 Reference: XF:http-cgi-faxsurvey(1532) Reference: URL:http://xforce.iss.net/xforce/xfdb/1532 Hylafax faxsurvey CGI script on Linux allows remote attackers to execute arbitrary commands via shell metacharacters in the query string. ====================================================== Name: CVE-1999-0263 Status: Entry Reference: SUN:00173 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/173 Reference: XF:sun-sunwadmap Solaris SUNWadmap can be exploited to obtain root access. ====================================================== Name: CVE-1999-0264 Status: Entry Reference: XF:http-htmlscript-file-access Reference: BUGTRAQ:Jan27,1998 htmlscript CGI program allows remote read access to files. ====================================================== Name: CVE-1999-0265 Status: Entry Reference: MSKB:Q154174 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q154174 Reference: ISS:ICMP Redirects Against Embedded Controllers Reference: XF:icmp-redirect ICMP redirect messages may crash or lock up a host. ====================================================== Name: CVE-1999-0266 Status: Entry Reference: BUGTRAQ:19980303 Vulnerabilites in some versions of info2www CGI Reference: BID:1995 Reference: URL:http://www.securityfocus.com/bid/1995 Reference: XF:http-cgi-info2www The info2www CGI script allows remote file access or remote command execution. ====================================================== Name: CVE-1999-0267 Status: Entry Reference: XF:http-port Reference: CERT:CA-95.04.NCSA.http.daemon.for.unix.vulnerability Buffer overflow in NCSA HTTP daemon v1.3 allows remote command execution. ====================================================== Name: CVE-1999-0268 Status: Entry Reference: BUGTRAQ:19980630 Security vulnerabilities in MetaInfo products Reference: BUGTRAQ:19980703 Followup to MetaInfo vulnerabilities Reference: OSVDB:110 Reference: URL:http://www.osvdb.org/110 Reference: OSVDB:3969 Reference: URL:http://www.osvdb.org/3969 Reference: XF:metaweb-server-dot-attack MetaInfo MetaWeb web server allows users to upload, execute, and read scripts. ====================================================== Name: CVE-1999-0269 Status: Entry Reference: XF:netscape-server-pageservices Netscape Enterprise servers may list files through the PageServices query. ====================================================== Name: CVE-1999-0270 Status: Entry Reference: BUGTRAQ:19980317 IRIX performer_tools bug Reference: SGI:19980401-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980401-01-P Reference: CIAC:I-041 Reference: URL:http://www.ciac.org/ciac/bulletins/i-041.shtml Reference: BID:64 Reference: URL:http://www.securityfocus.com/bid/64 Reference: OSVDB:134 Reference: URL:http://www.osvdb.org/134 Reference: XF:sgi-pfdispaly(810) Reference: URL:http://xforce.iss.net/xforce/xfdb/810 Directory traversal vulnerability in pfdispaly.cgi program (sometimes referred to as "pfdisplay") for SGI's Performer API Search Tool (performer_tools) allows remote attackers to read arbitrary files. ====================================================== Name: CVE-1999-0272 Status: Entry Reference: XF:slmail-username-bo Denial of service in Slmail v2.5 through the POP3 port. ====================================================== Name: CVE-1999-0273 Status: Entry Reference: XF:sun-telnet-kill Denial of service through Solaris 2.5.1 telnet by sending ^D characters. ====================================================== Name: CVE-1999-0274 Status: Entry Reference: NAI:NAI-5 Reference: XF:nt-dns-dos Denial of service in Windows NT DNS servers through malicious packet which contains a response to a query that wasn't made. ====================================================== Name: CVE-1999-0275 Status: Entry Reference: XF:nt-dnscrash Reference: XF:nt-dnsver Reference: MS:Q169461 Denial of service in Windows NT DNS servers by flooding port 53 with too many characters. ====================================================== Name: CVE-1999-0276 Status: Entry Reference: XF:msql-debug-bo Reference: SEKURE:sekure.01-99.msql mSQL v2.0.1 and below allows remote execution through a buffer overflow. ====================================================== Name: CVE-1999-0277 Status: Entry Reference: XF:workman Reference: CERT:CA-96.23.workman_vul The WorkMan program can be used to overwrite any file to get root access. ====================================================== Name: CVE-1999-0278 Status: Entry Reference: MS:MS98-003 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms98-003.mspx Reference: XF:iis-asp-data-check Reference: OVAL:oval:org.mitre.oval:def:913 Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:913 In IIS, remote attackers can obtain source code for ASP files by appending "::$DATA" to the URL. ====================================================== Name: CVE-1999-0279 Status: Entry Reference: BUGTRAQ:19971217 CGI security hole in EWS (Excite for Web Servers) Reference: BUGTRAQ:19980115 Excite announcement Reference: CERT:VB-98.01.excite Reference: XF:excite-cgi-search-vuln Excite for Web Servers (EWS) allows remote command execution via shell metacharacters. ====================================================== Name: CVE-1999-0280 Status: Entry Reference: NTBUGTRAQ:19970317 Internet Explorer Bug #4 Reference: CIAC:H-38 Reference: XF:http-ie-lnkurl Remote command execution in Microsoft Internet Explorer using .lnk and .url files. ====================================================== Name: CVE-1999-0281 Status: Entry Reference: XF:http-iis-longurl Denial of service in IIS using long URLs. ====================================================== Name: CVE-1999-0288 Status: Entry Reference: NTBUGTRAQ:19970801 WINS flooding Reference: BUGTRAQ:19970801 WINS flooding Reference: BUGTRAQ:19970815 Re: WINS flooding Reference: MISC:http://safenetworks.com/Windows/wins.html Reference: MSKB:155701 Reference: XF:nt-winsupd-fix(1233) Reference: URL:http://xforce.iss.net/xforce/xfdb/1233 The WINS server in Microsoft Windows NT 4.0 before SP4 allows remote attackers to cause a denial of service (process termination) via invalid UDP frames to port 137 (NETBIOS Name Service), as demonstrated via a flood of random packets. ====================================================== Name: CVE-1999-0289 Status: Entry The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL. ====================================================== Name: CVE-1999-0290 Status: Entry Reference: BUGTRAQ:19980221 WinGate DoS Reference: BUGTRAQ:19980326 WinGate Intermediary Fix/Update Reference: XF:wingate-dos The WinGate telnet proxy allows remote attackers to cause a denial of service via a large number of connections to localhost. ====================================================== Name: CVE-1999-0291 Status: Entry Reference: XF:wingate-unpassworded The WinGate proxy is installed without a password, which allows remote attackers to redirect connections without authentication. ====================================================== Name: CVE-1999-0292 Status: Entry Reference: XF:nt-winpopup Denial of service through Winpopup using large user names. ====================================================== Name: CVE-1999-0293 Status: Entry Reference: CISCO:http://www.cisco.com/warp/public/770/aaapair-pub.shtml Reference: XF:cisco-ios-aaa-auth AAA authentication on Cisco systems allows attackers to execute commands without authorization. ====================================================== Name: CVE-1999-0294 Status: Entry Reference: XF:nt-wins-snmp2 All records in a WINS database can be deleted through SNMP for a denial of service. ====================================================== Name: CVE-1999-0295 Status: Entry Reference: XF:sun-sysdef Reference: SUN:00157 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/157 Solaris sysdef command allows local users to read kernel memory, potentially leading to root privileges. ====================================================== Name: CVE-1999-0296 Status: Entry Reference: SUN:00162 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/162 Reference: XF:sun-volrmmount Solaris volrmmount program allows attackers to read any file. ====================================================== Name: CVE-1999-0297 Status: Entry Reference: NAI:NAI-3 Reference: AUSCERT:AA-96.21 Reference: CIAC:H-17 Reference: XF:vixie-cron Buffer overflow in Vixie Cron library up to version 3.0 allows local users to obtain root access via a long environmental variable. ====================================================== Name: CVE-1999-0299 Status: Entry Reference: NAI:NAI-9 Reference: OSVDB:6093 Reference: URL:http://www.osvdb.org/6093 Buffer overflow in FreeBSD lpd through long DNS hostnames. ====================================================== Name: CVE-1999-0300 Status: Entry Reference: SUN:00155 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/155 Reference: XF:sun-niscache nis_cachemgr for Solaris NIS+ allows attackers to add malicious NIS+ servers. ====================================================== Name: CVE-1999-0301 Status: Entry Reference: SUN:00149 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/149 Reference: AUSCERT:AUSCERT-97.17 Reference: XF:sun-ps2bo Buffer overflow in SunOS/Solaris ps command. ====================================================== Name: CVE-1999-0302 Status: Entry Reference: SUN:00176 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/176 Reference: XF:sun-ftp-server SunOS/Solaris FTP clients can be forced to execute arbitrary commands from a malicious FTP server. ====================================================== Name: CVE-1999-0303 Status: Entry Reference: XF:bnu-uucpd-bo Reference: RSI:RSI.0002.05-18-98.BNU.UUCPD Buffer overflow in BNU UUCP daemon (uucpd) through long hostnames. ====================================================== Name: CVE-1999-0304 Status: Entry Reference: XF:bsd-mmap Reference: FREEBSD:FreeBSD-SA-98:02 mmap function in BSD allows local attackers in the kmem group to modify memory through devices. ====================================================== Name: CVE-1999-0305 Status: Entry Reference: OPENBSD:Feb15,1998 "IP Source Routing Problem" Reference: MISC:http://www.openbsd.org/advisories/sourceroute.txt Reference: OSVDB:11502 Reference: URL:http://www.osvdb.org/11502 Reference: XF:bsd-sourceroute(736) Reference: URL:http://xforce.iss.net/xforce/xfdb/736 The system configuration control (sysctl) facility in BSD based operating systems OpenBSD 2.2 and earlier, and FreeBSD 2.2.5 and earlier, does not properly restrict source routed packets even when the (1) dosourceroute or (2) forwarding variables are set, which allows remote attackers to spoof TCP connections. ====================================================== Name: CVE-1999-0308 Status: Entry Reference: HP:HPSBUX9410-018 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9410-018 Reference: XF:hpux-gwind-overwrite Reference: CIAC:H-03: HP-UX suid Vulnerabilities HP-UX gwind program allows users to modify arbitrary files. ====================================================== Name: CVE-1999-0309 Status: Entry Reference: HP:HPSBUX9702-056 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9702-056 Reference: XF:hpux-vgdisplay Reference: CIAC:H-27: HP-UX vgdisplay Buffer Overrun Vulnerability HP-UX vgdisplay program gives root access to local users. ====================================================== Name: CVE-1999-0310 Status: Entry Reference: XF:ssh-1225 SSH 1.2.25 on HP-UX allows access to new user accounts. ====================================================== Name: CVE-1999-0311 Status: Entry Reference: XF:hpux-fpkg2swpk Reference: HP:HPSBUX9612-042 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9612-042 fpkg2swpk in HP-UX allows local users to gain root access. ====================================================== Name: CVE-1999-0312 Status: Entry Reference: XF:nis-ypbind Reference: CERT:CA-93:01.REVISED.HP.NIS.ypbind.vulnerability HP ypbind allows attackers with root privileges to modify NIS data. ====================================================== Name: CVE-1999-0313 Status: Entry Reference: MISC:http://www.securityfocus.com/bid/213/exploit Reference: SGI:19980701-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980701-01-P Reference: BID:214 Reference: URL:http://www.securityfocus.com/bid/214 Reference: OSVDB:936 Reference: URL:http://www.osvdb.org/936 Reference: XF:sgi-disk-bandwidth(1441) Reference: URL:http://xforce.iss.net/xforce/xfdb/1441 disk_bandwidth on SGI IRIX 6.4 S2MP for Origin/Onyx2 allows local users to gain root access using relative pathnames. ====================================================== Name: CVE-1999-0314 Status: Entry Reference: MISC:http://www.securityfocus.com/bid/213/exploit Reference: SGI:19980701-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980701-01-P Reference: BID:213 Reference: URL:http://www.securityfocus.com/bid/213 Reference: OSVDB:6788 Reference: URL:http://www.osvdb.org/6788 Reference: XF:sgi-ioconfig(1199) Reference: URL:http://xforce.iss.net/xforce/xfdb/1199 ioconfig on SGI IRIX 6.4 S2MP for Origin/Onyx2 allows local users to gain root access using relative pathnames. ====================================================== Name: CVE-1999-0315 Status: Entry Reference: XF:fdformat-bo Reference: SUN:00138 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/138 Buffer overflow in Solaris fdformat command gives root access to local users. ====================================================== Name: CVE-1999-0316 Status: Entry Reference: XF:linux-splitvt Reference: CIAC:G-08 Buffer overflow in Linux splitvt command gives root access to local users. ====================================================== Name: CVE-1999-0318 Status: Entry Reference: BUGTRAQ:19961125 Security Problems in XMCD Reference: BUGTRAQ:19961125 XMCD v2.1 released (was: Security Problems in XMCD) Reference: XF:xmcd-envbo Buffer overflow in xmcd 2.0p12 allows local users to gain access through an environmental variable. ====================================================== Name: CVE-1999-0320 Status: Entry Reference: SUN:00166 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/166 Reference: XF:sun-rpc.cmsd SunOS rpc.cmsd allows attackers to obtain root access by overwriting arbitrary files. ====================================================== Name: CVE-1999-0321 Status: Entry Reference: XF:sun-kcms-configure-bo Buffer overflow in Solaris kcms_configure command allows local users to gain root access. ====================================================== Name: CVE-1999-0322 Status: Entry Reference: FREEBSD:FreeBSD-SA-97:05 Reference: XF:freebsd-open Reference: OSVDB:6092 Reference: URL:http://www.osvdb.org/6092 The open() function in FreeBSD allows local attackers to write to arbitrary files. ====================================================== Name: CVE-1999-0323 Status: Entry Reference: FREEBSD:FreeBSD-SA-98:04 Reference: NETBSD:1998-003 Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA1998-003.txt.asc Reference: XF:bsd-mmap FreeBSD mmap function allows users to modify append-only or immutable files. ====================================================== Name: CVE-1999-0324 Status: Entry Reference: HP:HPSBUX9702-053 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9702-053 Reference: CIAC:H-31 Reference: XF:hp-ppllog ppl program in HP-UX allows local users to create root files through symlinks. ====================================================== Name: CVE-1999-0325 Status: Entry Reference: XF:hp-vhe Reference: HP:HPSBUX9406-013 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9406-013 vhe_u_mnt program in HP-UX allows local users to create root files through symlinks. ====================================================== Name: CVE-1999-0326 Status: Entry Reference: HP:HPSBUX9710-071 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9710-071 Reference: XF:hp-mediainit Vulnerability in HP-UX mediainit program. ====================================================== Name: CVE-1999-0327 Status: Entry Reference: SGI:19971103-01-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19971103-01-PX Reference: XF:sgi-syserr SGI syserr program allows local users to corrupt files. ====================================================== Name: CVE-1999-0328 Status: Entry Reference: SGI:19971103-01-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19971103-01-PX Reference: XF:sgi-permtool SGI permissions program allows local users to gain root privileges. ====================================================== Name: CVE-1999-0329 Status: Entry Reference: SGI:19980602-01-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980602-01-PX Reference: XF:sgi-mediad SGI mediad program allows local users to gain root access. ====================================================== Name: CVE-1999-0332 Status: Entry Reference: XF:nt-netmeeting Reference: MSKB:Q184346 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q184346 Buffer overflow in NetMeeting allows denial of service and remote command execution. ====================================================== Name: CVE-1999-0334 Status: Entry Reference: XF:sol-startup Reference: CERT:CA-93.19.Solaris.Startup.vulnerability In Solaris 2.2 and 2.3, when fsck fails on startup, it allows a local user with physical access to obtain root access. ====================================================== Name: CVE-1999-0335 Status: Entry DEPRECATED. This entry has been deprecated. It is a duplicate of CVE-1999-0032. ====================================================== Name: CVE-1999-0337 Status: Entry Reference: CERT:CA-94.10.IBM.AIX.bsh.vulnerability.html Reference: XF:ibm-bsh AIX batch queue (bsh) allows local and remote users to gain additional privileges when network printing is enabled. ====================================================== Name: CVE-1999-0338 Status: Entry Reference: XF:ibm-perf-tools Reference: CERT:CA-94.03.AIX.performance.tools AIX Licensed Program Product performance tools allow local users to gain root access. ====================================================== Name: CVE-1999-0339 Status: Entry Reference: XF:sol-sun-libauth Reference: RSI:RSI.0007.05-26-98 Buffer overflow in the libauth library in Solaris allows local users to gain additional privileges, possibly root access. ====================================================== Name: CVE-1999-0340 Status: Entry Reference: KSRT:005 Reference: XF:linux-crond Buffer overflow in Linux Slackware crond program allows local users to gain root access. ====================================================== Name: CVE-1999-0341 Status: Entry Reference: KSRT:006 Reference: XF:linux-deliver Buffer overflow in the Linux mail program "deliver" allows local users to gain root access. ====================================================== Name: CVE-1999-0342 Status: Entry Reference: REDHAT:http://www.redhat.com/corp/support/errata/rh42-errata-general.html#pam Reference: XF:linux-pam-passwd-tmprace Linux PAM modules allow local users to gain root access using temporary files. ====================================================== Name: CVE-1999-0343 Status: Entry Reference: BUGTRAQ:19981002 Announcements from The Palace (fwd) Reference: XF:palace-malicious-servers-vuln A malicious Palace server can force a client to execute arbitrary programs. ====================================================== Name: CVE-1999-0344 Status: Entry Reference: MS:MS98-009 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms98-009.mspx Reference: MSKB:Q190288 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q190288 Reference: XF:nt-priv-fix NT users can gain debug-level access on a system process using the Sechole exploit. ====================================================== Name: CVE-1999-0346 Status: Entry Reference: BUGTRAQ:19971019 Vulnerability in PHP Example Logging Scripts Reference: BID:713 Reference: URL:http://www.securityfocus.com/bid/713 Reference: XF:http-cgi-php-mlog Reference: OSVDB:3397 Reference: URL:http://www.osvdb.org/3397 CGI PHP mlog script allows an attacker to read any file on the target server. ====================================================== Name: CVE-1999-0348 Status: Entry Reference: NTBUGTRAQ:Jan27,1999 Reference: MSKB:Q197003 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q197003 Reference: OSVDB:930 Reference: URL:http://www.osvdb.org/930 IIS ASP caching problem releases sensitive information when two virtual servers share the same physical directory. ====================================================== Name: CVE-1999-0349 Status: Entry Reference: EEYE:IIS Remote FTP Exploit/DoS Attack Reference: URL:http://www.eeye.com/html/Research/Advisories/IIS Remote FTP Exploit/DoS Attack.html Reference: MS:MS99-003 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-003.mspx Reference: MSKB:Q188348 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q188348 Reference: BUGTRAQ:Jan27,1999 Reference: XF:iis-remote-ftp A buffer overflow in the FTP list (ls) command in IIS allows remote attackers to conduct a denial of service and, in some cases, execute arbitrary commands. ====================================================== Name: CVE-1999-0350 Status: Entry Reference: L0PHT:Feb8,1999 Reference: XF:clearcase-temp-race Race condition in the db_loader program in ClearCase gives local users root access by setting SUID bits. ====================================================== Name: CVE-1999-0351 Status: Entry Reference: INFOWAR:01 Reference: MISC:http://attrition.org/security/advisory/misc/infowar/iw_sec_01.txt Reference: XF:pasv-pizza-thief-dos(3389) Reference: URL:http://xforce.iss.net/xforce/xfdb/3389 FTP PASV "Pizza Thief" denial of service and unauthorized data access. Attackers can steal data by connecting to a port that was intended for use by a client. ====================================================== Name: CVE-1999-0353 Status: Entry Reference: HP:HPSBUX9902-091 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9902-091 Reference: CIAC:J-026 Reference: URL:http://www.ciac.org/ciac/bulletins/j-026.shtml Reference: XF:pcnfsd-world-write rpc.pcnfsd in HP gives remote root access by changing the permissions on the main printer spool directory. ====================================================== Name: CVE-1999-0355 Status: Entry Reference: ISS:Multiple vulnerabilities in ControlIT(tm) (formerly Remotely Possible/32) enterprise management software Reference: XF:controlit-reboot Local or remote users can force ControlIT 4.5 to reboot or force a user to log out, resulting in a denial of service. ====================================================== Name: CVE-1999-0357 Status: Entry Reference: BUGTRAQ:19990125 Win98 crash? Reference: XF:win98-oshare-dos Windows 98 and other operating systems allows remote attackers to cause a denial of service via crafted "oshare" packets, possibly involving invalid fragmentation offsets. ====================================================== Name: CVE-1999-0358 Status: Entry Reference: BUGTRAQ:19990125 Digital Unix 4.0 exploitable buffer overflows Reference: URL:http://www.securityfocus.com/archive/1/12121 Reference: COMPAQ:SSRT0583U Reference: XF:du-inc Reference: CIAC:J-027 Reference: URL:http://www.ciac.org/ciac/bulletins/j-027.shtml Digital Unix 4.0 has a buffer overflow in the inc program of the mh package. ====================================================== Name: CVE-1999-0362 Status: Entry Reference: EEYE:AD02021999 Reference: URL:http://www.eeye.com/html/Research/Advisories/AD02021999.html Reference: XF:wsftp-remote-dos Reference: BID:217 Reference: URL:http://www.securityfocus.com/bid/217 WS_FTP server remote denial of service through cwd command. ====================================================== Name: CVE-1999-0363 Status: Entry Reference: BUGTRAQ:Feb02,1999 Reference: XF:plp-lpc-bo Reference: BID:328 Reference: URL:http://www.securityfocus.com/bid/328 SuSE 5.2 PLP lpc program has a buffer overflow that leads to root compromise. ====================================================== Name: CVE-1999-0365 Status: Entry Reference: BUGTRAQ:Feb04,1999 Reference: XF:metamail-header-commands The metamail package allows remote command execution using shell metacharacters that are not quoted in a mailcap entry. ====================================================== Name: CVE-1999-0366 Status: Entry Reference: MS:MS99-004 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-004.mspx Reference: MSKB:Q214840 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q214840 Reference: XF:nt-sp4-auth-error In some cases, Service Pack 4 for Windows NT 4.0 can allow access to network shares using a blank password, through a problem with a null NT hash value. ====================================================== Name: CVE-1999-0367 Status: Entry Reference: NETBSD:1999-002 Reference: OSVDB:7571 Reference: URL:http://www.osvdb.org/7571 NetBSD netstat command allows local users to access kernel memory. ====================================================== Name: CVE-1999-0368 Status: Entry Reference: NETECT:palmetto.ftpd Reference: CERT:CA-99.03 Reference: XF:palmetto-ftpd-bo Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto. ====================================================== Name: CVE-1999-0369 Status: Entry Reference: SUN:00183 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/183 Reference: XF:sun-sdtcm-convert-bo The Sun sdtcm_convert calendar utility for OpenWindows has a buffer overflow which can gain root access. ====================================================== Name: CVE-1999-0371 Status: Entry Reference: BUGTRAQ:19990211 Lynx /tmp problem Reference: CERT:VB-97.05.lynx Reference: XF:lynx-temp-files-race Lynx allows a local user to overwrite sensitive files through /tmp symlinks. ====================================================== Name: CVE-1999-0372 Status: Entry Reference: MS:MS99-005 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-005.mspx Reference: XF:nt-backoffice-setup Reference: MSKB:Q217004 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q217004 The installer for BackOffice Server includes account names and passwords in a setup file (reboot.ini) which is not deleted. ====================================================== Name: CVE-1999-0373 Status: Entry Reference: ISS:Buffer Overflow in "Super" package in Debian Linux Reference: XF:linux-super-bo Reference: XF:linux-super-logging-bo Buffer overflow in the "Super" utility in Debian GNU/Linux, and other operating systems, allows local users to execute commands as root. ====================================================== Name: CVE-1999-0374 Status: Entry Reference: DEBIAN:19990215 Reference: BUGTRAQ:Feb16,1999 Reference: XF:linux-cfengine-symlinks Debian GNU/Linux cfengine package is susceptible to a symlink attack. ====================================================== Name: CVE-1999-0375 Status: Entry Reference: NAI:February 16, 1999 Reference: BUGTRAQ:Feb16,1999 Reference: XF:nfr-webd-overflow Buffer overflow in webd in Network Flight Recorder (NFR) 2.0.2-Research allows remote attackers to execute commands. ====================================================== Name: CVE-1999-0376 Status: Entry Reference: MS:MS99-006 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-006.mspx Reference: BUGTRAQ:Feb20,1999 Reference: L0PHT:Feb18,1999 Reference: XF:nt-knowndlls-list Local users in Windows NT can obtain administrator privileges by changing the KnownDLLs list to reference malicious programs. ====================================================== Name: CVE-1999-0377 Status: Entry Reference: BUGTRAQ:Feb22,1999 Process table attack in Unix systems allows a remote attacker to perform a denial of service by filling a machine's process tables through multiple connections to network services. ====================================================== Name: CVE-1999-0378 Status: Entry Reference: BUGTRAQ:19990222 BlackHats Advisory -- InterScan VirusWall Reference: BUGTRAQ:19990225 Patch for InterScan VirusWall for Unix now available Reference: XF:viruswall-http-request Reference: OSVDB:6167 Reference: URL:http://www.osvdb.org/6167 InterScan VirusWall for Solaris doesn't scan files for viruses when a single HTTP request includes two GET commands. ====================================================== Name: CVE-1999-0379 Status: Entry Reference: MS:MS99-007 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-007.mspx Reference: BUGTRAQ:19990223 Microsoft Security Bulletin (MS99-007) Reference: BID:498 Reference: URL:http://www.securityfocus.com/bid/498 Reference: OSVDB:1019 Reference: URL:http://www.osvdb.org/1019 Reference: XF:win-resourcekit-taskpads Microsoft Taskpads allows remote web sites to execute commands on the visiting user's machine via certain methods that are marked as Safe for Scripting. ====================================================== Name: CVE-1999-0380 Status: Entry Reference: NTBUGTRAQ:199902225 ALERT: SLMail 3.2 (and 3.1) with the Remote Administration Service Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=91999015212415&w=2 Reference: BUGTRAQ:19990225 ALERT: SLMail 3.2 (and 3.1) with the Remote Administration Service Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91996412724720&w=2 Reference: NTBUGTRAQ:SLmail 3.2 Build 3113 (Web Administration Security Fix) Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92110501504997&w=2 Reference: BID:497 Reference: URL:http://www.securityfocus.com/bid/497 Reference: XF:slmail-ras-ntfs-bypass(5392) Reference: URL:http://xforce.iss.net/static/5392.php SLMail 3.1 and 3.2 allows local users to access any file in the NTFS file system when the Remote Administration Service (RAS) is enabled by setting a user's Finger File to point to the target file, then running finger on the user. ====================================================== Name: CVE-1999-0382 Status: Entry Reference: MS:MS99-008 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-008.mspx Reference: XF:nt-screen-saver The screen saver in Windows NT does not verify that its security context has been changed properly, allowing attackers to run programs with elevated privileges. ====================================================== Name: CVE-1999-0383 Status: Entry Reference: BUGTRAQ:19990103 Tigris vulnerability Reference: BID:183 Reference: URL:http://www.securityfocus.com/bid/183 Reference: OSVDB:267 Reference: URL:http://www.osvdb.org/267 Reference: XF:acc-tigris-login ACC Tigris allows public access without a login. ====================================================== Name: CVE-1999-0384 Status: Entry Reference: XF:forms-vuln-patch Reference: MS:MS99-001 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-001.mspx The Forms 2.0 ActiveX control (included with Visual Basic for Applications 5.0) can be used to read text from a user's clipboard when the user accesses documents with ActiveX content. ====================================================== Name: CVE-1999-0385 Status: Entry Reference: MS:MS99-009 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-009.mspx Reference: ISS:LDAP Buffer overflow against Microsoft Directory Services Reference: XF:ldap-exchange-overflow Reference: XF:ldap-mds-dos The LDAP bind function in Exchange 5.5 has a buffer overflow that allows a remote attacker to conduct a denial of service or execute commands. ====================================================== Name: CVE-1999-0386 Status: Entry Reference: MS:MS99-010 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-010.mspx Reference: XF:pws-file-access Reference: OSVDB:111 Reference: URL:http://www.osvdb.org/111 Microsoft Personal Web Server and FrontPage Personal Web Server in some Windows systems allows a remote attacker to read files on the server by using a nonstandard URL. ====================================================== Name: CVE-1999-0387 Status: Entry Reference: MS:MS99-052 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-052.asp Reference: MSKB:Q168115 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q168115 Reference: BID:829 Reference: URL:http://www.securityfocus.com/bid/829 Reference: XF:9x-plaintext-pwd A legacy credential caching mechanism used in Windows 95 and Windows 98 systems allows attackers to read plaintext network passwords. ====================================================== Name: CVE-1999-0388 Status: Entry Reference: XF:datalynx-suguard-relative-paths Reference: L0PHT:Jan3,1999 Reference: OSVDB:3186 Reference: URL:http://www.osvdb.org/3186 DataLynx suGuard trusts the PATH environment variable to execute the ps command, allowing local users to execute commands as root. ====================================================== Name: CVE-1999-0390 Status: Entry Reference: BUGTRAQ:19990104 Dosemu/S-Lang Overflow + sploit Reference: CALDERA:CSSA-1999-006.1 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-1999-006.1.txt Reference: BID:187 Reference: URL:http://www.securityfocus.com/bid/187 Buffer overflow in Dosemu Slang library in Linux. ====================================================== Name: CVE-1999-0391 Status: Entry Reference: L0PHT:Jan. 5, 1999 The cryptographic challenge of SMB authentication in Windows 95 and Windows 98 can be reused, allowing an attacker to replay the response and impersonate a user. ====================================================== Name: CVE-1999-0392 Status: Entry Reference: BUGTRAQ:Jan10,1999 Reference: XF:http-cgic-library-bo Buffer overflow in Thomas Boutell's cgic library version up to 1.05. ====================================================== Name: CVE-1999-0393 Status: Entry Reference: BUGTRAQ:19981212 ** Sendmail 8.9.2 DoS - exploit ** get what you want! Reference: BUGTRAQ:19990121 Sendmail 8.8.x/8.9.x bugware Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91694391227372&w=2 Reference: XF:sendmail-parsing-redirection Remote attackers can cause a denial of service in Sendmail 8.8.x and 8.9.2 by sending messages with a large number of headers. ====================================================== Name: CVE-1999-0395 Status: Entry Reference: ISS:19990118 Vulnerability in the BackWeb Polite Agent Protocol Reference: URL:http://xforce.iss.net/alerts/advise17.php Reference: XF:backweb-polite-agent-protocol A race condition in the BackWeb Polite Agent Protocol allows an attacker to spoof a BackWeb server. ====================================================== Name: CVE-1999-0396 Status: Entry Reference: NETBSD:1999-001 Reference: OPENBSD:Feb17,1999 Reference: XF:netbsd-tcp-race A race condition between the select() and accept() calls in NetBSD TCP servers allows remote attackers to cause a denial of service. ====================================================== Name: CVE-1999-0402 Status: Entry Reference: BUGTRAQ:Feb2,1999 Reference: XF:wget-permissions Reference: DEBIAN:19990220 wget 1.5.3 follows symlinks to change permissions of the target file instead of the symlink itself. ====================================================== Name: CVE-1999-0403 Status: Entry Reference: BUGTRAQ:19990204 Cyrix bug: freeze in hell, badboy Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91821080015725&w=2 Reference: XF:cyrix-hang A bug in Cyrix CPUs on Linux allows local users to perform a denial of service. ====================================================== Name: CVE-1999-0404 Status: Entry Reference: BUGTRAQ:Feb14,1999 Reference: XF:mailmax-bo Buffer overflow in the Mail-Max SMTP server for Windows systems allows remote command execution. ====================================================== Name: CVE-1999-0405 Status: Entry Reference: HERT:002 Reference: BUGTRAQ:Feb18,1999 Reference: DEBIAN:19990220a Reference: XF:lsof-bo Reference: OSVDB:3163 Reference: URL:http://www.osvdb.org/3163 A buffer overflow in lsof allows local users to obtain root privilege. ====================================================== Name: CVE-1999-0407 Status: Entry Reference: BUGTRAQ:19990209 ALERT: IIS4 allows proxied password attacks over NetBIOS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91983486431506&w=2 Reference: BUGTRAQ:19990209 Re: IIS4 allows proxied password attacks over NetBIOS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92000623021036&w=2 Reference: XF:iis-iisadmpwd By default, IIS 4.0 has a virtual directory /IISADMPWD which contains files that can be used as proxies for brute force password attacks, or to identify valid users on the system. ====================================================== Name: CVE-1999-0408 Status: Entry Reference: BUGTRAQ:19990225 Cobalt root exploit Reference: XF:cobalt-raq-history-exposure Reference: BID:337 Reference: URL:http://www.securityfocus.com/bid/337 Files created from interactive shell sessions in Cobalt RaQ microservers (e.g. .bash_history) are world readable, and thus are accessible from the web server. ====================================================== Name: CVE-1999-0409 Status: Entry Reference: BUGTRAQ:19990304 Linux /usr/bin/gnuplot overflow Reference: XF:gnuplot-home-overflow Reference: BID:319 Reference: URL:http://www.securityfocus.com/bid/319 Buffer overflow in gnuplot in Linux version 3.5 allows local users to obtain root access. ====================================================== Name: CVE-1999-0410 Status: Entry Reference: BUGTRAQ:Mar5,1999 Reference: XF:sol-cancel Reference: BID:293 Reference: URL:http://www.securityfocus.com/bid/293 The cancel command in Solaris 2.6 (i386) has a buffer overflow that allows local users to obtain root access. ====================================================== Name: CVE-1999-0412 Status: Entry Reference: BUGTRAQ:Feb19,1999 Reference: XF:iis-isapi-execute Reference: BID:501 Reference: URL:http://www.securityfocus.com/bid/501 In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension. ====================================================== Name: CVE-1999-0413 Status: Entry Reference: SGI:19990301-01-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19990301-01-PX Reference: XF:irix-font-path-overflow A buffer overflow in the SGI X server allows local users to gain root access through the X server font path. ====================================================== Name: CVE-1999-0414 Status: Entry Reference: NAI:Linux Blind TCP Spoofing Reference: XF:linux-blind-spoof In Linux before version 2.0.36, remote attackers can spoof a TCP connection and pass data to the application layer before fully establishing the connection. ====================================================== Name: CVE-1999-0415 Status: Entry Reference: ISS:19990311 Remote Reconfiguration and Denial of Service Vulnerabilities in Cisco 700 ISDN Routers Reference: CISCO:19990311 Cisco 7xx TCP and HTTP Vulnerabilities Reference: URL:http://www.cisco.com/warp/public/770/7xxconn-pub.shtml Reference: CIAC:J-034 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/j-034.shtml Reference: XF:cisco-router-commands Reference: XF:cisco-web-config The HTTP server in Cisco 7xx series routers 3.2 through 4.2 is enabled by default, which allows remote attackers to change the router's configuration. ====================================================== Name: CVE-1999-0416 Status: Entry Reference: ISS:19990311 Remote Reconfiguration and Denial of Service Vulnerabilities in Cisco 700 ISDN Routers Reference: CISCO:19990311 Cisco 7xx TCP and HTTP Vulnerabilities Reference: URL:http://www.cisco.com/warp/public/770/7xxconn-pub.shtml Reference: CIAC:J-034 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/j-034.shtml Reference: XF:cisco-web-crash Vulnerability in Cisco 7xx series routers allows a remote attacker to cause a system reload via a TCP connection to the router's TELNET port. ====================================================== Name: CVE-1999-0417 Status: Entry Reference: BUGTRAQ:Mar9,1999 Reference: XF:solaris-psinfo-crash Reference: BID:448 Reference: URL:http://www.securityfocus.com/bid/448 Reference: OSVDB:1001 Reference: URL:http://www.osvdb.org/1001 64 bit Solaris 7 procfs allows local users to perform a denial of service. ====================================================== Name: CVE-1999-0420 Status: Entry Reference: NETBSD:1999-006 umapfs allows local users to gain root privileges by changing their uid through a malicious mount_umap program. ====================================================== Name: CVE-1999-0421 Status: Entry Reference: ISS:Short-Term High-Risk Vulnerability During Slackware 3.6 Network Installations Reference: XF:linux-slackware-install Reference: BID:338 Reference: URL:http://www.securityfocus.com/bid/338 Reference: OSVDB:981 Reference: URL:http://www.osvdb.org/981 During a reboot after an installation of Linux Slackware 3.6, a remote attacker can obtain root access by logging in to the root account without a password. ====================================================== Name: CVE-1999-0422 Status: Entry Reference: NETBSD:1999-007 In some cases, NetBSD 1.3.3 mount allows local users to execute programs in some file systems that have the "noexec" flag set. ====================================================== Name: CVE-1999-0423 Status: Entry Reference: HP:HPSBUX9903-093 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9903-093 Reference: XF:hp-hpterm-files Vulnerability in hpterm on HP-UX 10.20 allows local users to gain additional privileges. ====================================================== Name: CVE-1999-0424 Status: Entry Reference: SUSE:Mar18,1999 Reference: XF:netscape-talkback-overwrite talkback in Netscape 4.5 allows a local user to overwrite arbitrary files of another user whose Netscape crashes. ====================================================== Name: CVE-1999-0425 Status: Entry Reference: SUSE:Mar18,1999 Reference: XF:netscape-talkback-kill talkback in Netscape 4.5 allows a local user to kill an arbitrary process of another user whose Netscape crashes. ====================================================== Name: CVE-1999-0428 Status: Entry Reference: BUGTRAQ:19990322 OpenSSL/SSLeay Security Alert Reference: XF:ssl-session-reuse Reference: OSVDB:3936 Reference: URL:http://www.osvdb.org/3936 OpenSSL and SSLeay allow remote attackers to reuse SSL sessions and bypass access controls. ====================================================== Name: CVE-1999-0429 Status: Entry Reference: BUGTRAQ:19990323 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92221437025743&w=2 Reference: BUGTRAQ:19990324 Re: LNotes encryption Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92241547418689&w=2 Reference: BUGTRAQ:19990326 Lotus Notes Encryption Bug Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92246997917866&w=2 Reference: BUGTRAQ:19990326 Re: Lotus Notes security advisory Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92249282302994&w=2 Reference: XF:lotus-client-encryption The Lotus Notes 4.5 client may send a copy of encrypted mail in the clear across the network if the user does not set the "Encrypt Saved Mail" preference. ====================================================== Name: CVE-1999-0430 Status: Entry Reference: ISS:Remote Denial of Service Vulnerability in Cisco Catalyst Series Ethernet Switches Reference: CISCO:Cisco Catalyst Supervisor Remote Reload Reference: XF:cisco-catalyst-crash Reference: OSVDB:1103 Reference: URL:http://www.osvdb.org/1103 Cisco Catalyst LAN switches running Catalyst 5000 supervisor software allows remote attackers to perform a denial of service by forcing the supervisor module to reload. ====================================================== Name: CVE-1999-0432 Status: Entry Reference: HP:HPSBUX9903-094 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9903-094 Reference: XF:hp-ftp ftp on HP-UX 11.00 allows local users to gain privileges. ====================================================== Name: CVE-1999-0433 Status: Entry Reference: SUSE:Mar28,1999 Reference: BUGTRAQ:19990321 X11R6 NetBSD Security Problem Reference: XF:xfree86-temp-directories XFree86 startx command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service. ====================================================== Name: CVE-1999-0436 Status: Entry Reference: HP:HPSBUX9903-095 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9903-095 Reference: XF:hp-desms-servers Domain Enterprise Server Management System (DESMS) in HP-UX allows local users to gain privileges. ====================================================== Name: CVE-1999-0437 Status: Entry Reference: ISS:WebRamp Denial of Service Attacks Reference: XF:webramp-device-crash Remote attackers can perform a denial of service in WebRamp systems by sending a malicious string to the HTTP port. ====================================================== Name: CVE-1999-0438 Status: Entry Reference: ISS:WebRamp Denial of Service Attacks Reference: XF:webramp-ipchange Remote attackers can perform a denial of service in WebRamp systems by sending a malicious UDP packet to port 5353, changing its IP address. ====================================================== Name: CVE-1999-0439 Status: Entry Reference: BUGTRAQ:19990405 Re: [SECURITY] new version of procmail with security fixes Reference: DEBIAN:19990422 Reference: CALDERA:CSSA-1999:007 Reference: XF:procmail-overflow Buffer overflow in procmail before version 3.12 allows remote or local attackers to execute commands via expansions in the procmailrc configuration file. ====================================================== Name: CVE-1999-0440 Status: Entry Reference: BUGTRAQ:19990405 Security Hole in Java 2 (and JDK 1.1.x) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92333596624452&w=2 Reference: CONFIRM:http://java.sun.com/pr/1999/03/pr990329-01.html Reference: BID:1939 Reference: URL:http://www.securityfocus.com/bid/1939 Reference: XF:java-unverified-code The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages. ====================================================== Name: CVE-1999-0441 Status: Entry Reference: EEYE:AD02221999 Reference: URL:http://www.eeye.com/html/Research/Advisories/AD02221999.html Reference: XF:wingate-redirector-dos Reference: BID:509 Reference: URL:http://www.securityfocus.com/bid/509 Remote attackers can perform a denial of service in WinGate machines using a buffer overflow in the Winsock Redirector Service. ====================================================== Name: CVE-1999-0442 Status: Entry Reference: BUGTRAQ:19990107 really silly ff.core exploit for Solaris Reference: BUGTRAQ:19990108 ff.core exploit on Solaris (2.)7 Reference: BUGTRAQ:19990408 Solaris7 and ff.core Reference: BID:327 Reference: URL:http://www.securityfocus.com/bid/327 Solaris ff.core allows local users to modify files. ====================================================== Name: CVE-1999-0445 Status: Entry Reference: CISCO:Cisco IOS(R) Software Input Access List Leakage with NAT Reference: XF:cisco-natacl-leakage Reference: OSVDB:1104 Reference: URL:http://www.osvdb.org/1104 In Cisco routers under some versions of IOS 12.0 running NAT, some packets may not be filtered by input access list filters. ====================================================== Name: CVE-1999-0446 Status: Entry Reference: NETBSD:1999-008 Reference: XF:netbsd-vfslocking-panic Reference: OSVDB:7051 Reference: URL:http://www.osvdb.org/7051 Local users can perform a denial of service in NetBSD 1.3.3 and earlier versions by creating an unusual symbolic link with the ln command, triggering a bug in VFS. ====================================================== Name: CVE-1999-0447 Status: Entry Reference: HP:HPSBMP9904-006 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBMP9904-006 Reference: XF:mpeix-debug Local users can gain privileges using the debug utility in the MPE/iX operating system. ====================================================== Name: CVE-1999-0448 Status: Entry Reference: BUGTRAQ:19990121 IIS 4 Request Logging Security Advisory Reference: XF:iis-http-request-logging IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request. ====================================================== Name: CVE-1999-0449 Status: Entry Reference: BUGTRAQ:19990126 IIS 4 Advisory - ExAir sample site DoS Reference: NTBUGTRAQ:19990126 IIS 4 Advisory - ExAir sample site DoS Reference: BUGTRAQ:19990125 Re: [NTSEC] IIS 4 Advisory - ExAir sample site DoS Reference: BID:193 Reference: URL:http://www.securityfocus.com/bid/193 Reference: OSVDB:2 Reference: URL:http://www.osvdb.org/2 Reference: OSVDB:3 Reference: URL:http://www.osvdb.org/3 Reference: OSVDB:4 Reference: URL:http://www.osvdb.org/4 Reference: XF:iis-exair-dos The ExAir sample site in IIS 4 allows remote attackers to cause a denial of service (CPU consumption) via a direct request to the (1) advsearch.asp, (2) query.asp, or (3) search.asp scripts. ====================================================== Name: CVE-1999-0457 Status: Entry Reference: BUGTRAQ:Jan17,1999 Reference: DEBIAN:19990117 Reference: XF:ftpwatch-vuln Reference: BID:317 Reference: URL:http://www.securityfocus.com/bid/317 Linux ftpwatch program allows local users to gain root privileges. ====================================================== Name: CVE-1999-0458 Status: Entry Reference: BUGTRAQ:Jan6,1999 Reference: XF:l0phtcrack-temp-files Reference: OSVDB:915 Reference: URL:http://www.osvdb.org/915 L0phtcrack 2.5 used temporary files in the system TEMP directory which could contain password information. ====================================================== Name: CVE-1999-0463 Status: Entry Reference: SGI:19981201-01-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19981201-01-PX Reference: XF:sgi-fcagent-dos Remote attackers can perform a denial of service using IRIX fcagent. ====================================================== Name: CVE-1999-0464 Status: Entry Reference: BUGTRAQ:19990104 Tripwire mess.. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91553066310826&w=2 Reference: CONFIRM:http://marc.theaimsgroup.com/?l=bugtraq&m=91592136122066&w=2 Reference: OSVDB:6609 Reference: URL:http://www.osvdb.org/6609 Local users can perform a denial of service in Tripwire 1.2 and earlier using long filenames. ====================================================== Name: CVE-1999-0466 Status: Entry Reference: NETBSD:1999-009 Reference: OSVDB:905 Reference: URL:http://www.osvdb.org/905 The SVR4 /dev/wabi special device file in NetBSD 1.3.3 and earlier allows a local user to read or write arbitrary files on the disk associated with that device. ====================================================== Name: CVE-1999-0468 Status: Entry Reference: MS:MS99-012 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-012.asp Reference: XF:ie-scriplet-fileread Reference: BUGTRAQ:Apr9,1999 Internet Explorer 5.0 allows a remote server to read arbitrary files on the client's file system using the Microsoft Scriptlet Component. ====================================================== Name: CVE-1999-0470 Status: Entry Reference: BUGTRAQ:19990409 New Novell Remote.NLM Password Decryption Algorithm with Exploit Reference: BID:482 Reference: URL:http://www.securityfocus.com/bid/482 Reference: XF:netware-remotenlm-passwords A weak encryption algorithm is used for passwords in Novell Remote.NLM, allowing them to be easily decrypted. ====================================================== Name: CVE-1999-0471 Status: Entry Reference: XF:winroute-config Reference: BUGTRAQ:Apr9,1999 The remote proxy server in Winroute allows a remote attacker to reconfigure the proxy without authentication through the "cancel" button. ====================================================== Name: CVE-1999-0472 Status: Entry Reference: XF:netcache-snmp Reference: BUGTRAQ:Apr7,1999 The SNMP default community name "public" is not properly removed in NetApps C630 Netcache, even if the administrator tries to disable it. ====================================================== Name: CVE-1999-0473 Status: Entry Reference: BUGTRAQ:19990407 rsync 2.3.1 release - security fix Reference: CALDERA:CSSA-1999:010.0 Reference: DEBIAN:19990823 Reference: BID:145 Reference: URL:http://www.securityfocus.com/bid/145 Reference: XF:rsync-permissions The rsync command before rsync 2.3.1 may inadvertently change the permissions of the client's working directory to the permissions of the directory being transferred. ====================================================== Name: CVE-1999-0474 Status: Entry Reference: XF:icq-webserver-read Reference: BUGTRAQ:Apr5,1999 The ICQ Webserver allows remote attackers to use .. to access arbitrary files outside of the user's personal directory. ====================================================== Name: CVE-1999-0475 Status: Entry Reference: XF:procmail-race Reference: BUGTRAQ:Apr5,1999 A race condition in how procmail handles .procmailrc files allows a local user to read arbitrary files available to the user who is running procmail. ====================================================== Name: CVE-1999-0478 Status: Entry Reference: HP:HPSBUX9904-097 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9904-097 Reference: XF:sendmail-headers-dos Denial of service in HP-UX sendmail 8.8.6 related to accepting connections. ====================================================== Name: CVE-1999-0479 Status: Entry Reference: HP:HPSBUX9903-092 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9903-092 Reference: XF:netscape-server-dos Denial of service Netscape Enterprise Server with VirtualVault on HP-UX VVOS systems. ====================================================== Name: CVE-1999-0481 Status: Entry Reference: OPENBSD:Mar22,1999 Reference: OSVDB:7556 Reference: URL:http://www.osvdb.org/7556 Denial of service in "poll" in OpenBSD. ====================================================== Name: CVE-1999-0482 Status: Entry Reference: OPENBSD:Mar21,1999 Reference: OSVDB:7557 Reference: URL:http://www.osvdb.org/7557 OpenBSD kernel crash through TSS handling, as caused by the crashme program. ====================================================== Name: CVE-1999-0483 Status: Entry Reference: OPENBSD:Feb25,1999 Reference: OSVDB:6129 Reference: URL:http://www.osvdb.org/6129 OpenBSD crash using nlink value in FFS and EXT2FS filesystems. ====================================================== Name: CVE-1999-0484 Status: Entry Reference: OPENBSD:Feb23,1999 Reference: OSVDB:6130 Reference: URL:http://www.osvdb.org/6130 Buffer overflow in OpenBSD ping. ====================================================== Name: CVE-1999-0485 Status: Entry Reference: OPENBSD:Feb19,1999 Reference: XF:openbsd-ipintr-race Reference: OSVDB:7558 Reference: URL:http://www.osvdb.org/7558 Remote attackers can cause a system crash through ipintr() in ipq in OpenBSD. ====================================================== Name: CVE-1999-0487 Status: Entry Reference: MS:MS99-011 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-011.mspx Reference: XF:ie-dhtml-control The DHTML Edit ActiveX control in Internet Explorer allows remote attackers to read arbitrary files. ====================================================== Name: CVE-1999-0491 Status: Entry Reference: BUGTRAQ:19990420 Bash Bug Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.9904202114070.6623-100000@smooth.Operator.org Reference: CALDERA:CSSA-1999-008.0 Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-008.0.txt Reference: BID:119 Reference: URL:http://www.securityfocus.com/bid/119 The prompt parsing in bash allows a local user to execute commands as another user by creating a directory with the name of the command to execute. ====================================================== Name: CVE-1999-0493 Status: Entry Reference: CERT:CA-99-05 Reference: URL:http://www.cert.org/advisories/CA-99-05-statd-automountd.html Reference: SUN:00186 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/186&type=0&nav=sec.sba Reference: CIAC:J-045 Reference: URL:http://www.ciac.org/ciac/bulletins/j-045.shtml Reference: BUGTRAQ:19990103 SUN almost has a clue! (automountd) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91547759121289&w=2 Reference: BID:450 Reference: URL:http://www.securityfocus.com/bid/450 rpc.statd allows remote attackers to forward RPC calls to the local operating system via the SM_MON and SM_NOTIFY commands, which in turn could be used to remotely exploit other bugs such as in automountd. ====================================================== Name: CVE-1999-0494 Status: Entry Reference: XF:wingate-pop3-user-bo Denial of service in WinGate proxy through a buffer overflow in POP3. ====================================================== Name: CVE-1999-0496 Status: Entry Reference: MSKB:Q146965 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q146965 Reference: XF:nt-getadmin Reference: XF:nt-getadmin-present A Windows NT 4.0 user can gain administrative rights by forcing NtOpenProcessToken to succeed regardless of the user's permissions, aka GetAdmin. ====================================================== Name: CVE-1999-0513 Status: Entry Reference: CERT:CA-98.01.smurf Reference: FREEBSD:FreeBSD-SA-98:06 Reference: XF:smurf ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack that can cause a denial of service. ====================================================== Name: CVE-1999-0514 Status: Entry Reference: XF:fraggle UDP messages to broadcast addresses are allowed, allowing for a Fraggle attack that can cause a denial of service by flooding the target. ====================================================== Name: CVE-1999-0526 Status: Entry Reference: XF:xcheck-keystroke Reference: CERT-VN:VU#704969 Reference: URL:http://www.kb.cert.org/vuls/id/704969 An X server's access control is disabled (e.g. through an "xhost +" command) and allows anyone to connect to the server. ====================================================== Name: CVE-1999-0551 Status: Entry Reference: HP:HPSBUX9804-078 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9804-078 Reference: XF:hp-openmail HP OpenMail can be misconfigured to allow users to run arbitrary commands using malicious print requests. ====================================================== Name: CVE-1999-0566 Status: Entry Reference: XF:ibm-syslogd Reference: XF:syslog-flood An attacker can write to syslog files from any location, causing a denial of service by filling up the logs, and hiding activities. ====================================================== Name: CVE-1999-0608 Status: Entry Reference: BUGTRAQ:19990420 Shopping Carts exposing CC data Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92462991805485&w=2 Reference: CONFIRM:http://www.pdgsoft.com/Security/security.html. Reference: XF:pdgsoftcart-misconfig(3857) Reference: URL:http://xforce.iss.net/xforce/xfdb/3857 An incorrect configuration of the PDG Shopping Cart CGI program "shopper.cgi" could disclose private information. ====================================================== Name: CVE-1999-0612 Status: Entry Reference: XF:finger-out Reference: XF:finger-running A version of finger is running that exposes valid user information to any entity on the network. ====================================================== Name: CVE-1999-0626 Status: Entry Reference: XF:rusersd Reference: XF:ruser A version of rusers is running that exposes valid user information to any entity on the network. ====================================================== Name: CVE-1999-0627 Status: Entry Reference: XF:rexd The rexd service is running, which uses weak authentication that can allow an attacker to execute commands. ====================================================== Name: CVE-1999-0628 Status: Entry Reference: XF:rwhod The rwho/rwhod service is running, which exposes machine status and user information. ====================================================== Name: CVE-1999-0668 Status: Entry Reference: BUGTRAQ:19990821 IE 5.0 allows executing programs Reference: MS:MS99-032 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-032.asp Reference: CIAC:J-064 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/j-064.shtml Reference: BID:598 Reference: URL:http://www.securityfocus.com/bid/598 Reference: XF:ms-scriptlet-eyedog-unsafe Reference: MSKB:Q240308 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q240308 The scriptlet.typelib ActiveX control is marked as "safe for scripting" for Internet Explorer, which allows a remote attacker to execute arbitrary commands as demonstrated by Bubbleboy. ====================================================== Name: CVE-1999-0671 Status: Entry Reference: BID:572 Reference: URL:http://www.securityfocus.com/bid/572 Reference: XF:toxsoft-nextftp-cwd-bo Buffer overflow in ToxSoft NextFTP client through CWD command. ====================================================== Name: CVE-1999-0672 Status: Entry Reference: XF:fujitsu-topic-bo Reference: BID:573 Reference: URL:http://www.securityfocus.com/bid/573 Buffer overflow in Fujitsu Chocoa IRC client via IRC channel topics. ====================================================== Name: CVE-1999-0674 Status: Entry Reference: NETBSD:1999-011 Reference: OPENBSD:Aug 9,1999 Reference: FREEBSD:FreeBSD-SA-99:02 Reference: BUGTRAQ:19990809 profil(2) bug, a simple test program Reference: BID:570 Reference: URL:http://www.securityfocus.com/bid/570 Reference: CIAC:J-067 Reference: URL:http://www.ciac.org/ciac/bulletins/j-067.shtml Reference: XF:netbsd-profil The BSD profil system call allows a local user to modify the internal data space of a program via profiling and execve. ====================================================== Name: CVE-1999-0675 Status: Entry Reference: BUGTRAQ:19990809 FW1 UDP Port 0 DoS Reference: URL:http://www.securityfocus.com/archive/1/23615 Reference: BID:576 Reference: URL:http://www.securityfocus.com/bid/576 Reference: XF:checkpoint-port Reference: OSVDB:1038 Reference: URL:http://www.osvdb.org/1038 Check Point FireWall-1 can be subjected to a denial of service via UDP packets that are sent through VPN-1 to port 0 of a host. ====================================================== Name: CVE-1999-0676 Status: Entry Reference: BUGTRAQ:19990808 sdtcm_convert Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=19990809134220.A1191@hades.chaoz.org Reference: XF:sun-sdtcm-convert Reference: BID:575 Reference: URL:http://www.securityfocus.com/bid/575 sdtcm_convert in Solaris 2.6 allows a local user to overwrite sensitive files via a symlink attack. ====================================================== Name: CVE-1999-0678 Status: Entry Reference: XF:apache-debian-usrdoc Reference: BUGTRAQ:19990405 An issue with Apache on Debian Reference: BID:318 Reference: URL:http://www.securityfocus.com/bid/318 A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server. ====================================================== Name: CVE-1999-0679 Status: Entry Reference: BUGTRAQ:19990813 w00w00's efnet ircd advisory (exploit included) Reference: CONFIRM:http://www.efnet.org/archive/servers/hybrid/ChangeLog Reference: BID:581 Reference: URL:http://www.securityfocus.com/bid/581 Reference: XF:hybrid-ircd-minvite-bo Buffer overflow in hybrid-6 IRC server commonly used on EFnet allows remote attackers to execute commands via m_invite invite option. ====================================================== Name: CVE-1999-0680 Status: Entry Reference: MS:MS99-028 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-028.mspx Reference: MSKB:Q238600 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q238600 Reference: CIAC:J-057 Reference: URL:http://www.ciac.org/ciac/bulletins/j-057.shtml Reference: BID:571 Reference: URL:http://www.securityfocus.com/bid/571 Reference: XF:nt-terminal-dos Windows NT Terminal Server performs extra work when a client opens a new connection but before it is authenticated, allowing for a denial of service. ====================================================== Name: CVE-1999-0681 Status: Entry Reference: BUGTRAQ:19990807 Crash FrontPage Remotely... Reference: URL:http://archives.neohapsis.com/archives/bugtraq/1999-q3/0381.html Reference: XF:frontpage-pws-dos Reference: URL:http://xforce.iss.net/static/3117.php Reference: BID:568 Reference: URL:http://www.securityfocus.com/bid/568 Buffer overflow in Microsoft FrontPage Server Extensions (PWS) 3.0.2.926 on Windows 95, and possibly other versions, allows remote attackers to cause a denial of service via a long URL. ====================================================== Name: CVE-1999-0682 Status: Entry Reference: MS:MS99-027 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-027.mspx Reference: MSKB:Q237927 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q237927 Reference: BID:567 Reference: URL:http://www.securityfocus.com/bid/567 Reference: CIAC:J-056 Reference: URL:http://www.ciac.org/ciac/bulletins/j-056.shtml Reference: XF:exchange-relay Microsoft Exchange 5.5 allows a remote attacker to relay email (i.e. spam) using encapsulated SMTP addresses, even if the anti-relaying features are enabled. ====================================================== Name: CVE-1999-0683 Status: Entry Reference: XF:gauntlet-dos Reference: BUGTRAQ:19990729 Remotely Lock Up Gauntlet 5.0 Reference: BID:556 Reference: URL:http://www.securityfocus.com/bid/556 Reference: OSVDB:1029 Reference: URL:http://www.osvdb.org/1029 Denial of service in Gauntlet Firewall via a malformed ICMP packet. ====================================================== Name: CVE-1999-0685 Status: Entry Reference: BUGTRAQ:19991209 Netscape communicator 4.06J, 4.5J-4.6J, 4.61e Buffer Overflow Reference: BID:618 Reference: URL:http://www.securityfocus.com/bid/618 Buffer overflow in Netscape Communicator via EMBED tags in the pluginspage option. ====================================================== Name: CVE-1999-0686 Status: Entry Reference: BUGTRAQ:19990514 TGAD DoS Reference: BUGTRAQ:19990610 Re: VVOS/Netscape Bug Reference: HP:HPSBUX9906-098 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9906-098 Reference: CIAC:J-046 Reference: URL:http://www.ciac.org/ciac/bulletins/j-046.shtml Reference: XF:hp-tgad-dos Denial of service in Netscape Enterprise Server (NES) in HP Virtual Vault (VVOS) via a long URL. ====================================================== Name: CVE-1999-0687 Status: Entry Reference: BUGTRAQ:19990913 Vulnerability in ttsession Reference: SUN:00192 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/192 Reference: HP:HPSBUX9909-103 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9909-103 Reference: COMPAQ:SSRT0617U_TTSESSION Reference: CIAC:K-001 Reference: URL:http://www.ciac.org/ciac/bulletins/k-001.shtml Reference: CERT:CA-99-11 Reference: BID:637 Reference: URL:http://www.securityfocus.com/bid/637 Reference: XF:cde-ttsession-rpc-auth The ToolTalk ttsession daemon uses weak RPC authentication, which allows a remote attacker to execute commands. ====================================================== Name: CVE-1999-0688 Status: Entry Reference: HP:HPSBUX9907-101 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9907-101 Reference: BID:545 Reference: URL:http://www.securityfocus.com/bid/545 Reference: XF:hp-sd-bo Buffer overflows in HP Software Distributor (SD) for HPUX 10.x and 11.x. ====================================================== Name: CVE-1999-0689 Status: Entry Reference: BUGTRAQ:19990913 Vulnerability in dtspcd Reference: SUN:00192 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/192 Reference: HP:HPSBUX9909-103 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9909-103 Reference: CERT:CA-99-11 Reference: OVAL:oval:org.mitre.oval:def:1880 Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1880 Reference: XF:cde-dtspcd-file-auth Reference: BID:636 Reference: URL:http://www.securityfocus.com/bid/636 The CDE dtspcd daemon allows local users to execute arbitrary commands via a symlink attack. ====================================================== Name: CVE-1999-0690 Status: Entry Reference: HP:HPSBUX9907-100 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9907-100 Reference: CIAC:J-053 Reference: URL:http://www.ciac.org/ciac/bulletins/j-053.shtml Reference: XF:hp-cde-directory HP CDE program includes the current directory in root's PATH variable. ====================================================== Name: CVE-1999-0691 Status: Entry Reference: BUGTRAQ:19990913 Vulnerability in dtaction Reference: SUN:00192 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/192 Reference: HP:HPSBUX9909-103 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9909-103 Reference: COMPAQ:SSRTO615U_DTACTION Reference: CERT:CA-99-11 Reference: BID:635 Reference: URL:http://www.securityfocus.com/bid/635 Reference: OVAL:oval:org.mitre.oval:def:3078 Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:3078 Reference: XF:cde-dtaction-username-bo Buffer overflow in the AddSuLog function of the CDE dtaction utility allows local users to gain root privileges via a long user name. ====================================================== Name: CVE-1999-0692 Status: Entry Reference: CERT:CA-99-09 Reference: CIAC:J-052 Reference: URL:http://www.ciac.org/ciac/bulletins/j-052.shtml Reference: SGI:19990701-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19990701-01-P Reference: XF:sgi-arrayd The default configuration of the Array Services daemon (arrayd) disables authentication, allowing remote users to gain root privileges. ====================================================== Name: CVE-1999-0693 Status: Entry Reference: CERT:CA-99-11 Reference: SUN:00192 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/192 Reference: HP:HPSBUX9909-103 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9909-103 Reference: BID:641 Reference: URL:http://www.securityfocus.com/bid/641 Reference: OVAL:oval:org.mitre.oval:def:4374 Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4374 Reference: XF:cde-dtsession-env-bo Buffer overflow in TT_SESSION environment variable in ToolTalk shared library allows local users to gain root privileges. ====================================================== Name: CVE-1999-0694 Status: Entry Reference: CIAC:J-055 Reference: URL:http://www.ciac.org/ciac/bulletins/j-055.shtml Reference: IBM:ERS-SVA-E01-1999:002.1 Reference: XF:aix-ptrace-halt Denial of service in AIX ptrace system call allows local users to crash the system. ====================================================== Name: CVE-1999-0695 Status: Entry Reference: BUGTRAQ:19990904 [Sybase] software vendors do not think about old bugs Reference: XF:http-powerdynamo-dotdotslash Reference: BID:620 Reference: URL:http://www.securityfocus.com/bid/620 Reference: OSVDB:1064 Reference: URL:http://www.osvdb.org/1064 The Sybase PowerDynamo personal web server allows attackers to read arbitrary files through a .. (dot dot) attack. ====================================================== Name: CVE-1999-0696 Status: Entry Reference: BUGTRAQ:19990709 Exploit of rpc.cmsd Reference: SCO:SB-99.12 Reference: SUN:00188 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/188 Reference: SUNBUG:4230754 Reference: HP:HPSBUX9908-102 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9908-102 Reference: COMPAQ:SSRT0614U_RPC_CMSD Reference: CERT:CA-99-08 Reference: CIAC:J-051 Reference: URL:http://www.ciac.org/ciac/bulletins/j-051.shtml Reference: XF:sun-cmsd-bo Buffer overflow in CDE Calendar Manager Service Daemon (rpc.cmsd). ====================================================== Name: CVE-1999-0697 Status: Entry Reference: BUGTRAQ:19990908 SCO 5.0.5 /bin/doctor nightmare Reference: BID:621 Reference: URL:http://www.securityfocus.com/bid/621 Reference: XF:sco-doctor-execute SCO Doctor allows local users to gain root privileges through a Tools option. ====================================================== Name: CVE-1999-0699 Status: Entry Reference: BUGTRAQ:19990908 [Security] Spoofed Id in Bluestone Sapphire/Web Reference: BID:623 Reference: URL:http://www.securityfocus.com/bid/623 The Bluestone Sapphire web server allows session hijacking via easily guessable session IDs. ====================================================== Name: CVE-1999-0700 Status: Entry Reference: MSKB:Q237185 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q237185 Reference: MS:MS99-026 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-026.mspx Reference: XF:nt-malformed-dialer Buffer overflow in Microsoft Phone Dialer (dialer.exe), via a malformed dialer entry in the dialer.ini file. ====================================================== Name: CVE-1999-0701 Status: Entry Reference: MS:MS99-036 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-036.mspx Reference: MSKB:Q173039 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q173039 Reference: BID:626 Reference: URL:http://www.securityfocus.com/bid/626 Reference: XF:nt-install-unattend-file After an unattended installation of Windows NT 4.0, an installation file could include sensitive information such as the local Administrator password. ====================================================== Name: CVE-1999-0702 Status: Entry Reference: BUGTRAQ:19990909 IE 5.0 security vulnerabilities - ImportExportFavorites - at least creating and overwriting files, probably executing programs Reference: MS:MS99-037 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-037.mspx Reference: MSKB:Q241361 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q241361 Reference: XF:ie5-import-export-favorites Reference: BID:627 Reference: URL:http://www.securityfocus.com/bid/627 Internet Explorer 5.0 and 5.01 allows remote attackers to modify or execute files via the Import/Export Favorites feature, aka the "ImportExportFavorites" vulnerability. ====================================================== Name: CVE-1999-0703 Status: Entry Reference: BUGTRAQ:19990805 4.4 BSD issue -- chflags Reference: OPENBSD:Jul30,1999 Reference: FREEBSD:FreeBSD-SA-99:01 Reference: CIAC:J-066 Reference: URL:http://www.ciac.org/ciac/bulletins/j-066.shtml Reference: XF:openbsd-chflags-fchflags-permitted OpenBSD, BSDI, and other Unix operating systems allow users to set chflags and fchflags on character and block devices. ====================================================== Name: CVE-1999-0704 Status: Entry Reference: REDHAT:RHSA-1999:032-01 Reference: CALDERA:CSSA-1999:024.0 Reference: FREEBSD:SA-99:06 Reference: DEBIAN:19991018 Reference: BID:614 Reference: URL:http://www.securityfocus.com/bid/614 Reference: CERT:CA-99-12 Reference: XF:amd-bo Buffer overflow in Berkeley automounter daemon (amd) logging facility provided in the Linux am-utils package and others. ====================================================== Name: CVE-1999-0705 Status: Entry Reference: XF:inn-inews-bo Reference: REDHAT:RHSA1999033_01 Reference: CALDERA:CSSA-1999-026 Reference: SUSE:19990831 Security hole in INN Reference: DEBIAN:19990907 Reference: BID:616 Reference: URL:http://www.securityfocus.com/bid/616 Buffer overflow in INN inews program. ====================================================== Name: CVE-1999-0706 Status: Entry Reference: DEBIAN:19990807 Reference: SUSE:19990817 Security hole in i4l (xmonisdn) Reference: BID:583 Reference: URL:http://www.securityfocus.com/bid/583 Linux xmonisdn package allows local users to gain root privileges by modifying the IFS or PATH environmental variables. ====================================================== Name: CVE-1999-0707 Status: Entry Reference: HP:HPSBUX9906-099 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9906-099 Reference: CIAC:J-050 Reference: URL:http://www.ciac.org/ciac/bulletins/j-050.shtml Reference: BID:493 Reference: URL:http://www.securityfocus.com/bid/493 Reference: XF:hp-visualize-conference-ftp The default FTP configuration in HP Visualize Conference allows conference users to send a file to other participants without authorization. ====================================================== Name: CVE-1999-0708 Status: Entry Reference: BUGTRAQ:19990921 BP9909-00: cfingerd local buffer overflow Reference: BID:651 Reference: URL:http://www.securityfocus.com/bid/651 Buffer overflow in cfingerd allows local users to gain root privileges via a long GECOS field. ====================================================== Name: CVE-1999-0710 Status: Entry Reference: BUGTRAQ:19990725 Redhat 6.0 cachemgr.cgi lameness Reference: CONFIRM:http://www.redhat.com/support/errata/archives/rh52-errata-general.html#squid Reference: DEBIAN:DSA-576 Reference: URL:http://www.debian.org/security/2004/dsa-576 Reference: FEDORA:FEDORA-2005-373 Reference: URL:http://www.redhat.com/archives/fedora-announce-list/2005-May/msg00025.html Reference: FEDORA:FLSA-2006:152809 Reference: URL:http://fedoranews.org/updates/FEDORA--.shtml Reference: REDHAT:RHSA-1999:025 Reference: URL:http://www.redhat.com/support/errata/RHSA-1999-025.html Reference: REDHAT:RHSA-2005:489 Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-489.html Reference: BID:2059 Reference: URL:http://www.securityfocus.com/bid/2059 Reference: XF:http-cgi-cachemgr(2385) Reference: URL:http://xforce.iss.net/xforce/xfdb/2385 The Squid package in Red Hat Linux 5.2 and 6.0, and other distributions, installs cachemgr.cgi in a public web directory, which allows remote attackers to use it as an intermediary to connect to other systems. ====================================================== Name: CVE-1999-0711 Status: Entry Reference: BUGTRAQ:19990430 *Huge* security hole in Oracle 8.0.5 with Intellegent agent installed Reference: URL:http://marc.theaimsgroup.com/?t=92550157100002&w=2&r=1 Reference: BUGTRAQ:19990506 Oracle Security Followup, patch and FAQ: setuid on oratclsh Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92609807906778&w=2 Reference: XF:oracle-oratclsh The oratclsh interpreter in Oracle 8.x Intelligent Agent for Unix allows local users to execute Tcl commands as root. ====================================================== Name: CVE-1999-0713 Status: Entry Reference: BUGTRAQ:19990404 Digital Unix 4.0E /var permission Reference: CIAC:J-044 Reference: URL:http://www.ciac.org/ciac/bulletins/j-044.shtml Reference: XF:cde-dtlogin Reference: COMPAQ:SSRT0600U The dtlogin program in Compaq Tru64 UNIX allows local users to gain root privileges. ====================================================== Name: CVE-1999-0714 Status: Entry Reference: COMPAQ:SSRT0588U Reference: XF:du-edauth Vulnerability in Compaq Tru64 UNIX edauth command. ====================================================== Name: CVE-1999-0715 Status: Entry Reference: BUGTRAQ:19990519 Buffer Overruns in RAS allows execution of arbitary code as system Reference: MS:MS99-016 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-016.mspx Reference: MSKB:Q230677 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q230677 Reference: XF:nt-ras-bo Buffer overflow in Remote Access Service (RAS) client allows an attacker to execute commands or cause a denial of service via a malformed phonebook entry. ====================================================== Name: CVE-1999-0716 Status: Entry Reference: XF:nt-helpfile-bo Reference: MSKB:Q231605 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q231605 Reference: MS:MS99-015 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-015.asp Buffer overflow in Windows NT 4.0 help file utility via a malformed help file. ====================================================== Name: CVE-1999-0717 Status: Entry Reference: MS:MS99-014 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-014.mspx Reference: MSKB:Q231304 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q231304 Reference: XF:excel-virus-warning A remote attacker can disable the virus warning mechanism in Microsoft Excel 97. ====================================================== Name: CVE-1999-0718 Status: Entry Reference: NTBUGTRAQ:19990823 IBM Gina security warning Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind9908&L=ntbugtraq&F=&S=&P=5534 Reference: BID:608 Reference: URL:http://www.securityfocus.com/bid/608 Reference: XF:ibm-gina-group-add Reference: URL:http://xforce.iss.net/static/3166.php IBM GINA, when used for OS/2 domain authentication of Windows NT users, allows local users to gain administrator privileges by changing the GroupMapping registry key. ====================================================== Name: CVE-1999-0719 Status: Entry Reference: BUGTRAQ:19990802 Gnumeric potential security hole. Reference: REDHAT:RHSA-1999:023-01 Reference: XF:gnu-guile-plugin-export Reference: BID:563 Reference: URL:http://www.securityfocus.com/bid/563 The Guile plugin for the Gnumeric spreadsheet package allows attackers to execute arbitrary code. ====================================================== Name: CVE-1999-0720 Status: Entry Reference: BUGTRAQ:19990823 [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=lcamtuf.4.05.9907041223290.355-300000@nimue.ids.pl Reference: BID:597 Reference: URL:http://www.securityfocus.com/bid/597 Reference: XF:linux-pt-chown The pt_chown command in Linux allows local users to modify TTY terminal devices that belong to other users. ====================================================== Name: CVE-1999-0721 Status: Entry Reference: BINDVIEW:Phantom Technical Advisory Reference: MSKB:Q231457 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q231457 Reference: MS:MS99-020 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-020.mspx Reference: CIAC:J-049 Reference: URL:http://www.ciac.org/ciac/bulletins/j-049.shtml Reference: XF:msrpc-lsa-lookupnames-dos Denial of service in Windows NT Local Security Authority (LSA) through a malformed LSA request. ====================================================== Name: CVE-1999-0722 Status: Entry Reference: CERT:CA-99-10 Reference: BID:558 Reference: URL:http://www.securityfocus.com/bid/558 Reference: XF:cobalt-raq2-default-config The default configuration of Cobalt RaQ2 servers allows remote users to install arbitrary software packages. ====================================================== Name: CVE-1999-0723 Status: Entry Reference: NTBUGTRAQ:19990411 Death by MessageBox Reference: MS:MS99-021 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-021.mspx Reference: MSKB:Q233323 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q233323 Reference: CIAC:J-049 Reference: URL:http://www.ciac.org/ciac/bulletins/j-049.shtml Reference: BID:478 Reference: URL:http://www.securityfocus.com/bid/478 Reference: XF:nt-csrss-dos The Windows NT Client Server Runtime Subsystem (CSRSS) can be subjected to a denial of service when all worker threads are waiting for user input. ====================================================== Name: CVE-1999-0724 Status: Entry Reference: OPENBSD:Aug12,1999 Reference: XF:openbsd-uio_offset-bo Reference: OSVDB:6128 Reference: URL:http://www.osvdb.org/6128 Buffer overflow in OpenBSD procfs and fdescfs file systems via uio_offset in the readdir() function. ====================================================== Name: CVE-1999-0725 Status: Entry Reference: MSKB:Q233335 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q233335 Reference: MS:MS99-022 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-022.mspx Reference: BID:477 Reference: URL:http://www.securityfocus.com/bid/477 Reference: XF:iis-double-byte-code-page(2302) Reference: URL:http://xforce.iss.net/xforce/xfdb/2302 When IIS is run with a default language of Chinese, Korean, or Japanese, it allows a remote attacker to view the source code of certain files, a.k.a. "Double Byte Code Page". ====================================================== Name: CVE-1999-0726 Status: Entry Reference: MS:MS99-023 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-023.mspx Reference: MSKB:Q234557 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q234557 Reference: BID:499 Reference: URL:http://www.securityfocus.com/bid/499 Reference: XF:nt-malformed-image-header An attacker can conduct a denial of service in Windows NT by executing a program with a malformed file image header. ====================================================== Name: CVE-1999-0727 Status: Entry Reference: OPENBSD:19990608 Packets that should have been handled by IPsec may be transmitted as cleartext Reference: XF:openbsd-ipsec-cleartext Reference: OSVDB:6127 Reference: URL:http://www.osvdb.org/6127 A kernel leak in the OpenBSD kernel allows IPsec packets to be sent unencrypted. ====================================================== Name: CVE-1999-0728 Status: Entry Reference: MS:MS99-024 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-024.mspx Reference: MSKB:Q236359 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q236359 Reference: XF:nt-ioctl-dos A Windows NT user can disable the keyboard or mouse by directly calling the IOCTLs which control them. ====================================================== Name: CVE-1999-0729 Status: Entry Reference: ISS:19990823 Denial of Service Attack against Lotus Notes Domino Server 4.6 Reference: URL:http://xforce.iss.net/alerts/advise34.php Reference: CIAC:J-061 Reference: URL:http://www.ciac.org/ciac/bulletins/j-061.shtml Reference: BID:601 Reference: URL:http://www.securityfocus.com/bid/601 Reference: XF:lotus-ldap-bo Reference: OSVDB:1057 Reference: URL:http://www.osvdb.org/1057 Buffer overflow in Lotus Notes LDAP (NLDAP) allows an attacker to conduct a denial of service through the ldap_search request. ====================================================== Name: CVE-1999-0730 Status: Entry Reference: DEBIAN:19990612 The zsoelim program in the Debian man-db package allows local users to overwrite files via a symlink attack. ====================================================== Name: CVE-1999-0731 Status: Entry Reference: BUGTRAQ:19990623 Security flaw in klock Reference: CALDERA:CSSA-1999:017 Reference: SUSE:19990629 Security hole in Klock Reference: BID:489 Reference: URL:http://www.securityfocus.com/bid/489 The KDE klock program allows local users to unlock a session using malformed input. ====================================================== Name: CVE-1999-0732 Status: Entry Reference: DEBIAN:19990823b Reference: XF:smtp-refuser-tmp The logging facilitity of the Debian smtp-refuser package allows local users to delete arbitrary files using symbolic links. ====================================================== Name: CVE-1999-0733 Status: Entry Reference: BUGTRAQ:19990626 VMWare Advisory - buffer overflows Reference: BUGTRAQ:19990626 VMware Security Alert Reference: BUGTRAQ:19990705 Re: VMWare Advisory.. - exploit Reference: BID:490 Reference: URL:http://www.securityfocus.com/bid/490 Reference: XF:vmware-bo Buffer overflow in VMWare 1.0.1 for Linux via a long HOME environmental variable. ====================================================== Name: CVE-1999-0734 Status: Entry Reference: CISCO: CiscoSecure Access Control Server for UNIX Remote Administration Vulnerability Reference: XF:ciscosecure-read-write A default configuration of CiscoSecure Access Control Server (ACS) allows remote users to modify the server database without authentication. ====================================================== Name: CVE-1999-0735 Status: Entry Reference: ISS:KDE K-Mail File Creation Vulnerability Reference: CALDERA:CSSA-1999:016 Reference: REDHAT:RHSA-1999:015-01 Reference: URL:http://www.redhat.com/support/errata/RHSA1999015_01.html Reference: BID:300 Reference: URL:http://www.securityfocus.com/bid/300 KDE K-Mail allows local users to gain privileges via a symlink attack in temporary user directories. ====================================================== Name: CVE-1999-0740 Status: Entry Reference: BID:594 Reference: URL:http://www.securityfocus.com/bid/594 Reference: XF:linux-telnetd-term Reference: CALDERA:CSSA-1999:022 Reference: REDHAT:RHSA1999029_01 Remote attackers can cause a denial of service on Linux in.telnetd telnet daemon through a malformed TERM environmental variable. ====================================================== Name: CVE-1999-0742 Status: Entry Reference: DEBIAN:19990623 Reference: BID:480 Reference: URL:http://www.securityfocus.com/bid/480 The Debian mailman package uses weak authentication, which allows attackers to gain privileges. ====================================================== Name: CVE-1999-0743 Status: Entry Reference: BUGTRAQ:19990819 Insecure use of file in /tmp by trn Reference: DEBIAN:19990823c Reference: SUSE:19990824 Security hole in trn Reference: XF:trn-symlinks(3144) Reference: URL:http://xforce.iss.net/xforce/xfdb/3144 Trn allows local users to overwrite other users' files via symlinks. ====================================================== Name: CVE-1999-0744 Status: Entry Reference: ISS:Buffer Overflow in Netscape Enterprise and FastTrack Web Servers Reference: BID:603 Reference: URL:http://www.securityfocus.com/bid/603 Buffer overflow in Netscape Enterprise Server and FastTrask Server allows remote attackers to gain privileges via a long HTTP GET request. ====================================================== Name: CVE-1999-0745 Status: Entry Reference: IBM:ERS-SVA-E01-1999:003.1 Reference: CIAC:J-059 Reference: URL:http://www.ciac.org/ciac/bulletins/j-059.shtml Reference: BID:590 Reference: URL:http://www.securityfocus.com/bid/590 Reference: XF:aix-pdnsd-bo Buffer overflow in Source Code Browser Program Database Name Server Daemon (pdnsd) for the IBM AIX C Set ++ compiler. ====================================================== Name: CVE-1999-0746 Status: Entry Reference: BUGTRAQ:19990814 DOS against SuSE's identd Reference: SUSE:19990824 Security hole in netcfg Reference: BID:587 Reference: URL:http://www.securityfocus.com/bid/587 Reference: XF:suse-identd-dos A default configuration of in.identd in SuSE Linux waits 120 seconds between requests, allowing a remote attacker to conduct a denial of service. ====================================================== Name: CVE-1999-0747 Status: Entry Reference: BUGTRAQ:19990816 Symmetric Multiprocessing (SMP) Vulnerbility in BSDi 4.0.1 Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.BSI.4.10.9908170253560.19291-100000@saturn.psn.net Reference: BID:589 Reference: URL:http://www.securityfocus.com/bid/589 Reference: XF:bsdi-smp-dos Denial of service in BSDi Symmetric Multiprocessing (SMP) when an fstat call is made when the system has a high CPU load. ====================================================== Name: CVE-1999-0749 Status: Entry Reference: BUGTRAQ:19990815 telnet.exe heap overflow - remotely exploitable Reference: MS:MS99-033 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-033.mspx Reference: XF:win-ie5-telnet-heap-overflow Reference: BID:586 Reference: URL:http://www.securityfocus.com/bid/586 Buffer overflow in Microsoft Telnet client in Windows 95 and Windows 98 via a malformed Telnet argument. ====================================================== Name: CVE-1999-0751 Status: Entry Reference: BUGTRAQ:19990913 Accept overflow on Netscape Enterprise Server 3.6 SP2 Reference: BID:631 Reference: URL:http://www.securityfocus.com/bid/631 Reference: XF:netscape-accept-bo(3256) Reference: URL:http://xforce.iss.net/xforce/xfdb/3256 Buffer overflow in Accept command in Netscape Enterprise Server 3.6 with the SSL Handshake Patch. ====================================================== Name: CVE-1999-0752 Status: Entry Reference: BUGTRAQ:19990706 Netscape Enterprise Server SSL Handshake Bug Denial of service in Netscape Enterprise Server via a buffer overflow in the SSL handshake. ====================================================== Name: CVE-1999-0753 Status: Entry Reference: BUGTRAQ:19990817 Stupid bug in W3-msql Reference: XF:mini-sql-w3-msql-cgi Reference: BID:591 Reference: URL:http://www.securityfocus.com/bid/591 The w3-msql CGI script provided with Mini SQL allows remote attackers to view restricted directories. ====================================================== Name: CVE-1999-0754 Status: Entry Reference: BUGTRAQ:19990511 INN 2.0 and higher. Root compromise potential Reference: CALDERA:CSSA-1999-011.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-1999-011.0.txt Reference: SUSE:19990518 Security hole in INN Reference: MISC:http://www.redhat.com/corp/support/errata/inn99_05_22.html Reference: BID:255 Reference: URL:http://www.securityfocus.com/bid/255 Reference: XF:inn-innconf-env The INN inndstart program allows local users to gain privileges by specifying an alternate configuration file using the INNCONF environmental variable. ====================================================== Name: CVE-1999-0755 Status: Entry Reference: XF:nt-ras-pwcache Reference: MSKB:Q230681 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q230681 Reference: MS:MS99-017 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-017.mspx Windows NT RRAS and RAS clients cache a user's password even if the user has not selected the "Save password" option. ====================================================== Name: CVE-1999-0756 Status: Entry Reference: ALLAIRE:ASB99-07 Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=10968&Method=Full Reference: XF:coldfusion-admin-dos(2207) Reference: URL:http://xforce.iss.net/static/2207.php ColdFusion Administrator with Advanced Security enabled allows remote users to stop the ColdFusion server via the Start/Stop utility. ====================================================== Name: CVE-1999-0758 Status: Entry Reference: ALLAIRE:ASB99-06 Reference: XF:netscape-space-view Netscape Enterprise 3.5.1 and FastTrack 3.01 servers allow a remote attacker to view source code to scripts by appending a %20 to the script's URL. ====================================================== Name: CVE-1999-0759 Status: Entry Reference: BUGTRAQ:19990913 Many kind of POP3/SMTP server softwares for Windows have buffer overflow bug Reference: CONFIRM:http://www.crosswinds.net/~fuseware/faq.html#8 Reference: BID:634 Reference: URL:http://www.securityfocus.com/bid/634 Reference: XF:fuseware-popmail-bo Buffer overflow in FuseMAIL POP service via long USER and PASS commands. ====================================================== Name: CVE-1999-0760 Status: Entry Reference: ALLAIRE:ASB99-10 Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=11714&Method=Full Reference: BID:550 Reference: URL:http://www.securityfocus.com/bid/550 Reference: XF:coldfusion-server-cfml-tags Reference: URL:http://xforce.iss.net/static/3288.php Undocumented ColdFusion Markup Language (CFML) tags and functions in the ColdFusion Administrator allow users to gain additional privileges. ====================================================== Name: CVE-1999-0761 Status: Entry Reference: FREEBSD:FreeBSD-SA-99:05 Reference: XF:freebsd-fts-lib-bo Reference: BID:644 Reference: URL:http://www.securityfocus.com/bid/644 Reference: OSVDB:1074 Reference: URL:http://www.osvdb.org/1074 Buffer overflow in FreeBSD fts library routines allows local user to modify arbitrary files via the periodic program. ====================================================== Name: CVE-1999-0762 Status: Entry Reference: XF:netscape-title Reference: BUGTRAQ:19990524 Netscape Communicator JavaScript in security vulnerability When Javascript is embedded within the TITLE tag, Netscape Communicator allows a remote attacker to use the "about" protocol to gain access to browser information. ====================================================== Name: CVE-1999-0763 Status: Entry Reference: NETBSD:1999-010 Reference: XF:netbsd-arp Reference: OSVDB:6540 Reference: URL:http://www.osvdb.org/6540 NetBSD on a multi-homed host allows ARP packets on one network to modify ARP entries on another connected network. ====================================================== Name: CVE-1999-0764 Status: Entry Reference: NETBSD:1999-010 Reference: XF:netbsd-arp Reference: OSVDB:6539 Reference: URL:http://www.osvdb.org/6539 NetBSD allows ARP packets to overwrite static ARP entries. ====================================================== Name: CVE-1999-0765 Status: Entry Reference: BUGTRAQ:19990619 IRIX midikeys root exploit. Reference: SGI:19990501-01-A Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19990501-01-A Reference: BID:262 Reference: URL:http://www.securityfocus.com/bid/262 Reference: XF:irix-midikeys SGI IRIX midikeys program allows local users to modify arbitrary files via a text editor. ====================================================== Name: CVE-1999-0766 Status: Entry Reference: MS:MS99-031 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-031.mspx Reference: MSKB:Q240346 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q240346 Reference: BID:600 Reference: URL:http://www.securityfocus.com/bid/600 Reference: XF:msvm-verifier-java The Microsoft Java Virtual Machine allows a malicious Java applet to execute arbitrary commands outside of the sandbox environment. ====================================================== Name: CVE-1999-0768 Status: Entry Reference: BID:602 Reference: URL:http://www.securityfocus.com/bid/602 Reference: REDHAT:RHSA-1999:030-02 Reference: SUSE:19990829 Security hole in cron Buffer overflow in Vixie Cron on Red Hat systems via the MAILTO environmental variable. ====================================================== Name: CVE-1999-0769 Status: Entry Reference: REDHAT:RHSA-1999:030-02 Reference: CALDERA:CSSA-1999:023.0 Reference: SUSE:19990829 Security hole in cron Reference: DEBIAN:19990830 cron Reference: BID:611 Reference: URL:http://www.securityfocus.com/bid/611 Vixie Cron on Linux systems allows local users to set parameters of sendmail commands via the MAILTO environmental variable. ====================================================== Name: CVE-1999-0770 Status: Entry Reference: BUGTRAQ:19990729 Simple DOS attack on FW-1 Reference: BID:549 Reference: URL:http://www.securityfocus.com/bid/549 Reference: CHECKPOINT:ACK DOS ATTACK Reference: OSVDB:1027 Reference: URL:http://www.osvdb.org/1027 Firewall-1 sets a long timeout for connections that begin with ACK or other packets except SYN, allowing an attacker to conduct a denial of service via a large number of connection attempts to unresponsive systems. ====================================================== Name: CVE-1999-0771 Status: Entry Reference: BUGTRAQ:19990526 Infosec.19990526.compaq-im.a Reference: COMPAQ:SSRT0612U Reference: XF:management-agent-file-read The web components of Compaq Management Agents and the Compaq Survey Utility allow a remote attacker to read arbitrary files via a .. (dot dot) attack. ====================================================== Name: CVE-1999-0772 Status: Entry Reference: BUGTRAQ:19990527 Re: Infosec.19990526.compaq-im.a (New DoS and correction to my previous post) Reference: COMPAQ:SSRT0612U Reference: XF:management-agent-dos Denial of service in Compaq Management Agents and the Compaq Survey Utility via a long string sent to port 2301. ====================================================== Name: CVE-1999-0773 Status: Entry Reference: BUGTRAQ:19990511 Solaris2.6 and 2.7 lpset overflow Reference: URL:http://www.netspace.org/cgi-bin/wa?A2=ind9905B&L=bugtraq&P=R2017 Reference: XF:sol-lpset-bo Buffer overflow in Solaris lpset program allows local users to gain root access. ====================================================== Name: CVE-1999-0774 Status: Entry Reference: BUGTRAQ:19990830 Babcia Padlina Ltd. security advisory: mars_nwe buffer overf Reference: REDHAT:RHSA1999037_01 Reference: SUSE:19990916 Security hole in mars nwe Reference: BID:617 Reference: URL:http://www.securityfocus.com/bid/617 Buffer overflows in Mars NetWare Emulation (NWE, mars_nwe) package via long directory names. ====================================================== Name: CVE-1999-0775 Status: Entry Reference: CISCO:19990610 Cisco IOS Software established Access List Keyword Error Reference: XF:cisco-gigaswitch Cisco Gigabit Switch routers running IOS allow remote attackers to forward unauthorized packets due to improper handling of the "established" keyword in an access list. ====================================================== Name: CVE-1999-0777 Status: Entry Reference: MS:MS99-039 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-039.asp Reference: MSKB:Q241407 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q241407 Reference: MSKB:Q242559 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q242559 Reference: XF:iis-ftp-no-access-files Reference: BID:658 Reference: URL:http://www.securityfocus.com/bid/658 IIS FTP servers may allow a remote attacker to read or delete files on the server, even if they have "No Access" permissions. ====================================================== Name: CVE-1999-0778 Status: Entry Reference: BUGTRAQ:19990626 KSR[T] #011: Accelerated-X Reference: KSRT:011 Reference: BID:488 Reference: URL:http://www.securityfocus.com/bid/488 Reference: XF:accelx-display-bo Buffer overflow in Xi Graphics Accelerated-X server allows local users to gain root access via a long display or query parameter. ====================================================== Name: CVE-1999-0779 Status: Entry Reference: HP:HPSBUX9810-086 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9810-086 Reference: XF:hp-sharedx Denial of service in HP-UX SharedX recserv program. ====================================================== Name: CVE-1999-0780 Status: Entry Reference: BUGTRAQ:19981118 Multiple KDE security vulnerabilities (root compromise) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91141486301691&w=2 Reference: XF:kde-klock-process-kill KDE klock allows local users to kill arbitrary processes by specifying an arbitrary PID in the .kss.pid file. ====================================================== Name: CVE-1999-0781 Status: Entry Reference: BUGTRAQ:19981118 Multiple KDE security vulnerabilities (root compromise) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91141486301691&w=2 Reference: XF:kde-klock-bindir-trojans KDE allows local users to execute arbitrary commands by setting the KDEDIR environmental variable to modify the search path that KDE uses to locate its executables. ====================================================== Name: CVE-1999-0782 Status: Entry Reference: BUGTRAQ:19981118 Multiple KDE security vulnerabilities (root compromise) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91141486301691&w=2 Reference: XF:kde-kppp-directory-create KDE kppp allows local users to create a directory in an arbitrary location via the HOME environmental variable. ====================================================== Name: CVE-1999-0783 Status: Entry Reference: FREEBSD:FreeBSD-SA-98:05 Reference: CIAC:I-057 Reference: URL:http://www.ciac.org/ciac/bulletins/i-057.shtml Reference: XF:freebsd-nfs-link-dos Reference: OSVDB:6090 Reference: URL:http://www.osvdb.org/6090 FreeBSD allows local users to conduct a denial of service by creating a hard link from a device special file to a file on an NFS file system. ====================================================== Name: CVE-1999-0785 Status: Entry Reference: BUGTRAQ:19990511 INN 2.0 and higher. Root compromise potential Reference: SUSE:19990518 Security hole in INN Reference: XF:inn-pathrun Reference: BID:254 Reference: URL:http://www.securityfocus.com/bid/254 The INN inndstart program allows local users to gain root privileges via the "pathrun" parameter in the inn.conf file. ====================================================== Name: CVE-1999-0786 Status: Entry Reference: BUGTRAQ:19990922 LD_PROFILE local root exploit for solaris 2.6 Reference: BID:659 Reference: URL:http://www.securityfocus.com/bid/659 The dynamic linker in Solaris allows a local user to create arbitrary files via the LD_PROFILE environmental variable and a symlink attack. ====================================================== Name: CVE-1999-0787 Status: Entry Reference: BUGTRAQ:19990917 A few bugs... Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93760201002154&w=2 Reference: BUGTRAQ:19990924 [Fwd: Truth about ssh 1.2.27 vulnerability] Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93832856804415&w=2 Reference: XF:ssh-socket-auth-symlink-dos Reference: BID:660 Reference: URL:http://www.securityfocus.com/bid/660 The SSH authentication agent follows symlinks via a UNIX domain socket. ====================================================== Name: CVE-1999-0788 Status: Entry Reference: BUGTRAQ:19990924 Multiple vendor Knox Arkiea local root/remote DoS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93837184228248&w=2 Reference: BID:662 Reference: URL:http://www.securityfocus.com/bid/662 Reference: XF:arkiea-backup-nlserverd-remote-dos Arkiea nlservd allows remote attackers to conduct a denial of service. ====================================================== Name: CVE-1999-0789 Status: Entry Reference: BUGTRAQ:19990928 Remote bufferoverflow exploit for ftpd from AIX 4.3.2 running on an RS6000 Reference: IBM:ERS-SVA-E01-1999:004.1 Reference: CIAC:J-072 Reference: URL:http://www.ciac.org/ciac/bulletins/j-072.shtml Reference: XF:aix-ftpd-bo Reference: BID:679 Reference: URL:http://www.securityfocus.com/bid/679 Buffer overflow in AIX ftpd in the libc library. ====================================================== Name: CVE-1999-0790 Status: Entry Reference: MISC:http://home.netscape.com/security/notes/jscachebrowsing.html Reference: XF:netscape-javascript A remote attacker can read information from a Netscape user's cache via JavaScript. ====================================================== Name: CVE-1999-0791 Status: Entry Reference: BUGTRAQ:19991006 KSR[T] Advisories #012: Hybrid Network's Cable Modems Reference: KSRT:012 Reference: BID:695 Reference: URL:http://www.securityfocus.com/bid/695 Reference: XF:hybrid-anon-cable-modem-reconfig Hybrid Network cable modems do not include an authentication mechanism for administration, allowing remote attackers to compromise the system through the HSMP protocol. ====================================================== Name: CVE-1999-0793 Status: Entry Reference: MS:MS99-043 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-043.mspx Reference: XF:ie-java-redirect Internet Explorer allows remote attackers to read files by redirecting data to a Javascript applet. ====================================================== Name: CVE-1999-0794 Status: Entry Reference: MS:MS99-044 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-044.mspx Reference: XF:excel-sylk Reference: MSKB:Q241900 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q241900 Reference: MSKB:Q241901 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q241901 Reference: MSKB:Q241902 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q241902 Microsoft Excel does not warn a user when a macro is present in a Symbolic Link (SYLK) format file. ====================================================== Name: CVE-1999-0796 Status: Entry Reference: FREEBSD:SA-98.03 Reference: XF:freebsd-ttcp-spoof Reference: OSVDB:6089 Reference: URL:http://www.osvdb.org/6089 FreeBSD T/TCP Extensions for Transactions can be subjected to spoofing attacks. ====================================================== Name: CVE-1999-0797 Status: Entry Reference: ISS:19980629 Distributed DoS attack against NIS/NIS+ based networks. Reference: CIAC:I-070 Reference: URL:http://www.ciac.org/ciac/bulletins/i-070.shtml Reference: XF:sun-nis-nisplus NIS finger allows an attacker to conduct a denial of service via a large number of finger requests, resulting in a large number of NIS queries. ====================================================== Name: CVE-1999-0799 Status: Entry Reference: BUGTRAQ:19970725 Exploitable buffer overflow in bootpd (most unices) Reference: XF:bootpd-bo Buffer overflow in bootpd 2.4.3 and earlier via a long boot file location. ====================================================== Name: CVE-1999-0800 Status: Entry Reference: ALLAIRE:ASB99-05 Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=9602&Method=Full Reference: NTBUGTRAQ:19990211 ACFUG List: Alert: Allaire Forums GetFile bug Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/1998-1999/msg00332.html Reference: XF:allaire-forums-file-read(1748) Reference: URL:http://xforce.iss.net/xforce/xfdb/1748 Reference: OSVDB:944 Reference: URL:http://www.osvdb.org/944 The GetFile.cfm file in Allaire Forums allows remote attackers to read files through a parameter to GetFile.cfm. ====================================================== Name: CVE-1999-0801 Status: Entry Reference: BUGTRAQ:19990409 Patrol security bugs Reference: URL:http://www.securityfocus.com/archive/1/13204 Reference: XF:bmc-patrol-frames(2075) Reference: URL:http://www.iss.net/security_center/static/2075.php BMC Patrol allows remote attackers to gain access to an agent by spoofing frames. ====================================================== Name: CVE-1999-0802 Status: Entry Reference: BUGTRAQ:19990503 MSIE 5 FAVICON BUG Reference: MS:MS99-018 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-018.mspx Reference: MSKB:Q231450 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q231450 Reference: XF:ie-favicon Buffer overflow in Internet Explorer 5 allows remote attackers to execute commands via a malformed Favorites icon. ====================================================== Name: CVE-1999-0803 Status: Entry Reference: BUGTRAQ:19990525 IBM eNetwork Firewall for AIX Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92765973207648&w=2 Reference: XF:ibm-enfirewall-tmpfiles Reference: OSVDB:962 Reference: URL:http://www.osvdb.org/962 The fwluser script in AIX eNetwork Firewall allows local users to write to arbitrary files via a symlink attack. ====================================================== Name: CVE-1999-0804 Status: Entry Reference: BUGTRAQ:19990601 Linux kernel 2.2.x vulnerability/exploit Reference: DEBIAN:19990607 Reference: CALDERA:CSSA-1999:013 Reference: SUSE:19990602 Denial of Service on the 2.2 kernel Reference: REDHAT:19990603 Kernel Update Reference: BID:302 Reference: URL:http://www.securityfocus.com/bid/302 Denial of service in Linux 2.2.x kernels via malformed ICMP packets containing unusual types, codes, and IP header lengths. ====================================================== Name: CVE-1999-0806 Status: Entry Reference: BUGTRAQ:19990510 Solaris2.6,2.7 dtprintinfo exploits Reference: XF:cde-dtprintinfo Reference: OSVDB:6552 Reference: URL:http://www.osvdb.org/6552 Buffer overflow in Solaris dtprintinfo program. ====================================================== Name: CVE-1999-0807 Status: Entry Reference: XF:netscape-dirsvc-password The Netscape Directory Server installation procedure leaves sensitive information in a file that is accessible to local users. ====================================================== Name: CVE-1999-0809 Status: Entry Reference: BUGTRAQ:19990709 Communicator 4.[56]x, JavaScript used to bypass cookie settings Netscape Communicator 4.x with Javascript enabled does not warn a user of cookie settings, even if they have selected the option to "Only accept cookies originating from the same server as the page being viewed". ====================================================== Name: CVE-1999-0810 Status: Entry Reference: BUGTRAQ:19990721 Samba 2.0.5 security fixes Reference: CALDERA:CSSA-1999:018.0 Reference: DEBIAN:19990731 Reference: DEBIAN:19990804 Reference: REDHAT:RHSA-1999:022-02 Reference: SUSE:19990816 Security hole in Samba Denial of service in Samba NETBIOS name service daemon (nmbd). ====================================================== Name: CVE-1999-0811 Status: Entry Reference: BUGTRAQ:19990721 Samba 2.0.5 security fixes Reference: REDHAT:RHSA-1999:022-02 Reference: CALDERA:CSSA-1999:018.0 Reference: SUSE:19990816 Security hole in Samba Reference: DEBIAN:19990731 Samba Reference: XF:samba-message-bo Reference: BID:536 Reference: URL:http://www.securityfocus.com/bid/536 Buffer overflow in Samba smbd program via a malformed message command. ====================================================== Name: CVE-1999-0812 Status: Entry Reference: BUGTRAQ:19990721 Samba 2.0.5 security fixes Reference: DEBIAN:19990731 Reference: DEBIAN:19990804 Reference: CALDERA:CSSA-1999:018.0 Reference: REDHAT:RHSA-1999:022-02 Reference: SUSE:19990816 Security hole in Samba Race condition in Samba smbmnt allows local users to mount file systems in arbitrary locations. ====================================================== Name: CVE-1999-0813 Status: Entry Reference: BUGTRAQ:19990810 Severe bug in cfingerd before 1.4.0 Reference: BUGTRAQ:19980724 CFINGERD root security hole Reference: DEBIAN:19990814 Reference: XF:cfingerd-privileges Cfingerd with ALLOW_EXECUTION enabled does not properly drop privileges when it executes a program on behalf of the user, allowing local users to gain root privileges. ====================================================== Name: CVE-1999-0814 Status: Entry Reference: REDHAT:RHSA-1999:027 Reference: URL:http://www.redhat.com/support/errata/RHSA-1999-027.html Red Hat pump DHCP client allows remote attackers to gain root access in some configurations. ====================================================== Name: CVE-1999-0815 Status: Entry Reference: MSKB:Q196270 Reference: URL:http://support.microsoft.com/support/kb/articles/q196/2/70.asp Reference: XF:nt-snmpagent-leak(1974) Reference: URL:http://xforce.iss.net/static/1974.php Reference: OVAL:oval:org.mitre.oval:def:952 Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:952 Memory leak in SNMP agent in Windows NT 4.0 before SP5 allows remote attackers to conduct a denial of service (memory exhaustion) via a large number of queries. ====================================================== Name: CVE-1999-0817 Status: Entry Reference: SUSE:19990915 Security hole in lynx Lynx WWW client allows a remote attacker to specify command-line parameters which Lynx uses when calling external programs to handle certain protocols, e.g. telnet. ====================================================== Name: CVE-1999-0819 Status: Entry Reference: NTBUGTRAQ:19991130 NTmail and VRFY Reference: BUGTRAQ:19991130 NTmail and VRFY Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94398141118586&w=2 Reference: XF:nt-mail-vrfy NTMail does not disable the VRFY command, even if the administrator has explicitly disabled it. ====================================================== Name: CVE-1999-0820 Status: Entry Reference: BUGTRAQ:19991130 Several FreeBSD-3.3 vulnerabilities Reference: BID:838 Reference: URL:http://www.securityfocus.com/bid/838 Reference: XF:freebsd-seyon-dir-add Reference: OSVDB:5996 Reference: URL:http://www.osvdb.org/5996 FreeBSD seyon allows users to gain privileges via a modified PATH variable for finding the xterm and seyon-emu commands. ====================================================== Name: CVE-1999-0823 Status: Entry Reference: BUGTRAQ:19991130 Several FreeBSD-3.3 vulnerabilities Reference: BID:839 Reference: URL:http://www.securityfocus.com/bid/839 Reference: XF:freebsd-xmindpath Reference: OSVDB:1150 Reference: URL:http://www.osvdb.org/1150 Buffer overflow in FreeBSD xmindpath allows local users to gain privileges via -f argument. ====================================================== Name: CVE-1999-0824 Status: Entry Reference: BID:833 Reference: URL:http://www.securityfocus.com/bid/833 Reference: NTBUGTRAQ:19991130 SUBST problem Reference: BUGTRAQ:19991130 Subst.exe carelessness (fwd) A Windows NT user can use SUBST to map a drive letter to a folder, which is not unmapped after the user logs off, potentially allowing that user to modify the location of folders accessed by later users. ====================================================== Name: CVE-1999-0826 Status: Entry Reference: BUGTRAQ:19991130 Several FreeBSD-3.3 vulnerabilities Reference: BID:840 Reference: URL:http://www.securityfocus.com/bid/840 Reference: XF:angband-bo Reference: OSVDB:1151 Reference: URL:http://www.osvdb.org/1151 Buffer overflow in FreeBSD angband allows local users to gain privileges. ====================================================== Name: CVE-1999-0831 Status: Entry Reference: CALDERA:CSSA-1999-035.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-1999-035.0.txt Reference: REDHAT:RHSA1999055-01 Reference: SUSE:19991118 syslogd-1.3.33 (a1) Reference: BUGTRAQ:19991130 [david@slackware.com: New Patches for Slackware 4.0 Available] Reference: BID:809 Reference: URL:http://www.securityfocus.com/bid/809 Reference: XF:slackware-syslogd-dos Denial of service in Linux syslogd via a large number of connections. ====================================================== Name: CVE-1999-0832 Status: Entry Reference: BUGTRAQ:19991109 undocumented bugs - nfsd Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.20.9911091058140.12964-100000@mail.zigzag.pl Reference: DEBIAN:19991111 buffer overflow in nfs server Reference: URL:http://www.debian.org/security/1999/19991111 Reference: SUSE:19991110 Security hole in nfs-server < 2.2beta47 within nkita Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_29.html Reference: CALDERA:CSSA-1999-033.0 Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-033.0.txt Reference: REDHAT:RHSA-1999:053-01 Reference: URL:http://www.redhat.com/support/errata/rh42-errata-general.html#NFS Reference: BUGTRAQ:19991130 [david@slackware.com: New Patches for Slackware 4.0 Available] Reference: XF:linux-nfs-maxpath-bo Reference: BID:782 Reference: URL:http://www.securityfocus.com/bid/782 Buffer overflow in NFS server on Linux allows attackers to execute commands via a long pathname. ====================================================== Name: CVE-1999-0833 Status: Entry Reference: SUSE:19991111 Security hole in bind8 < 8.2.2p2 and bind4 < 4.9.7-REL Reference: DEBIAN:19991116 Denial of service vulnerabilities in bind Reference: CALDERA:CSSA-1999-034.1 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-1999-034.1.txt Reference: REDHAT:RHSA-1999:054-01 Reference: CERT:CA-99-14 Reference: BID:788 Reference: URL:http://www.securityfocus.com/bid/788 Reference: XF:bind-nxt-bo Buffer overflow in BIND 8.2 via NXT records. ====================================================== Name: CVE-1999-0834 Status: Entry Reference: BUGTRAQ:19991201 Security Advisory: Buffer overflow in RSAREF2 Reference: BUGTRAQ:19991202 OpenBSD sslUSA26 advisory (Re: CORE-SDI: Buffer overflow in RSAREF2) Reference: CERT:CA-99-15 Reference: BID:843 Reference: URL:http://www.securityfocus.com/bid/843 Reference: XF:rsaref-bo Buffer overflow in RSAREF2 via the encryption and decryption functions in the RSAREF library. ====================================================== Name: CVE-1999-0835 Status: Entry Reference: SUSE:19991111 Security hole in bind8 < 8.2.2p2 and bind4 < 4.9.7-REL Reference: DEBIAN:19991116 Denial of service vulnerabilities in bind Reference: CALDERA:CSSA-1999-034.1 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-1999-034.1.txt Reference: REDHAT:RHSA-1999:054-01 Reference: CERT:CA-99-14 Reference: XF:bind-sigrecord-dos Reference: BID:788 Reference: URL:http://www.securityfocus.com/bid/788 Denial of service in BIND named via malformed SIG records. ====================================================== Name: CVE-1999-0836 Status: Entry Reference: BUGTRAQ:19991202 UnixWare 7 uidadmin exploit + discussion Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=19991202160111.20553.qmail@nwcst282.netaddress.usa.net Reference: SCO:SB-99.22a Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-99.22a Reference: BID:842 Reference: URL:http://www.securityfocus.com/bid/842 Reference: XF:unixware-uid-admin UnixWare uidadmin allows local users to modify arbitrary files via a symlink attack. ====================================================== Name: CVE-1999-0837 Status: Entry Reference: SUSE:19991111 Security hole in bind8 < 8.2.2p2 and bind4 < 4.9.7-REL Reference: DEBIAN:19991116 Denial of service vulnerabilities in bind Reference: CALDERA:CSSA-1999-034.1 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-1999-034.1.txt Reference: REDHAT:RHSA-1999:054-01 Reference: SUN:00194 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/194 Reference: CERT:CA-99-14 Reference: XF:bind-solinger-dos Reference: BID:788 Reference: URL:http://www.securityfocus.com/bid/788 Denial of service in BIND by improperly closing TCP sessions via so_linger. ====================================================== Name: CVE-1999-0838 Status: Entry Reference: BUGTRAQ:19991202 Remote DoS Attack in Serv-U FTP-Server v2.5a Vulnerability Reference: BID:859 Reference: URL:http://www.securityfocus.com/bid/859 Reference: XF:servu-ftp-site-bo Buffer overflow in Serv-U FTP 2.5 allows remote users to conduct a denial of service via the SITE command. ====================================================== Name: CVE-1999-0839 Status: Entry Reference: NTBUGTRAQ:19991130 Windows NT Task Scheduler vulnerability allows user to administrator elevation Reference: MS:MS99-051 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-051.mspx Reference: MSKB:Q246972 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q246972 Reference: XF:ie-task-scheduler-privs Reference: BID:828 Reference: URL:http://www.securityfocus.com/bid/828 Windows NT Task Scheduler installed with Internet Explorer 5 allows a user to gain privileges by modifying the job after it has been scheduled. ====================================================== Name: CVE-1999-0842 Status: Entry Reference: NTBUGTRAQ:19991129 Symantec Mail-Gear 1.0 Web interface Server Directory Traversal Vulnerability Reference: BUGTRAQ:19991129 Symantec Mail-Gear 1.0 Web interface Server Directory Traversal Vulnerability Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NCBBKFKDOLAGKIAPMILPCEAFCBAA.labs@ussrback.com Reference: BID:827 Reference: URL:http://www.securityfocus.com/bid/827 Reference: XF:symantec-mail-dir-traversal Reference: OSVDB:1144 Reference: URL:http://www.osvdb.org/1144 Symantec Mail-Gear 1.0 web interface server allows remote users to read arbitrary files via a .. (dot dot) attack. ====================================================== Name: CVE-1999-0847 Status: Entry Reference: BUGTRAQ:19991129 FICS buffer overflow Reference: XF:fics-board-bo Buffer overflow in free internet chess server (FICS) program, xboard. ====================================================== Name: CVE-1999-0848 Status: Entry Reference: SUSE:19991111 Security hole in bind8 < 8.2.2p2 and bind4 < 4.9.7-REL Reference: DEBIAN:19991116 Denial of service vulnerabilities in bind Reference: CALDERA:CSSA-1999-034.1 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-1999-034.1.txt Reference: REDHAT:RHSA-1999:054-01 Reference: SUN:00194 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/194 Reference: CERT:CA-99-14 Reference: BID:788 Reference: URL:http://www.securityfocus.com/bid/788 Reference: XF:bind-fdmax-dos Denial of service in BIND named via consuming more than "fdmax" file descriptors. ====================================================== Name: CVE-1999-0849 Status: Entry Reference: SUSE:19991111 Security hole in bind8 < 8.2.2p2 and bind4 < 4.9.7-REL Reference: DEBIAN:19991116 Denial of service vulnerabilities in bind Reference: CALDERA:CSSA-1999-034.1 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-1999-034.1.txt Reference: REDHAT:RHSA-1999:054-01 Reference: SUN:00194 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/194 Reference: CERT:CA-99-14 Reference: BID:788 Reference: URL:http://www.securityfocus.com/bid/788 Reference: XF:bind-maxdname-bo Denial of service in BIND named via maxdname. ====================================================== Name: CVE-1999-0851 Status: Entry Reference: SUSE:19991111 Security hole in bind8 < 8.2.2p2 and bind4 < 4.9.7-REL Reference: DEBIAN:19991116 Denial of service vulnerabilities in bind Reference: CALDERA:CSSA-1999-034.1 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-1999-034.1.txt Reference: REDHAT:RHSA-1999:054-01 Reference: SUN:00194 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/194 Reference: CERT:CA-99-14 Reference: BID:788 Reference: URL:http://www.securityfocus.com/bid/788 Reference: XF:bind-naptr-dos Denial of service in BIND named via naptr. ====================================================== Name: CVE-1999-0853 Status: Entry Reference: BID:847 Reference: URL:http://www.securityfocus.com/bid/847 Reference: ISS:19991201 Buffer Overflow in Netscape Enterprise and FastTrack Authentication Procedure Reference: XF:netscape-fasttrack-auth-bo Buffer overflow in Netscape Enterprise Server and Netscape FastTrack Server allows remote attackers to gain privileges via the HTTP Basic Authentication procedure. ====================================================== Name: CVE-1999-0854 Status: Entry Reference: BUGTRAQ:19991130 Ultimate Bulletin Board v5.3x? Bug Reference: BUGTRAQ:20000225 FW: Important UBB News For Licensed Users Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-22&msg=NDBBLKOPOLNKELHPDEFKIEPGCAAA.renzo.toma@veronica.nl Reference: CONFIRM:http://www.ultimatebb.com/home/versions.shtml Reference: XF:http-ultimate-bbs Ultimate Bulletin Board stores data files in the cgi-bin directory, allowing remote attackers to view the data if an error occurs when the HTTP server attempts to execute the file. ====================================================== Name: CVE-1999-0856 Status: Entry Reference: BUGTRAQ:19991202 Slackware 7.0 - login bug Reference: XF:slackware-remote-login login in Slackware 7.0 allows remote attackers to identify valid users on the system by reporting an encryption error when an account is locked or does not exist. ====================================================== Name: CVE-1999-0858 Status: Entry Reference: MS:MS99-054 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-054.mspx Reference: MSKB:Q247333 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q247333 Reference: BID:846 Reference: URL:http://www.securityfocus.com/bid/846 Reference: XF:ie-wpad-proxy-settings Internet Explorer 5 allows a remote attacker to modify the IE client's proxy configuration via a malicious Web Proxy Auto-Discovery (WPAD) server. ====================================================== Name: CVE-1999-0859 Status: Entry Reference: BUGTRAQ:19991130 Solaris 2.x chkperm/arp vulnerabilities Reference: SUNBUG:4296166 Reference: BID:837 Reference: URL:http://www.securityfocus.com/bid/837 Reference: XF:sol-arp-parse Reference: OSVDB:6994 Reference: URL:http://www.osvdb.org/6994 Solaris arp allows local users to read files via the -f parameter, which lists lines in the file that do not parse properly. ====================================================== Name: CVE-1999-0861 Status: Entry Reference: MS:MS99-053 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-053.mspx Reference: MSKB:Q244613 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q244613 Reference: XF:iis-ssl-isapi-filter Race condition in the SSL ISAPI filter in IIS and other servers may leak information in plaintext. ====================================================== Name: CVE-1999-0864 Status: Entry Reference: BUGTRAQ:19991202 UnixWare coredumps follow symlinks Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=19991203020720.13115.qmail@nwcst289.netaddress.usa.net Reference: BUGTRAQ:19991215 Recent postings about SCO UnixWare 7 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94530783815434&w=2 Reference: BUGTRAQ:19991223 FYI, SCO Security patches available. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94606167110764&w=2 Reference: BUGTRAQ:19991220 SCO OpenServer Security Status Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94581379905584&w=2 Reference: XF:sco-coredump-symlink Reference: BID:851 Reference: URL:http://www.securityfocus.com/bid/851 UnixWare programs that dump core allow a local user to modify files via a symlink attack on the ./core.pid file. ====================================================== Name: CVE-1999-0865 Status: Entry Reference: BUGTRAQ:19991203 CommuniGatePro 3.1 for NT DoS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94426440413027&w=2 Reference: NTBUGTRAQ:19991203 CommuniGatePro 3.1 for NT Buffer Overflow Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=94454565726775&w=2 Reference: BID:860 Reference: URL:http://www.securityfocus.com/bid/860 Reference: XF:communigate-pro-bo Buffer overflow in CommuniGatePro via a long string to the HTTP configuration port. ====================================================== Name: CVE-1999-0866 Status: Entry Reference: BUGTRAQ:19991203 UnixWare gain root with non-su/gid binaries Reference: BUGTRAQ:19991215 Recent postings about SCO UnixWare 7 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94530783815434&w=2 Reference: BUGTRAQ:19991223 FYI, SCO Security patches available. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94606167110764&w=2 Reference: BUGTRAQ:19991220 SCO OpenServer Security Status Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94581379905584&w=2 Reference: SCO:SB-99.24a Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-99.24a Reference: XF:sco-xauto-bo Reference: BID:848 Reference: URL:http://www.securityfocus.com/bid/848 Buffer overflow in UnixWare xauto program allows local users to gain root privilege. ====================================================== Name: CVE-1999-0867 Status: Entry Reference: MS:MS99-029 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-029.mspx Reference: MSKB:Q238349 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q238349 Reference: CIAC:J-058 Reference: URL:http://www.ciac.org/ciac/bulletins/j-058.shtml Reference: XF:http-iis-malformed-header Reference: BID:579 Reference: URL:http://www.securityfocus.com/bid/579 Denial of service in IIS 4.0 via a flood of HTTP requests with malformed headers. ====================================================== Name: CVE-1999-0868 Status: Entry Reference: CERT:CA-97.08 Reference: XF:inn-ucbmail-shell-meta ucbmail allows remote attackers to execute commands via shell metacharacters that are passed to it from INN. ====================================================== Name: CVE-1999-0869 Status: Entry Reference: MS:MS98-020 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms98-020.mspx Reference: MSKB:167614 Reference: XF:http-frame-spoof Internet Explorer 3.x to 4.01 allows a remote attacker to insert malicious content into a frame of another web site, aka frame spoofing. ====================================================== Name: CVE-1999-0870 Status: Entry Reference: MS:MS98-015 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms98-015.mspx Reference: MSKB:169245 Reference: XF:ie-usp-cuartango Internet Explorer 4.01 allows remote attackers to read arbitrary files by pasting a file name into the file upload control, aka untrusted scripted paste. ====================================================== Name: CVE-1999-0871 Status: Entry Reference: MS:MS98-013 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms98-013.mspx Reference: OSVDB:7837 Reference: URL:http://www.osvdb.org/7837 Reference: XF:ie-crossframe-file-read(3668) Reference: URL:http://xforce.iss.net/xforce/xfdb/3668 Internet Explorer 4.0 and 4.01 allow a remote attacker to read files via IE's cross frame security, aka the "Cross Frame Navigate" vulnerability. ====================================================== Name: CVE-1999-0873 Status: Entry Reference: BID:759 Reference: URL:http://www.securityfocus.com/bid/759 Reference: XF:skyfull-mail-from-bo Buffer overflow in Skyfull mail server via MAIL FROM command. ====================================================== Name: CVE-1999-0874 Status: Entry Reference: MS:MS99-019 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-019.asp Reference: MSKB:Q234905 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q234905 Reference: EEYE:AD06081999 Reference: URL:http://www.eeye.com/html/Research/Advisories/AD06081999.html Reference: CERT:CA-99-07 Reference: CIAC:J-048 Reference: URL:http://www.ciac.org/ciac/bulletins/j-048.shtml Reference: XF:iis-htr-overflow Reference: OVAL:oval:org.mitre.oval:def:915 Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:915 Buffer overflow in IIS 4.0 allows remote attackers to cause a denial of service via a malformed request for files with .HTR, .IDC, or .STM extensions. ====================================================== Name: CVE-1999-0875 Status: Entry Reference: L0PHT:19990811 Reference: MSKB:Q216141 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q216141 Reference: BID:578 Reference: URL:http://www.securityfocus.com/bid/578 Reference: XF:irdp-gateway-spoof DHCP clients with ICMP Router Discovery Protocol (IRDP) enabled allow remote attackers to modify their default routes. ====================================================== Name: CVE-1999-0876 Status: Entry Reference: MSKB:Q185959 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q185959 Reference: MSKB:Q176697 Reference: URL:http://support.microsoft.com/support/kb/articles/q176/6/97.asp Buffer overflow in Internet Explorer 4.0 via EMBED tag. ====================================================== Name: CVE-1999-0877 Status: Entry Reference: MSKB:Q243638 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q243638 Reference: MS:MS99-042 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-042.mspx Reference: XF:ie-iframe-exec Internet Explorer 5 allows remote attackers to read files via an ExecCommand method called on an IFRAME. ====================================================== Name: CVE-1999-0878 Status: Entry Reference: COMPAQ:SSRT0622 Reference: REDHAT:RHSA1999031_01 Reference: AUSCERT:AA-1999.01 Reference: CERT:CA-99-13 Reference: BID:599 Reference: URL:http://www.securityfocus.com/bid/599 Reference: XF:wu-ftpd-dir-name Buffer overflow in WU-FTPD and related FTP servers allows remote attackers to gain root privileges via MAPPING_CHDIR. ====================================================== Name: CVE-1999-0879 Status: Entry Reference: CERT:CA-99-13 Reference: XF:wuftp-message-file-root Buffer overflow in WU-FTPD and related FTP servers allows remote attackers to gain root privileges via macro variables in a message file. ====================================================== Name: CVE-1999-0880 Status: Entry Reference: CERT:CA-99-13 Reference: XF:wuftp-site-newer-dos Denial of service in WU-FTPD via the SITE NEWER command, which does not free memory properly. ====================================================== Name: CVE-1999-0881 Status: Entry Reference: BUGTRAQ:19991025 Falcon Web Server Reference: BINDVIEW:Falcon Web Server Reference: BID:743 Reference: URL:http://www.securityfocus.com/bid/743 Reference: XF:falcon-path-parsing Reference: OSVDB:1127 Reference: URL:http://www.osvdb.org/1127 Falcon web server allows remote attackers to read arbitrary files via a .. (dot dot) attack. ====================================================== Name: CVE-1999-0883 Status: Entry Reference: BUGTRAQ:19991024 RFP9905: Zeus webserver remote root compromise Reference: BID:742 Reference: URL:http://www.securityfocus.com/bid/742 Reference: OSVDB:1126 Reference: URL:http://www.osvdb.org/1126 Reference: XF:zeus-remote-root(3380) Reference: URL:http://xforce.iss.net/xforce/xfdb/3380 Zeus web server allows remote attackers to read arbitrary files by specifying the file name in an option to the search engine. ====================================================== Name: CVE-1999-0884 Status: Entry Reference: BUGTRAQ:19991024 RFP9905: Zeus webserver remote root compromise Reference: BID:742 Reference: URL:http://www.securityfocus.com/bid/742 Reference: OSVDB:8186 Reference: URL:http://www.osvdb.org/8186 Reference: XF:zeus-weak-password(3833) Reference: URL:http://xforce.iss.net/xforce/xfdb/3833 The Zeus web server administrative interface uses weak encryption for its passwords. ====================================================== Name: CVE-1999-0886 Status: Entry Reference: MSKB:Q242294 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q242294 Reference: MS:MS99-041 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-041.mspx Reference: BID:645 Reference: URL:http://www.securityfocus.com/bid/645 Reference: XF:nt-rasman-pathname The security descriptor for RASMAN allows users to point to an alternate location via the Windows NT Service Control Manager. ====================================================== Name: CVE-1999-0887 Status: Entry Reference: BUGTRAQ:19991104 FTGate Version 2.1 Web interface Server Directory Traversal Vulnerability Reference: EEYE:AD05261999 Reference: URL:http://www.eeye.com/html/Research/Advisories/AD05261999.html Reference: OSVDB:1137 Reference: URL:http://www.osvdb.org/1137 FTGate web interface server allows remote attackers to read files via a .. (dot dot) attack. ====================================================== Name: CVE-1999-0888 Status: Entry Reference: BUGTRAQ:19990817 Security Bug in Oracle Reference: XF:oracle-dbsnmp Reference: BID:585 Reference: URL:http://www.securityfocus.com/bid/585 dbsnmp in Oracle Intelligent Agent allows local users to gain privileges by setting the ORACLE_HOME environmental variable, which dbsnmp uses to find the nmiconf.tcl script. ====================================================== Name: CVE-1999-0889 Status: Entry Reference: BUGTRAQ:19990810 Cisco 675 password nonsense Reference: XF:cisco-cbos-telnet Reference: OSVDB:39 Reference: URL:http://www.osvdb.org/39 Cisco 675 routers running CBOS allow remote attackers to establish telnet sessions if an exec or superuser password has not been set. ====================================================== Name: CVE-1999-0890 Status: Entry Reference: BUGTRAQ:19990928 Team Asylum: iHTML Merchant Vulnerabilities Reference: CONFIRM:http://www.ihtmlmerchant.com/support_patches_feedback.htm Reference: BID:694 Reference: URL:http://www.securityfocus.com/bid/694 Reference: XF:ihtml-merchant-file-access iHTML Merchant allows remote attackers to obtain sensitive information or execute commands via a code parsing error. ====================================================== Name: CVE-1999-0891 Status: Entry Reference: MS:MS99-040 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-040.mspx Reference: MSKB:Q242542 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q242542 Reference: CERT-VN:VU#37828 Reference: URL:http://www.kb.cert.org/vuls/id/37828 Reference: CIAC:K-002 Reference: URL:http://www.ciac.org/ciac/bulletins/k-002.shtml Reference: BID:674 Reference: URL:http://www.securityfocus.com/bid/674 Reference: OSVDB:11274 Reference: URL:http://www.osvdb.org/11274 Reference: XF:ie-download-behavior The "download behavior" in Internet Explorer 5 allows remote attackers to read arbitrary files via a server-side redirect. ====================================================== Name: CVE-1999-0892 Status: Entry Reference: BUGTRAQ:19991018 Netscape 4.x buffer overflow Buffer overflow in Netscape Communicator before 4.7 via a dynamic font whose length field is less than the size of the font. ====================================================== Name: CVE-1999-0893 Status: Entry Reference: BUGTRAQ:19991011 SCO OpenServer 5.0.5 overwrite /etc/shadow Reference: XF:sco-openserver-userosa-script userOsa in SCO OpenServer allows local users to corrupt files via a symlink attack. ====================================================== Name: CVE-1999-0894 Status: Entry Reference: REDHAT:RHSA1999042-01 Red Hat Linux screen program does not use Unix98 ptys, allowing local users to write to other terminals. ====================================================== Name: CVE-1999-0895 Status: Entry Reference: BUGTRAQ:19991020 Checkpoint FireWall-1 V4.0: possible bug in LDAP authentication Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=19991020150002.21047.qmail@tarjan.mediaways.net Reference: BID:725 Reference: URL:http://www.securityfocus.com/bid/725 Reference: XF:checkpoint-ldap-auth Reference: OSVDB:1117 Reference: URL:http://www.osvdb.org/1117 Firewall-1 does not properly restrict access to LDAP attributes. ====================================================== Name: CVE-1999-0896 Status: Entry Reference: BUGTRAQ:19991109 RealNetworks RealServer G2 buffer overflow. Reference: MISC:http://service.real.com/help/faq/servg260.html Reference: XF:realserver-g2-pw-bo Reference: BID:767 Reference: URL:http://www.securityfocus.com/bid/767 Buffer overflow in RealNetworks RealServer administration utility allows remote attackers to execute arbitrary commands via a long username and password. ====================================================== Name: CVE-1999-0897 Status: Entry Reference: BUGTRAQ:19980908 bug in iChat 3.0 (maybe others) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90538488231977&w=2 Reference: XF:ichat-file-read-vuln iChat ROOMS Webserver allows remote attackers to read arbitrary files via a .. (dot dot) attack. ====================================================== Name: CVE-1999-0898 Status: Entry Reference: MS:MS99-047 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-047.mspx Reference: MSKB:Q243649 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q243649 Reference: XF:nt-printer-spooler-bo Reference: BID:768 Reference: URL:http://www.securityfocus.com/bid/768 Buffer overflows in Windows NT 4.0 print spooler allow remote attackers to gain privileges or cause a denial of service via a malformed spooler request. ====================================================== Name: CVE-1999-0899 Status: Entry Reference: MS:MS99-047 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-047.mspx Reference: MSKB:Q243649 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q243649 Reference: BID:769 Reference: URL:http://www.securityfocus.com/bid/769 Reference: XF:nt-printer-spooler-bo The Windows NT 4.0 print spooler allows a local user to execute arbitrary commands due to inappropriate permissions that allow the user to specify an alternate print provider. ====================================================== Name: CVE-1999-0900 Status: Entry Reference: REDHAT:RHSA1999046-01 Reference: SUSE:19991023 Security hole in ypserv < 1.3.9 Reference: DEBIAN:19991027 nis Buffer overflow in rpc.yppasswdd allows a local user to gain privileges via MD5 hash generation. ====================================================== Name: CVE-1999-0901 Status: Entry Reference: REDHAT:RHSA1999046-01 Reference: SUSE:19991023 Security hole in ypserv < 1.3.9 Reference: DEBIAN:19991027 nis ypserv allows a local user to modify the GECOS and login shells of other users. ====================================================== Name: CVE-1999-0902 Status: Entry Reference: REDHAT:RHSA1999046-01 Reference: SUSE:19991023 Security hole in ypserv < 1.3.9 Reference: DEBIAN:19991027 nis ypserv allows local administrators to modify password tables. ====================================================== Name: CVE-1999-0903 Status: Entry Reference: BUGTRAQ:19991025 IBM AIX Packet Filter module Reference: BUGTRAQ:19991027 Re: IBM AIX Packet Filter module (followup) Reference: XF:aix-genfilt-filtering genfilt in the AIX Packet Filtering Module does not properly filter traffic to destination ports greater than 32767. ====================================================== Name: CVE-1999-0904 Status: Entry Reference: BUGTRAQ:19991103 Remote DoS Attack in BFTelnet Server v1.1 for Windows NT Reference: XF:bftelnet-username-dos Reference: BID:771 Reference: URL:http://www.securityfocus.com/bid/771 Buffer overflow in BFTelnet allows remote attackers to cause a denial of service via a long username. ====================================================== Name: CVE-1999-0905 Status: Entry Reference: BUGTRAQ:19991020 Remote DoS in Axent's Raptor 6.0 Reference: BID:736 Reference: URL:http://www.securityfocus.com/bid/736 Reference: XF:raptor-ipoptions-dos Reference: OSVDB:1121 Reference: URL:http://www.osvdb.org/1121 Denial of service in Axent Raptor firewall via malformed zero-length IP options. ====================================================== Name: CVE-1999-0906 Status: Entry Reference: BUGTRAQ:19990923 SuSE 6.2 sccw overflow exploit Reference: SUSE:19990926 Security hole in sccw (Part II) Reference: BID:656 Reference: URL:http://www.securityfocus.com/bid/656 Reference: XF:linux-sccw-bo Buffer overflow in sccw allows local users to gain root access via the HOME environmental variable. ====================================================== Name: CVE-1999-0907 Status: Entry Reference: BUGTRAQ:19990916 SuSE 6.2 /usr/bin/sccw read any file Reference: SUSE:19990921 Security Hole in sccw-1.1 and earlier sccw allows local users to read arbitrary files. ====================================================== Name: CVE-1999-0908 Status: Entry Reference: BUGTRAQ:19990921 solaris DoS Reference: BID:655 Reference: URL:http://www.securityfocus.com/bid/655 Reference: XF:sun-tcp-mutex-enter-dos Denial of service in Solaris TCP streams driver via a malicious connection that causes the server to panic as a result of recursive calls to mutex_enter. ====================================================== Name: CVE-1999-0909 Status: Entry Reference: NAI:Windows IP Source Routing Vulnerability Reference: MS:MS99-038 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-038.mspx Reference: MSKB:Q238453 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q238453 Reference: BID:646 Reference: URL:http://www.securityfocus.com/bid/646 Reference: XF:nt-ip-source-route Multihomed Windows systems allow a remote attacker to bypass IP source routing restrictions via a malformed packet with IP options, aka the "Spoofed Route Pointer" vulnerability. ====================================================== Name: CVE-1999-0912 Status: Entry Reference: BUGTRAQ:19990921 FreeBSD-specific denial of service Reference: BID:653 Reference: URL:http://www.securityfocus.com/bid/653 Reference: XF:freebsd-vfscache-dos Reference: OSVDB:1079 Reference: URL:http://www.osvdb.org/1079 FreeBSD VFS cache (vfs_cache) allows local users to cause a denial of service by opening a large number of files. ====================================================== Name: CVE-1999-0914 Status: Entry Reference: DEBIAN:19990104 Reference: BUGTRAQ:19990103 [SECURITY] New versions of netstd fixes buffer overflows Reference: BID:324 Reference: URL:http://www.securityfocus.com/bid/324 Buffer overflow in the FTP client in the Debian GNU/Linux netstd package. ====================================================== Name: CVE-1999-0915 Status: Entry Reference: BUGTRAQ:19991028 URL Live! 1.0 WebServer Reference: BID:746 Reference: URL:http://www.securityfocus.com/bid/746 Reference: OSVDB:1129 Reference: URL:http://www.osvdb.org/1129 URL Live! web server allows remote attackers to read arbitrary files via a .. (dot dot) attack. ====================================================== Name: CVE-1999-0916 Status: Entry Reference: ISS:19990629 Bad Permissions on Passwords Stored by WebTrends Software WebTrends software stores account names and passwords in a file which does not have restricted access permissions. ====================================================== Name: CVE-1999-0917 Status: Entry Reference: MS:MS99-018 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-018.mspx Reference: MSKB:Q231452 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q231452 Reference: XF:legacy-activex-local-drive The Preloader ActiveX control used by Internet Explorer allows remote attackers to read arbitrary files. ====================================================== Name: CVE-1999-0918 Status: Entry Reference: BUGTRAQ:19990703 IGMP fragmentation bug in Windows 98/2000 Reference: MSKB:Q238329 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q238329 Reference: MS:MS99-034 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-034.mspx Reference: XF:igmp-dos Reference: BID:514 Reference: URL:http://www.securityfocus.com/bid/514 Denial of service in various Windows systems via malformed, fragmented IGMP packets. ====================================================== Name: CVE-1999-0920 Status: Entry Reference: BUGTRAQ:19990526 Remote vulnerability in pop2d Reference: DEBIAN:19990607a Reference: BID:283 Reference: URL:http://www.securityfocus.com/bid/283 Reference: XF:pop2-fold-bo Buffer overflow in the pop-2d POP daemon in the IMAP package allows remote attackers to gain privileges via the FOLD command. ====================================================== Name: CVE-1999-0921 Status: Entry Reference: BUGTRAQ:19990409 Patrol security bugs Reference: URL:http://www.securityfocus.com/archive/1/13204 Reference: XF:bmc-patrol-udp-dos(4291) Reference: URL:http://www.iss.net/security_center/static/4291.php Reference: BID:1879 Reference: URL:http://www.securityfocus.com/bid/1879 BMC Patrol allows any remote attacker to flood its UDP port, causing a denial of service. ====================================================== Name: CVE-1999-0922 Status: Entry Reference: ALLAIRE:ASB99-02 Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=8739&Method=Full Reference: XF:coldfusion-sourcewindow An example application in ColdFusion Server 4.0 allows remote attackers to view source code via the sourcewindow.cfm file. ====================================================== Name: CVE-1999-0924 Status: Entry Reference: ALLAIRE:ASB99-02 Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=8739&Method=Full Reference: XF:coldfusion-syntax-checker(1742) Reference: URL:http://xforce.iss.net/xforce/xfdb/1742 Reference: OSVDB:3236 Reference: URL:http://www.osvdb.org/3236 The Syntax Checker in ColdFusion Server 4.0 allows remote attackers to conduct a denial of service. ====================================================== Name: CVE-1999-0927 Status: Entry Reference: EEYE:AD05261999 Reference: URL:http://www.eeye.com/html/Research/Advisories/AD05261999.html Reference: BID:279 Reference: URL:http://www.securityfocus.com/bid/279 Reference: XF:ntmail-fileread NTMail allows remote attackers to read arbitrary files via a .. (dot dot) attack. ====================================================== Name: CVE-1999-0928 Status: Entry Reference: BUGTRAQ:19990525 Buffer overflow in SmartDesk WebSuite v2.1 Reference: XF:websuite-dos Reference: BID:278 Reference: URL:http://www.securityfocus.com/bid/278 Buffer overflow in SmartDesk WebSuite allows remote attackers to cause a denial of service via a long URL. ====================================================== Name: CVE-1999-0930 Status: Entry Reference: BUGTRAQ:19980903 wwwboard.pl vulnerability Reference: CONFIRM:http://www.worldwidemart.com/scripts/faq/wwwboard/q5.shtml Reference: XF:http-cgi-wwwboard(2344) Reference: URL:http://xforce.iss.net/static/2344.php Reference: BID:1795 Reference: URL:http://www.securityfocus.com/bid/1795 wwwboard allows a remote attacker to delete message board articles via a malformed argument. ====================================================== Name: CVE-1999-0931 Status: Entry Reference: BUGTRAQ:19990930 Security flaw in Mediahouse Statistics Server v4.28 & 5.01 Reference: BID:734 Reference: URL:http://www.securityfocus.com/bid/734 Reference: XF:mediahouse-stats-login-bo Buffer overflow in Mediahouse Statistics Server allows remote attackers to execute commands. ====================================================== Name: CVE-1999-0932 Status: Entry Reference: BUGTRAQ:19990930 Security flaw in Mediahouse Statistics Server v4.28 & 5.01 Reference: BID:735 Reference: URL:http://www.securityfocus.com/bid/735 Reference: XF:mediahouse-stats-adminpw-cleartext Mediahouse Statistics Server allows remote attackers to read the administrator password, which is stored in cleartext in the ss.cfg file. ====================================================== Name: CVE-1999-0933 Status: Entry Reference: BUGTRAQ:19991001 RFP9904: TeamTrack webserver vulnerability Reference: BID:689 Reference: URL:http://www.securityfocus.com/bid/689 Reference: OSVDB:1096 Reference: URL:http://www.osvdb.org/1096 TeamTrack web server allows remote attackers to read arbitrary files via a .. (dot dot) attack. ====================================================== Name: CVE-1999-0934 Status: Entry Reference: EL8:19991215 Classifieds (classifieds.cgi) Reference: BID:2020 Reference: URL:http://www.securityfocus.com/bid/2020 Reference: XF:http-cgi-classifieds-read(3102) Reference: URL:http://xforce.iss.net/xforce/xfdb/3102 classifieds.cgi allows remote attackers to read arbitrary files via shell metacharacters. ====================================================== Name: CVE-1999-0935 Status: Entry Reference: EL8:19991215 Classifieds (classifieds.cgi) classifieds.cgi allows remote attackers to execute arbitrary commands by specifying them in a hidden variable in a CGI form. ====================================================== Name: CVE-1999-0936 Status: Entry Reference: EL8:19981203 BNBSurvey (survey.cgi) BNBSurvey survey.cgi program allows remote attackers to execute commands via shell metacharacters. ====================================================== Name: CVE-1999-0937 Status: Entry Reference: EL8:19981203 BNBForm (bnbform.cgi) BNBForm allows remote attackers to read arbitrary files via the automessage hidden form variable. ====================================================== Name: CVE-1999-0938 Status: Entry Reference: CERT:VN-99-03 Reference: XF:sdr-execute MBone SDR Package allows remote attackers to execute commands via shell metacharacters in Sesion Initiation Protocol (SIP) messages. ====================================================== Name: CVE-1999-0939 Status: Entry Reference: BUGTRAQ:19990826 [SECURITY] New versions of epic4 fixes possible DoS vulnerability Reference: DEBIAN:19990826 Reference: BID:605 Reference: URL:http://www.securityfocus.com/bid/605 Denial of service in Debian IRC Epic/epic4 client via a long string. ====================================================== Name: CVE-1999-0940 Status: Entry Reference: CALDERA:CSSA-1999-031 Reference: SUSE:19990927 Security hole in mutt Buffer overflow in mutt mail client allows remote attackers to execute commands via malformed MIME messages. ====================================================== Name: CVE-1999-0942 Status: Entry Reference: BUGTRAQ:19991005 SCO UnixWare 7.1 local root exploit Reference: XF:sco-unixware-dos7utils-root-privs UnixWare dos7utils allows a local user to gain root privileges by using the STATICMERGE environmental variable to find a script which it executes. ====================================================== Name: CVE-1999-0943 Status: Entry Reference: BUGTRAQ:19991015 OpenLink 3.2 Advisory Reference: BID:720 Reference: URL:http://www.securityfocus.com/bid/720 Buffer overflow in OpenLink 3.2 allows remote attackers to gain privileges via a long GET request to the web configurator. ====================================================== Name: CVE-1999-0945 Status: Entry Reference: ISS:19980724 Denial of Service attacks against Microsoft Exchange 5.0 to 5.5 Reference: URL:http://xforce.iss.net/alerts/advise4.php Reference: CIAC:I-080 Reference: URL:http://www.ciac.org/ciac/bulletins/i-080.shtml Reference: MSKB:Q169174 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q169174 Reference: XF:exchange-dos(1223) Reference: URL:http://xforce.iss.net/xforce/xfdb/1223 Buffer overflow in Internet Mail Service (IMS) for Microsoft Exchange 5.5 and 5.0 allows remote attackers to conduct a denial of service via AUTH or AUTHINFO commands. ====================================================== Name: CVE-1999-0946 Status: Entry Reference: BUGTRAQ:19991102 Some holes for Win/UNIX softwares Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94157187815629&w=2 Reference: XF:yamaha-midiplug-embed Reference: BID:760 Reference: URL:http://www.securityfocus.com/bid/760 Buffer overflow in Yamaha MidiPlug via a Text variable in an EMBED tag. ====================================================== Name: CVE-1999-0947 Status: Entry Reference: BUGTRAQ:19991102 Some holes for Win/UNIX softwares Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94157187815629&w=2 Reference: BID:762 Reference: URL:http://www.securityfocus.com/bid/762 AN-HTTPd provides example CGI scripts test.bat, input.bat, input2.bat, and envout.bat, which allow remote attackers to execute commands via shell metacharacters. ====================================================== Name: CVE-1999-0950 Status: Entry Reference: BUGTRAQ:19991027 WFTPD v2.40 FTPServer remotely exploitable buffer overflow vulnerability Reference: BID:747 Reference: URL:http://www.securityfocus.com/bid/747 Reference: XF:wftpd-mkd-bo Buffer overflow in WFTPD FTP server allows remote attackers to gain root access via a series of MKD and CWD commands that create nested directories. ====================================================== Name: CVE-1999-0951 Status: Entry Reference: BUGTRAQ:19991022 Imagemap CGI overflow exploit Reference: BID:739 Reference: URL:http://www.securityfocus.com/bid/739 Reference: XF:http-cgi-imagemap-bo Reference: OSVDB:3380 Reference: URL:http://www.osvdb.org/3380 Buffer overflow in OmniHTTPd CGI program imagemap.exe allows remote attackers to execute commands. ====================================================== Name: CVE-1999-0953 Status: Entry Reference: BUGTRAQ:19980903 wwwboard.pl vulnerability Reference: BUGTRAQ:19990916 More fun with WWWBoard WWWBoard stores encrypted passwords in a password file that is under the web root and thus accessible by remote attackers. ====================================================== Name: CVE-1999-0954 Status: Entry Reference: BUGTRAQ:19990916 More fun with WWWBoard Reference: BID:649 Reference: URL:http://www.securityfocus.com/bid/649 WWWBoard has a default username and default password. ====================================================== Name: CVE-1999-0955 Status: Entry Reference: CERT:CA-94.08 Reference: CIAC:E-17 Reference: XF:ftp-exec Race condition in wu-ftpd and BSDI ftpd allows remote attackers gain root access via the SITE EXEC command. ====================================================== Name: CVE-1999-0956 Status: Entry Reference: CERT:CA-93.02a Reference: XF:next-netinfo The NeXT NetInfo _writers property allows local users to gain root privileges or conduct a denial of service. ====================================================== Name: CVE-1999-0957 Status: Entry Reference: BUGTRAQ:19970618 Security hole in MajorCool 1.0.3 Reference: XF:majorcool-file-overwrite-vuln MajorCool mj_key_cache program allows local users to modify files via a symlink attack. ====================================================== Name: CVE-1999-0958 Status: Entry Reference: BUGTRAQ:19980112 Re: hole in sudo for MP-RAS. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88465708614896&w=2 Reference: XF:sudo-dot-dot-attack sudo 1.5.x allows local users to execute arbitrary commands via a .. (dot dot) attack. ====================================================== Name: CVE-1999-0959 Status: Entry Reference: BUGTRAQ:19970209 IRIX: Bug in startmidi Reference: AUSCERT:AA-97-05 Reference: SGI:19980301-01-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980301-01-PX Reference: BID:469 Reference: URL:http://www.securityfocus.com/bid/469 Reference: OSVDB:8447 Reference: URL:http://www.osvdb.org/8447 Reference: XF:irix-startmidi-file-creation((1634) IRIX startmidi program allows local users to modify arbitrary files via a symlink attack. ====================================================== Name: CVE-1999-0960 Status: Entry Reference: AUSCERT:AA-96.11 Reference: SGI:19980301-01-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980301-01-PX Reference: XF:irix-cdplayer-directory-create IRIX cdplayer allows local users to create directories in arbitrary locations via a command line option. ====================================================== Name: CVE-1999-0961 Status: Entry Reference: BUGTRAQ:19960921 Vunerability in HP sysdiag ? Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167419906&w=2 Reference: CIAC:H-03 Reference: XF:hp-sysdiag-symlink HPUX sysdiag allows local users to gain root privileges via a symlink attack during log file creation. ====================================================== Name: CVE-1999-0962 Status: Entry Reference: AUSCERT:AA-96.13 Reference: HP:HPSBUX9701-045 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9701-045 Reference: XF:hp-password-cmd-bo Reference: OSVDB:6415 Reference: URL:http://www.osvdb.org/6415 Buffer overflow in HPUX passwd command allows local users to gain root privileges via a command line option. ====================================================== Name: CVE-1999-0963 Status: Entry Reference: BUGTRAQ:19960517 BoS: SECURITY BUG in FreeBSD Reference: CERT:VB-96.06 Reference: XF:freebsd-mount-union-root Reference: OSVDB:6088 Reference: URL:http://www.osvdb.org/6088 FreeBSD mount_union command allows local users to gain root privileges via a symlink attack. ====================================================== Name: CVE-1999-0964 Status: Entry Reference: FREEBSD:FreeBSD-SA-97:01 Reference: XF:freebsd-setlocale-bo Reference: OSVDB:6086 Reference: URL:http://www.osvdb.org/6086 Buffer overflow in FreeBSD setlocale in the libc module allows attackers to execute arbitrary code via a long PATH_LOCALE environment variable. ====================================================== Name: CVE-1999-0965 Status: Entry Reference: CERT:CA-93.17 Reference: XF:xterm Race condition in xterm allows local users to modify arbitrary files via the logging option. ====================================================== Name: CVE-1999-0966 Status: Entry Reference: L0PHT:19970127 Solaris libc - getopt(3) Buffer overflow in Solaris getopt in libc allows local users to gain root privileges via a long argv[0]. ====================================================== Name: CVE-1999-0967 Status: Entry Reference: L0PHT:19971101 Microsoft Internet Explorer 4.0 Suite Buffer overflow in the HTML library used by Internet Explorer, Outlook Express, and Windows Explorer via the res: local resource protocol. ====================================================== Name: CVE-1999-0968 Status: Entry Reference: BUGTRAQ:19981226 bnc exploit Reference: URL:http://www.securityfocus.com/archive/1/11711 Reference: XF:bnc-proxy-bo(1546) Reference: URL:http://xforce.iss.net/static/1546.php Reference: BID:1927 Reference: URL:http://www.securityfocus.com/bid/1927 Buffer overflow in BNC IRC proxy allows remote attackers to gain privileges. ====================================================== Name: CVE-1999-0969 Status: Entry Reference: ISS:19980929 "Snork" Denial of Service Attack Against Windows NT RPC Service Reference: NTBUGTRAQ:19980929 ISS Security Advisory: Snork Reference: MS:MS98-014 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms98-014.mspx Reference: MSKB:Q193233 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q193233 Reference: XF:snork-dos The Windows NT RPC service allows remote attackers to conduct a denial of service using spoofed malformed RPC packets which generate an error message that is sent to the spoofed host, potentially setting up a loop, aka Snork. ====================================================== Name: CVE-1999-0971 Status: Entry Reference: BUGTRAQ:19970722 Security hole in exim 1.62: local root exploit Reference: URL:http://www.securityfocus.com/archive/1/7301 Reference: XF:exim-include-overflow Buffer overflow in Exim allows local users to gain root privileges via a long :include: option in a .forward file. ====================================================== Name: CVE-1999-0972 Status: Entry Reference: BUGTRAQ:19991209 xsw 1.24 remote buffer overflow Reference: BID:863 Reference: URL:http://www.securityfocus.com/bid/863 Buffer overflow in Xshipwars xsw program. ====================================================== Name: CVE-1999-0973 Status: Entry Reference: BUGTRAQ:19991206 [w00giving #8] Solaris 2.7's snoop Reference: BUGTRAQ:19991209 Clarification needed on the snoop vuln(s) (fwd) Reference: BID:858 Reference: URL:http://www.securityfocus.com/bid/858 Buffer overflow in Solaris snoop program allows remote attackers to gain root privileges via a long domain name when snoop is running in verbose mode. ====================================================== Name: CVE-1999-0974 Status: Entry Reference: ISS:19991209 Buffer Overflow in Solaris Snoop Reference: SUN:00190 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/190 Reference: BUGTRAQ:19991209 Clarification needed on the snoop vuln(s) (fwd) Reference: BID:864 Reference: URL:http://www.securityfocus.com/bid/864 Buffer overflow in Solaris snoop allows remote attackers to gain root privileges via GETQUOTA requests to the rpc.rquotad service. ====================================================== Name: CVE-1999-0975 Status: Entry Reference: BUGTRAQ:19991207 Local user can fool another to run executable. .CNT/.GID/.HLP M$WINNT Reference: BID:868 Reference: URL:http://www.securityfocus.com/bid/868 The Windows help system can allow a local user to execute commands as another user by editing a table of contents metafile with a .CNT extension and modifying the topic action to include the commands to be executed when the .hlp file is accessed. ====================================================== Name: CVE-1999-0976 Status: Entry Reference: OPENBSD:19991204 Reference: BUGTRAQ:19991207 [Debian] New version of sendmail released Reference: XF:sendmail-bi-alias Reference: BID:857 Reference: URL:http://www.securityfocus.com/bid/857 Sendmail allows local users to reinitialize the aliases database via the newaliases command, then cause a denial of service by interrupting Sendmail. ====================================================== Name: CVE-1999-0977 Status: Entry Reference: SF-INCIDENTS:19991209 sadmind Reference: BUGTRAQ:19991210 Solaris sadmind Buffer Overflow Vulnerability Reference: BUGTRAQ:19991210 Re: Solaris sadmind Buffer Overflow Vulnerability Reference: CERT:CA-99-16 Reference: SUN:00191 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/191 Reference: BID:866 Reference: URL:http://www.securityfocus.com/bid/866 Reference: BID:2354 Reference: URL:http://www.securityfocus.com/bid/2354 Reference: XF:sol-sadmind-amslverify-bo Reference: OSVDB:2558 Reference: URL:http://www.osvdb.org/2558 Buffer overflow in Solaris sadmind allows remote attackers to gain root privileges using a NETMGT_PROC_SERVICE request. ====================================================== Name: CVE-1999-0978 Status: Entry Reference: DEBIAN:19991209 Reference: BID:867 Reference: URL:http://www.securityfocus.com/bid/867 htdig allows remote attackers to execute commands via filenames with shell metacharacters. ====================================================== Name: CVE-1999-0979 Status: Entry Reference: BUGTRAQ:19991209 Fundamental flaw in UnixWare 7 security Reference: BUGTRAQ:19991215 Recent postings about SCO UnixWare 7 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94530783815434&w=2 Reference: BID:869 Reference: URL:http://www.securityfocus.com/bid/869 The SCO UnixWare privileged process system allows local users to gain root privileges by using a debugger such as gdb to insert traps into _init before the privileged process is executed. ====================================================== Name: CVE-1999-0980 Status: Entry Reference: MS:MS99-055 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-055.mspx Reference: MSKB:Q246045 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q246045 Windows NT Service Control Manager (SCM) allows remote attackers to cause a denial of service via a malformed argument in a resource enumeration request. ====================================================== Name: CVE-1999-0981 Status: Entry Reference: MS:MS99-050 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-050.mspx Reference: MSKB:Q246094 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q246094 Internet Explorer 5.01 and earlier allows a remote attacker to create a reference to a client window and use a server-side redirect to access local files via that window, aka "Server-side Page Reference Redirect." ====================================================== Name: CVE-1999-0982 Status: Entry Reference: BUGTRAQ:19991206 Solaris WBEM 1.0: plaintext password stored in world readable file The Sun Web-Based Enterprise Management (WBEM) installation script stores a password in plaintext in a world readable file. ====================================================== Name: CVE-1999-0986 Status: Entry Reference: BUGTRAQ:19991209 Big problem on 2.0.x? Reference: BID:870 Reference: URL:http://www.securityfocus.com/bid/870 The ping command in Linux 2.0.3x allows local users to cause a denial of service by sending large packets with the -R (record route) option. ====================================================== Name: CVE-1999-0987 Status: Entry Reference: NTBUGTRAQ:19991118 NT System Policy for Win95 Not downloaded when adding a space after domain name Reference: MSKB:Q237923 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q237923 Windows NT does not properly download a system policy if the domain user logs into the domain with a space at the end of the domain name. ====================================================== Name: CVE-1999-0989 Status: Entry Reference: NTBUGTRAQ:19991205 new IE5 remote exploit Reference: BUGTRAQ:19991205 new IE5 remote exploit Reference: BID:861 Reference: URL:http://www.securityfocus.com/bid/861 Buffer overflow in Internet Explorer 5 directshow filter (MSDXM.OCX) allows remote attackers to execute commands via the vnd.ms.radio protocol. ====================================================== Name: CVE-1999-0991 Status: Entry Reference: NTBUGTRAQ:19991206 Remote DoS Attack in GoodTech Telnet Server NT v2.2.1 Vulnerability Reference: BUGTRAQ:19991206 Remote DoS Attack in GoodTech Telnet Server NT v2.2.1 Vulnerability Reference: BID:862 Reference: URL:http://www.securityfocus.com/bid/862 Buffer overflow in GoodTech Telnet Server NT allows remote users to cause a denial of service via a long login name. ====================================================== Name: CVE-1999-0992 Status: Entry Reference: HP:HPSBUX9912-107 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9912-107 HP VirtualVault with the PHSS_17692 patch allows unprivileged processes to bypass access restrictions via the Trusted Gateway Proxy (TGP). ====================================================== Name: CVE-1999-0994 Status: Entry Reference: BINDVIEW:19991216 Windows NT's SYSKEY feature Reference: MS:MS99-056 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-056.mspx Reference: MSKB:Q248183 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q248183 Reference: BID:873 Reference: URL:http://www.securityfocus.com/bid/873 Windows NT with SYSKEY reuses the keystream that is used for encrypting SAM password hashes, allowing an attacker to crack passwords. ====================================================== Name: CVE-1999-0995 Status: Entry Reference: NAI:19991216 Windows NT LSA Remote Denial of Service Reference: MS:MS99-057 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-057.mspx Reference: MSKB:Q248185 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q248185 Reference: BID:875 Reference: URL:http://www.securityfocus.com/bid/875 Windows NT Local Security Authority (LSA) allows remote attackers to cause a denial of service via malformed arguments to the LsaLookupSids function which looks up the SID, aka "Malformed Security Identifier Request." ====================================================== Name: CVE-1999-0996 Status: Entry Reference: EEYE:AD19991215 Reference: URL:http://www.eeye.com/html/Research/Advisories/AD19991215.html Reference: BUGTRAQ:19991216 Infoseek Ultraseek Remote Buffer Overflow Reference: NTBUGTRAQ:19991216 Infoseek Ultraseek Remote Buffer Overflow Reference: XF:infoseek-ultraseek-bo Reference: OSVDB:6490 Reference: URL:http://www.osvdb.org/6490 Buffer overflow in Infoseek Ultraseek search engine allows remote attackers to execute commands via a long GET request. ====================================================== Name: CVE-1999-0997 Status: Entry Reference: BUGTRAQ:19991220 Security vulnerability in certain wu-ftpd (and derivitives) configurations (fwd) Reference: DEBIAN:DSA-377 Reference: URL:http://www.debian.org/security/2003/dsa-377 Reference: XF:wuftp-ftp-conversion wu-ftp with FTP conversion enabled allows an attacker to execute commands via a malformed file name that is interpreted as an argument to the program that does the conversion, e.g. tar or uncompress. ====================================================== Name: CVE-1999-0998 Status: Entry Reference: CISCO:19991216 Cisco Cache Engine Authentication Vulnerabilities Reference: BUGTRAQ:19991216 Cisco Security Advisory: Cisco Cache Engine Authentication Vulnerabilities Reference: XF:cisco-cache-engine-replace Cisco Cache Engine allows an attacker to replace content in the cache. ====================================================== Name: CVE-1999-0999 Status: Entry Reference: MS:MS99-059 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-059.mspx Reference: MSKB:Q248749 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q248749 Reference: BID:817 Reference: URL:http://www.securityfocus.com/bid/817 Microsoft SQL 7.0 server allows a remote attacker to cause a denial of service via a malformed TDS packet. ====================================================== Name: CVE-1999-1000 Status: Entry Reference: CISCO:19991216 Cisco Cache Engine Authentication Vulnerabilities Reference: BUGTRAQ:19991216 Cisco Security Advisory: Cisco Cache Engine Authentication Vulnerabilities Reference: XF:cisco-cache-engine-performance The web administration interface for Cisco Cache Engine allows remote attackers to view performance statistics. ====================================================== Name: CVE-1999-1001 Status: Entry Reference: CISCO:19991216 Cisco Cache Engine Authentication Vulnerabilities Reference: BUGTRAQ:19991216 Cisco Security Advisory: Cisco Cache Engine Authentication Vulnerabilities Cisco Cache Engine allows a remote attacker to gain access via a null username and password. ====================================================== Name: CVE-1999-1004 Status: Entry Reference: BUGTRAQ:19991217 NAV2000 Email Protection DoS Reference: URL:http://www.securityfocus.com/archive/1/38970 Reference: BUGTRAQ:19991220 Norton Email Protection Remote Overflow (Addendum) Reference: URL:http://www.securityfocus.com/archive/1/39194 Reference: CONFIRM:http://service1.symantec.com/SUPPORT/nav.nsf/df0a595864594c86852567ac0063608c/6206f660a1f2516a882568660082c930?OpenDocument&Highlight=0,poproxy Reference: OSVDB:6267 Reference: URL:http://www.osvdb.org/6267 Buffer overflow in the POP server POProxy for the Norton Anti-Virus protection NAV2000 program via a large USER command. ====================================================== Name: CVE-1999-1005 Status: Entry Reference: BUGTRAQ:19991219 Groupewise Web Interface Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94571433731824&w=2 Reference: XF:groupwise-web-read-files Reference: BID:879 Reference: URL:http://www.securityfocus.com/bid/879 Reference: OSVDB:3413 Reference: URL:http://www.osvdb.org/3413 Groupwise web server GWWEB.EXE allows remote attackers to read arbitrary files with .htm extensions via a .. (dot dot) attack using the HELP parameter. ====================================================== Name: CVE-1999-1007 Status: Entry Reference: BUGTRAQ:19991213 VDO Live Player 3.02 Buffer Overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94512259331599&w=2 Reference: XF:vdolive-bo-execute Reference: BID:872 Reference: URL:http://www.securityfocus.com/bid/872 Buffer overflow in VDO Live Player allows remote attackers to execute commands on the VDO client via a malformed .vdo file. ====================================================== Name: CVE-1999-1008 Status: Entry Reference: BUGTRAQ:19991215 FreeBSD 3.3 xsoldier root exploit Reference: MISC:http://marc.theaimsgroup.com/?l=freebsd-security&m=94531826621620&w=2 Reference: BID:871 Reference: URL:http://www.securityfocus.com/bid/871 Reference: XF:unix-xsoldier-overflow xsoldier program allows local users to gain root access via a long argument. ====================================================== Name: CVE-1999-1010 Status: Entry Reference: BUGTRAQ:19991214 sshd1 allows unencrypted sessions regardless of server policy Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94519142415338&w=2 Reference: XF:ssh-policy-bypass An SSH 1.2.27 server allows a client to use the "none" cipher, even if it is not allowed by the server policy. ====================================================== Name: CVE-1999-1011 Status: Entry Reference: MS:MS98-004 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms98-004.asp Reference: MS:MS99-025 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-025.asp Reference: CIAC:J-054 Reference: URL:http://www.ciac.org/ciac/bulletins/j-054.shtml Reference: ISS:19990809 Vulnerabilities in Microsoft Remote Data Service Reference: BID:529 Reference: URL:http://www.ciac.org/ciac/bulletins/j-054.shtml Reference: XF:nt-iis-rds Reference: OSVDB:272 Reference: URL:http://www.osvdb.org/272 The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands. ====================================================== Name: CVE-1999-1014 Status: Entry Reference: BUGTRAQ:19990913 Solaris 2.7 /usr/bin/mail Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93727925026476&w=2 Reference: BUGTRAQ:19990927 Working Solaris x86 /usr/bin/mail exploit Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93846422810162&w=2 Reference: SUNBUG:4276509 Reference: XF:sun-usrbinmail-local-bo(3297) Reference: URL:http://xforce.iss.net/static/3297.php Reference: BID:672 Reference: URL:http://www.securityfocus.com/bid/672 Buffer overflow in mail command in Solaris 2.7 and 2.7 allows local users to gain privileges via a long -m argument. ====================================================== Name: CVE-1999-1019 Status: Entry Reference: BUGTRAQ:19990623 Cabletron Spectrum security vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93024398713491&w=2 Reference: BUGTRAQ:19990624 Re: Cabletron Spectrum security vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93024398513475&w=2 Reference: BID:495 Reference: URL:http://www.securityfocus.com/bid/495 SpectroSERVER in Cabletron Spectrum Enterprise Manager 5.0 installs a directory tree with insecure permissions, which allows local users to replace a privileged executable (processd) with a Trojan horse, facilitating a root or Administrator compromise. ====================================================== Name: CVE-1999-1021 Status: Entry Reference: CERT:CA-1992-15 Reference: URL:http://www.cert.org/advisories/CA-1992-15.html Reference: SUN:00117 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/117&type=0&nav=sec.sba Reference: BID:47 Reference: URL:http://www.securityfocus.com/bid/47 Reference: XF:nfs-uid(82) Reference: URL:http://xforce.iss.net/static/82.php NFS on SunOS 4.1 through 4.1.2 ignores the high order 16 bits in a 32 bit UID, which allows a local user to gain root access if the lower 16 bits are set to 0, as fixed by the NFS jumbo patch upgrade. ====================================================== Name: CVE-1999-1027 Status: Entry Reference: BUGTRAQ:19980507 admintool mode 0777 in Solaris 2.6 HW3/98 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221101925880&w=2 Reference: SUNBUG:4178998 Reference: XF:solaris-admintool-world-writable(7296) Reference: URL:http://xforce.iss.net/static/7296.php Reference: BID:290 Reference: URL:http://www.securityfocus.com/bid/290 Solaris 2.6 HW3/98 installs admintool with world-writable permissions, which allows local users to gain privileges by replacing it with a Trojan horse program. ====================================================== Name: CVE-1999-1028 Status: Entry Reference: NTBUGTRAQ:19990528 DoS against PC Anywhere Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92807524225090&w=2 Reference: BID:288 Reference: URL:http://www.securityfocus.com/bid/288 Reference: XF:pcanywhere-dos(2256) Reference: URL:http://www.iss.net/security_center/static/2256.php Symantec pcAnywhere 8.0 allows remote attackers to cause a denial of service (CPU utilization) via a large amount of data to port 5631. ====================================================== Name: CVE-1999-1032 Status: Entry Reference: CERT:CA-1991-11 Reference: URL:http://www.cert.org/advisories/CA-1991-11.html Reference: CIAC:B-36 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/b-36.shtml Reference: BID:26 Reference: URL:http://www.securityfocus.com/bid/26 Reference: XF:ultrix-telnet(584) Reference: URL:http://xforce.iss.net/static/584.php Vulnerability in LAT/Telnet Gateway (lattelnet) on Ultrix 4.1 and 4.2 allows attackers to gain root privileges. ====================================================== Name: CVE-1999-1034 Status: Entry Reference: CERT:CA-1991-08 Reference: URL:http://www.cert.org/advisories/CA-1991-08.html Reference: CIAC:B-28 Reference: URL:http://www.ciac.org/ciac/bulletins/b-28.shtml Reference: BID:23 Reference: URL:http://www.securityfocus.com/bid/23 Reference: XF:sysv-login(583) Reference: URL:http://xforce.iss.net/static/583.php Vulnerability in login in AT&T System V Release 4 allows local users to gain privileges. ====================================================== Name: CVE-1999-1035 Status: Entry Reference: MS:MS98-019 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms98-019.asp Reference: MSKB:Q192296 Reference: URL:http://support.microsoft.com/support/kb/articles/q192/2/96.asp Reference: XF:iis-get-dos(1823) Reference: URL:http://xforce.iss.net/static/1823.php IIS 3.0 and 4.0 on x86 and Alpha allows remote attackers to cause a denial of service (hang) via a malformed GET request, aka the IIS "GET" vulnerability. ====================================================== Name: CVE-1999-1037 Status: Entry Reference: BUGTRAQ:19980626 vulnerability in satan, cops & tiger Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221103125976&w=2 Reference: BUGTRAQ:19980627 Re: vulnerability in satan, cops & tiger Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221103125986&w=2 Reference: XF:satan-rexsatan-symlink(7167) Reference: URL:http://www.iss.net/security_center/static/7167.php Reference: OSVDB:3147 Reference: URL:http://www.osvdb.org/3147 rex.satan in SATAN 1.1.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/rex.$$ file. ====================================================== Name: CVE-1999-1044 Status: Entry Reference: COMPAQ:SSRT0495U Reference: URL:http://ciac.llnl.gov/ciac/bulletins/i-050.shtml Reference: CIAC:I-050 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/i-050.shtml Reference: XF:dgux-advfs-softlinks(7431) Reference: URL:http://www.iss.net/security_center/static/7431.php Vulnerability in Advanced File System Utility (advfs) in Digital UNIX 4.0 through 4.0d allows local users to gain privileges. ====================================================== Name: CVE-1999-1045 Status: Entry Reference: BUGTRAQ:19980115 pnserver exploit.. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88492978527261&w=2 Reference: BUGTRAQ:19980115 [rootshell] Security Bulletin #7 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88490880523890&w=2 Reference: BUGTRAQ:19980817 Re: Real Audio Server Version 5 bug? Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90338245305236&w=2 Reference: MISC:http://service.real.com/help/faq/serv501.html Reference: XF:realserver-pnserver-remote-dos(7297) Reference: URL:http://www.iss.net/security_center/static/7297.php Reference: OSVDB:6979 Reference: URL:http://www.osvdb.org/6979 pnserver in RealServer 5.0 and earlier allows remote attackers to cause a denial of service by sending a short, malformed request. ====================================================== Name: CVE-1999-1047 Status: Entry Reference: BUGTRAQ:19991018 Gauntlet 5.0 BSDI warning Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94026690521279&w=2 Reference: BUGTRAQ:19991019 Re: Gauntlet 5.0 BSDI warning Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94036662326185&w=2 Reference: XF:gauntlet-bsdi-bypass(3397) Reference: URL:http://www.iss.net/security_center/static/3397.php When BSDI patches for Gauntlet 5.0 BSDI are installed in a particular order, Gauntlet allows remote attackers to bypass firewall access restrictions, and does not log the activities. ====================================================== Name: CVE-1999-1048 Status: Entry Reference: BUGTRAQ:19980905 BASH buffer overflow, LiNUX x86 exploit Reference: URL:http://www.securityfocus.com/archive/1/10542 Reference: BUGTRAQ:19970821 Buffer overflow in /bin/bash Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602746719555&w=2 Reference: DEBIAN:19980909 problem with very long pathnames Reference: URL:http://www.debian.org/security/1998/19980909 Reference: XF:linux-bash-bo(3414) Reference: URL:http://xforce.iss.net/static/3414.php Reference: OSVDB:8345 Reference: URL:http://www.osvdb.org/8345 Buffer overflow in bash 2.0.0, 1.4.17, and other versions allows local attackers to gain privileges by creating an extremely large directory name, which is inserted into the password prompt via the \w option in the PS1 environmental variable when another user changes into that directory. ====================================================== Name: CVE-1999-1055 Status: Entry Reference: MS:MS98-018 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms98-018.asp Reference: BID:179 Reference: URL:http://www.securityfocus.com/bid/179 Reference: XF:excel-call(1737) Reference: URL:http://xforce.iss.net/static/1737.php Microsoft Excel 97 does not warn the user before executing worksheet functions, which could allow attackers to execute arbitrary commands by using the CALL function to execute a malicious DLL, aka the Excel "CALL Vulnerability." ====================================================== Name: CVE-1999-1057 Status: Entry Reference: CERT:CA-1990-07 Reference: URL:http://www.cert.org/advisories/CA-1990-07.html Reference: CIAC:B-04 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/b-04.shtml Reference: BID:12 Reference: URL:http://www.securityfocus.com/bid/12 Reference: XF:vms-analyze-processdump-privileges(7137) Reference: URL:http://www.iss.net/security_center/static/7137.php VMS 4.0 through 5.3 allows local users to gain privileges via the ANALYZE/PROCESS_DUMP dcl command. ====================================================== Name: CVE-1999-1059 Status: Entry Reference: CERT:CA-1992-04 Reference: URL:http://www.cert.org/advisories/CA-1992-04.html Reference: BID:36 Reference: URL:http://www.securityfocus.com/bid/36 Reference: XF:att-rexecd(3159) Reference: URL:http://www.iss.net/security_center/static/3159.php Vulnerability in rexec daemon (rexecd) in AT&T TCP/IP 4.0 for various SVR4 systems allows remote attackers to execute arbitrary commands. ====================================================== Name: CVE-1999-1074 Status: Entry Reference: BUGTRAQ:19980501 Warning! Webmin Security Advisory Reference: URL:http://www.securityfocus.com/archive/1/9138 Reference: CONFIRM:http://www.webmin.com/webmin/changes.html Reference: BID:98 Reference: URL:http://www.securityfocus.com/bid/98 Webmin before 0.5 does not restrict the number of invalid passwords that are entered for a valid username, which could allow remote attackers to gain privileges via brute force password cracking. ====================================================== Name: CVE-1999-1080 Status: Entry Reference: BUGTRAQ:19990510 SunOS 5.7 rmmount, no nosuid. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92633694100270&w=2 Reference: BUGTRAQ:19991011 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93971288323395&w=2 Reference: BID:250 Reference: URL:http://www.securityfocus.com/bid/250 Reference: SUNBUG:4205437 Reference: XF:solaris-rmmount-gain-root(8350) Reference: URL:http://xforce.iss.net/xforce/xfdb/8350 rmmount in SunOS 5.7 may mount file systems without the nosuid flag set, contrary to the documentation and its use in previous versions of SunOS, which could allow local users with physical access to gain root privileges by mounting a floppy or CD-ROM that contains a setuid program and running volcheck, when the file systems do not have the nosuid option specified in rmmount.conf. ====================================================== Name: CVE-1999-1085 Status: Entry Reference: BUGTRAQ:19980612 CORE-SDI-04: SSH insertion attack Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221103125884&w=2 Reference: BUGTRAQ:19980703 UPDATE: SSH insertion attack Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104525878&w=2 Reference: CISCO:20010627 Multiple SSH Vulnerabilities Reference: CERT-VN:VU#13877 Reference: URL:http://www.kb.cert.org/vuls/id/13877 Reference: XF:ssh-insert(1126) Reference: URL:http://www.iss.net/security_center/static/1126.php SSH 1.2.25, 1.2.23, and other versions, when used in in CBC (Cipher Block Chaining) or CFB (Cipher Feedback 64 bits) modes, allows remote attackers to insert arbitrary data into an existing stream between an SSH client and server by using a known plaintext attack and computing a valid CRC-32 checksum for the packet, aka the "SSH insertion attack." ====================================================== Name: CVE-1999-1087 Status: Entry Reference: MS:MS98-016 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS98-016.asp Reference: MSKB:Q168617 Reference: URL:http://support.microsoft.com/support/kb/articles/q168/6/17.asp Reference: CONFIRM:http://www.microsoft.com/Windows/Ie/security/dotless.asp Reference: OSVDB:7828 Reference: URL:http://www.osvdb.org/7828 Reference: XF:ie-dotless(2209) Reference: URL:http://xforce.iss.net/static/2209.php Internet Explorer 4 treats a 32-bit number ("dotless IP address") in the a URL as the hostname instead of an IP address, which causes IE to apply Local Intranet Zone settings to the resulting web page, allowing remote malicious web servers to conduct unauthorized activities by using URLs that contain the dotless IP address for their server. ====================================================== Name: CVE-1999-1090 Status: Entry Reference: CERT:CA-1991-15 Reference: URL:http://www.cert.org/advisories/CA-1991-15.html Reference: XF:ftp-ncsa(1844) Reference: URL:http://xforce.iss.net/static/1844.php The default configuration of NCSA Telnet package for Macintosh and PC enables FTP, even though it does not include an "ftp=yes" line, which allows remote attackers to read and modify arbitrary files. ====================================================== Name: CVE-1999-1093 Status: Entry Reference: MS:MS98-011 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS98-011.asp Reference: MSKB:Q191200 Reference: URL:http://support.microsoft.com/support/kb/articles/q191/2/00.asp Reference: XF:java-script-patch(1276) Reference: URL:http://www.iss.net/security_center/static/1276.php Buffer overflow in the Window.External function in the JScript Scripting Engine in Internet Explorer 4.01 SP1 and earlier allows remote attackers to execute arbitrary commands via a malicious web page. ====================================================== Name: CVE-1999-1094 Status: Entry Reference: MSKB:Q176697 Reference: URL:http://support.microsoft.com/support/kb/articles/q176/6/97.asp Reference: BUGTRAQ:19980114 L0pht Advisory MSIE4.0(1) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88480839506155&w=2 Reference: XF:iemk-bug(917) Reference: URL:http://xforce.iss.net/static/917.php Buffer overflow in Internet Explorer 4.01 and earlier allows remote attackers to execute arbitrary commands via a long URL with the "mk:" protocol, aka the "MK Overrun security issue." ====================================================== Name: CVE-1999-1098 Status: Entry Reference: CERT:CA-1995-03 Reference: URL:http://www.cert.org/advisories/CA-1995-03.html Reference: CIAC:F-12 Reference: URL:http://www.ciac.org/ciac/bulletins/f-12.shtml Reference: XF:bsd-telnet(516) Reference: URL:http://www.iss.net/security_center/static/516.php Reference: OSVDB:4881 Reference: URL:http://www.osvdb.org/4881 Vulnerability in BSD Telnet client with encryption and Kerberos 4 authentication allows remote attackers to decrypt the session via sniffing. ====================================================== Name: CVE-1999-1099 Status: Entry Reference: BUGTRAQ:19961122 L0pht Kerberos Advisory Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420184&w=2 Reference: XF:kerberos-user-grab(65) Reference: URL:http://xforce.iss.net/static/65.php Kerberos 4 allows remote attackers to obtain sensitive information via a malformed UDP packet that generates an error string that inadvertently includes the realm name and the last user. ====================================================== Name: CVE-1999-1100 Status: Entry Reference: CISCO:19980616 PIX Private Link Key Processing and Cryptography Issues Reference: URL:http://www.cisco.com/warp/public/770/pixkey-pub.shtml Reference: CIAC:I-056 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/i-056.shtml Reference: XF:cisco-pix-parse-error(1579) Reference: URL:http://xforce.iss.net/static/1579.php Cisco PIX Private Link 4.1.6 and earlier does not properly process certain commands in the configuration file, which reduces the effective key length of the DES key to 48 bits instead of 56 bits, which makes it easier for an attacker to find the proper key via a brute force attack. ====================================================== Name: CVE-1999-1102 Status: Entry Reference: MISC:http://www.phreak.org/archives/security/8lgm/8lgm.lpr Reference: BUGTRAQ:19940307 8lgm Advisory Releases Reference: URL:http://www.aenigma.net/resources/maillist/bugtraq/1994/0091.htm Reference: CIAC:E-25a Reference: URL:http://ciac.llnl.gov/ciac/bulletins/e-25.shtml lpr on SunOS 4.1.1, BSD 4.3, A/UX 2.0.1, and other BSD-based operating systems allows local users to create or overwrite arbitrary files via a symlink attack that is triggered after invoking lpr 1000 times. ====================================================== Name: CVE-1999-1103 Status: Entry Reference: CERT:VB-96.05 Reference: URL:http://www.cert.org/vendor_bulletins/VB-96.05.dec Reference: CIAC:G-18 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/g-18.shtml Reference: MISC:http://www.tao.ca/fire/bos/0209.html Reference: XF:osf-dxconsole-gain-privileges(7138) Reference: URL:http://www.iss.net/security_center/static/7138.php dxconsole in DEC OSF/1 3.2C and earlier allows local users to read arbitrary files by specifying the file with the -file parameter. ====================================================== Name: CVE-1999-1104 Status: Entry Reference: BUGTRAQ:19951205 Cracked: WINDOWS.PWL Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167418931&w=2 Reference: NTBUGTRAQ:19980121 How to recover private keys for various Microsoft products Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=88540877601866&w=2 Reference: BUGTRAQ:19980120 How to recover private keys for various Microsoft products Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88536273725787&w=2 Reference: MSKB:Q140557 Reference: URL:http://support.microsoft.com/support/kb/articles/q140/5/57.asp Reference: XF:win95-nbsmbpwl(71) Reference: URL:http://www.iss.net/security_center/static/71.php Windows 95 uses weak encryption for the password list (.pwl) file used when password caching is enabled, which allows local users to gain privileges by decrypting the passwords. ====================================================== Name: CVE-1999-1105 Status: Entry Reference: CONFIRM:http://www.zdnet.com/eweek/reviews/1016/tr42bug.html Reference: MISC:http://www.net-security.sk/bugs/NT/netware1.html Reference: XF:win95-netware-hidden-share(7231) Reference: URL:http://www.iss.net/security_center/static/7231.php Windows 95, when Remote Administration and File Sharing for NetWare Networks is enabled, creates a share (C$) when an administrator logs in remotely, which allows remote attackers to read arbitrary files by mapping the network drive. ====================================================== Name: CVE-1999-1109 Status: Entry Reference: BUGTRAQ:19991222 Re: procmail / Sendmail - five bugs Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94632241202626&w=2 Reference: BUGTRAQ:20000113 Re: procmail / Sendmail - five bugs Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94780566911948&w=2 Reference: BID:904 Reference: URL:http://www.securityfocus.com/bid/904 Reference: XF:sendmail-etrn-dos(7760) Reference: URL:http://www.iss.net/security_center/static/7760.php Sendmail before 8.10.0 allows remote attackers to cause a denial of service by sending a series of ETRN commands then disconnecting from the server, while Sendmail continues to process the commands after the connection has been terminated. ====================================================== Name: CVE-1999-1111 Status: Entry Reference: BUGTRAQ:19911109 ImmuniX OS Security Alert: StackGuard 1.21 Released Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94218618329838&w=2 Reference: BID:786 Reference: URL:http://www.securityfocus.com/bid/786 Reference: XF:immunix-stackguard-bo(3524) Reference: URL:http://xforce.iss.net/static/3524.php Vulnerability in StackGuard before 1.21 allows remote attackers to bypass the Random and Terminator Canary security mechanisms by using a non-linear attack which directly modifies a pointer to a return address instead of using a buffer overflow to reach the return address entry itself. ====================================================== Name: CVE-1999-1114 Status: Entry Reference: CIAC:H-15A Reference: URL:http://ciac.llnl.gov/ciac/bulletins/h-15a.shtml Reference: AUSCERT:AA-96.17 Reference: URL:ftp://ftp.auscert.org.au/pub/auscert/advisory/AA-96.17.suid_exec.vul Reference: SGI:19980405-01-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980405-01-I Reference: XF:ksh-suid_exec(2100) Reference: URL:http://xforce.iss.net/static/2100.php Reference: BID:467 Reference: URL:http://www.securityfocus.com/bid/467 Buffer overflow in Korn Shell (ksh) suid_exec program on IRIX 6.x and earlier, and possibly other operating systems, allows local users to gain root privileges. ====================================================== Name: CVE-1999-1115 Status: Entry Reference: CERT:CA-1990-04 Reference: URL:http://www.cert.org/advisories/CA-1990-04.html Reference: CIAC:A-30 Reference: URL:http://www.ciac.org/ciac/bulletins/a-30.shtml Reference: BID:7 Reference: URL:http://www.securityfocus.com/bid/7 Reference: XF:apollo-suidexec-unauthorized-access(6721) Reference: URL:http://www.iss.net/security_center/static/6721.php Vulnerability in the /etc/suid_exec program in HP Apollo Domain/OS sr10.2 and sr10.3 beta, related to the Korn Shell (ksh). ====================================================== Name: CVE-1999-1116 Status: Entry Reference: SGI:19970503-01-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19970503-01-PX Reference: BID:462 Reference: URL:http://www.securityfocus.com/bid/462 Reference: OSVDB:1009 Reference: URL:http://www.osvdb.org/1009 Reference: XF:sgi-runpriv(2108) Reference: URL:http://xforce.iss.net/static/2108.php Vulnerability in runpriv in Indigo Magic System Administration subsystem of SGI IRIX 6.3 and 6.4 allows local users to gain root privileges. ====================================================== Name: CVE-1999-1117 Status: Entry Reference: BUGTRAQ:19961124 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&w=2&r=1&s=lquerypv&q=b Reference: BUGTRAQ:19961125 lquerypv fix Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420195&w=2 Reference: BUGTRAQ:19961125 AIX lquerypv Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420196&w=2 Reference: CIAC:H-13 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/h-13.shtml Reference: BID:455 Reference: URL:http://www.securityfocus.com/bid/455 Reference: XF:ibm-lquerypv(1752) Reference: URL:http://xforce.iss.net/static/1752.php lquerypv in AIX 4.1 and 4.2 allows local users to read arbitrary files by specifying the file in the -h command line parameter. ====================================================== Name: CVE-1999-1118 Status: Entry Reference: SUN:00165 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/165&type=0&nav=sec.sba Reference: BID:433 Reference: URL:http://www.securityfocus.com/bid/433 Reference: XF:sun-ndd(817) Reference: URL:http://xforce.iss.net/static/817.php ndd in Solaris 2.6 allows local users to cause a denial of service by modifying certain TCP/IP parameters. ====================================================== Name: CVE-1999-1119 Status: Entry Reference: CERT:CA-1992-09 Reference: URL:http://www.cert.org/advisories/CA-1992-09.html Reference: BID:41 Reference: URL:http://www.securityfocus.com/bid/41 Reference: XF:aix-anon-ftp(3154) Reference: URL:http://xforce.iss.net/static/3154.php FTP installation script anon.ftp in AIX insecurely configures anonymous FTP, which allows remote attackers to execute arbitrary commands. ====================================================== Name: CVE-1999-1120 Status: Entry Reference: BUGTRAQ:19970104 Irix: netprint story Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420403&w=2 Reference: SGI:19961203-01-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19961203-01-PX Reference: SGI:19961203-02-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19961203-02-PX Reference: BID:395 Reference: URL:http://www.securityfocus.com/bid/395 Reference: OSVDB:993 Reference: URL:http://www.osvdb.org/993 Reference: XF:sgi-netprint(2107) Reference: URL:http://xforce.iss.net/static/2107.php netprint in SGI IRIX 6.4 and earlier trusts the PATH environmental variable for finding and executing the disable program, which allows local users to gain privileges. ====================================================== Name: CVE-1999-1121 Status: Entry Reference: CERT:CA-1992-06 Reference: URL:http://www.cert.org/advisories/CA-1992-06.html Reference: BID:38 Reference: URL:http://www.securityfocus.com/bid/38 Reference: XF:ibm-uucp(554) Reference: URL:http://xforce.iss.net/static/554.php Reference: OSVDB:891 Reference: URL:http://www.osvdb.org/891 The default configuration for UUCP in AIX before 3.2 allows local users to gain root privileges. ====================================================== Name: CVE-1999-1122 Status: Entry Reference: CERT:CA-1989-02 Reference: URL:http://www.cert.org/advisories/CA-1989-02.html Reference: CIAC:CIAC-08 Reference: URL:http://www.ciac.org/ciac/bulletins/ciac-08.shtml Reference: SUNBUG:1019265 Reference: BID:3 Reference: URL:http://www.securityfocus.com/bid/3 Reference: XF:sun-restore-gain-privileges(6695) Reference: URL:http://xforce.iss.net/xforce/xfdb/6695 Vulnerability in restore in SunOS 4.0.3 and earlier allows local users to gain privileges. ====================================================== Name: CVE-1999-1127 Status: Entry Reference: MS:MS98-017 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms98-017.asp Reference: MSKB:Q195733 Reference: URL:http://support.microsoft.com/support/kb/articles/Q195/7/33.asp Reference: XF:nt-spoolss(523) Reference: URL:http://www.iss.net/security_center/static/523.php Windows NT 4.0 does not properly shut down invalid named pipe RPC connections, which allows remote attackers to cause a denial of service (resource exhaustion) via a series of connections containing malformed data, aka the "Named Pipes Over RPC" vulnerability. ====================================================== Name: CVE-1999-1131 Status: Entry Reference: CERT:VB-97.12 Reference: URL:http://www.cert.org/vendor_bulletins/VB-97.12.opengroup Reference: CIAC:I-060 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/i-060.shtml Reference: SGI:19980601-01-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980601-01-PX Reference: XF:sgi-osf-dce-dos(1123) Reference: URL:http://xforce.iss.net/static/1123.php Buffer overflow in OSF Distributed Computing Environment (DCE) security demon (secd) in IRIX 6.4 and earlier allows attackers to cause a denial of service via a long principal, group, or organization. ====================================================== Name: CVE-1999-1132 Status: Entry Reference: BUGTRAQ:19981005 NMRC Advisory - Lame NT Token Ring DoS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90763508011966&w=2 Reference: NTBUGTRAQ:19981002 NMRC Advisory - Lame NT Token Ring DoS Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=90760603030452&w=2 Reference: MSKB:Q179157 Reference: URL:http://support.microsoft.com/support/kb/articles/Q179/1/57.asp Reference: XF:token-ring-dos(1399) Reference: URL:http://www.iss.net/security_center/static/1399.php Windows NT 4.0 allows remote attackers to cause a denial of service (crash) via extra source routing data such as (1) a Routing Information Field (RIF) field with a hop count greater than 7, or (2) a list containing duplicate Token Ring IDs. ====================================================== Name: CVE-1999-1136 Status: Entry Reference: HP:HPSBUX9807-081 Reference: URL:http://www.codetalker.com/advisories/vendor/hp/hpsbux9807-081.html Reference: HP:HPSBMP9807-005 Reference: URL:http://cert.ip-plus.net/bulletin-archive/msg00040.html Reference: BUGTRAQ:19980729 HP-UX Predictive & Netscape SSL Vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104526177&w=2 Reference: CIAC:I-081 Reference: URL:http://www.ciac.org/ciac/bulletins/i-081.shtml Reference: XF:mpeix-predictive(1413) Reference: URL:http://xforce.iss.net/static/1413.php Vulnerability in Predictive on HP-UX 11.0 and earlier, and MPE/iX 5.5 and earlier, allows attackers to compromise data transfer for Predictive messages (using e-mail or modem) between customer and Response Center Predictive systems. ====================================================== Name: CVE-1999-1137 Status: Entry Reference: CIAC:E-01 Reference: URL:http://www.ciac.org/ciac/bulletins/e-01.shtml Reference: SUN:00122 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/122&type=0&nav=sec.sba Reference: XF:sun-audio(549) Reference: URL:http://xforce.iss.net/static/549.php Reference: OSVDB:6436 Reference: URL:http://www.osvdb.org/6436 The permissions for the /dev/audio device on Solaris 2.2 and earlier, and SunOS 4.1.x, allow any local user to read from the device, which could be used by an attacker to monitor conversations happening near a machine that has a microphone. ====================================================== Name: CVE-1999-1138 Status: Entry Reference: CERT:CA-1993-13 Reference: URL:http://www.cert.org/advisories/CA-1993-13.html Reference: XF:sco-homedir(546) Reference: URL:http://xforce.iss.net/static/546.php SCO UNIX System V/386 Release 3.2, and other SCO products, installs the home directories (1) /tmp for the dos user, and (2) /usr/tmp for the asg user, which allows other users to gain access to those accounts since /tmp and /usr/tmp are world-writable. ====================================================== Name: CVE-1999-1139 Status: Entry Reference: BUGTRAQ:19980121 HP-UX CUE, CUD and LAND vulnerabilities Reference: URL:http://security-archive.merton.ox.ac.uk/bugtraq-199801/0122.html Reference: BUGTRAQ:19970901 HP UX Bug :) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602880019745&w=2 Reference: HP:HPSBUX9801-074 Reference: URL:http://www.codetalker.com/advisories/vendor/hp/hpsbux9801-074.html Reference: CIAC:I-027B Reference: URL:http://www.ciac.org/ciac/bulletins/i-027b.shtml Reference: XF:hp-cue(2007) Reference: URL:http://www.iss.net/security_center/static/2007.php Character-Terminal User Environment (CUE) in HP-UX 11.0 and earlier allows local users to overwrite arbitrary files and gain root privileges via a symlink attack on the IOERROR.mytty file. ====================================================== Name: CVE-1999-1140 Status: Entry Reference: BUGTRAQ:19971214 buffer overflows in cracklib?! Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88209041500913&w=2 Reference: CERT:VB-97.16 Reference: URL:http://www.cert.org/vendor_bulletins/VB-97.16.CrackLib Reference: XF:cracklib-bo(1539) Reference: URL:http://xforce.iss.net/static/1539.php Buffer overflow in CrackLib 2.5 may allow local users to gain root privileges via a long GECOS field. ====================================================== Name: CVE-1999-1142 Status: Entry Reference: CERT:CA-1992-11 Reference: URL:http://www.cert.org/advisories/CA-1992-11.html Reference: SUN:00116 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/116 Reference: XF:sun-env(3152) Reference: URL:http://xforce.iss.net/static/3152.php SunOS 4.1.2 and earlier allows local users to gain privileges via "LD_*" environmental variables to certain dynamically linked setuid or setgid programs such as (1) login, (2) su, or (3) sendmail, that change the real and effective user ids to the same user. ====================================================== Name: CVE-1999-1143 Status: Entry Reference: CIAC:H-065 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/h-65.shtml Reference: SGI:19970504-01-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19970504-01-PX Reference: XF:sgi-rld(2109) Reference: URL:http://xforce.iss.net/static/2109.php Vulnerability in runtime linker program rld in SGI IRIX 6.x and earlier allows local users to gain privileges via setuid and setgid programs. ====================================================== Name: CVE-1999-1144 Status: Entry Reference: HP:HPSBUX9701-051 Reference: URL:http://www.codetalker.com/advisories/vendor/hp/hpsbux9701-051.html Reference: XF:hp-mpower(2056) Reference: URL:http://xforce.iss.net/static/2056.php Certain files in MPower in HP-UX 10.x are installed with insecure permissions, which allows local users to gain privileges. ====================================================== Name: CVE-1999-1145 Status: Entry Reference: HP:HPSBUX9701-044 Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=1514 Reference: CIAC:H-21 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/h-21.shtml Reference: XF:hp-glanceplus(2059) Reference: URL:http://xforce.iss.net/static/2059.php Vulnerability in Glance programs in GlancePlus for HP-UX 10.20 and earlier allows local users to access arbitrary files and gain privileges. ====================================================== Name: CVE-1999-1146 Status: Entry Reference: HP:HPSBUX9405-011 Reference: URL:http://www.securityfocus.com/advisories/1555 Reference: XF:hp-glanceplus-gpm(2060) Reference: URL:http://xforce.iss.net/static/2060.php Vulnerability in Glance and gpm programs in GlancePlus for HP-UX 9.x and earlier allows local users to access arbitrary files and gain privileges. ====================================================== Name: CVE-1999-1147 Status: Entry Reference: BUGTRAQ:19981204 [SAFER-981204.DOS.1.3] Buffer Overflow in Platinum PCM 7.0 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91273739726314&w=2 Reference: BUGTRAQ:19981207 Re: [SAFER-981204.DOS.1.3] Buffer Overflow in Platinum PCM 7.0 Reference: XF:pcm-dos-execute(1430) Reference: URL:http://xforce.iss.net/static/1430.php Reference: OSVDB:3164 Reference: URL:http://www.osvdb.org/3164 Buffer overflow in Platinum Policy Compliance Manager (PCM) 7.0 allows remote attackers to execute arbitrary commands via a long string to the Agent port (1827), which is handled by smaxagent.exe. ====================================================== Name: CVE-1999-1148 Status: Entry Reference: MS:MS98-006 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms98-006.asp Reference: MSKB:Q189262 Reference: URL:http://support.microsoft.com/support/kb/articles/Q189/2/62.ASP Reference: XF:iis-passive-ftp(1215) Reference: URL:http://xforce.iss.net/static/1215.php FTP service in IIS 4.0 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via many passive (PASV) connections at the same time. ====================================================== Name: CVE-1999-1156 Status: Entry Reference: NTBUGTRAQ:19990517 Vulnerabilities in BisonWare FTP Server 3.5 Reference: XF:bisonware-port-crash(2254) Reference: URL:http://xforce.iss.net/static/2254.php BisonWare FTP Server 4.1 and earlier allows remote attackers to cause a denial of service via a malformed PORT command that contains a non-numeric character and a large number of carriage returns. ====================================================== Name: CVE-1999-1157 Status: Entry Reference: MSKB:Q192774 Reference: URL:http://support.microsoft.com/support/kb/articles/Q192/7/74.ASP Reference: XF:tcpipsys-icmp-dos(3894) Reference: URL:http://xforce.iss.net/static/3894.php Tcpip.sys in Windows NT 4.0 before SP4 allows remote attackers to cause a denial of service via an ICMP Subnet Mask Address Request packet, when certain multiple IP addresses are bound to the same network interface. ====================================================== Name: CVE-1999-1159 Status: Entry Reference: BUGTRAQ:19981229 ssh2 security problem (and patch) (fwd) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91495920911490&w=2 Reference: XF:ssh-privileged-port-forward(1471) Reference: URL:http://xforce.iss.net/static/1471.php SSH 2.0.11 and earlier allows local users to request remote forwarding from privileged ports without being root. ====================================================== Name: CVE-1999-1160 Status: Entry Reference: HP:HPSBUX9702-055 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420581&w=2 Reference: CIAC:H-33 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/h-33.shtml Reference: XF:hp-ftpd-kftpd(7437) Reference: URL:http://www.iss.net/security_center/static/7437.php Vulnerability in ftpd/kftpd in HP-UX 10.x and 9.x allows local and possibly remote users to gain root privileges. ====================================================== Name: CVE-1999-1161 Status: Entry Reference: BUGTRAQ:19961103 Re: Untitled Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420102&w=2 Reference: BUGTRAQ:19961104 ppl bugs Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420103&w=2 Reference: HP:HPSBUX9704-057 Reference: URL:http://www.codetalker.com/advisories/vendor/hp/hpsbux9704-057.html Reference: CIAC:H-32 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/h-32.shtml Reference: AUSCERT:AA-97.07 Reference: XF:hp-ppl(7438) Reference: URL:http://www.iss.net/security_center/static/7438.php Vulnerability in ppl in HP-UX 10.x and earlier allows local users to gain root privileges by forcing ppl to core dump. ====================================================== Name: CVE-1999-1162 Status: Entry Reference: CERT:CA-1993-08 Reference: URL:http://www.cert.org/advisories/CA-1993-08.html Reference: XF:sco-passwd-deny(542) Reference: URL:http://www.iss.net/security_center/static/542.php Vulnerability in passwd in SCO UNIX 4.0 and earlier allows attackers to cause a denial of service by preventing users from being able to log into the system. ====================================================== Name: CVE-1999-1163 Status: Entry Reference: HP:HPSBUX9911-105 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94347039929958&w=2 Reference: XF:hp-ssp(7439) Reference: URL:http://www.iss.net/security_center/static/7439.php Vulnerability in HP Series 800 S/X/V Class servers allows remote attackers to gain access to the S/X/V Class console via the Service Support Processor (SSP) Teststation. ====================================================== Name: CVE-1999-1167 Status: Entry Reference: CONFIRM:http://www.wired.com/news/technology/0,1282,20677,00.html Reference: MISC:http://www.wired.com/news/technology/0,1282,20636,00.html Reference: XF:thirdvoice-cross-site-scripting(7252) Reference: URL:http://www.iss.net/security_center/static/7252.php Cross-site scripting vulnerability in Third Voice Web annotation utility allows remote users to read sensitive data and generate fake web pages for other Third Voice users by injecting malicious Javascript into an annotation. ====================================================== Name: CVE-1999-1175 Status: Entry Reference: CISCO:19980513 Cisco Web Cache Control Protocol Router Vulnerability Reference: URL:http://www.cisco.com/warp/public/770/wccpauth-pub.shtml Reference: CIAC:I-054 Reference: URL:http://www.ciac.org/ciac/bulletins/i-054.shtml Reference: XF:cisco-wccp-vuln(1577) Reference: URL:http://xforce.iss.net/static/1577.php Web Cache Control Protocol (WCCP) in Cisco Cache Engine for Cisco IOS 11.2 and earlier does not use authentication, which allows remote attackers to redirect HTTP traffic to arbitrary hosts via WCCP packets to UDP port 2048. ====================================================== Name: CVE-1999-1177 Status: Entry Reference: MISC:http://www.w3.org/Security/Faq/wwwsf4.html Reference: CONFIRM:http://www-genome.wi.mit.edu/WWW/tools/CGI_scripts/server_publish/nph-publish Reference: XF:http-cgi-nphpublish(2055) Reference: URL:http://xforce.iss.net/static/2055.php Directory traversal vulnerability in nph-publish before 1.2 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the pathname for an upload operation. ====================================================== Name: CVE-1999-1181 Status: Entry Reference: SGI:19980901-01-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980901-01-PX Reference: CIAC:J-003 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/j-003.shtml Reference: XF:irix-register(7441) Reference: URL:http://www.iss.net/security_center/static/7441.php Vulnerability in On-Line Customer Registration software for IRIX 6.2 through 6.4 allows local users to gain root privileges. ====================================================== Name: CVE-1999-1188 Status: Entry Reference: BUGTRAQ:19981227 mysql: mysqld creates world readable logs.. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91479159617803&w=2 Reference: XF:mysql-readable-log-files(1568) Reference: URL:http://xforce.iss.net/static/1568.php mysqld in MySQL 3.21 creates log files with world-readable permissions, which allows local users to obtain passwords for users who are added to the user database. ====================================================== Name: CVE-1999-1189 Status: Entry Reference: BUGTRAQ:19991124 Netscape Communicator 4.7 - Navigator Overflows Reference: URL:http://www.securityfocus.com/archive/1/36306 Reference: BUGTRAQ:19991127 Netscape Communicator 4.7 - Navigator Overflows Reference: URL:http://www.securityfocus.com/archive/1/36608 Reference: BID:822 Reference: URL:http://www.securityfocus.com/bid/822 Reference: XF:netscape-long-argument-bo(7884) Reference: URL:http://xforce.iss.net/xforce/xfdb/7884 Buffer overflow in Netscape Navigator/Communicator 4.7 for Windows 95 and Windows 98 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long argument after the ? character in a URL that references an .asp, .cgi, .html, or .pl file. ====================================================== Name: CVE-1999-1191 Status: Entry Reference: BUGTRAQ:19970519 Re: Finally, most of an exploit for Solaris 2.5.1's ps. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167418335&w=2 Reference: AUSCERT:AA-97.18 Reference: URL:ftp://ftp.auscert.org.au/pub/auscert/advisory/AA-97.18.solaris.chkey.buffer.overflow.vul Reference: SUN:00144 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/144 Reference: BID:207 Reference: URL:http://www.securityfocus.com/bid/207 Reference: XF:solaris-chkey-bo(7442) Reference: URL:http://www.iss.net/security_center/static/7442.php Buffer overflow in chkey in Solaris 2.5.1 and earlier allows local users to gain root privileges via a long command line argument. ====================================================== Name: CVE-1999-1192 Status: Entry Reference: SUN:00143 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/143 Reference: BID:206 Reference: URL:http://www.securityfocus.com/bid/206 Reference: XF:solaris-eeprom-bo(7444) Reference: URL:http://www.iss.net/security_center/static/7444.php Buffer overflow in eeprom in Solaris 2.5.1 and earlier allows local users to gain root privileges via a long command line argument. ====================================================== Name: CVE-1999-1193 Status: Entry Reference: CERT:CA-1991-06 Reference: URL:http://www.cert.org/advisories/CA-1991-06.html Reference: XF:next-me(581) Reference: URL:http://xforce.iss.net/static/581.php Reference: BID:20 Reference: URL:http://www.securityfocus.com/bid/20 The "me" user in NeXT NeXTstep 2.1 and earlier has wheel group privileges, which could allow the me user to use the su command to become root. ====================================================== Name: CVE-1999-1194 Status: Entry Reference: CERT:CA-1991-05 Reference: URL:http://www.cert.org/advisories/CA-1991-05.html Reference: BID:17 Reference: URL:http://www.securityfocus.com/bid/17 Reference: XF:dec-chroot(577) Reference: URL:http://xforce.iss.net/static/577.php chroot in Digital Ultrix 4.1 and 4.0 is insecurely installed, which allows local users to gain privileges. ====================================================== Name: CVE-1999-1197 Status: Entry Reference: CERT:CA-1990-12 Reference: URL:http://www.cert.org/advisories/CA-1990-12.html Reference: BID:14 Reference: URL:http://www.securityfocus.com/bid/14 Reference: XF:sunos-tioccons-console-redirection(7140) Reference: URL:http://www.iss.net/security_center/static/7140.php TIOCCONS in SunOS 4.1.1 does not properly check the permissions of a user who tries to redirect console output and input, which could allow a local user to gain privileges. ====================================================== Name: CVE-1999-1198 Status: Entry Reference: CERT:CA-1990-06 Reference: URL:http://www.cert.org/advisories/CA-1990-06.html Reference: CIAC:B-01 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/b-01.shtml Reference: BID:11 Reference: URL:http://www.securityfocus.com/bid/11 Reference: XF:nextstep-builddisk-root-access(7141) Reference: URL:http://www.iss.net/security_center/static/7141.php BuildDisk program on NeXT systems before 2.0 does not prompt users for the root password, which allows local users to gain root privileges. ====================================================== Name: CVE-1999-1199 Status: Entry Reference: BUGTRAQ:19980807 YA Apache DoS attack Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90252779826784&w=2 Reference: BUGTRAQ:19980808 Debian Apache Security Update Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90276683825862&w=2 Reference: BUGTRAQ:19980810 Apache DoS Attack Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90286768232093&w=2 Reference: BUGTRAQ:19980811 Apache 'sioux' DOS fix for TurboLinux Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90280517007869&w=2 Reference: CONFIRM:http://www.redhat.com/support/errata/rh51-errata-general.html#apache Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability. ====================================================== Name: CVE-1999-1201 Status: Entry Reference: NTBUGTRAQ:19990206 New Windows 9x Bug: TCP Chorusing Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=91849617221319&w=2 Reference: BID:225 Reference: URL:http://www.securityfocus.com/bid/225 Reference: XF:win-multiple-ip-dos(7542) Reference: URL:http://xforce.iss.net/xforce/xfdb/7542 Windows 95 and Windows 98 systems, when configured with multiple TCP/IP stacks bound to the same MAC address, allow remote attackers to cause a denial of service (traffic amplification) via a certain ICMP echo (ping) packet, which causes all stacks to send a ping response, aka TCP Chorusing. ====================================================== Name: CVE-1999-1203 Status: Entry Reference: BUGTRAQ:19990210 Security problems in ISDN equipment authentication Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91868964203769&w=2 Reference: BUGTRAQ:19990212 PPP/ISDN multilink security issue - summary Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91888117502765&w=2 Reference: XF:ascend-ppp-isdn-dos(7498) Reference: URL:http://www.iss.net/security_center/static/7498.php Multilink PPP for ISDN dialup users in Ascend before 4.6 allows remote attackers to cause a denial of service via a spoofed endpoint identifier. ====================================================== Name: CVE-1999-1204 Status: Entry Reference: BUGTRAQ:19980511 Firewall-1 Reserved Keywords Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221101925912&w=2 Reference: CONFIRM:http://www.checkpoint.com/techsupport/config/keywords.html Reference: XF:fw1-user-defined-keywords-access(7293) Reference: URL:http://xforce.iss.net/static/7293.php Reference: OSVDB:4416 Reference: URL:http://www.osvdb.org/4416 Check Point Firewall-1 does not properly handle certain restricted keywords (e.g., Mail, auth, time) in user-defined objects, which could produce a rule with a default "ANY" address and result in access to more systems than intended by the administrator. ====================================================== Name: CVE-1999-1205 Status: Entry Reference: BUGTRAQ:19960607 HP-UX B.10.01 vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167419195&w=2 Reference: HP:HPSBUX9607-035 Reference: URL:http://packetstormsecurity.org/advisories/ibm-ers/96-08 Reference: CIAC:G-34 Reference: XF:hp-nettune(414) Reference: URL:http://xforce.iss.net/xforce/xfdb/414 nettune in HP-UX 10.01 and 10.00 is installed setuid root, which allows local users to cause a denial of service by modifying critical networking configuration information. ====================================================== Name: CVE-1999-1208 Status: Entry Reference: BUGTRAQ:19970721 AIX ping, lchangelv, xlock fixes Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602661419337&w=2 Reference: BUGTRAQ:19970721 AIX ping (Exploit) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602661419330&w=2 Reference: XF:ping-bo(803) Reference: URL:http://xforce.iss.net/static/803.php Buffer overflow in ping in AIX 4.2 and earlier allows local users to gain root privileges via a long command line argument. ====================================================== Name: CVE-1999-1209 Status: Entry Reference: BUGTRAQ:19971204 scoterm exploit Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88131151000069&w=2 Reference: CERT:VB-97.14 Reference: URL:http://www.cert.org/vendor_bulletins/VB-97.14.scoterm Reference: XF:sco-scoterm(690) Reference: URL:http://xforce.iss.net/xforce/xfdb/690 Vulnerability in scoterm in SCO OpenServer 5.0 and SCO Open Desktop/Open Server 3.0 allows local users to gain root privileges. ====================================================== Name: CVE-1999-1214 Status: Entry Reference: OPENBSD:19970915 Vulnerability in I/O Signal Handling Reference: URL:http://www.openbsd.com/advisories/signals.txt Reference: MISC:http://www.openbsd.com/advisories/signals.txt Reference: OSVDB:11062 Reference: URL:http://www.osvdb.org/11062 Reference: XF:openbsd-iosig(556) Reference: URL:http://xforce.iss.net/static/556.php The asynchronous I/O facility in 4.4 BSD kernel does not check user credentials when setting the recipient of I/O notification, which allows local users to cause a denial of service by using certain ioctl and fcntl calls to cause the signal to be sent to an arbitrary process ID. ====================================================== Name: CVE-1999-1215 Status: Entry Reference: CIAC:D-21 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/d-21.shtml Reference: CERT:CA-1993-12 Reference: URL:http://www.cert.org/advisories/CA-1993-12.html Reference: XF:novell-login(545) Reference: URL:http://xforce.iss.net/static/545.php LOGIN.EXE program in Novell Netware 4.0 and 4.01 temporarily writes user name and password information to disk, which could allow local users to gain privileges. ====================================================== Name: CVE-1999-1217 Status: Entry Reference: NTBUGTRAQ:19970725 Re: NT security - why bother? Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=87602726319435&w=2 Reference: NTBUGTRAQ:19970723 NT security - why bother? Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=87602726319426&w=2 Reference: XF:nt-path(526) Reference: URL:http://xforce.iss.net/static/526.php The PATH in Windows NT includes the current working directory (.), which could allow local users to gain privileges by placing Trojan horse programs with the same name as commonly used system programs into certain directories. ====================================================== Name: CVE-1999-1222 Status: Entry Reference: MSKB:Q188571 Reference: URL:http://support.microsoft.com/support/kb/articles/Q188/5/71.ASP Reference: XF:dns-netbtsys-dos(3893) Reference: URL:http://xforce.iss.net/static/3893.php Netbt.sys in Windows NT 4.0 allows remote malicious DNS servers to cause a denial of service (crash) by returning 0.0.0.0 as the IP address for a DNS host name lookup. ====================================================== Name: CVE-1999-1223 Status: Entry Reference: MSKB:Q187503 Reference: URL:http://support.microsoft.com/support/kb/articles/q187/5/03.asp Reference: XF:url-asp-av(3892) Reference: URL:http://xforce.iss.net/static/3892.php IIS 3.0 allows remote attackers to cause a denial of service via a request to an ASP page in which the URL contains a large number of / (forward slash) characters. ====================================================== Name: CVE-1999-1226 Status: Entry Reference: MISC:http://www.securiteam.com/exploits/Netscape_4_7_and_earlier_vulnerable_to__Huge_Key__DoS.html Reference: XF:netscape-huge-key-dos(3436) Reference: URL:http://xforce.iss.net/static/3436.php Netscape Communicator 4.7 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long certificate key. ====================================================== Name: CVE-1999-1233 Status: Entry Reference: MS:MS99-039 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-039.asp Reference: MSKB:241562 Reference: URL:http://support.microsoft.com/support/kb/articles/Q241/5/62.asp Reference: BID:657 Reference: URL:http://www.securityfocus.com/bid/657 Reference: XF:iis-unresolved-domain-access(3306) Reference: URL:http://xforce.iss.net/static/3306.php IIS 4.0 does not properly restrict access for the initial session request from a user's IP address if the address does not resolve to a DNS domain, aka the "Domain Resolution" vulnerability. ====================================================== Name: CVE-1999-1243 Status: Entry Reference: CIAC:F-16 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/f-16.shtml Reference: SGI:19950301-01-P373 Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19950301-01-P373 Reference: XF:sgi-permissions(2113) Reference: URL:http://xforce.iss.net/static/2113.php SGI Desktop Permissions Tool in IRIX 6.0.1 and earlier allows local users to modify permissions for arbitrary files and gain privileges. ====================================================== Name: CVE-1999-1246 Status: Entry Reference: MSKB:Q229972 Reference: URL:http://support.microsoft.com/support/kb/articles/Q229/9/72.asp Reference: XF:siteserver-directmail-passwords(2068) Reference: URL:http://xforce.iss.net/static/2068.php Direct Mailer feature in Microsoft Site Server 3.0 saves user domain names and passwords in plaintext in the TMLBQueue network share, which has insecure default permissions, allowing remote attackers to read the passwords and gain privileges. ====================================================== Name: CVE-1999-1249 Status: Entry Reference: HP:HPSBUX9701-047 Reference: URL:http://www.codetalker.com/advisories/vendor/hp/hpsbux9701-047.html Reference: XF:hp-movemail(2057) Reference: URL:http://xforce.iss.net/static/2057.php Reference: OSVDB:8099 Reference: URL:http://www.osvdb.org/8099 movemail in HP-UX 10.20 has insecure permissions, which allows local users to gain privileges. ====================================================== Name: CVE-1999-1258 Status: Entry Reference: SUN:00102 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/102 Reference: XF:sun-pwdauthd(1782) Reference: URL:http://xforce.iss.net/static/1782.php rpc.pwdauthd in SunOS 4.1.1 and earlier does not properly prevent remote access to the daemon, which allows remote attackers to obtain sensitive system information. ====================================================== Name: CVE-1999-1259 Status: Entry Reference: MSKB:Q189529 Reference: URL:http://support.microsoft.com/support/kb/articles/q189/5/29.asp Reference: XF:office-extraneous-data(1780) Reference: URL:http://xforce.iss.net/static/1780.php Microsoft Office 98, Macintosh Edition, does not properly initialize the disk space used by Office 98 files and effectively inserts data from previously deleted files into the Office file, which could allow attackers to obtain sensitive information. ====================================================== Name: CVE-1999-1262 Status: Entry Reference: BUGTRAQ:19990202 Unsecured server in applets under Netscape Reference: URL:http://www.securityfocus.com/archive/1/12231 Reference: XF:java-socket-open(1727) Reference: URL:http://xforce.iss.net/static/1727.php Java in Netscape 4.5 does not properly restrict applets from connecting to other hosts besides the one from which the applet was loaded, which violates the Java security model and could allow remote attackers to conduct unauthorized activities. ====================================================== Name: CVE-1999-1263 Status: Entry Reference: BUGTRAQ:19971024 Vulnerability in metamail Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87773365324657&w=2 Reference: XF:metamail-file-creation(1677) Reference: URL:http://xforce.iss.net/static/1677.php Metamail before 2.7-7.2 allows remote attackers to overwrite arbitrary files via an e-mail message containing a uuencoded attachment that specifies the full pathname for the file to be modified, which is processed by uuencode in Metamail scripts such as sun-audio-file. ====================================================== Name: CVE-1999-1276 Status: Entry Reference: DEBIAN:19981207 fte-console: does not drop its root priviliges Reference: URL:http://www.debian.org/security/1998/19981207 Reference: XF:fte-console-privileges(1609) Reference: URL:http://xforce.iss.net/static/1609.php fte-console in the fte package before 0.46b-4.1 does not drop root privileges, which allows local users to gain root access via the virtual console device. ====================================================== Name: CVE-1999-1279 Status: Entry Reference: MSKB:Q138001 Reference: URL:http://support.microsoft.com/support/kb/articles/q138/0/01.asp Reference: XF:snaserver-shared-folders(1548) Reference: URL:http://xforce.iss.net/static/1548.php An interaction between the AS/400 shared folders feature and Microsoft SNA Server 3.0 and earlier allows users to view each other's folders when the users share the same Local APPC LU. ====================================================== Name: CVE-1999-1284 Status: Entry Reference: BUGTRAQ:19981105 various *lame* DoS attacks Reference: URL:http://www.securityfocus.com/archive/1/11131 Reference: BUGTRAQ:19981107 Re: various *lame* DoS attacks Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91063407332594&w=2 Reference: MISC:http://www.dynamsol.com/puppet/text/new.txt Reference: XF:nukenabber-timeout-dos(1540) Reference: URL:http://xforce.iss.net/static/1540.php NukeNabber allows remote attackers to cause a denial of service by connecting to the NukeNabber port (1080) without sending any data, which causes the CPU usage to rise to 100% from the report.exe program that is executed upon the connection. ====================================================== Name: CVE-1999-1288 Status: Entry Reference: BUGTRAQ:19981119 Vulnerability in Samba on RedHat, Caldera and PHT TurboLinux Reference: URL:http://www.securityfocus.com/archive/1/11397 Reference: CALDERA:SA-1998.35 Reference: URL:http://www.caldera.com/support/security/advisories/SA-1998.35.txt Reference: XF:samba-wsmbconf(1406) Reference: URL:http://xforce.iss.net/static/1406.php Samba 1.9.18 inadvertently includes a prototype application, wsmbconf, which is installed with incorrect permissions including the setgid bit, which allows local users to read and write files and possibly gain privileges via bugs in the program. ====================================================== Name: CVE-1999-1290 Status: Entry Reference: BUGTRAQ:19981117 nftp vulnerability (fwd) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91127951426494&w=2 Reference: CONFIRM:http://www.ayukov.com/nftp/history.html Reference: XF:nftp-bo(1397) Reference: URL:http://xforce.iss.net/static/1397.php Buffer overflow in nftp FTP client version 1.40 allows remote malicious FTP servers to cause a denial of service, and possibly execute arbitrary commands, via a long response string. ====================================================== Name: CVE-1999-1294 Status: Entry Reference: MSKB:Q146604 Reference: URL:http://support.microsoft.com/support/kb/articles/q146/6/04.asp Reference: XF:nt-filemgr(562) Reference: URL:http://xforce.iss.net/static/562.php Office Shortcut Bar (OSB) in Windows 3.51 enables backup and restore permissions, which are inherited by programs such as File Manager that are started from the Shortcut Bar, which could allow local users to read folders for which they do not have permission. ====================================================== Name: CVE-1999-1297 Status: Entry Reference: SUNBUG:1077164 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fpatches%2F100452&zone_32=10045%2A%20 Reference: XF:sun-cmdtool-echo(7482) Reference: URL:http://xforce.iss.net/static/7482.php cmdtool in OpenWindows 3.0 and XView 3.0 in SunOS 4.1.4 and earlier allows attackers with physical access to the system to display unechoed characters (such as those from password prompts) via the L2/AGAIN key. ====================================================== Name: CVE-1999-1298 Status: Entry Reference: FREEBSD:FreeBSD-SA-97:03 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/old/FreeBSD-SA-97:03.sysinstall.asc Reference: XF:freebsd-sysinstall-ftp-password(7537) Reference: URL:http://www.iss.net/security_center/static/7537.php Reference: OSVDB:6087 Reference: URL:http://www.osvdb.org/6087 Sysinstall in FreeBSD 2.2.1 and earlier, when configuring anonymous FTP, creates the ftp user without a password and with /bin/date as the shell, which could allow attackers to gain access to certain system resources. ====================================================== Name: CVE-1999-1301 Status: Entry Reference: CIAC:G-31 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/g-31.shtml Reference: FREEBSD:FreeBSD-SA-96:17 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/old/FreeBSD-SA-96:17.rzsz.asc Reference: XF:rzsz-command-execution(7540) Reference: URL:http://www.iss.net/security_center/static/7540.php A design flaw in the Z-Modem protocol allows the remote sender of a file to execute arbitrary programs on the client, as implemented in rz in the rzsz module of FreeBSD before 2.1.5, and possibly other programs. ====================================================== Name: CVE-1999-1309 Status: Entry Reference: BUGTRAQ:19940314 sendmail -d problem (OLD yet still here) Reference: URL:http://www.dataguard.no/bugtraq/1994_1/0040.html Reference: BUGTRAQ:19940315 so... Reference: URL:http://www.dataguard.no/bugtraq/1994_1/0043.html Reference: BUGTRAQ:19940315 anyone know details? Reference: URL:http://www.dataguard.no/bugtraq/1994_1/0042.html Reference: BUGTRAQ:19940315 Security problem in sendmail versions 8.x.x Reference: URL:http://www.dataguard.no/bugtraq/1994_1/0048.html Reference: BUGTRAQ:19940327 sendmail exploit script - resend Reference: URL:http://www.dataguard.no/bugtraq/1994_1/0078.html Reference: CERT:CA-1994-12 Reference: URL:http://www.cert.org/advisories/CA-94.12.sendmail.vulnerabilities Reference: XF:sendmail-debug-gain-root(7155) Reference: URL:http://xforce.iss.net/static/7155.php Sendmail before 8.6.7 allows local users to gain root access via a large value in the debug (-d) command line option. ====================================================== Name: CVE-1999-1316 Status: Entry Reference: MSKB:Q247975 Reference: URL:http://support.microsoft.com/support/kb/articles/Q247/9/75.asp Reference: XF:passfilt-fullname(7391) Reference: URL:http://xforce.iss.net/static/7391.php Passfilt.dll in Windows NT SP2 allows users to create a password that contains the user's name, which could make it easier for an attacker to guess. ====================================================== Name: CVE-1999-1317 Status: Entry Reference: NTBUGTRAQ:19990312 [ ALERT ] Case Sensitivity and Symbolic Links Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92127046701349&w=2 Reference: NTBUGTRAQ:19990314 AW: [ ALERT ] Case Sensitivity and Symbolic Links Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92162979530341&w=2 Reference: MSKB:Q222159 Reference: URL:http://support.microsoft.com/support/kb/articles/q222/1/59.asp Reference: XF:nt-symlink-case(7398) Reference: URL:http://xforce.iss.net/static/7398.php Windows NT 4.0 SP4 and earlier allows local users to gain privileges by modifying the symbolic link table in the \?? object folder using a different case letter (upper or lower) to point to a different device. ====================================================== Name: CVE-1999-1318 Status: Entry Reference: SUNBUG:1121935 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fpatches%2F100630&zone_32=112193%2A%20 Reference: XF:sun-su-path(7480) Reference: URL:http://www.iss.net/security_center/static/7480.php /usr/5bin/su in SunOS 4.1.3 and earlier uses a search path that includes the current working directory (.), which allows local users to gain privileges via Trojan horse programs. ====================================================== Name: CVE-1999-1320 Status: Entry Reference: CIAC:D-01 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/d-01.shtml Reference: XF:netware-packet-spoofing-privileges(7213) Reference: URL:http://www.iss.net/security_center/static/7213.php Vulnerability in Novell NetWare 3.x and earlier allows local users to gain privileges via packet spoofing. ====================================================== Name: CVE-1999-1321 Status: Entry Reference: BUGTRAQ:19981105 security patch for ssh-1.2.26 kerberos code Reference: URL:http://lists.netspace.org/cgi-bin/wa?A2=ind9811A&L=bugtraq&P=R4814 Reference: OSVDB:4883 Reference: URL:http://www.osvdb.org/4883 Buffer overflow in ssh 1.2.26 client with Kerberos V enabled could allow remote attackers to cause a denial of service or execute arbitrary commands via a long DNS hostname that is not properly handled during TGT ticket passing. ====================================================== Name: CVE-1999-1324 Status: Entry Reference: CIAC:D-06 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/d-06.shtml Reference: XF:openvms-sysgen-enabled(7225) Reference: URL:http://xforce.iss.net/static/7225.php VAXstations running Open VMS 5.3 through 5.5-2 with VMS DECwindows or MOTIF do not properly disable access to user accounts that exceed the break-in limit threshold for failed login attempts, which makes it easier for attackers to conduct brute force password guessing. ====================================================== Name: CVE-1999-1325 Status: Entry Reference: CIAC:C-19 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/c-19.shtml Reference: XF:vaxvms-sas-gain-privileges(7261) Reference: URL:http://xforce.iss.net/static/7261.php SAS System 5.18 on VAX/VMS is installed with insecure permissions for its directories and startup file, which allows local users to gain privileges. ====================================================== Name: CVE-1999-1326 Status: Entry Reference: BUGTRAQ:19970104 serious security bug in wu-ftpd v2.4 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420401&w=2 Reference: BUGTRAQ:19970105 BoS: serious security bug in wu-ftpd v2.4 -- PATCH Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420408&w=2 Reference: XF:wuftpd-abor-gain-privileges(7169) Reference: URL:http://xforce.iss.net/static/7169.php wu-ftpd 2.4 FTP server does not properly drop privileges when an ABOR (abort file transfer) command is executed during a file transfer, which causes a signal to be handled incorrectly and allows local and possibly remote attackers to read arbitrary files. ====================================================== Name: CVE-1999-1327 Status: Entry Reference: BUGTRAQ:19980601 Re: SECURITY: Red Hat Linux 5.1 linuxconf bug (fwd) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221103125826&w=2 Reference: CONFIRM:http://www.redhat.com/support/errata/rh51-errata-general.html#linuxconf Reference: XF:linuxconf-lang-bo(7239) Reference: URL:http://www.iss.net/security_center/static/7239.php Reference: OSVDB:6065 Reference: URL:http://www.osvdb.org/6065 Buffer overflow in linuxconf 1.11r11-rh2 on Red Hat Linux 5.1 allows local users to gain root privileges via a long LANG environmental variable. ====================================================== Name: CVE-1999-1328 Status: Entry Reference: BUGTRAQ:19980826 [djb@redhat.com: Unidentified subject!] Reference: BUGTRAQ:19980823 Security concerns in linuxconf shipped w/RedHat 5.1 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90383955231511&w=2 Reference: CONFIRM:http://www.redhat.com/support/errata/rh51-errata-general.html#linuxconf Reference: XF:linuxconf-symlink-gain-privileges(7232) Reference: URL:http://www.iss.net/security_center/static/7232.php Reference: OSVDB:6068 Reference: URL:http://www.osvdb.org/6068 linuxconf before 1.11.r11-rh3 on Red Hat Linux 5.1 allows local users to overwrite arbitrary files and gain root access via a symlink attack. ====================================================== Name: CVE-1999-1329 Status: Entry Reference: CONFIRM:http://www.redhat.com/support/errata/rh50-errata-general.html#SysVinit Reference: XF:sysvinit-root-bo(7250) Reference: URL:http://www.iss.net/security_center/static/7250.php Buffer overflow in SysVInit in Red Hat Linux 5.1 and earlier allows local users to gain privileges. ====================================================== Name: CVE-1999-1330 Status: Entry Reference: BUGTRAQ:19970709 [linux-security] so-called snprintf() in db-1.85.4 (fwd) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602661419259&w=2 Reference: CONFIRM:http://lists.openresources.com/Debian/debian-bugs-closed/msg00581.html Reference: CONFIRM:http://www.redhat.com/support/errata/rh42-errata-general.html#db Reference: XF:linux-libdb-snprintf-bo(7244) Reference: URL:http://www.iss.net/security_center/static/7244.php The snprintf function in the db library 1.85.4 ignores the size parameter, which could allow attackers to exploit buffer overflows that would be prevented by a properly implemented snprintf. ====================================================== Name: CVE-1999-1331 Status: Entry Reference: CONFIRM:http://www.redhat.com/support/errata/rh42-errata-general.html#netcfg Reference: XF:netcfg-ethernet-dos(7245) Reference: URL:http://www.iss.net/security_center/static/7245.php netcfg 2.16-1 in Red Hat Linux 4.2 allows the Ethernet interface to be controlled by users on reboot when an option is set, which allows local users to cause a denial of service by shutting down the interface. ====================================================== Name: CVE-1999-1332 Status: Entry Reference: BUGTRAQ:19980128 GZEXE - the big problem Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88603844115233&w=2 Reference: CONFIRM:http://www.redhat.com/support/errata/rh50-errata-general.html#gzip Reference: DEBIAN:DSA-308 Reference: URL:http://www.debian.org/security/2003/dsa-308 Reference: BID:7845 Reference: URL:http://www.securityfocus.com/bid/7845 Reference: OSVDB:3812 Reference: URL:http://www.osvdb.org/3812 Reference: XF:gzip-gzexe-tmp-symlink(7241) Reference: URL:http://www.iss.net/security_center/static/7241.php gzexe in the gzip package on Red Hat Linux 5.0 and earlier allows local users to overwrite files of other users via a symlink attack on a temporary file. ====================================================== Name: CVE-1999-1333 Status: Entry Reference: BUGTRAQ:19980319 ncftp 2.4.2 MkDirs bug Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=89042322924057&w=2 Reference: CONFIRM:http://www.redhat.com/support/errata/rh50-errata-general.html#ncftp Reference: XF:ncftp-autodownload-command-execution(7240) Reference: URL:http://www.iss.net/security_center/static/7240.php Reference: OSVDB:6111 Reference: URL:http://www.osvdb.org/6111 automatic download option in ncftp 2.4.2 FTP client in Red Hat Linux 5.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the names of files that are to be downloaded. ====================================================== Name: CVE-1999-1335 Status: Entry Reference: CONFIRM:http://www.redhat.com/support/errata/rh40-errata-general.html#cmu-snmp Reference: XF:cmusnmp-read-write(7251) Reference: URL:http://xforce.iss.net/static/7251.php snmpd server in cmu-snmp SNMP package before 3.3-1 in Red Hat Linux 4.0 is configured to allow remote attackers to read and write sensitive information. ====================================================== Name: CVE-1999-1336 Status: Entry Reference: BUGTRAQ:19990812 3com hiperarch flaw [hiperbomb.c] Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93458364903256&w=2 Reference: BUGTRAQ:19990816 Re: 3com hiperarch flaw [hiperbomb.c] Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93492615408725&w=2 Reference: OSVDB:6057 Reference: URL:http://www.osvdb.org/6057 3Com HiPer Access Router Card (HiperARC) 4.0 through 4.2.29 allows remote attackers to cause a denial of service (reboot) via a flood of IAC packets to the telnet port. ====================================================== Name: CVE-1999-1337 Status: Entry Reference: BUGTRAQ:19990801 midnight commander vulnerability(?) (fwd) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93370073207984&w=2 Reference: XF:midnight-commander-data-disclosure(9873) Reference: URL:http://www.iss.net/security_center/static/9873.php Reference: OSVDB:5921 Reference: URL:http://www.osvdb.org/5921 FTP client in Midnight Commander (mc) before 4.5.11 stores usernames and passwords for visited sites in plaintext in the world-readable history file, which allows other local users to gain privileges. ====================================================== Name: CVE-1999-1339 Status: Entry Reference: BUGTRAQ:19990722 Re: ping -R causes kernel panic on a forwarding machine ( 2.2.5 a nd 2 .2.10) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93277766505061&w=2 Reference: BUGTRAQ:19990722 Linux +ipchains+ ping -R Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93277426802802&w=2 Reference: CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.2/patch-2.2.11.gz Reference: XF:ipchains-ping-route-dos(7257) Reference: URL:http://www.iss.net/security_center/static/7257.php Reference: OSVDB:6105 Reference: URL:http://www.osvdb.org/6105 Vulnerability when Network Address Translation (NAT) is enabled in Linux 2.2.10 and earlier with ipchains, or FreeBSD 3.2 with ipfw, allows remote attackers to cause a denial of service (kernel panic) via a ping -R (record route) command. ====================================================== Name: CVE-1999-1341 Status: Entry Reference: BUGTRAQ:19991022 Local user can send forged packets Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94061108411308&w=2 Reference: XF:linux-tiocsetd-forge-packets(7858) Reference: URL:http://xforce.iss.net/static/7858.php Linux kernel before 2.3.18 or 2.2.13pre15, with SLIP and PPP options, allows local unprivileged users to forge IP packets via the TIOCSETD option on tty devices. ====================================================== Name: CVE-1999-1351 Status: Entry Reference: BUGTRAQ:19990924 Kvirc bug Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93845560631314&w=2 Reference: XF:kvirc-dot-directory-traversal(7761) Reference: URL:http://www.iss.net/security_center/static/7761.php Directory traversal vulnerability in KVIrc IRC client 0.9.0 with the "Listen to !nick <soundname> requests" option enabled allows remote attackers to read arbitrary files via a .. (dot dot) in a DCC GET request. ====================================================== Name: CVE-1999-1356 Status: Entry Reference: BUGTRAQ:19990902 Compaq CIM UG Overwrites Legal Notice Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93646669500991&w=2 Reference: NTBUGTRAQ:19990902 Compaq CIM UG Overwrites Legal Notice Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93637792706047&w=2 Reference: NTBUGTRAQ:19990917 Re: Compaq CIM UG Overwrites Legal Notice Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93759822830815&w=2 Reference: XF:compaq-smartstart-legal-notice(7763) Reference: URL:http://www.iss.net/security_center/static/7763.php Compaq Integration Maintenance Utility as used in Compaq Insight Manager agent before SmartStart 4.50 modifies the legal notice caption (LegalNoticeCaption) and text (LegalNoticeText) in Windows NT, which could produce a legal notice that is in violation of the security policy. ====================================================== Name: CVE-1999-1358 Status: Entry Reference: MSKB:Q157673 Reference: URL:http://support.microsoft.com/support/kb/articles/q157/6/73.asp Reference: XF:nt-user-policy-update(7400) Reference: URL:http://www.iss.net/security_center/static/7400.php When an administrator in Windows NT or Windows 2000 changes a user policy, the policy is not properly updated if the local ntconfig.pol is not writable by the user, which could allow local users to bypass restrictions that would otherwise be enforced by the policy, possibly by changing the policy file to be read-only. ====================================================== Name: CVE-1999-1359 Status: Entry Reference: MSKB:Q163875 Reference: URL:http://support.microsoft.com/support/kb/articles/q163/8/75.asp Reference: XF:nt-group-policy-longname(7401) Reference: URL:http://www.iss.net/security_center/static/7401.php When the Ntconfig.pol file is used on a server whose name is longer than 13 characters, Windows NT does not properly enforce policies for global groups, which could allow users to bypass restrictions that were intended by those policies. ====================================================== Name: CVE-1999-1360 Status: Entry Reference: MSKB:Q160650 Reference: URL:http://support.microsoft.com/support/kb/articles/q160/6/50.asp Reference: XF:nt-kernel-handle-dos(7402) Reference: URL:http://www.iss.net/security_center/static/7402.php Windows NT 4.0 allows local users to cause a denial of service via a user mode application that closes a handle that was opened in kernel mode, which causes a crash when the kernel attempts to close the handle. ====================================================== Name: CVE-1999-1362 Status: Entry Reference: MSKB:Q160601 Reference: URL:http://support.microsoft.com/support/kb/articles/q160/6/01.asp Reference: XF:nt-win32k-dos(7403) Reference: URL:http://www.iss.net/security_center/static/7403.php Win32k.sys in Windows NT 4.0 before SP2 allows local users to cause a denial of service (crash) by calling certain WIN32K functions with incorrect parameters. ====================================================== Name: CVE-1999-1363 Status: Entry Reference: MSKB:Q163143 Reference: URL:http://support.microsoft.com/support/kb/articles/q163/1/43.asp Reference: XF:nt-nonpagedpool-dos(7405) Reference: URL:http://www.iss.net/security_center/static/7405.php Windows NT 3.51 and 4.0 allow local users to cause a denial of service (crash) by running a program that creates a large number of locks on a file, which exhausts the NonPagedPool. ====================================================== Name: CVE-1999-1365 Status: Entry Reference: NTBUGTRAQ:19990628 NT runs Explorer.exe, Taskmgr.exe etc. from wrong location Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93069418400856&w=2 Reference: NTBUGTRAQ:19990630 Update: NT runs explorer.exe, etc... Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93127894731200&w=2 Reference: XF:nt-login-default-folder(2336) Reference: URL:http://xforce.iss.net/xforce/xfdb/2336 Reference: BID:0515 Reference: URL:http://www.securityfocus.com/bid/0515 Windows NT searches a user's home directory (%systemroot% by default) before other directories to find critical programs such as NDDEAGNT.EXE, EXPLORER.EXE, USERINIT.EXE or TASKMGR.EXE, which could allow local users to bypass access restrictions or gain privileges by placing a Trojan horse program into the root directory, which is writable by default. ====================================================== Name: CVE-1999-1379 Status: Entry Reference: BUGTRAQ:19990730 Possible Denial Of Service using DNS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93348057829957&w=2 Reference: BUGTRAQ:19990810 Possible Denial Of Service using DNS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93433758607623&w=2 Reference: AUSCERT:AL-1999.004 Reference: URL:ftp://ftp.auscert.org.au/pub/auscert/advisory/AL-1999.004.dns_dos Reference: CIAC:J-063 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/j-063.shtml Reference: XF:dns-udp-query-dos(7238) Reference: URL:http://www.iss.net/security_center/static/7238.php DNS allows remote attackers to use DNS name servers as traffic amplifiers via a UDP DNS query with a spoofed source address, which produces more traffic to the victim than was sent by the attacker. ====================================================== Name: CVE-1999-1380 Status: Entry Reference: MISC:http://www.net-security.sk/bugs/NT/nu20.html Reference: MISC:http://mlarchive.ima.com/win95/1997/May/0342.html Reference: MISC:http://news.zdnet.co.uk/story/0,,s2065518,00.html Reference: XF:nu-tuneocx-activex-control(7188) Reference: URL:http://www.iss.net/security_center/static/7188.php Symantec Norton Utilities 2.0 for Windows 95 marks the TUNEOCX.OCX ActiveX control as safe for scripting, which allows remote attackers to execute arbitrary commands via the run option through malicious web pages that are accessed by browsers such as Internet Explorer 3.0. ====================================================== Name: CVE-1999-1382 Status: Entry Reference: BUGTRAQ:19980108 NetWare NFS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88427711321769&w=2 Reference: BUGTRAQ:19980812 Re: Netware NFS (fwd) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90295697702474&w=2 Reference: CONFIRM:http://support.novell.com/cgi-bin/search/tidfinder.cgi?2940551 Reference: XF:netware-nfs-file-ownership(7246) Reference: URL:http://www.iss.net/security_center/static/7246.php NetWare NFS mode 1 and 2 implements the "Read Only" flag in Unix by changing the ownership of a file to root, which allows local users to gain root privileges by creating a setuid program and setting it to "Read Only," which NetWare-NFS changes to a setuid root program. ====================================================== Name: CVE-1999-1384 Status: Entry Reference: BUGTRAQ:19961030 (Another) vulnerability in new SGIs Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420095&w=2 Reference: AUSCERT:AA-96.08 Reference: URL:ftp://ftp.auscert.org.au/pub/auscert/advisory/AA-96.08.SGI.systour.vul Reference: SGI:19961101-01-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19961101-01-I Reference: BID:470 Reference: URL:http://www.securityfocus.com/bid/470 Reference: XF:irix-systour(7456) Reference: URL:http://www.iss.net/security_center/static/7456.php Indigo Magic System Tour in the SGI system tour package (systour) for IRIX 5.x through 6.3 allows local users to gain root privileges via a Trojan horse .exitops program, which is called by the inst command that is executed by the RemoveSystemTour program. ====================================================== Name: CVE-1999-1385 Status: Entry Reference: BUGTRAQ:19961219 Exploit for ppp bug (FreeBSD 2.1.0). Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420332&w=2 Reference: FREEBSD:FreeBSD-SA-96:20 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/old/FreeBSD-SA-96:20.stack-overflow.asc Reference: XF:ppp-bo(7465) Reference: URL:http://www.iss.net/security_center/static/7465.php Reference: OSVDB:6085 Reference: URL:http://www.osvdb.org/6085 Buffer overflow in ppp program in FreeBSD 2.1 and earlier allows local users to gain privileges via a long HOME environment variable. ====================================================== Name: CVE-1999-1386 Status: Entry Reference: BUGTRAQ:19980308 another /tmp race: `perl -e' opens temp file not safely Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88932165406213&w=2 Reference: CONFIRM:http://www.redhat.com/support/errata/rh50-errata-general.html#perl Reference: XF:perl-e-tmp-symlink(7243) Reference: URL:http://www.iss.net/security_center/static/7243.php Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl-eaXXXXX file. ====================================================== Name: CVE-1999-1397 Status: Entry Reference: BUGTRAQ:19990323 Index Server 2.0 and the Registry Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92242671024118&w=2 Reference: NTBUGTRAQ:19990323 Index Server 2.0 and the Registry Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92223293409756&w=2 Reference: BID:476 Reference: URL:http://www.securityfocus.com/bid/476 Reference: XF:iis-indexserver-reveal-path(7559) Reference: URL:http://www.iss.net/security_center/static/7559.php Index Server 2.0 on IIS 4.0 stores physical path information in the ContentIndex\Catalogs subkey of the AllowedPaths registry key, whose permissions allows local and remote users to obtain the physical paths of directories that are being indexed. ====================================================== Name: CVE-1999-1402 Status: Entry Reference: BUGTRAQ:19970517 UNIX domain socket (Solarisx86 2.5) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167418317&w=2 Reference: BUGTRAQ:19971003 Solaris 2.6 and sockets Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602248718482&w=2 Reference: BID:456 Reference: URL:http://www.securityfocus.com/bid/456 Reference: XF:sun-domain-socket-permissions(7172) Reference: URL:http://www.iss.net/security_center/static/7172.php The access permissions for a UNIX domain socket are ignored in Solaris 2.x and SunOS 4.x, and other BSD-based operating systems before 4.4, which could allow local users to connect to the socket and possibly disrupt or control the operations of the program using that socket. ====================================================== Name: CVE-1999-1407 Status: Entry Reference: BUGTRAQ:19980309 *sigh* another RH5 /tmp problem Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88950856416985&w=2 Reference: BID:368 Reference: URL:http://www.securityfocus.com/bid/368 Reference: XF:initscripts-ifdhcpdone-dhcplog-symlink(7294) Reference: URL:http://www.iss.net/security_center/static/7294.php Reference: CONFIRM:http://www.redhat.com/support/errata/rh50-errata-general.html#initscripts ifdhcpc-done script for configuring DHCP on Red Hat Linux 5 allows local users to append text to arbitrary files via a symlink attack on the dhcplog file. ====================================================== Name: CVE-1999-1409 Status: Entry Reference: BUGTRAQ:19980703 more about 'at' Reference: URL:http://www.shmoo.com/mail/bugtraq/jul98/msg00064.html Reference: BUGTRAQ:19980805 irix-6.2 "at -f" vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90233906612929&w=2 Reference: NETBSD:NetBSD-SA1998-004 Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/security/advisories/NetBSD-SA1998-004.txt.asc Reference: BID:331 Reference: URL:http://www.securityfocus.com/bid/331 Reference: XF:at-f-read-files(7577) Reference: URL:http://www.iss.net/security_center/static/7577.php The at program in IRIX 6.2 and NetBSD 1.3.2 and earlier allows local users to read portions of arbitrary files by submitting the file to at with the -f argument, which generates error messages that at sends to the user via e-mail. ====================================================== Name: CVE-1999-1411 Status: Entry Reference: DEBIAN:19981126 new version of fsp fixes security flaw Reference: URL:http://lists.debian.org/debian-security-announce/debian-security-announce-1998/msg00033.html Reference: BUGTRAQ:19981128 Debian: Security flaw in FSP Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91228908407679&w=2 Reference: BUGTRAQ:19981130 Debian: Security flaw in FSP Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91244712808780&w=2 Reference: BUGTRAQ:19990217 Debian GNU/Linux 2.0r5 released (fwd) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91936850009861&w=2 Reference: BID:316 Reference: URL:http://www.securityfocus.com/bid/316 Reference: XF:fsp-anon-ftp-access(7574) Reference: URL:http://www.iss.net/security_center/static/7574.php The installation of the fsp package 2.71-10 in Debian GNU/Linux 2.0 adds the anonymous FTP user without notifying the administrator, which could automatically enable anonymous FTP on some servers such as wu-ftp. ====================================================== Name: CVE-1999-1414 Status: Entry Reference: NTBUGTRAQ:19990525 Security Leak with IBM Netfinity Remote Control Software Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92765856706547&w=2 Reference: NTBUGTRAQ:19990609 IBM's response to "Security Leak with IBM Netfinity Remote Control Software Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92902484317769&w=2 Reference: BID:284 Reference: URL:http://www.securityfocus.com/bid/284 IBM Netfinity Remote Control allows local users to gain administrator privileges by starting programs from the process manager, which runs with system level privileges. ====================================================== Name: CVE-1999-1419 Status: Entry Reference: SUN:00148 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/148 Reference: BID:219 Reference: URL:http://www.securityfocus.com/bid/219 Reference: XF:sun-nisplus-bo(7535) Reference: URL:http://www.iss.net/security_center/static/7535.php Buffer overflow in nss_nisplus.so.1 library in NIS+ in Solaris 2.3 and 2.4 allows local users to gain root privileges. ====================================================== Name: CVE-1999-1423 Status: Entry Reference: BUGTRAQ:19970626 Solaris Ping bug (DoS) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602558319160&w=2 Reference: BUGTRAQ:19970627 SUMMARY: Solaris Ping bug (DoS) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602558319171&w=2 Reference: BUGTRAQ:19970627 Solaris Ping bug(inetsvc) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602558319181&w=2 Reference: BUGTRAQ:19971005 Solaris Ping Bug and other [bc] oddities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602558319180&w=2 Reference: SUN:00146 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/146 Reference: BID:209 Reference: URL:http://www.securityfocus.com/bid/209 Reference: XF:ping-multicast-loopback-dos(7492) Reference: URL:http://www.iss.net/security_center/static/7492.php ping in Solaris 2.3 through 2.6 allows local users to cause a denial of service (crash) via a ping request to a multicast address through the loopback interface, e.g. via ping -i. ====================================================== Name: CVE-1999-1432 Status: Entry Reference: BUGTRAQ:19980716 Security risk with powermanagemnet on Solaris 2.6 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104525997&w=2 Reference: BID:160 Reference: URL:http://www.securityfocus.com/bid/160 Reference: SUNBUG:4024179 Power management (Powermanagement) on Solaris 2.4 through 2.6 does not start the xlock process until after the sys-suspend has completed, which allows an attacker with physical access to input characters to the last active application from the keyboard for a short period after the system is restoring, which could lead to increased privileges. ====================================================== Name: CVE-1999-1433 Status: Entry Reference: BUGTRAQ:19980715 JetAdmin software Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104525988&w=2 Reference: BUGTRAQ:19980722 Re: JetAdmin software Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104526067&w=2 Reference: BID:157 Reference: URL:http://www.securityfocus.com/bid/157 HP JetAdmin D.01.09 on Solaris allows local users to change the permissions of arbitrary files via a symlink attack on the /tmp/jetadmin.log file. ====================================================== Name: CVE-1999-1437 Status: Entry Reference: BUGTRAQ:19980707 ePerl: bad handling of ISINDEX queries Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104525890&w=2 Reference: BUGTRAQ:19980710 ePerl Security Update Available Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104525927&w=2 Reference: BID:151 Reference: URL:http://www.securityfocus.com/bid/151 ePerl 2.2.12 allows remote attackers to read arbitrary files and possibly execute certain commands by specifying a full pathname of the target file as an argument to bar.phtml. ====================================================== Name: CVE-1999-1452 Status: Entry Reference: NTBUGTRAQ:19990129 ole objects in a "secured" environment? Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=91764169410814&w=2 Reference: NTBUGTRAQ:19990205 Alert: MS releases GINA-fix for SP3, SP4, and TS Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=91822011021558&w=2 Reference: BUGTRAQ:19990129 ole objects in a "secured" environment? Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91788829326419&w=2 Reference: MSKB:Q214802 Reference: URL:http://support.microsoft.com/support/kb/articles/q214/8/02.asp Reference: BID:198 Reference: URL:http://www.securityfocus.com/bid/198 Reference: XF:nt-gina-clipboard(1975) Reference: URL:http://xforce.iss.net/static/1975.php GINA in Windows NT 4.0 allows attackers with physical access to display a portion of the clipboard of the user who has locked the workstation by pasting (CTRL-V) the contents into the username prompt. ====================================================== Name: CVE-1999-1455 Status: Entry Reference: MSKB:Q158320 Reference: URL:http://support.microsoft.com/support/kb/articles/q158/3/20.asp Reference: XF:nt-rshsvc-ale-bypass(7422) Reference: URL:http://xforce.iss.net/static/7422.php RSH service utility RSHSVC in Windows NT 3.5 through 4.0 does not properly restrict access as specified in the .Rhosts file when a user comes from an authorized host, which could allow unauthorized users to access the service by logging in from an authorized host. ====================================================== Name: CVE-1999-1456 Status: Entry Reference: BUGTRAQ:19980819 thttpd 2.04 released (fwd) Reference: URL:http://www.securityfocus.com/archive/1/10368 Reference: CONFIRM:http://www.acme.com/software/thttpd/thttpd.html#releasenotes Reference: XF:thttpd-file-read(1809) Reference: URL:http://xforce.iss.net/static/1809.php thttpd HTTP server 2.03 and earlier allows remote attackers to read arbitrary files via a GET request with more than one leading / (slash) character in the filename. ====================================================== Name: CVE-1999-1468 Status: Entry Reference: MISC:http://www.alw.nih.gov/Security/8lgm/8lgm-Advisory-01.html Reference: CERT:CA-91.20 Reference: URL:http://www.cert.org/advisories/CA-91.20.rdist.vulnerability Reference: BID:31 Reference: URL:http://www.securityfocus.com/bid/31 Reference: XF:rdist-popen-gain-privileges(7160) Reference: URL:http://www.iss.net/security_center/static/7160.php Reference: OSVDB:8106 Reference: URL:http://www.osvdb.org/8106 rdist in various UNIX systems uses popen to execute sendmail, which allows local users to gain root privileges by modifying the IFS (Internal Field Separator) variable. ====================================================== Name: CVE-1999-1472 Status: Entry Reference: BUGTRAQ:19971017 Security Hole in Explorer 4.0 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87710897923098&w=2 Reference: MISC:http://www.insecure.org/sploits/Internet_explorer_4.0.hack.html Reference: CONFIRM:http://www.microsoft.com/Windows/ie/security/freiburg.asp Reference: MSKB:Q176794 Reference: URL:http://support.microsoft.com/support/kb/articles/q176/7/94.asp Reference: MSKB:Q176697 Reference: URL:http://support.microsoft.com/support/kb/articles/q176/6/97.asp Reference: XF:http-ie-spy(587) Reference: URL:http://xforce.iss.net/static/587.php Reference: OSVDB:7819 Reference: URL:http://www.osvdb.org/7819 Internet Explorer 4.0 allows remote attackers to read arbitrary text and HTML files on the user's machine via a small IFRAME that uses Dynamic HTML (DHTML) to send the data to the attacker, aka the Freiburg text-viewing issue. ====================================================== Name: CVE-1999-1473 Status: Entry Reference: MSKB:Q176697 Reference: URL:http://support.microsoft.com/support/kb/articles/q176/6/97.asp Reference: XF:ie-page-redirect(7426) Reference: URL:http://www.iss.net/security_center/static/7426.php Reference: OSVDB:7818 Reference: URL:http://www.osvdb.org/7818 When a Web site redirects the browser to another site, Internet Explorer 3.02 and 4.0 automatically resends authentication information to the second site, aka the "Page Redirect Issue." ====================================================== Name: CVE-1999-1476 Status: Entry Reference: MSKB:Q163852 Reference: URL:http://support.microsoft.com/support/kb/articles/q163/8/52.asp Reference: XF:pentium-crash(704) Reference: URL:http://xforce.iss.net/static/704.php A bug in Intel Pentium processor (MMX and Overdrive) allows local users to cause a denial of service (hang) in Intel-based operating systems such as Windows NT and Windows 95, via an invalid instruction, aka the "Invalid Operand with Locked CMPXCHG8B Instruction" problem. ====================================================== Name: CVE-1999-1478 Status: Entry Reference: NTBUGTRAQ:19990706 Bug in SUN's Hotspot VM Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93138827429589&w=2 Reference: NTBUGTRAQ:19990716 FW: (Review ID: 85125) Hotspot crashes bringing down webserver Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93240220324183&w=2 Reference: BID:522 Reference: URL:http://www.securityfocus.com/bid/522 Reference: XF:sun-hotspot-vm(2348) Reference: URL:http://xforce.iss.net/static/2348.php The Sun HotSpot Performance Engine VM allows a remote attacker to cause a denial of service on any server running HotSpot via a URL that includes the [ character. ====================================================== Name: CVE-1999-1481 Status: Entry Reference: BUGTRAQ:19991025 [squid] exploit for external authentication problem Reference: URL:http://www.securityfocus.com/archive/1/33295 Reference: BUGTRAQ:19991103 [squid]exploit for external authentication problem Reference: URL:http://www.securityfocus.com/archive/1/33295 Reference: CONFIRM:http://www.squid-cache.org/Versions/v2/2.2/bugs/ Reference: BID:741 Reference: URL:http://www.securityfocus.com/bid/741 Reference: XF:squid-proxy-auth-access(3433) Reference: URL:http://xforce.iss.net/static/3433.php Squid 2.2.STABLE5 and below, when using external authentication, allows attackers to bypass access controls via a newline in the user/password pair. ====================================================== Name: CVE-1999-1486 Status: Entry Reference: CONFIRM:http://techsupport.services.ibm.com/aix/fixes/v4/os/bos.acct.4.3.1.0.info Reference: AIXAPAR:IX75554 Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IX75554&apar=only Reference: AIXAPAR:IX76853 Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IX76853&apar=only Reference: AIXAPAR:IX76330 Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IX76330&apar=only Reference: BID:408 Reference: URL:http://www.securityfocus.com/bid/408 Reference: XF:aix-sadc-timex(7675) Reference: URL:http://xforce.iss.net/xforce/xfdb/7675 sadc in IBM AIX 4.1 through 4.3, when called from programs such as timex that are setgid adm, allows local users to overwrite arbitrary files via a symlink attack. ====================================================== Name: CVE-1999-1488 Status: Entry Reference: CIAC:I-079A Reference: URL:http://ciac.llnl.gov/ciac/bulletins/i-079a.shtml Reference: BID:371 Reference: URL:http://www.securityfocus.com/bid/371 Reference: XF:ibm-sdr-read-files(7217) Reference: URL:http://www.iss.net/security_center/static/7217.php sdrd daemon in IBM SP2 System Data Repository (SDR) allows remote attackers to read files without authentication. ====================================================== Name: CVE-1999-1490 Status: Entry Reference: BUGTRAQ:19980528 ALERT: Tiresome security hole in "xosview", RedHat5.1? Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221101926021&w=2 Reference: BUGTRAQ:19980529 Re: Tiresome security hole in "xosview" (xosexp.c) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221101926034&w=2 Reference: BID:362 Reference: URL:http://www.securityfocus.com/bid/362 Reference: XF:linux-xosview-bo(8787) Reference: URL:http://www.iss.net/security_center/static/8787.php xosview 1.5.1 in Red Hat 5.1 allows local users to gain root access via a long HOME environmental variable. ====================================================== Name: CVE-1999-1494 Status: Entry Reference: BUGTRAQ:19940809 Re: IRIX 5.2 Security Advisory Reference: URL:http://www.securityfocus.com/archive/1/675 Reference: BUGTRAQ:19950307 sigh. another Irix 5.2 hole. Reference: URL:http://www.tryc.on.ca/archives/bugtraq/1995_1/0614.html Reference: SGI:19950209-00-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19950209-01-P Reference: XF:sgi-colorview(2112) Reference: URL:http://xforce.iss.net/static/2112.php Reference: BID:336 Reference: URL:http://www.securityfocus.com/bid/336 colorview in Silicon Graphics IRIX 5.1, 5.2, and 6.0 allows local attackers to read arbitrary files via the -text argument. ====================================================== Name: CVE-1999-1507 Status: Entry Reference: CERT:CA-1993-03 Reference: URL:http://www.cert.org/advisories/CA-1993-03.html Reference: BID:59 Reference: URL:http://www.securityfocus.com/bid/59 Reference: XF:sun-dir(521) Reference: URL:http://xforce.iss.net/static/521.php Sun SunOS 4.1 through 4.1.3 allows local attackers to gain root access via insecure permissions on files and directories such as crash. ====================================================== Name: CVE-1999-1512 Status: Entry Reference: BUGTRAQ:19990716 AMaViS virus scanner for Linux - root exploit Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93219846414732&w=2 Reference: CONFIRM:http://www.amavis.org/ChangeLog.txt Reference: BID:527 Reference: URL:http://www.securityfocus.com/bid/527 Reference: XF:amavis-command-execute(2349) Reference: URL:http://xforce.iss.net/static/2349.php The AMaViS virus scanner 0.2.0-pre4 and earlier allows remote attackers to execute arbitrary commands as root via an infected mail message with shell metacharacters in the reply-to field. ====================================================== Name: CVE-1999-1520 Status: Entry Reference: BUGTRAQ:19990511 [ALERT] Site Server 3.0 May Expose SQL IDs and PSWs Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92647407227303&w=2 Reference: BID:256 Reference: URL:http://www.securityfocus.com/bid/256 Reference: XF:siteserver-site-csc(2270) Reference: URL:http://xforce.iss.net/static/2270.php A configuration problem in the Ad Server Sample directory (AdSamples) in Microsoft Site Server 3.0 allows an attacker to obtain the SITE.CSC file, which exposes sensitive SQL database information. ====================================================== Name: CVE-1999-1530 Status: Entry Reference: BUGTRAQ:19991108 Security flaw in Cobalt RaQ2 cgiwrap Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94209954200450&w=2 Reference: BUGTRAQ:19991109 [Cobalt] Security Advisory - cgiwrap Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94225629200045&w=2 Reference: BID:777 Reference: URL:http://www.securityfocus.com/bid/777 Reference: XF:cobalt-cgiwrap-incorrect-permissions(7764) Reference: URL:http://www.iss.net/security_center/static/7764.php Reference: OSVDB:35 Reference: URL:http://www.osvdb.org/35 cgiwrap as used on Cobalt RaQ 2.0 and RaQ 3i does not properly identify the user for running certain scripts, which allows a malicious site administrator to view or modify data located at another virtual site on the same system. ====================================================== Name: CVE-1999-1531 Status: Entry Reference: BUGTRAQ:19991102 Some holes for Win/UNIX softwares Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94157187815629&w=2 Reference: BID:763 Reference: URL:http://www.securityfocus.com/bid/763 Reference: XF:ibm-homepageprint-bo(7767) Reference: URL:http://www.iss.net/security_center/static/7767.php Buffer overflow in IBM HomePagePrint 1.0.7 for Windows98J allows a malicious Web site to execute arbitrary code on a viewer's system via a long IMG_SRC HTML tag. ====================================================== Name: CVE-1999-1535 Status: Entry Reference: NTBUGTRAQ:19990720 Buffer overflow in AspUpload 1.4 Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93256878011447&w=2 Reference: NTBUGTRAQ:19990818 AspUpload Buffer Overflow Fixed Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93501427820328&w=2 Reference: BID:592 Reference: URL:http://www.securityfocus.com/bid/592 Reference: XF:http-aspupload-bo(3291) Reference: URL:http://xforce.iss.net/static/3291.php Buffer overflow in AspUpload.dll in Persits Software AspUpload before 1.4.0.2 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long argument in the HTTP request. ====================================================== Name: CVE-1999-1537 Status: Entry Reference: NTBUGTRAQ:19990707 SSL and IIS. Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93138827329577&w=2 Reference: BID:521 Reference: URL:http://www.securityfocus.com/bid/521 Reference: XF:ssl-iis-dos(2352) Reference: URL:http://xforce.iss.net/static/2352.php IIS 3.x and 4.x does not distinguish between pages requiring encryption and those that do not, which allows remote attackers to cause a denial of service (resource exhaustion) via SSL requests to the HTTPS port for normally unencrypted files, which will cause IIS to perform extra work to send the files over SSL. ====================================================== Name: CVE-1999-1542 Status: Entry Reference: BUGTRAQ:19991004 RH6.0 local/remote command execution Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93915641729415&w=2 Reference: BUGTRAQ:19991006 Fwd: [Re: RH6.0 local/remote command execution] Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93923853105687&w=2 Reference: XF:linux-rh-rpmmail(3353) Reference: URL:http://xforce.iss.net/static/3353.php RPMMail before 1.4 allows remote attackers to execute commands via an e-mail message with shell metacharacters in the "MAIL FROM" command. ====================================================== Name: CVE-1999-1550 Status: Entry Reference: BUGTRAQ:19991108 BigIP - bigconf.cgi holes Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94217006208374&w=2 Reference: BUGTRAQ:19991109 Re: BigIP - bigconf.cgi holes Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94217879020184&w=2 Reference: BUGTRAQ:19991109 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94225879703021&w=2 Reference: BID:778 Reference: URL:http://www.securityfocus.com/bid/778 Reference: XF:bigip-bigconf-view-files(7771) Reference: URL:http://www.iss.net/security_center/static/7771.php bigconf.conf in F5 BIG/ip 2.1.2 and earlier allows remote attackers to read arbitrary files by specifying the target file in the "file" parameter. ====================================================== Name: CVE-1999-1556 Status: Entry Reference: NTBUGTRAQ:19980629 MS SQL Server 6.5 stores password in unprotected registry keys Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=90222453431645&w=2 Reference: BID:109 Reference: URL:http://www.securityfocus.com/bid/109 Reference: XF:mssql-sqlexecutivecmdexec-password(7354) Reference: URL:http://xforce.iss.net/xforce/xfdb/7354 Microsoft SQL Server 6.5 uses weak encryption for the password for the SQLExecutiveCmdExec account and stores it in an accessible portion of the registry, which could allow local users to gain privileges by reading and decrypting the CmdExecAccount value. ====================================================== Name: CVE-1999-1565 Status: Entry Reference: BUGTRAQ:19990820 [SECURITY] New versions of man2html fixes postinst glitch Reference: URL:http://www.securityfocus.com/archive/1/24784 Reference: OSVDB:6291 Reference: URL:http://www.osvdb.org/6291 Man2html 2.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file. ====================================================== Name: CVE-1999-1568 Status: Entry Reference: BUGTRAQ:19990223 NcFTPd remote buffer overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91981352617720&w=2 Reference: BUGTRAQ:19990223 Comments on NcFTPd "theoretical root compromise" Reference: URL:http://www.securityfocus.com/archive/1/12699 Reference: XF:ncftpd-port-bo(1833) Reference: URL:http://xforce.iss.net/static/1833.php Off-by-one error in NcFTPd FTP server before 2.4.1 allows a remote attacker to cause a denial of service (crash) via a long PORT command. ====================================================== Name: CVE-2000-0001 Status: Entry Reference: BUGTRAQ:19991222 RealMedia Server 5.0 Crasher (rmscrash.c) Reference: BID:888 Reference: URL:http://www.securityfocus.com/bid/888 Reference: XF:realserver-ramgen-dos RealMedia server allows remote attackers to cause a denial of service via a long ramgen request. ====================================================== Name: CVE-2000-0002 Status: Entry Reference: NTBUGTRAQ:19991223 Local / Remote GET Buffer Overflow Vulnerability in ZBServer 1.5 Pro Edition for Win98/NT Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind9912&L=NTBUGTRAQ&P=R3556 Reference: BUGTRAQ:19991223 Local / Remote GET Buffer Overflow Vulnerability in ZBServer 1.5 Pro Edition for Win98/NT Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94598388530358&w=2 Reference: BUGTRAQ:20000128 ZBServer 1.50-r1x exploit (WinNT) Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=36B0596E.8D111D66@teleline.es Reference: VULNWATCH:20020114 ZBServer Pro DoS Vulnerability Reference: BID:889 Reference: URL:http://www.securityfocus.com/bid/889 Reference: XF:zbserver-get-bo Buffer overflow in ZBServer Pro 1.50 allows remote attackers to execute commands via a long GET request. ====================================================== Name: CVE-2000-0003 Status: Entry Reference: BUGTRAQ:19991230 UnixWare rtpm exploit + discussion Reference: BUGTRAQ:20000127 New SCO patches... Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94908470928258&w=2 Buffer overflow in UnixWare rtpm program allows local users to gain privileges via a long environmental variable. ====================================================== Name: CVE-2000-0004 Status: Entry Reference: NTBUGTRAQ:19991223 Local / Remote GET Buffer Overflow Vulnerability in ZBServer 1.5 Pro Edition for Win98/NT Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind9912&L=NTBUGTRAQ&P=R3556 Reference: BUGTRAQ:19991223 Re: Local / Remote GET Buffer Overflow Vulnerability in ZBServer 1.5 Pro Edition for Win98/NT Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94606572912422&w=2 Reference: XF:zbserver-url-dot ZBServer Pro allows remote attackers to read source code for executable files by inserting a . (dot) into the URL. ====================================================== Name: CVE-2000-0006 Status: Entry Reference: BUGTRAQ:19991225 strace can lie Reference: URL:http://online.securityfocus.com/archive/1/39831 Reference: XF:linux-strace(4554) Reference: URL:http://xforce.iss.net/static/4554.php strace allows local users to read arbitrary files via memory mapped file names. ====================================================== Name: CVE-2000-0007 Status: Entry Reference: BUGTRAQ:19991230 PC-Cillin 6.x DoS Attack Reference: XF:pccillin-proxy-remote-dos(4491) Reference: URL:http://xforce.iss.net/static/4491.php Reference: BID:1740 Reference: URL:http://www.securityfocus.com/bid/1740 Trend Micro PC-Cillin does not restrict access to its internal proxy port, allowing remote attackers to conduct a denial of service. ====================================================== Name: CVE-2000-0009 Status: Entry Reference: BUGTRAQ:19991230 bna,sh Reference: XF:netarchitect-path-vulnerability Reference: BID:907 Reference: URL:http://www.securityfocus.com/bid/907 The bna_pass program in Optivity NETarchitect uses the PATH environmental variable for finding the "rm" program, which allows local users to execute arbitrary commands. ====================================================== Name: CVE-2000-0010 Status: Entry Reference: BUGTRAQ:19991226 WebWho+ ADVISORY Reference: XF:http-cgi-webwhoplus WebWho+ whois.cgi program allows remote attackers to execute commands via shell metacharacters in the TLD parameter. ====================================================== Name: CVE-2000-0011 Status: Entry Reference: BUGTRAQ:19991231 Local / Remote GET Buffer Overflow Vulnerability in AnalogX SimpleServer:WWW HTTP Server v1.1 Reference: MISC:http://www.analogx.com/contents/download/network/sswww.htm Reference: XF:simpleserver-get-bo Reference: BID:906 Reference: URL:http://www.securityfocus.com/bid/906 Reference: OSVDB:1184 Reference: URL:http://www.osvdb.org/1184 Buffer overflow in AnalogX SimpleServer:WWW HTTP server allows remote attackers to execute commands via a long GET request. ====================================================== Name: CVE-2000-0012 Status: Entry Reference: BUGTRAQ:19991227 remote buffer overflow in miniSQL Reference: BID:898 Reference: URL:http://www.securityfocus.com/bid/898 Reference: XF:w3-msql-scanf-bo Buffer overflow in w3-msql CGI program in miniSQL package allows remote attackers to execute commands. ====================================================== Name: CVE-2000-0013 Status: Entry Reference: BUGTRAQ:19991231 irix-soundplayer.sh Reference: XF:irix-soundplayer-symlink Reference: BID:909 Reference: URL:http://www.securityfocus.com/bid/909 IRIX soundplayer program allows local users to gain privileges by including shell metacharacters in a .wav file, which is executed via the midikeys program. ====================================================== Name: CVE-2000-0014 Status: Entry Reference: BUGTRAQ:19991228 Local / Remote D.o.S Attack in Savant Web Server V2.0 WIN9X / NT / 2K Reference: BID:897 Reference: URL:http://www.securityfocus.com/bid/897 Reference: XF:savant-server-null-dos Denial of service in Savant web server via a null character in the requested URL. ====================================================== Name: CVE-2000-0015 Status: Entry Reference: BUGTRAQ:19991231 tftpserv.sh Reference: BID:910 Reference: URL:http://www.securityfocus.com/bid/910 Reference: XF:cascadeview-tftp-symlink CascadeView TFTP server allows local users to gain privileges via a symlink attack. ====================================================== Name: CVE-2000-0018 Status: Entry Reference: BUGTRAQ:19991221 Wmmon under FreeBSD Reference: BID:885 Reference: URL:http://www.securityfocus.com/bid/885 Reference: XF:freebsd-wmmon-root-exploit Reference: OSVDB:1169 Reference: URL:http://www.osvdb.org/1169 wmmon in FreeBSD allows local users to gain privileges via the .wmmonrc configuration file. ====================================================== Name: CVE-2000-0020 Status: Entry Reference: NTBUGTRAQ:19991221 Remote D.o.S Attack in DNS PRO v5.7 WinNT From FBLI Software Vulnerability Reference: BUGTRAQ:19991221 Remote D.o.S Attack in DNS PRO v5.7 WinNT From FBLI Software Vulnerability Reference: XF:dnspro-flood-dos DNS PRO allows remote attackers to conduct a denial of service via a large number of connections. ====================================================== Name: CVE-2000-0022 Status: Entry Reference: BUGTRAQ:19991221 serious Lotus Domino HTTP denial of service Reference: BUGTRAQ:19991227 Re: Lotus Domino HTTP denial of service attack Reference: BID:881 Reference: URL:http://www.securityfocus.com/bid/881 Lotus Domino HTTP server does not properly disable anonymous access for the cgi-bin directory. ====================================================== Name: CVE-2000-0023 Status: Entry Reference: BUGTRAQ:19991221 serious Lotus Domino HTTP denial of service Reference: BUGTRAQ:19991222 Lotus Notes HTTP cgi-bin vulnerability: possible workaround Reference: BUGTRAQ:19991227 Re: Lotus Domino HTTP denial of service attack Reference: BID:881 Reference: URL:http://www.securityfocus.com/bid/881 Reference: OSVDB:51 Reference: URL:http://www.osvdb.org/51 Buffer overflow in Lotus Domino HTTP server allows remote attackers to cause a denial of service via a long URL. ====================================================== Name: CVE-2000-0024 Status: Entry Reference: MISC:http://www.acrossecurity.com/aspr/ASPR-1999-11-10-1-PUB.txt Reference: MS:MS99-061 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-061.asp Reference: BUGTRAQ:19991228 Third Party Software Affected by IIS "Escape Character Parsing" Vulnerability Reference: BUGTRAQ:19991229 More info on MS99-061 (IIS escape character vulnerability) Reference: XF:iis-badescapes Reference: MSKB:Q246401 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q246401 IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka the "Escape Character Parsing" vulnerability. ====================================================== Name: CVE-2000-0025 Status: Entry Reference: MS:MS99-058 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-058.mspx Reference: MSKB:Q238606 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q238606 Reference: OSVDB:8098 Reference: URL:http://www.osvdb.org/8098 IIS 4.0 and Site Server 3.0 allow remote attackers to read source code for ASP files if the file is in a virtual directory whose name includes extensions such as .com, .exe, .sh, .cgi, or .dll, aka the "Virtual Directory Naming" vulnerability. ====================================================== Name: CVE-2000-0026 Status: Entry Reference: BUGTRAQ:19991222 UnixWare i2odialogd remote root exploit Reference: BUGTRAQ:19991223 FYI, SCO Security patches available. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94606167110764&w=2 Reference: BID:876 Reference: URL:http://www.securityfocus.com/bid/876 Reference: OSVDB:6310 Reference: URL:http://www.osvdb.org/6310 Buffer overflow in UnixWare i2odialogd daemon allows remote attackers to gain root access via a long username/password authorization string. ====================================================== Name: CVE-2000-0027 Status: Entry Reference: BUGTRAQ:19991227 IBM NetStation/UnixWare local root exploit Reference: URL:http://www.securityfocus.com/archive/1/39962 Reference: BID:900 Reference: URL:http://www.securityfocus.com/bid/900 Reference: XF:ibm-netstat-race-condition(5381) Reference: URL:http://www.iss.net/security_center/static/5381.php IBM Network Station Manager NetStation allows local users to gain privileges via a symlink attack. ====================================================== Name: CVE-2000-0029 Status: Entry Reference: BUGTRAQ:19991227 UnixWare local pis exploit Reference: BUGTRAQ:20000113 Info on some security holes reported against SCO Unixware. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94780294009285&w=2 Reference: BID:901 Reference: URL:http://www.securityfocus.com/bid/901 UnixWare pis and mkpis commands allow local users to gain privileges via a symlink attack. ====================================================== Name: CVE-2000-0030 Status: Entry Reference: BUGTRAQ:19991222 Solaris 2.7 dmispd local/remote problems Reference: XF:sol-dmispd-fill-disk Reference: BID:878 Reference: URL:http://www.securityfocus.com/bid/878 Solaris dmispd dmi_cmd allows local users to fill up restricted disk space by adding files to the /var/dmi/db database. ====================================================== Name: CVE-2000-0031 Status: Entry Reference: L0PHT:19991227 initscripts-4.48-1 RedHat Linux 6.1 Reference: REDHAT:RHSA-1999:052-04 The initscripts package in Red Hat Linux allows local users to gain privileges via a symlink attack. ====================================================== Name: CVE-2000-0032 Status: Entry Reference: BUGTRAQ:19991222 Solaris 2.7 dmispd local/remote problems Reference: XF:sol-dmispd-dos Reference: BID:878 Reference: URL:http://www.securityfocus.com/bid/878 Reference: OSVDB:7582 Reference: URL:http://www.osvdb.org/7582 Solaris dmi_cmd allows local users to crash the dmispd daemon by adding a malformed file to the /var/dmi/db database. ====================================================== Name: CVE-2000-0033 Status: Entry Reference: BUGTRAQ:19991227 Trend Micro InterScan VirusWall SMTP bug Reference: BID:899 Reference: URL:http://www.securityfocus.com/bid/899 Reference: XF:interscan-viruswall-bypass InterScan VirusWall SMTP scanner does not properly scan messages with malformed attachments. ====================================================== Name: CVE-2000-0034 Status: Entry Reference: BUGTRAQ:19991222 More Netscape Passwords Available. Reference: XF:netscape-password-preferences Netscape 4.7 records user passwords in the preferences.js file during an IMAP or POP session, even if the user has not enabled "remember passwords." ====================================================== Name: CVE-2000-0036 Status: Entry Reference: MS:MS99-060 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-060.asp Reference: MSKB:Q249082 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q249082 Outlook Express 5 for Macintosh downloads attachments to HTML mail without prompting the user, aka the "HTML Mail Attachment" vulnerability. ====================================================== Name: CVE-2000-0037 Status: Entry Reference: BUGTRAQ:19991228 majordomo local exploit Reference: BUGTRAQ:20000113 Info on some security holes reported against SCO Unixware. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94780294009285&w=2 Reference: BUGTRAQ:20000124 majordomo 1.94.5 does not fix all vulnerabilities Reference: REDHAT:RHSA-2000:005 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-005.html Reference: BID:903 Reference: URL:http://www.securityfocus.com/bid/903 Majordomo wrapper allows local users to gain privileges by specifying an alternate configuration file. ====================================================== Name: CVE-2000-0039 Status: Entry Reference: BUGTRAQ:19991229 AltaVista Reference: BUGTRAQ:19991230 Follow UP AltaVista Reference: BUGTRAQ:19991229 AltaVista followup and monitor script Reference: BUGTRAQ:20000103 FW: Patch issued for AltaVista Search Engine Directory TraversalVulnerability Reference: BUGTRAQ:20000109 Altavista followup Reference: BID:896 Reference: URL:http://www.securityfocus.com/bid/896 Reference: OSVDB:15 Reference: URL:http://www.osvdb.org/15 AltaVista search engine allows remote attackers to read files above the document root via a .. (dot dot) in the query.cgi CGI program. ====================================================== Name: CVE-2000-0040 Status: Entry Reference: BUGTRAQ:19991223 Multiple vulnerabilites in glFtpD (current versions) glFtpD allows local users to gain privileges via metacharacters in the SITE ZIPCHK command. ====================================================== Name: CVE-2000-0041 Status: Entry Reference: BUGTRAQ:19991229 The "Mac DoS Attack," a Scheme for Blocking Internet Connections Reference: BID:890 Reference: URL:http://www.securityfocus.com/bid/890 Macintosh systems generate large ICMP datagrams in response to malformed datagrams, allowing them to be used as amplifiers in a flood attack. ====================================================== Name: CVE-2000-0042 Status: Entry Reference: BUGTRAQ:19991229 Local / Remote D.o.S Attack in CSM Mail Server for Windows 95/NT v.2000.08.A Reference: XF:csm-server-bo Reference: BID:895 Reference: URL:http://www.securityfocus.com/bid/895 Buffer overflow in CSM mail server allows remote attackers to cause a denial of service or execute commands via a long HELO command. ====================================================== Name: CVE-2000-0043 Status: Entry Reference: BUGTRAQ:19991230 Local / Remote GET Buffer Overflow Vulnerability in CamShot WebCam HTTP Server v2.5 for Win9x/NT Reference: BID:905 Reference: URL:http://www.securityfocus.com/bid/905 Reference: XF:camshot-http-get-overflow Buffer overflow in CamShot WebCam HTTP server allows remote attackers to execute commands via a long GET request. ====================================================== Name: CVE-2000-0044 Status: Entry Reference: BUGTRAQ:20000105 SECURITY ALERT - WAR FTP DAEMON ALL VERSIONS Reference: BID:919 Reference: URL:http://www.securityfocus.com/bid/919 Reference: XF:warftp-macro-access-files Macros in War FTP 1.70 and 1.67b2 allow local or remote attackers to read arbitrary files or execute commands. ====================================================== Name: CVE-2000-0045 Status: Entry Reference: BUGTRAQ:20000111 Serious bug in MySQL password handling. Reference: BUGTRAQ:20000113 New MySQL Available Reference: XF:mysql-pwd-grant Reference: BID:926 Reference: URL:http://www.securityfocus.com/bid/926 MySQL allows local users to modify passwords for arbitrary MySQL users via the GRANT privilege. ====================================================== Name: CVE-2000-0048 Status: Entry Reference: BUGTRAQ:20000112 Serious Bug in Corel Linux.(Local root exploit) Reference: BID:928 Reference: URL:http://www.securityfocus.com/bid/928 Reference: CONFIRM:http://linux.corel.com/support/clos_patch1.htm Reference: XF:linux-corel-update get_it program in Corel Linux Update allows local users to gain root access by specifying an alternate PATH for the cp program. ====================================================== Name: CVE-2000-0050 Status: Entry Reference: ALLAIRE:ASB00-01 Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=13976&Method=Full Reference: XF:allaire-webtop-access Reference: BID:915 Reference: URL:http://www.securityfocus.com/bid/915 The Allaire Spectra Webtop allows authenticated users to access other Webtop sections by specifying explicit URLs. ====================================================== Name: CVE-2000-0051 Status: Entry Reference: ALLAIRE:ASB00-02 Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=13977&Method=Full Reference: BID:916 Reference: URL:http://www.securityfocus.com/bid/916 Reference: XF:allaire-spectra-config-dos The Allaire Spectra Configuration Wizard allows remote attackers to cause a denial of service by repeatedly resubmitting data collections for indexing via a URL. ====================================================== Name: CVE-2000-0052 Status: Entry Reference: L0PHT:20000104 PamSlam Reference: URL:http://www.l0pht.com/advisories/pam_advisory Reference: REDHAT:RHSA-2000:001 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-001.html Reference: XF:linux-pam-userhelper Reference: URL:http://xforce.iss.net/search.php3?type=2&pattern=linux-pam-userhelper Reference: BID:913 Reference: URL:http://www.securityfocus.com/bid/913 Red Hat userhelper program in the usermode package allows local users to gain root access via PAM and a .. (dot dot) attack. ====================================================== Name: CVE-2000-0053 Status: Entry Reference: MS:MS00-001 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-001.asp Reference: MSKB:Q246731 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q246731 Reference: BID:912 Reference: URL:http://www.securityfocus.com/bid/912 Reference: XF:mcis-malformed-imap Microsoft Commercial Internet System (MCIS) IMAP server allows remote attackers to cause a denial of service via a malformed IMAP request. ====================================================== Name: CVE-2000-0056 Status: Entry Reference: BUGTRAQ:20000105 Local / Remote D.o.S Attack in IMail IMONITOR Server for WinNT Version 5.08 Reference: BID:914 Reference: URL:http://www.securityfocus.com/bid/914 Reference: XF:imail-imonitor-status-dos IMail IMONITOR status.cgi CGI script allows remote attackers to cause a denial of service with many calls to status.cgi. ====================================================== Name: CVE-2000-0057 Status: Entry Reference: ALLAIRE:ASB00-03 Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=13978&Method=Full Reference: XF:coldfusion-cfcache Reference: BID:917 Reference: URL:http://www.securityfocus.com/bid/917 Cold Fusion CFCACHE tag places temporary cache files within the web document root, allowing remote attackers to obtain sensitive system information. ====================================================== Name: CVE-2000-0060 Status: Entry Reference: NTBUGTRAQ:19991227 Local / Remote Remote DoS Attack in Rover POP3 Server V1.1 NT From aVirt Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=94647711311057&w=2 Reference: BUGTRAQ:19991227 Local / Remote Remote DoS Attack in Rover POP3 Server V1.1 NT From aVirt Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94633851427858&w=2 Reference: BID:894 Reference: URL:http://www.securityfocus.com/bid/894 Reference: XF:avirt-rover-pop3-dos(3765) Reference: URL:http://www.iss.net/security_center/static/3765.php Buffer overflow in aVirt Rover POP3 server 1.1 allows remote attackers to cause a denial of service via a long user name. ====================================================== Name: CVE-2000-0062 Status: Entry Reference: BUGTRAQ:20000104 [petrilli@digicool.com: [Zope] SECURITY ALERT] Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000104222219.B41650@schvin.net Reference: BID:922 Reference: URL:http://www.securityfocus.com/bid/922 Reference: XF:zope-dtml The DTML implementation in the Z Object Publishing Environment (Zope) allows remote attackers to conduct unauthorized activities. ====================================================== Name: CVE-2000-0063 Status: Entry Reference: BUGTRAQ:20000118 Nortel Contivity Vulnerability Reference: XF:http-cgi-cgiproc-file-read Reference: BID:938 Reference: URL:http://www.securityfocus.com/bid/938 cgiproc CGI script in Nortel Contivity HTTP server allows remote attackers to read arbitrary files by specifying the filename in a parameter to the script. ====================================================== Name: CVE-2000-0064 Status: Entry Reference: BUGTRAQ:20000118 Nortel Contivity Vulnerability Reference: BID:938 Reference: URL:http://www.securityfocus.com/bid/938 Reference: XF:http-cgi-cgiproc-dos Reference: OSVDB:7583 Reference: URL:http://www.osvdb.org/7583 cgiproc CGI script in Nortel Contivity HTTP server allows remote attackers to cause a denial of service via a malformed URL that includes shell metacharacters. ====================================================== Name: CVE-2000-0065 Status: Entry Reference: NTBUGTRAQ:20000117 Remote Buffer Exploit - InetServ 3.0 Reference: XF:inetserv-get-bo Buffer overflow in InetServ 3.0 allows remote attackers to execute commands via a long GET request. ====================================================== Name: CVE-2000-0070 Status: Entry Reference: BINDVIEW:20000113 Local Promotion Vulnerability in Windows NT 4 Reference: URL:http://www.bindview.com/security/advisory/adv_NtImpersonate.html Reference: MS:MS00-003 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-003.asp Reference: MSKB:Q247869 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q247869 Reference: XF:nt-spoofed-lpc-port Reference: URL:http://xforce.iss.net/search.php3?type=2&pattern=nt-spoofed-lpc-port Reference: BID:934 Reference: URL:http://www.securityfocus.com/bid/934 NtImpersonateClientOfPort local procedure call in Windows NT 4.0 allows local users to gain privileges, aka "Spoofed LPC Port Request." ====================================================== Name: CVE-2000-0072 Status: Entry Reference: BUGTRAQ:20000118 Warning: VCasel security hole. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94823061421676&w=2 Reference: BID:937 Reference: URL:http://www.securityfocus.com/bid/937 Reference: XF:vcasel-filename-trusting(3867) Reference: URL:http://www.iss.net/security_center/static/3867.php Visual Casel (Vcasel) does not properly prevent users from executing files, which allows local users to use a relative pathname to specify an alternate file which has an approved name and possibly gain privileges. ====================================================== Name: CVE-2000-0073 Status: Entry Reference: MS:MS00-005 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-005.asp Reference: MSKB:Q249973 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q249973 Reference: XF:win-malformed-rtf-control-word Reference: URL:http://xforce.iss.net/search.php3?type=2&pattern=win-malformed-rtf-control-word Buffer overflow in Microsoft Rich Text Format (RTF) reader allows attackers to cause a denial of service via a malformed control word. ====================================================== Name: CVE-2000-0075 Status: Entry Reference: NTBUGTRAQ:20000113 Local / Remote D.o.S Attack in Super Mail Transfer Package (SMTP) Server for WinNT Version 1.9x Reference: BUGTRAQ:20000113 Local / Remote D.o.S Attack in Super Mail Transfer Package (SMTP) Server for WinNT Version 1.9x Reference: BID:930 Reference: URL:http://www.securityfocus.com/bid/930 Reference: XF:supermail-memleak-dos Super Mail Transfer Package (SMTP), later called MsgCore, has a memory leak which allows remote attackers to cause a denial of service by repeating multiple HELO, MAIL FROM, RCPT TO, and DATA commands in the same session. ====================================================== Name: CVE-2000-0076 Status: Entry Reference: BUGTRAQ:19991230 vibackup.sh Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94709988232618&w=2 Reference: DEBIAN:20000108 Reference: XF:nvi-delete-files Reference: BID:1439 Reference: URL:http://www.securityfocus.com/bid/1439 nviboot boot script in the Debian nvi package allows local users to delete files via malformed entries in vi.recover. ====================================================== Name: CVE-2000-0080 Status: Entry Reference: BUGTRAQ:20000110 2nd attempt: AIX techlibss follows links Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94757136413681&w=2 Reference: BID:931 Reference: URL:http://www.securityfocus.com/bid/931 Reference: XF:aix-techlibss-symbolic-link AIX techlibss allows local users to overwrite files via a symlink attack. ====================================================== Name: CVE-2000-0083 Status: Entry Reference: HP:HPSBUX0001-109 Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2031 Reference: XF:hp-audio-security-perms HP asecure creates the Audio Security File audio.sec with insecure permissions, which allows local users to cause a denial of service or gain additional privileges. ====================================================== Name: CVE-2000-0087 Status: Entry Reference: BUGTRAQ:20000113 Misleading sense of security in Netscape Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94790377622943&w=2 Reference: XF:netscape-mail-notify-plaintext(4385) Reference: URL:http://www.iss.net/security_center/static/4385.php Netscape Mail Notification (nsnotify) utility in Netscape Communicator uses IMAP without SSL, even if the user has set a preference for Communicator to use an SSL connection, allowing a remote attacker to sniff usernames and passwords in plaintext. ====================================================== Name: CVE-2000-0088 Status: Entry Reference: MS:MS00-002 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-002.mspx Reference: XF:office-malformed-convert Reference: BID:946 Reference: URL:http://www.securityfocus.com/bid/946 Buffer overflow in the conversion utilities for Japanese, Korean and Chinese Word 5 documents allows an attacker to execute commands, aka the "Malformed Conversion Data" vulnerability. ====================================================== Name: CVE-2000-0089 Status: Entry Reference: NTBUGTRAQ:20000121 RDISK registry enumeration file vulnerability in Windows NT 4.0 Terminal Server Edition Reference: BUGTRAQ:20000122 RDISK registry enumeration file vulnerability in Windows NT 4.0 Terminal Server Edition Reference: MS:MS00-004 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-004.mspx Reference: MSKB:Q249108 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q249108 Reference: BID:947 Reference: URL:http://www.securityfocus.com/bid/947 Reference: XF:nt-rdisk-enum-file The rdisk utility in Microsoft Terminal Server Edition and Windows NT 4.0 stores registry hive information in a temporary file with permissions that allow local users to read it, aka the "RDISK Registry Enumeration File" vulnerability. ====================================================== Name: CVE-2000-0090 Status: Entry Reference: BUGTRAQ:20000124 VMware 1.1.2 Symlink Vulnerability Reference: XF:linux-vmware-symlink Reference: BID:943 Reference: URL:http://www.securityfocus.com/bid/943 Reference: OSVDB:1205 Reference: URL:http://www.osvdb.org/1205 VMWare 1.1.2 allows local users to cause a denial of service via a symlink attack. ====================================================== Name: CVE-2000-0091 Status: Entry Reference: BUGTRAQ:20000122 remote root qmail-pop with vpopmail advisory and exploit with patch Reference: BUGTRAQ:20000123 Re: vpopmail/vchkpw remote root exploit Reference: BID:942 Reference: URL:http://www.securityfocus.com/bid/942 Reference: MISC:http://www.inter7.com/vpopmail/ChangeLog Reference: MISC:http://www.inter7.com/vpopmail/ Buffer overflow in vchkpw/vpopmail POP authentication package allows remote attackers to gain root privileges via a long username or password. ====================================================== Name: CVE-2000-0092 Status: Entry Reference: FREEBSD:FreeBSD-SA-00:01 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:01.make.asc Reference: BID:939 Reference: URL:http://www.securityfocus.com/bid/939 Reference: XF:gnu-makefile-tmp-root The BSD make program allows local users to modify files via a symlink attack when the -j option is being used. ====================================================== Name: CVE-2000-0094 Status: Entry Reference: BUGTRAQ:20000121 *BSD procfs vulnerability Reference: FREEBSD:FreeBSD-SA-00:02 Reference: NETBSD:NetBSD-SA2000-001 Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2000-001.txt.asc Reference: OPENBSD:20000120 [2.6] 018: SECURITY FIX: Jan 20, 2000 Reference: BID:940 Reference: URL:http://www.securityfocus.com/bid/940 Reference: OSVDB:20760 Reference: URL:http://www.osvdb.org/20760 Reference: XF:netbsd-procfs(3995) Reference: URL:http://xforce.iss.net/xforce/xfdb/3995 procfs in BSD systems allows local users to gain root privileges by modifying the /proc/pid/mem interface via a modified file descriptor for stderr. ====================================================== Name: CVE-2000-0095 Status: Entry Reference: HP:HPSBUX0001-110 Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2041 Reference: BID:944 Reference: URL:http://www.securityfocus.com/bid/944 The PMTU discovery procedure used by HP-UX 10.30 and 11.00 for determining the optimum MTU generates large amounts of traffic in response to small packets, allowing remote attackers to cause the system to be used as a packet amplifier. ====================================================== Name: CVE-2000-0097 Status: Entry Reference: NTBUGTRAQ:20000127 Alert: MS IIS 4 / IS 2 (Cerberus Security Advisory CISADV000126) Reference: MS:MS00-006 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-006.asp Reference: BID:950 Reference: URL:http://www.securityfocus.com/bid/950 Reference: XF:http-indexserver-dirtrans Reference: OSVDB:1210 Reference: URL:http://www.osvdb.org/1210 The WebHits ISAPI filter in Microsoft Index Server allows remote attackers to read arbitrary files, aka the "Malformed Hit-Highlighting Argument" vulnerability. ====================================================== Name: CVE-2000-0098 Status: Entry Reference: MS:MS00-006 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-006.asp Microsoft Index Server allows remote attackers to determine the real path for a web directory via a request to an Internet Data Query file that does not exist. ====================================================== Name: CVE-2000-0099 Status: Entry Reference: BUGTRAQ:20000119 Unixware ppptalk Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94848865112897&w=2 Buffer overflow in UnixWare ppptalk command allows local users to gain privileges via a long prompt argument. ====================================================== Name: CVE-2000-0100 Status: Entry Reference: NTBUGTRAQ:20000115 Security Vulnerability with SMS 2.0 Remote Control Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/current/0045.html Reference: MS:MS00-012 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-012.asp The SMS Remote Control program is installed with insecure permissions, which allows local users to gain privileges by modifying or replacing the program. ====================================================== Name: CVE-2000-0107 Status: Entry Reference: DEBIAN:20000201 Reference: URL:http://www.debian.org/security/2000/20000201 Reference: BID:958 Reference: URL:http://www.securityfocus.com/bid/958 Linux apcd program allows local attackers to modify arbitrary files via a symlink attack. ====================================================== Name: CVE-2000-0111 Status: Entry Reference: BUGTRAQ:20000129 [LoWNOISE] Rightfax web client 5.2 Reference: BID:953 Reference: URL:http://www.securityfocus.com/bid/953 Reference: XF:avt-rightfax-predict-session The RightFax web client uses predictable session numbers, which allows remote attackers to hijack user sessions. ====================================================== Name: CVE-2000-0112 Status: Entry Reference: BUGTRAQ:20000202 vulnerability in Linux Debian default boot configuration Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94973075614088&w=2 Reference: BID:960 Reference: URL:http://www.securityfocus.com/bid/960 Reference: XF:debian-mbr-bypass-security The default installation of Debian GNU/Linux uses an insecure Master Boot Record (MBR) which allows a local user to boot from a floppy disk during the installation. ====================================================== Name: CVE-2000-0113 Status: Entry Reference: BUGTRAQ:20000128 SyGate 3.11 Port 7323 / Remote Admin hole Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94934808714972&w=2 Reference: BUGTRAQ:20000202 SV: SyGate 3.11 Port 7323 / Remote Admin hole Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94952641025328&w=2 Reference: BUGTRAQ:20000203 UPDATE: Sygate 3.11 Port 7323 Telnet Hole Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94973281714994&w=2 Reference: CONFIRM:http://www.sybergen.com/support/fix.htm Reference: BID:952 Reference: URL:http://www.securityfocus.com/bid/952 The SyGate Remote Management program does not properly restrict access to its administration service, which allows remote attackers to cause a denial of service, or access network traffic statistics. ====================================================== Name: CVE-2000-0116 Status: Entry Reference: NTBUGTRAQ:20000129 "Strip Script Tags" in FW-1 can be circumvented Reference: BUGTRAQ:20000129 "Strip Script Tags" in FW-1 can be circumvented Reference: BID:954 Reference: URL:http://www.securityfocus.com/bid/954 Reference: XF:http-script-bypass Reference: OSVDB:1212 Reference: URL:http://www.osvdb.org/1212 Firewall-1 does not properly filter script tags, which allows remote attackers to bypass the "Strip Script Tags" restriction by including an extra < in front of the SCRIPT tag. ====================================================== Name: CVE-2000-0117 Status: Entry Reference: BUGTRAQ:20000127 Cobalt RaQ2 - a user of mine changed my admin password.. Reference: BUGTRAQ:20000131 [ Cobalt ] Security Advisory -- 01.31.2000 Reference: XF:http-cgi-cobalt-passwords Reference: BID:951 Reference: URL:http://www.securityfocus.com/bid/951 The siteUserMod.cgi program in Cobalt RaQ2 servers allows any Site Administrator to modify passwords for other users, site administrators, and possibly admin (root). ====================================================== Name: CVE-2000-0120 Status: Entry Reference: ALLAIRE:ASB00-04 Reference: BID:955 Reference: URL:http://www.securityfocus.com/bid/955 Reference: XF:allaire-spectra-ras-access(4025) Reference: URL:http://xforce.iss.net/static/4025.php The Remote Access Service invoke.cfm template in Allaire Spectra 1.0 allows users to bypass authentication via the bAuthenticated parameter. ====================================================== Name: CVE-2000-0121 Status: Entry Reference: NTBUGTRAQ:20000201 "Recycle Bin Creation" Vulnerability in Windows NT / Windows 2000 Reference: MS:MS00-007 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-007.mspx Reference: MSKB:Q248399 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q248399 Reference: BID:963 Reference: URL:http://www.securityfocus.com/bid/963 The Recycle Bin utility in Windows NT and Windows 2000 allows local users to read or modify files by creating a subdirectory with the victim's SID in the recycler directory, aka the "Recycle Bin Creation" vulnerability. ====================================================== Name: CVE-2000-0127 Status: Entry Reference: BUGTRAQ:20000203 Webspeed security issue Reference: CONFIRM:http://www.progress.com/services/support/cgi-bin/techweb-kbase.cgi/webkb.html?kbid=19412&keywords=security%20Webspeed Reference: BID:969 Reference: URL:http://www.securityfocus.com/bid/969 Reference: XF:webspeed-adminutil-auth The Webspeed configuration program does not properly disable access to the WSMadmin utility, which allows remote attackers to gain privileges via wsisa.dll. ====================================================== Name: CVE-2000-0128 Status: Entry Reference: BUGTRAQ:20000204 "The Finger Server" Reference: CONFIRM:http://www.glazed.org/finger/changelog.txt Reference: XF:finger-server-input Reference: OSVDB:7610 Reference: URL:http://www.osvdb.org/7610 The Finger Server 0.82 allows remote attackers to execute commands via shell metacharacters. ====================================================== Name: CVE-2000-0130 Status: Entry Reference: BUGTRAQ:20000127 New SCO patches... Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94908470928258&w=2 Reference: SCO:SB-00.02a Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-00.02a Reference: XF:sco-help-bo Buffer overflow in SCO scohelp program allows remote attackers to execute commands. ====================================================== Name: CVE-2000-0131 Status: Entry Reference: BUGTRAQ:20000201 war-ftpd 1.6x DoS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94960703721503&w=2 Reference: BID:966 Reference: URL:http://www.securityfocus.com/bid/966 Reference: OSVDB:4677 Reference: URL:http://www.osvdb.org/4677 Buffer overflow in War FTPd 1.6x allows users to cause a denial of service via long MKD and CWD commands. ====================================================== Name: CVE-2000-0139 Status: Entry Reference: BUGTRAQ:20000210 remote DoS on Internet Anywhere Mail Server Ver.3.1.3 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95021326417936&w=2 Reference: BID:982 Reference: URL:http://www.securityfocus.com/bid/982 Internet Anywhere POP3 Mail Server allows local users to cause a denial of service via a malformed RETR command. ====================================================== Name: CVE-2000-0140 Status: Entry Reference: BUGTRAQ:20000210 remote DoS on Internet Anywhere Mail Server Ver.3.1.3 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95021326417936&w=2 Reference: NTBUGTRAQ:20000210 remote DoS on Internet Anywhere Mail Server Ver.3.1.3 Reference: BID:980 Reference: URL:http://www.securityfocus.com/bid/980 Internet Anywhere POP3 Mail Server allows remote attackers to cause a denial of service via a large number of connections. ====================================================== Name: CVE-2000-0141 Status: Entry Reference: BUGTRAQ:20000211 perl-cgi hole in UltimateBB by Infopop Corp. Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-8&msg=20000211224935.A13236@infomag.ape.relarn.ru Reference: BUGTRAQ:20000225 FW: Important UBB News For Licensed Users Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-22&msg=NDBBLKOPOLNKELHPDEFKIEPGCAAA.renzo.toma@veronica.nl Reference: BID:991 Reference: URL:http://www.securityfocus.com/bid/991 Reference: MISC:http://www.ultimatebb.com/home/versions.shtml Reference: XF:http-cgi-ultimatebb Infopop Ultimate Bulletin Board (UBB) allows remote attackers to execute commands via shell metacharacters in the topic hidden field. ====================================================== Name: CVE-2000-0144 Status: Entry Reference: BUGTRAQ:20000207 Infosec.20000207.axis700.a Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0034.html Reference: BID:971 Reference: URL:http://www.securityfocus.com/bid/971 Axis 700 Network Scanner does not properly restrict access to administrator URLs, which allows users to bypass the password protection via a .. (dot dot) attack. ====================================================== Name: CVE-2000-0145 Status: Entry Reference: BUGTRAQ:20000205 Debian (frozen): Perms on /usr/lib/libguile.so.6.0.0 The libguile.so library file used by gnucash in Debian GNU/Linux is installed with world-writable permissions. ====================================================== Name: CVE-2000-0146 Status: Entry Reference: BUGTRAQ:20000207 Novell GroupWise 5.5 Enhancement Pack Web Access Denial of Servic e Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0049.html Reference: BID:972 Reference: URL:http://www.securityfocus.com/bid/972 Reference: XF:novell-groupwise-url-dos The Java Server in the Novell GroupWise Web Access Enhancement Pack allows remote attackers to cause a denial of service via a long URL to the servlet. ====================================================== Name: CVE-2000-0148 Status: Entry Reference: BUGTRAQ:20000208 Remote access vulnerability in all MySQL server versions Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0053.html Reference: BUGTRAQ:20000214 MySQL 3.22.32 released Reference: BID:975 Reference: URL:http://www.securityfocus.com/bid/975 MySQL 3.22 allows remote attackers to bypass password authentication and access a database via a short check string. ====================================================== Name: CVE-2000-0149 Status: Entry Reference: BUGTRAQ:20000209 [SAFER 000209.EXP.1.2] Zeus Web Server - obtaining source of CGI scripts Reference: BUGTRAQ:20000208 Zeus Web Server: Null Terminated Strings Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0057.html Reference: BID:977 Reference: URL:http://www.securityfocus.com/bid/977 Reference: OSVDB:254 Reference: URL:http://www.osvdb.org/254 Reference: XF:zeus-server-null-string(3982) Reference: URL:http://xforce.iss.net/xforce/xfdb/3982 Zeus web server allows remote attackers to view the source code for CGI programs via a null character (%00) at the end of a URL. ====================================================== Name: CVE-2000-0150 Status: Entry Reference: BUGTRAQ:20000209 FireWall-1 FTP Server Vulnerability Reference: BUGTRAQ:20000212 Re: FireWall-1 FTP Server Vulnerability Reference: BUGTRAQ:20000210 Multiple firewalls: FTP Application Level Gateway "PASV" Vulnerability Reference: CERT-VN:VU#328867 Reference: URL:http://www.kb.cert.org/vuls/id/328867 Reference: BID:979 Reference: URL:http://www.securityfocus.com/bid/979 Reference: OSVDB:4417 Reference: URL:http://www.osvdb.org/4417 Check Point Firewall-1 allows remote attackers to bypass port access restrictions on an FTP server by forcing it to send malicious packets that Firewall-1 misinterprets as a valid 227 response to a client's PASV attempt. ====================================================== Name: CVE-2000-0152 Status: Entry Reference: BUGTRAQ:20000209 Novell BorderManager 3.5 Remote Slow Death Reference: BUGTRAQ:20000211 BorderManager csatpxy.nlm fix avalable. Reference: BID:976 Reference: URL:http://www.securityfocus.com/bid/976 Reference: OSVDB:7468 Reference: URL:http://www.osvdb.org/7468 Remote attackers can cause a denial of service in Novell BorderManager 3.5 by pressing the enter key in a telnet connection to port 2000. ====================================================== Name: CVE-2000-0156 Status: Entry Reference: MS:MS00-009 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-009.mspx Reference: OSVDB:7827 Reference: URL:http://www.osvdb.org/7827 Reference: XF:ie-image-source-redirect(3996) Reference: URL:http://xforce.iss.net/xforce/xfdb/3996 Internet Explorer 4.x and 5.x allows remote web servers to access files on the client that are outside of its security domain, aka the "Image Source Redirect" vulnerability. ====================================================== Name: CVE-2000-0157 Status: Entry Reference: NETBSD:1999-012 Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA1999-012.txt.asc Reference: BID:992 Reference: URL:http://www.securityfocus.com/bid/992 Reference: XF:netbsd-ptrace NetBSD ptrace call on VAX allows local users to gain privileges by modifying the PSL contents in the debugging process. ====================================================== Name: CVE-2000-0159 Status: Entry Reference: HP:HPSBUX0002-111 Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-15&msg=20000217160216.13708.qmail@underground.org HP Ignite-UX does not save /etc/passwd when it creates an image of a trusted system, which can set the password field to a blank and allow an attacker to gain privileges. ====================================================== Name: CVE-2000-0161 Status: Entry Reference: MS:MS00-010 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-010.asp Reference: BID:994 Reference: URL:http://www.securityfocus.com/bid/994 Sample web sites on Microsoft Site Server 3.0 Commerce Edition do not validate an identification number, which allows remote attackers to execute SQL commands. ====================================================== Name: CVE-2000-0162 Status: Entry Reference: MS:MS00-011 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-011.asp The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x allows a remote attacker to read files via a malicious Java applet that escapes the Java sandbox, aka the "VM File Reading" vulnerability. ====================================================== Name: CVE-2000-0164 Status: Entry Reference: BUGTRAQ:20000220 Sun Internet Mail Server Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-15&msg=Pine.SOL.4.21.0002200031320.22675-100000@klayman.hq.formus.pl Reference: SUNBUG:4316521 Reference: BID:1004 Reference: URL:http://www.securityfocus.com/bid/1004 Reference: XF:sims-temp-world-readable The installation of Sun Internet Mail Server (SIMS) creates a world-readable file that allows local users to obtain passwords. ====================================================== Name: CVE-2000-0165 Status: Entry Reference: BUGTRAQ:20000210 Re: application proxies? Reference: FREEBSD:FreeBSD-SA-00:04 Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-15&msg=Pine.BSF.4.21.0002192249290.10784-100000@freefall.freebsd.org Reference: CIAC:K-023 Reference: URL:http://www.ciac.org/ciac/bulletins/k-023.shtml Reference: XF:delegate-proxy-bo The Delegate application proxy has several buffer overflows which allow a remote attacker to execute commands. ====================================================== Name: CVE-2000-0166 Status: Entry Reference: BUGTRAQ:20000221 Local / Remote Exploiteable Buffer Overflow Vulnerability in InterAccess TelnetD Server 4.0 for Windows NT Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NCBBKFKDOLAGKIAPMILPGEJHCCAA.labs@ussrback.com Reference: BUGTRAQ:20000223 Pragma Systems response to USSRLabs report Reference: BID:995 Reference: URL:http://www.securityfocus.com/bid/995 Reference: XF:interaccess-telnet-login-bo Buffer overflow in the InterAccess telnet server TelnetD allows remote attackers to execute commands via a long login name. ====================================================== Name: CVE-2000-0168 Status: Entry Reference: BUGTRAQ:20000306 con\con is a old thing (anyway is cool) Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NCBBKFKDOLAGKIAPMILPCENECCAA.labs@ussrback.com Reference: MS:MS00-017 Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2126 Reference: BID:1043 Reference: URL:http://www.securityfocus.com/bid/1043 Reference: XF:win-dos-devicename-dos Microsoft Windows 9x operating systems allow an attacker to cause a denial of service via a pathname that includes file device names, aka the "DOS Device in Path Name" vulnerability. ====================================================== Name: CVE-2000-0169 Status: Entry Reference: NTBUGTRAQ:20000314 Oracle Web Listener 4.0.x Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q1/0211.html Reference: BID:1053 Reference: URL:http://www.securityfocus.com/bid/1053 Reference: XF:oracle-weblistener-remote-attack Batch files in the Oracle web listener ows-bin directory allow remote attackers to execute commands via a malformed URL that includes '?&'. ====================================================== Name: CVE-2000-0170 Status: Entry Reference: BUGTRAQ:20000226 man bugs might lead to root compromise (RH 6.1 and other boxes) Reference: BID:1011 Reference: URL:http://www.securityfocus.com/bid/1011 Buffer overflow in the man program in Linux allows local users to gain privileges via the MANPAGER environmental variable. ====================================================== Name: CVE-2000-0171 Status: Entry Reference: BUGTRAQ:20000311 TESO advisory -- atsadc Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0102.html Reference: XF:atsar-root-access Reference: BID:1048 Reference: URL:http://www.securityfocus.com/bid/1048 atsadc in the atsar package for Linux does not properly check the permissions of an output file, which allows local users to gain root privileges. ====================================================== Name: CVE-2000-0172 Status: Entry Reference: BUGTRAQ:20000303 Potential security problem with mtr Reference: DEBIAN:20000309 mtr Reference: FREEBSD:FreeBSD-SA-00:09 Reference: BUGTRAQ:20000308 [TL-Security-Announce] mtr-0.41 and earlier TLSA2000003-1 (fwd) Reference: BID:1038 Reference: URL:http://www.securityfocus.com/bid/1038 The mtr program only uses a seteuid call when attempting to drop privileges, which could allow local users to gain root privileges. ====================================================== Name: CVE-2000-0174 Status: Entry Reference: BUGTRAQ:20000308 [SAFER 000309.EXP.1.4] StarScheduler (StarOffice) vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0063.html Reference: BID:1040 Reference: URL:http://www.securityfocus.com/bid/1040 Reference: XF:staroffice-scheduler-fileread StarOffice StarScheduler web server allows remote attackers to read arbitrary files via a .. (dot dot) attack. ====================================================== Name: CVE-2000-0175 Status: Entry Reference: BUGTRAQ:20000308 [SAFER 000309.EXP.1.4] StarScheduler (StarOffice) vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0063.html Reference: XF:staroffice-scheduler-bo Reference: BID:1039 Reference: URL:http://www.securityfocus.com/bid/1039 Buffer overflow in StarOffice StarScheduler web server allows remote attackers to gain root access via a long GET command. ====================================================== Name: CVE-2000-0178 Status: Entry Reference: BUGTRAQ:20000227 Advisory: Foundry Networks ServerIron TCP/IP sequence predictability Reference: MISC:http://www.foundrynet.com/bugTraq.html Reference: BID:1017 Reference: URL:http://www.securityfocus.com/bid/1017 ServerIron switches by Foundry Networks have predictable TCP/IP sequence numbers, which allows remote attackers to spoof or hijack sessions. ====================================================== Name: CVE-2000-0179 Status: Entry Reference: BUGTRAQ:20000228 HP Omniback remote DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0387.html Reference: HP:HPSBUX0006-115 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0006-115 Reference: BID:1015 Reference: URL:http://www.securityfocus.com/bid/1015 Reference: XF:omniback-connection-dos HP OpenView OmniBack 2.55 allows remote attackers to cause a denial of service via a large number of connections to port 5555. ====================================================== Name: CVE-2000-0180 Status: Entry Reference: NTBUGTRAQ:20000313 SOJOURN Search engine exposes files Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q1/0201.html Reference: BID:1052 Reference: URL:http://www.securityfocus.com/bid/1052 Reference: XF:sojourn-file-read(4197) Reference: URL:http://xforce.iss.net/static/4197.php Sojourn search engine allows remote attackers to read arbitrary files via a .. (dot dot) attack. ====================================================== Name: CVE-2000-0181 Status: Entry Reference: BUGTRAQ:20000311 Our old friend Firewall-1 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0119.html Reference: BID:1054 Reference: URL:http://www.securityfocus.com/bid/1054 Reference: OSVDB:1256 Reference: URL:http://www.osvdb.org/1256 Firewall-1 3.0 and 4.0 leaks packets with private IP address information, which could allow remote attackers to determine the real IP address of the host that is making the connection. ====================================================== Name: CVE-2000-0182 Status: Entry Reference: BUGTRAQ:20000223 DoS for the iPlanet Web Server, Enterprise Edition 4.1 iPlanet Web Server 4.1 allows remote attackers to cause a denial of service via a large number of GET commands, which consumes memory and causes a kernel panic. ====================================================== Name: CVE-2000-0183 Status: Entry Reference: BUGTRAQ:20000310 Fwd: ircii-4.4 buffer overflow Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0093.html Reference: FREEBSD:FreeBSD-SA-00:11 Reference: REDHAT:RHSA-2000:008 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-008.html Reference: BID:1046 Reference: URL:http://www.securityfocus.com/bid/1046 Buffer overflow in ircII 4.4 IRC client allows remote attackers to execute commands via the DCC chat capability. ====================================================== Name: CVE-2000-0184 Status: Entry Reference: BUGTRAQ:20000309 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0082.html Reference: BID:1037 Reference: URL:http://www.securityfocus.com/bid/1037 Linux printtool sets the permissions of printer configuration files to be world-readable, which allows local attackers to obtain printer share passwords. ====================================================== Name: CVE-2000-0185 Status: Entry Reference: BUGTRAQ:20000308 RealServer exposes internal IP addresses Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0069.html Reference: BID:1049 Reference: URL:http://www.securityfocus.com/bid/1049 RealMedia RealServer reveals the real IP address of a Real Server, even if the address is supposed to be private. ====================================================== Name: CVE-2000-0186 Status: Entry Reference: BUGTRAQ:20000228 [ Hackerslab bug_paper ] Linux dump buffer overflow Reference: TURBO:TLSA200007-1 Reference: REDHAT:RHSA-2000:100 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-100.html Reference: BID:1020 Reference: URL:http://www.securityfocus.com/bid/1020 Buffer overflow in the dump utility in the Linux ext2fs backup package allows local users to gain privileges via a long command line argument. ====================================================== Name: CVE-2000-0189 Status: Entry Reference: NTBUGTRAQ:20000301 ColdFusions application.cfm shows full path Reference: BUGTRAQ:20000305 ColdFusion Bug: Application.cfm shows full path Reference: BID:1021 Reference: URL:http://www.securityfocus.com/bid/1021 ColdFusion Server 4.x allows remote attackers to determine the real pathname of the server via an HTTP request to the application.cfm or onrequestend.cfm files. ====================================================== Name: CVE-2000-0191 Status: Entry Reference: BUGTRAQ:20000229 Infosec.20000229.axisstorpointcd.a Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=41256894.00492503.00@mailgw.backupcentralen.se Reference: XF:axis-storpoint-auth Reference: BID:1025 Reference: URL:http://www.securityfocus.com/bid/1025 Reference: OSVDB:19 Reference: URL:http://www.osvdb.org/19 Axis StorPoint CD allows remote attackers to access administrator URLs without authentication via a .. (dot dot) attack. ====================================================== Name: CVE-2000-0192 Status: Entry Reference: BUGTRAQ:20000304 OpenLinux 2.3: rpm_query Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0029.html Reference: BID:1036 Reference: URL:http://www.securityfocus.com/bid/1036 The default installation of Caldera OpenLinux 2.3 includes the CGI program rpm_query, which allows remote attackers to determine what packages are installed on the system. ====================================================== Name: CVE-2000-0193 Status: Entry Reference: BUGTRAQ:20000302 Corel Linux 1.0 dosemu default configuration: Local root vuln Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200003020436.PAA20168@jawa.chilli.net.au Reference: BID:1030 Reference: URL:http://www.securityfocus.com/bid/1030 Reference: XF:linux-dosemu-config The default configuration of Dosemu in Corel Linux 1.0 allows local users to execute the system.com program and gain privileges. ====================================================== Name: CVE-2000-0194 Status: Entry Reference: BUGTRAQ:20000224 Corel Linux 1.0 local root compromise Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0323.html Reference: BID:1007 Reference: URL:http://www.securityfocus.com/bid/1007 buildxconf in Corel Linux allows local users to modify or create arbitrary files via the -x or -f parameters. ====================================================== Name: CVE-2000-0195 Status: Entry Reference: BUGTRAQ:20000224 Corel Linux 1.0 local root compromise Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0323.html Reference: BID:1008 Reference: URL:http://www.securityfocus.com/bid/1008 Reference: XF:corel-linux-setxconf-root setxconf in Corel Linux allows local users to gain root access via the -T parameter, which executes the user's .xserverrc file. ====================================================== Name: CVE-2000-0196 Status: Entry Reference: DEBIAN:20000229 Reference: REDHAT:RHSA-2000:006 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-006.html Reference: BID:1018 Reference: URL:http://www.securityfocus.com/bid/1018 Buffer overflow in mhshow in the Linux nmh package allows remote attackers to execute commands via malformed MIME headers in an email message. ====================================================== Name: CVE-2000-0200 Status: Entry Reference: MS:MS00-015 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-015.mspx Reference: BID:1034 Reference: URL:http://www.securityfocus.com/bid/1034 Buffer overflow in Microsoft Clip Art Gallery allows remote attackers to cause a denial of service or execute commands via a malformed CIL (clip art library) file, aka the "Clip Art Buffer Overrun" vulnerability. ====================================================== Name: CVE-2000-0201 Status: Entry Reference: BUGTRAQ:20000301 IE 5.x allows executing arbitrary programs using .chm files Reference: BID:1033 Reference: URL:http://www.securityfocus.com/bid/1033 The window.showHelp() method in Internet Explorer 5.x does not restrict HTML help files (.chm) to be executed from the local host, which allows remote attackers to execute arbitrary commands via Microsoft Networking. ====================================================== Name: CVE-2000-0202 Status: Entry Reference: MS:MS00-014 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-014.mspx Reference: BID:1041 Reference: URL:http://www.securityfocus.com/bid/1041 Microsoft SQL Server 7.0 and Microsoft Data Engine (MSDE) 1.0 allow remote attackers to gain privileges via a malformed Select statement in an SQL query. ====================================================== Name: CVE-2000-0206 Status: Entry Reference: BUGTRAQ:20000305 Oracle installer problem Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0023.html Reference: BID:1035 Reference: URL:http://www.securityfocus.com/bid/1035 The installation of Oracle 8.1.5.x on Linux follows symlinks and creates the orainstRoot.sh file with world-writeable permissions, which allows local users to gain privileges. ====================================================== Name: CVE-2000-0207 Status: Entry Reference: BUGTRAQ:20000301 infosrch.cgi vulnerability (IRIX 6.5) Reference: SGI:20000501-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20000501-01-P Reference: XF:irix-infosrch-fname Reference: BID:1031 Reference: URL:http://www.securityfocus.com/bid/1031 SGI InfoSearch CGI program infosrch.cgi allows remote attackers to execute commands via shell metacharacters. ====================================================== Name: CVE-2000-0208 Status: Entry Reference: BUGTRAQ:20000228 ht://Dig remote information exposure Reference: FREEBSD:FreeBSD-SA-00:06 Reference: DEBIAN:20000227 Reference: TURBO:TLSA200005-1 Reference: BID:1026 Reference: URL:http://www.securityfocus.com/bid/1026 The htdig (ht://Dig) CGI program htsearch allows remote attackers to read arbitrary files by enclosing the file name with backticks (`) in parameters to htsearch. ====================================================== Name: CVE-2000-0209 Status: Entry Reference: BUGTRAQ:20000227 lynx - someone is deaf and blind ;) Reference: FREEBSD:FreeBSD-SA-00:08 Reference: BID:1012 Reference: URL:http://www.securityfocus.com/bid/1012 Buffer overflow in Lynx 2.x allows remote attackers to crash Lynx and possibly execute commands via a long URL in a malicious web page. ====================================================== Name: CVE-2000-0210 Status: Entry Reference: BUGTRAQ:20000221 flex license manager tempfile predictable name... Reference: BID:998 Reference: URL:http://www.securityfocus.com/bid/998 The lit program in Sun Flex License Manager (FlexLM) follows symlinks, which allows local users to modify arbitrary files. ====================================================== Name: CVE-2000-0211 Status: Entry Reference: MS:MS00-013 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-013.mspx Reference: XF:win-media-dos Reference: BID:1000 Reference: URL:http://www.securityfocus.com/bid/1000 The Windows Media server allows remote attackers to cause a denial of service via a series of client handshake packets that are sent in an improper sequence, aka the "Misordered Windows Media Services Handshake" vulnerability. ====================================================== Name: CVE-2000-0212 Status: Entry Reference: BUGTRAQ:20000224 Local / Remote D.o.S Attack in InterAccess TelnetD Server Release 4.0 *ALL BUILDS* for WinNT Vulnerability Reference: BID:1001 Reference: URL:http://www.securityfocus.com/bid/1001 Reference: XF:interaccess-telnet-dos(4033) Reference: URL:http://xforce.iss.net/xforce/xfdb/4033 InterAccess TelnetID Server 4.0 allows remote attackers to conduct a denial of service via malformed terminal client configuration information. ====================================================== Name: CVE-2000-0215 Status: Entry Reference: SCO:SB-00.05 Reference: BID:1019 Reference: URL:http://www.securityfocus.com/bid/1019 Vulnerability in SCO cu program in UnixWare 7.x allows local users to gain privileges. ====================================================== Name: CVE-2000-0217 Status: Entry Reference: BUGTRAQ:20000224 SSH & xauth Reference: BID:1006 Reference: URL:http://www.securityfocus.com/bid/1006 The default configuration of SSH allows X forwarding, which could allow a remote attacker to control a client's X sessions via a malicious xauth program. ====================================================== Name: CVE-2000-0218 Status: Entry Reference: SUSE:20000210 util < 2.10f Reference: CALDERA:CSSA-2000-002.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2000-002.0.txt Reference: OSVDB:6980 Reference: URL:http://www.osvdb.org/6980 Reference: OSVDB:7004 Reference: URL:http://www.osvdb.org/7004 Buffer overflow in Linux mount and umount allows local users to gain root privileges via a long relative pathname. ====================================================== Name: CVE-2000-0221 Status: Entry Reference: BUGTRAQ:20000225 Scorpion Marlin Reference: BID:1009 Reference: URL:http://www.securityfocus.com/bid/1009 The Nautica Marlin bridge allows remote attackers to cause a denial of service via a zero length UDP packet to the SNMP port. ====================================================== Name: CVE-2000-0222 Status: Entry Reference: BUGTRAQ:20000215 Windows 2000 installation process weakness Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000215155750.M4500@safe.hsc.fr Reference: BID:990 Reference: URL:http://www.securityfocus.com/bid/990 The installation for Windows 2000 does not activate the Administrator password until the system has rebooted, which allows remote attackers to connect to the ADMIN$ share without a password until the reboot occurs. ====================================================== Name: CVE-2000-0223 Status: Entry Reference: BUGTRAQ:20000311 TESO advisory -- wmcdplay Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0107.html Reference: BID:1047 Reference: URL:http://www.securityfocus.com/bid/1047 Buffer overflow in the wmcdplay CD player program for the WindowMaker desktop allows local users to gain root privileges via a long parameter. ====================================================== Name: CVE-2000-0224 Status: Entry Reference: NAI:20000215 ARCserve symlink vulnerability Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-15&msg=000101bf78af$94528870$4d2f45a1@jmagdych.na.nai.com Reference: SCO:SSE063 Reference: XF:sco-openserver-arc-symlink ARCserve agent in SCO UnixWare 7.x allows local attackers to gain root privileges via a symlink attack. ====================================================== Name: CVE-2000-0225 Status: Entry Reference: BUGTRAQ:20000303 Pocsag remote access to client can't be disabled. Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=003601bf854b$6893a090$0100a8c0@FIREWALKER Reference: BID:1032 Reference: URL:http://www.securityfocus.com/bid/1032 Reference: XF:telnet-pocsag Reference: OSVDB:259 Reference: URL:http://www.osvdb.org/259 The Pocsag POC32 program does not properly prevent remote users from accessing its server port, even if the option has been disabled. ====================================================== Name: CVE-2000-0226 Status: Entry Reference: MS:MS00-018 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-018.asp Reference: BID:1066 Reference: URL:http://www.securityfocus.com/bid/1066 Reference: XF:iis-chunked-encoding-dos IIS 4.0 allows attackers to cause a denial of service by requesting a large buffer in a POST or PUT command which consumes memory, aka the "Chunked Transfer Encoding Buffer Overflow Vulnerability." ====================================================== Name: CVE-2000-0228 Status: Entry Reference: MS:MS00-016 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-016.asp Reference: BID:1058 Reference: URL:http://www.securityfocus.com/bid/1058 Reference: XF:mwmt-malformed-media-license Microsoft Windows Media License Manager allows remote attackers to cause a denial of service by sending a malformed request that causes the manager to halt, aka the "Malformed Media License Request" Vulnerability. ====================================================== Name: CVE-2000-0229 Status: Entry Reference: BUGTRAQ:20000322 gpm-root Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0242.html Reference: SUSE:20000405 Security hole in gpm < 1.18.1 Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_45.html Reference: REDHAT:RHSA-2000:009 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-009.html Reference: REDHAT:RHSA-2000:045 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-045.html Reference: BID:1069 Reference: URL:http://www.securityfocus.com/bid/1069 Reference: XF:linux-gpm-root gpm-root in the gpm package does not properly drop privileges, which allows local users to gain privileges by starting a utility from gpm-root. ====================================================== Name: CVE-2000-0230 Status: Entry Reference: BUGTRAQ:20000316 TESO & C-Skills development advisory -- imwheel Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0168.html Reference: REDHAT:RHSA-2000:016 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-016.html Reference: XF:linux-imwheel-bo Reference: BID:1060 Reference: URL:http://www.securityfocus.com/bid/1060 Buffer overflow in imwheel allows local users to gain root privileges via the imwheel-solo script and a long HOME environmental variable. ====================================================== Name: CVE-2000-0231 Status: Entry Reference: BUGTRAQ:20000316 "TESO & C-Skills development advisory -- kreatecd" at: Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0162.html Reference: SUSE:20000405 Security hole in kreatecd < 0.3.8b Reference: XF:linux-kreatecd-path Reference: BID:1061 Reference: URL:http://www.securityfocus.com/bid/1061 Linux kreatecd trusts a user-supplied path that is used to find the cdrecord program, allowing local users to gain root privileges. ====================================================== Name: CVE-2000-0232 Status: Entry Reference: MS:MS00-021 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-021.asp Reference: BUGTRAQ:20000330 Remote DoS Attack in Windows 2000/NT 4.0 TCP/IP Print Request Server Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0306.html Reference: BID:1082 Reference: URL:http://www.securityfocus.com/bid/1082 Reference: XF:win-tcpip-printing-dos Microsoft TCP/IP Printing Services, aka Print Services for Unix, allows an attacker to cause a denial of service via a malformed TCP/IP print request. ====================================================== Name: CVE-2000-0233 Status: Entry Reference: SUSE:20000327 Security hole in SuSE Linux IMAP Server Reference: URL:http://archives.neohapsis.com/archives/vendor/2000-q1/0035.html Reference: XF:linux-imap-remote-unauthorized-access SuSE Linux IMAP server allows remote attackers to bypass IMAP authentication and gain privileges. ====================================================== Name: CVE-2000-0234 Status: Entry Reference: BUGTRAQ:20000330 Cobalt apache configuration exposes .htaccess Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000330220757.28456.qmail@securityfocus.com Reference: CONFIRM:http://www.securityfocus.com/templates/advisory.html?id=2150 Reference: BID:1083 Reference: URL:http://www.securityfocus.com/bid/1083 Reference: XF:cobalt-raq-remote-access The default configuration of Cobalt RaQ2 and RaQ3 as specified in access.conf allows remote attackers to view sensitive contents of a .htaccess file. ====================================================== Name: CVE-2000-0235 Status: Entry Reference: FREEBSD:FreeBSD-SA-00:10 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:10-orville-write.asc Reference: BID:1070 Reference: URL:http://www.securityfocus.com/bid/1070 Reference: XF:freebsd-orvillewrite-bo Reference: OSVDB:1263 Reference: URL:http://www.osvdb.org/1263 Buffer overflow in the huh program in the orville-write package allows local users to gain root privileges. ====================================================== Name: CVE-2000-0236 Status: Entry Reference: BUGTRAQ:20000317 [SAFER 000317.EXP.1.5] Netscape Enterprise Server and '?wp' tags Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=38D2173D.24E39DD0@relaygroup.com Reference: BID:1063 Reference: URL:http://www.securityfocus.com/bid/1063 Reference: XF:netscape-server-directory-indexing Netscape Enterprise Server with Directory Indexing enabled allows remote attackers to list server directories via web publishing tags such as ?wp-ver-info and ?wp-cs-dump. ====================================================== Name: CVE-2000-0237 Status: Entry Reference: MISC:http://zsh.stupidphat.com/advisory.cgi?000311-1 Reference: BID:1075 Reference: URL:http://www.securityfocus.com/bid/1075 Reference: XF:netscape-webpublisher-invalid-access Netscape Enterprise Server with Web Publishing enabled allows remote attackers to list arbitrary directories via a GET request for the /publisher directory, which provides a Java applet that allows the attacker to browse the directories. ====================================================== Name: CVE-2000-0238 Status: Entry Reference: BUGTRAQ:20000317 DoS with NAVIEG Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=s8d1f3e3.036@kib.co.kodiak.ak.us Reference: XF:nav-email-gateway-dos Reference: BID:1064 Reference: URL:http://www.securityfocus.com/bid/1064 Buffer overflow in the web server for Norton AntiVirus for Internet Email Gateways allows remote attackers to cause a denial of service via a long URL. ====================================================== Name: CVE-2000-0240 Status: Entry Reference: BUGTRAQ:20000321 vqserver /........../ Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=4.1.20000321084646.0095c7f0@olga.swip.net Reference: CONFIRM:http://www.vqsoft.com/vq/server/faqs/dotdotbug.html Reference: XF:vqserver-dir-traverse Reference: BID:1067 Reference: URL:http://www.securityfocus.com/bid/1067 Reference: OSVDB:270 Reference: URL:http://www.osvdb.org/270 vqSoft vqServer program allows remote attackers to read arbitrary files via a /........../ in the URL, a variation of a .. (dot dot) attack. ====================================================== Name: CVE-2000-0243 Status: Entry Reference: BUGTRAQ:20000324 AnalogX SimpleServer 1.03 Remote Crash" at: Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=web-5645555@post2.rnci.com Reference: MISC:http://www.analogx.com/contents/download/network/sswww.htm Reference: XF:simpleserver-exception-dos(4189) Reference: URL:http://xforce.iss.net/static/4189.php Reference: BID:1076 Reference: URL:http://www.securityfocus.com/bid/1076 Reference: OSVDB:1265 Reference: URL:http://www.osvdb.org/1265 AnalogX SimpleServer:WWW HTTP server 1.03 allows remote attackers to cause a denial of service via a short GET request to cgi-bin. ====================================================== Name: CVE-2000-0245 Status: Entry Reference: BUGTRAQ:20000328 Objectserver vulnerability Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200003290852.aa27218@blaze.arl.mil Reference: SGI:20000303-01-PX Reference: URL:ftp://sgigate.sgi.com/security/20000303-01-PX Reference: CIAC:K-030 Reference: URL:http://www.ciac.org/ciac/bulletins/k-030.shtml Reference: BID:1079 Reference: URL:http://www.securityfocus.com/bid/1079 Reference: OSVDB:1267 Reference: URL:http://www.osvdb.org/1267 Reference: XF:irix-objectserver-create-accounts(4206) Reference: URL:http://xforce.iss.net/xforce/xfdb/4206 Vulnerability in SGI IRIX objectserver daemon allows remote attackers to create user accounts. ====================================================== Name: CVE-2000-0246 Status: Entry Reference: MS:MS00-019 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-019.asp Reference: MSKB:Q249599 Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=249599 Reference: BID:1081 Reference: URL:http://www.securityfocus.com/bid/1081 Reference: XF:iis-virtual-unc-share IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mapped to a UNC share, which allows remote attackers to read the source code of ASP and other files, aka the "Virtualized UNC Share" vulnerability. ====================================================== Name: CVE-2000-0247 Status: Entry Reference: BUGTRAQ:20000322 Local root compromise in GNQS 3.50.6 and 3.50.7 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0236.html Reference: MISC:http://ftp.gnqs.org/pub/gnqs/source/by-version-number/v3.50/Generic-NQS-3.50.8-ChangeLog.txt Reference: FREEBSD:FreeBSD-SA-00:13 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:13.generic-nqs.asc Reference: BID:1842 Reference: URL:http://www.securityfocus.com/bid/1842 Reference: XF:generic-nqs-local-root(4306) Reference: URL:http://xforce.iss.net/xforce/xfdb/4306 Unknown vulnerability in Generic-NQS (GNQS) allows local users to gain root privileges. ====================================================== Name: CVE-2000-0249 Status: Entry Reference: ISS:20000426 Insecure file handling in IBM AIX frcactrl program Reference: URL:http://xforce.iss.net/alerts/advise47.php3 Reference: IBM:ERS-OAR-E01-2000:075.1 Reference: XF:aix-frcactrl Reference: BID:1152 Reference: URL:http://www.securityfocus.com/bid/1152 The AIX Fast Response Cache Accelerator (FRCA) allows local users to modify arbitrary files via the configuration capability in the frcactrl program. ====================================================== Name: CVE-2000-0251 Status: Entry Reference: HP:HPSBUX0004-112 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0021.html Reference: BID:1090 Reference: URL:http://www.securityfocus.com/bid/1090 Reference: XF:hp-virtual-vault HP-UX 11.04 VirtualVault (VVOS) sends data to unprivileged processes via an interface that has multiple aliased IP addresses. ====================================================== Name: CVE-2000-0252 Status: Entry Reference: BUGTRAQ:20000411 Back Door in Commercial Shopping Cart Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0051.html Reference: BID:1115 Reference: URL:http://www.securityfocus.com/bid/1115 Reference: XF:dansie-shell-metacharacters Reference: URL:http://xforce.iss.net/static/4975.php The dansie shopping cart application cart.pl allows remote attackers to execute commands via a shell metacharacters in a form variable. ====================================================== Name: CVE-2000-0253 Status: Entry Reference: BUGTRAQ:20000411 Re: Back Door in Commercial Shopping Cart Reference: BID:1115 Reference: URL:http://www.securityfocus.com/bid/1115 Reference: XF:shopping-cart-form-tampering Reference: URL:http://xforce.iss.net/static/4621.php The dansie shopping cart application cart.pl allows remote attackers to modify sensitive purchase information via hidden form fields. ====================================================== Name: CVE-2000-0254 Status: Entry Reference: BUGTRAQ:20000411 Re: Back Door in Commercial Shopping Cart Reference: BID:1115 Reference: URL:http://www.securityfocus.com/bid/1115 Reference: XF:dansie-form-variables Reference: URL:http://xforce.iss.net/static/4954.php The dansie shopping cart application cart.pl allows remote attackers to obtain the shopping cart database and configuration information via a URL that references either the env, db, or vars form variables. ====================================================== Name: CVE-2000-0255 Status: Entry Reference: BUGTRAQ:20000405 SilverBack Security Advisory: Nbase-Xyplex DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0022.html Reference: BID:1091 Reference: URL:http://www.securityfocus.com/bid/1091 Reference: XF:nbase-xyplex-router The Nbase-Xyplex EdgeBlaster router allows remote attackers to cause a denial of service via a scan for the FormMail CGI program. ====================================================== Name: CVE-2000-0257 Status: Entry Reference: BUGTRAQ:20000418 Novell Netware 5.1 (server 5.00h, Dec 11, 1999)... Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.21.0004171825340.10088-100000@nimue.tpi.pl Reference: BID:1118 Reference: URL:http://www.securityfocus.com/bid/1118 Reference: XF:netware-remote-admin-overflow Buffer overflow in the NetWare remote web administration utility allows remote attackers to cause a denial of service or execute commands via a long URL. ====================================================== Name: CVE-2000-0258 Status: Entry Reference: MS:MS00-023 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-023.asp Reference: BID:1101 Reference: URL:http://www.securityfocus.com/bid/1101 IIS 4.0 and 5.0 allows remote attackers to cause a denial of service by sending many URLs with a large number of escaped characters, aka the "Myriad Escaped Characters" Vulnerability. ====================================================== Name: CVE-2000-0260 Status: Entry Reference: MS:MS00-025 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-025.asp Reference: BID:1109 Reference: URL:http://www.securityfocus.com/bid/1109 Reference: OSVDB:282 Reference: URL:http://www.osvdb.org/282 Buffer overflow in the dvwssr.dll DLL in Microsoft Visual Interdev 1.0 allows users to cause a denial of service or execute commands, aka the "Link View Server-Side Component" vulnerability. ====================================================== Name: CVE-2000-0261 Status: Entry Reference: BUGTRAQ:20000415 (no subject) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0073.html Reference: BUGTRAQ:20000418 AVM's Statement Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=383085010.956159226625.JavaMail.root@web305-mc.mail.com Reference: XF:ken-download-files Reference: BID:1103 Reference: URL:http://www.securityfocus.com/bid/1103 Reference: OSVDB:1282 Reference: URL:http://www.osvdb.org/1282 The AVM KEN! web server allows remote attackers to read arbitrary files via a .. (dot dot) attack. ====================================================== Name: CVE-2000-0262 Status: Entry Reference: BUGTRAQ:20000415 (no subject) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0073.html Reference: BUGTRAQ:20000418 AVM's Statement Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=383085010.956159226625.JavaMail.root@web305-mc.mail.com Reference: BID:1103 Reference: URL:http://www.securityfocus.com/bid/1103 Reference: XF:ken-dos The AVM KEN! ISDN Proxy server allows remote attackers to cause a denial of service via a malformed request. ====================================================== Name: CVE-2000-0263 Status: Entry Reference: BUGTRAQ:20000416 xfs Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0079.html Reference: XF:redhat-fontserver-dos Reference: BID:1111 Reference: URL:http://www.securityfocus.com/bid/1111 The X font server xfs in Red Hat Linux 6.x allows an attacker to cause a denial of service via a malformed request. ====================================================== Name: CVE-2000-0264 Status: Entry Reference: BUGTRAQ:20000417 bugs in Panda Security 3.0 Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=38FB45F2.550EA000@teleline.es Reference: CONFIRM:http://updates.pandasoftware.com/docs/us/Avoidvulnerability.zip Reference: XF:panda-admin-privileges Reference: BID:1119 Reference: URL:http://www.securityfocus.com/bid/1119 Panda Security 3.0 with registry editing disabled allows users to edit the registry and gain privileges by directly executing a .reg file or using other methods. ====================================================== Name: CVE-2000-0265 Status: Entry Reference: BUGTRAQ:20000417 bugs in Panda Security 3.0 Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=38FB45F2.550EA000@teleline.es Reference: CONFIRM:http://updates.pandasoftware.com/docs/us/Avoidvulnerability.zip Reference: BID:1119 Reference: URL:http://www.securityfocus.com/bid/1119 Reference: XF:panda-uninstall-program Panda Security 3.0 allows users to uninstall the Panda software via its Add/Remove Programs applet. ====================================================== Name: CVE-2000-0267 Status: Entry Reference: CISCO:20000419 Cisco Catalyst Enable Password Bypass Vulnerability Reference: URL:http://www.cisco.com/warp/public/707/catos-enable-bypass-pub.shtml Reference: XF:cisco-catalyst-password-bypass Reference: BID:1122 Reference: URL:http://www.securityfocus.com/bid/1122 Reference: OSVDB:1288 Reference: URL:http://www.osvdb.org/1288 Cisco Catalyst 5.4.x allows a user to gain access to the "enable" mode without a password. ====================================================== Name: CVE-2000-0268 Status: Entry Reference: CISCO:20000420 Cisco IOS Software TELNET Option Handling Vulnerability Reference: URL:http://www.cisco.com/warp/public/707/iostelnetopt-pub.shtml Reference: BID:1123 Reference: URL:http://www.securityfocus.com/bid/1123 Reference: XF:cisco-ios-option-handling Reference: OSVDB:1289 Reference: URL:http://www.osvdb.org/1289 Cisco IOS 11.x and 12.x allows remote attackers to cause a denial of service by sending the ENVIRON option to the Telnet daemon before it is ready to accept it, which causes the system to reboot. ====================================================== Name: CVE-2000-0272 Status: Entry Reference: BUGTRAQ:20000420 Remote DoS attack in Real Networks Real Server Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95625288231045&w=2 Reference: CONFIRM:http://service.real.com/help/faq/servg270.html Reference: XF:realserver-remote-dos Reference: BID:1128 Reference: URL:http://www.securityfocus.com/bid/1128 RealNetworks RealServer allows remote attackers to cause a denial of service by sending malformed input to the server at port 7070. ====================================================== Name: CVE-2000-0273 Status: Entry Reference: BUGTRAQ:20000409 A funny way to DOS pcANYWHERE8.0 and 9.0 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0031.html Reference: BID:1095 Reference: URL:http://www.securityfocus.com/bid/1095 Reference: XF:pcanywhere-login-dos PCAnywhere allows remote attackers to cause a denial of service by terminating the connection before PCAnywhere provides a login prompt. ====================================================== Name: CVE-2000-0274 Status: Entry Reference: BUGTRAQ:20000410 linux trustees 1.5 long path name vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0035.html Reference: CONFIRM:http://www.braysystems.com/linux/trustees.html Reference: XF:linux-trustees-patch-dos Reference: BID:1096 Reference: URL:http://www.securityfocus.com/bid/1096 The Linux trustees kernel patch allows attackers to cause a denial of service by accessing a file or directory with a long name. ====================================================== Name: CVE-2000-0276 Status: Entry Reference: BUGTRAQ:20000410 BeOS syscall bug Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000410131628.659.qmail@securityfocus.com Reference: BID:1098 Reference: URL:http://www.securityfocus.com/bid/1098 Reference: XF:beos-syscall-dos BeOS 4.5 and 5.0 allow local users to cause a denial of service via malformed direct system calls using interrupt 37. ====================================================== Name: CVE-2000-0277 Status: Entry Reference: MS:MS00-022 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-022.asp Reference: BID:1087 Reference: URL:http://www.securityfocus.com/bid/1087 Reference: OSVDB:1272 Reference: URL:http://www.osvdb.org/1272 Microsoft Excel 97 and 2000 does not warn the user when executing Excel Macro Language (XLM) macros in external text files, which could allow an attacker to execute a macro virus, aka the "XLM Text Macro" vulnerability. ====================================================== Name: CVE-2000-0278 Status: Entry Reference: BUGTRAQ:20000331 SalesLogix Eviewer Web App Bug: URL request crashes eviewer web application Reference: URL:http://archives.neohapsis.com/archives/bugtraq/current/0006.html Reference: BID:1089 Reference: URL:http://www.securityfocus.com/bid/1089 Reference: XF:eviewer-admin-request-dos The SalesLogix Eviewer allows remote attackers to cause a denial of service by accessing the URL for the slxweb.dll administration program, which does not authenticate the user. ====================================================== Name: CVE-2000-0279 Status: Entry Reference: BUGTRAQ:20000407 BeOS Networking DOS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0029.html Reference: MISC:http://bebugs.be.com/devbugs/detail.php3?oid=2505312 Reference: BID:1100 Reference: URL:http://www.securityfocus.com/bid/1100 Reference: XF:beos-networking-dos BeOS allows remote attackers to cause a denial of service via malformed packets whose length field is less than the length of the headers. ====================================================== Name: CVE-2000-0282 Status: Entry Reference: BUGTRAQ:20000412 TalentSoft Web+ Input Validation Bug Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0050.html Reference: CONFIRM:ftp://ftp.talentsoft.com/Download/Webplus/Unix/Patches/Webplus46p%20Read%20me.html Reference: BID:1102 Reference: URL:http://www.securityfocus.com/bid/1102 Reference: XF:talentsoft-web-input TalentSoft webpsvr daemon in the Web+ shopping cart application allows remote attackers to read arbitrary files via a .. (dot dot) attack on the webplus CGI program. ====================================================== Name: CVE-2000-0283 Status: Entry Reference: BUGTRAQ:20000412 Performance Copilot for IRIX 6.5 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0056.html Reference: BID:1106 Reference: URL:http://www.securityfocus.com/bid/1106 Reference: XF:irix-pmcd-info The default installation of IRIX Performance Copilot allows remote attackers to access sensitive system information via the pmcd daemon. ====================================================== Name: CVE-2000-0285 Status: Entry Reference: BUGTRAQ:20000416 XFree86 server overflow Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0076.html Reference: BID:1306 Reference: URL:http://www.securityfocus.com/bid/1306 Reference: XF:xfree86-xkbmap-parameter-bo Buffer overflow in XFree86 3.3.x allows local users to execute arbitrary commands via a long -xkbmap parameter. ====================================================== Name: CVE-2000-0287 Status: Entry Reference: BUGTRAQ:20000412 BizDB Search Script Enables Shell Command Execution at the Server Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0058.html Reference: BID:1104 Reference: URL:http://www.securityfocus.com/bid/1104 Reference: XF:http-cgi-bizdb The BizDB CGI script bizdb-search.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the dbname parameter. ====================================================== Name: CVE-2000-0289 Status: Entry Reference: BUGTRAQ:20000327 Security Problems with Linux 2.2.x IP Masquerading Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0284.html Reference: SUSE:20000520 Security hole in kernel < 2.2.15 Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_48.html Reference: BID:1078 Reference: URL:http://www.securityfocus.com/bid/1078 Reference: XF:linux-masquerading-dos IP masquerading in Linux 2.2.x allows remote attackers to route UDP packets through the internal interface by modifying the external source IP address and port number to match those of an established connection. ====================================================== Name: CVE-2000-0290 Status: Entry Reference: BUGTRAQ:20000331 Webstar 4.0 Buffer overflow vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0005.html Reference: XF:macos-webstar-get-bo(4792) Reference: URL:http://xforce.iss.net/static/4792.php Reference: BID:1822 Reference: URL:http://www.securityfocus.com/bid/1822 Buffer overflow in Webstar HTTP server allows remote attackers to cause a denial of service via a long GET request. ====================================================== Name: CVE-2000-0292 Status: Entry Reference: BUGTRAQ:20000418 Adtran DoS Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.10004190908140.32750-100000@localhost.localdomain Reference: BID:1129 Reference: URL:http://www.securityfocus.com/bid/1129 Reference: XF:adtran-ping-dos The Adtran MX2800 M13 Multiplexer allows remote attackers to cause a denial of service via a ping flood to the Ethernet interface, which causes the device to crash. ====================================================== Name: CVE-2000-0294 Status: Entry Reference: FREEBSD:FreeBSD-SA-00:12 Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2162 Reference: BID:1107 Reference: URL:http://www.securityfocus.com/bid/1107 Reference: XF:freebsd-healthd Reference: OSVDB:606 Reference: URL:http://www.osvdb.org/606 Buffer overflow in healthd for FreeBSD allows local users to gain root privileges. ====================================================== Name: CVE-2000-0296 Status: Entry Reference: BUGTRAQ:20000331 fcheck v.2.7.45 and insecure use of Perl's system() Reference: URL:http://archives.neohapsis.com/archives/bugtraq/current/0011.html Reference: BID:1086 Reference: URL:http://www.securityfocus.com/bid/1086 Reference: XF:fcheck-shell fcheck allows local users to gain privileges by embedding shell metacharacters into file names that are processed by fcheck. ====================================================== Name: CVE-2000-0297 Status: Entry Reference: ALLAIRE:ASB00-06 Reference: URL:http://www2.allaire.com/handlers/index.cfm?ID=15099&Method=Full Reference: BID:1085 Reference: URL:http://www.securityfocus.com/bid/1085 Reference: XF:allaire-forums-allaccess Reference: OSVDB:1270 Reference: URL:http://www.osvdb.org/1270 Allaire Forums 2.0.5 allows remote attackers to bypass access restrictions to secure conferences via the rightAccessAllForums or rightModerateAllForums variables. ====================================================== Name: CVE-2000-0298 Status: Entry Reference: NTBUGTRAQ:20000407 All Users startup folder left open if unattended install and OEMP reinstall=1 Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0027.html Reference: XF:win2k-unattended-install(4278) Reference: URL:http://xforce.iss.net/static/4278.php Reference: BID:1758 Reference: URL:http://www.securityfocus.com/bid/1758 The unattended installation of Windows 2000 with the OEMPreinstall option sets insecure permissions for the All Users and Default Users directories. ====================================================== Name: CVE-2000-0301 Status: Entry Reference: BUGTRAQ:20000405 Re: IMAIL (Ipswitch) DoS with Eudora (Qualcomm) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95505800117143&w=2 Reference: CONFIRM:http://support.ipswitch.com/kb/IM-20000208-DM02.htm Reference: BID:1094 Reference: URL:http://www.securityfocus.com/bid/1094 Reference: XF:ipswitch-imail-dos Ipswitch IMAIL server 6.02 and earlier allows remote attackers to cause a denial of service via the AUTH CRAM-MD5 command. ====================================================== Name: CVE-2000-0302 Status: Entry Reference: BUGTRAQ:20000331 Alert: MS Index Server (CISADV000330) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95453598317340&w=2 Reference: MS:MS00-006 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-006.asp Reference: BID:1084 Reference: URL:http://www.securityfocus.com/bid/1084 Reference: XF:http-indexserver-asp-source Reference: OSVDB:271 Reference: URL:http://www.osvdb.org/271 Microsoft Index Server allows remote attackers to view the source code of ASP files by appending a %20 to the filename in the CiWebHitsFile argument to the null.htw URL. ====================================================== Name: CVE-2000-0303 Status: Entry Reference: ISS:20000503 Vulnerability in Quake3Arena Auto-Download Feature Reference: URL:http://xforce.iss.net/alerts/advise50.php3 Reference: CONFIRM:http://www.quake3arena.com/news/index.html Reference: BID:1169 Reference: URL:http://www.securityfocus.com/bid/1169 Reference: XF:quake3-auto-download Reference: OSVDB:7531 Reference: URL:http://www.osvdb.org/7531 Quake3 Arena allows malicious server operators to read or modify files on a client via a dot dot (..) attack. ====================================================== Name: CVE-2000-0304 Status: Entry Reference: ISS:20000511 Microsoft IIS Remote Denial of Service Attack Reference: URL:http://xforce.iss.net/alerts/advise52.php3 Reference: MS:MS00-031 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-031.mspx Reference: BID:1191 Reference: URL:http://www.securityfocus.com/bid/1191 Reference: XF:iis-authchangeurl-dos Microsoft IIS 4.0 and 5.0 with the IISADMPWD virtual directory installed allows a remote attacker to cause a denial of service via a malformed request to the inetinfo.exe program, aka the "Undelimited .HTR Request" vulnerability. ====================================================== Name: CVE-2000-0305 Status: Entry Reference: BINDVIEW:20000519 jolt2 - Remote DoS against NT, W2K, 9x Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2240 Reference: MS:MS00-029 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-029.asp Reference: BID:1236 Reference: URL:http://www.securityfocus.com/bid/1236 Reference: XF:ip-fragment-reassembly-dos Windows 95, Windows 98, Windows 2000, Windows NT 4.0, and Terminal Server systems allow a remote attacker to cause a denial of service by sending a large number of identical fragmented IP packets, aka jolt2 or the "IP Fragment Reassembly" vulnerability. ====================================================== Name: CVE-2000-0306 Status: Entry Reference: SCO:SB-99.02 Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-99.02a Reference: BUGTRAQ:19981229 Local/remote exploit for SCO UNIX. Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=1998-12-29&msg=AAh6GYsGU1@leshka.chuvashia.su Buffer overflow in calserver in SCO OpenServer allows remote attackers to gain root access via a long message. ====================================================== Name: CVE-2000-0307 Status: Entry Reference: SCO:SB-99.07 Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-99.07b Vulnerability in xserver in SCO UnixWare 2.1.x and OpenServer 5.05 and earlier allows an attacker to cause a denial of service which prevents access to reserved port numbers below 1024. ====================================================== Name: CVE-2000-0308 Status: Entry Reference: SCO:SB-99.08 Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-99.08a Insecure file permissions for Netscape FastTrack Server 2.x, Enterprise Server 2.0, and Proxy Server 2.5 in SCO UnixWare 7.0.x and 2.1.3 allow an attacker to gain root privileges. ====================================================== Name: CVE-2000-0309 Status: Entry Reference: OPENBSD:19990212 i386 trace-trap handling when DDB was configured could cause a system crash. Reference: URL:http://www.openbsd.org/errata24.html#trctrap Reference: OSVDB:6126 Reference: URL:http://www.osvdb.org/6126 The i386 trace-trap handling in OpenBSD 2.4 with DDB enabled allows a local user to cause a denial of service. ====================================================== Name: CVE-2000-0310 Status: Entry Reference: OPENBSD:19990217 IP fragment assembly can bog the machine excessively and cause problems. Reference: URL:http://www.openbsd.org/errata24.html#maxqueue Reference: OSVDB:7539 Reference: URL:http://www.osvdb.org/7539 IP fragment assembly in OpenBSD 2.4 allows a remote attacker to cause a denial of service by sending a large number of fragmented packets. ====================================================== Name: CVE-2000-0311 Status: Entry Reference: MS:MS00-026 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-026.asp Reference: XF:ms-mixed-object Reference: BID:1145 Reference: URL:http://www.securityfocus.com/bid/1145 The Windows 2000 domain controller allows a malicious user to modify Active Directory information by modifying an unprotected attribute, aka the "Mixed Object Access" vulnerability. ====================================================== Name: CVE-2000-0313 Status: Entry Reference: OPENBSD:19991109 Any user can change interface media configurations. Reference: URL:http://www.openbsd.org/errata.html#ifmedia Reference: OSVDB:7540 Reference: URL:http://www.osvdb.org/7540 Vulnerability in OpenBSD 2.6 allows a local user to change interface media configurations. ====================================================== Name: CVE-2000-0314 Status: Entry Reference: BUGTRAQ:19990213 traceroute as a flooder Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91893782027835&w=2 Reference: NETBSD:NetBSD-SA1999-004 Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA1999-004.txt.asc Reference: OSVDB:7574 Reference: URL:http://www.osvdb.org/7574 traceroute in NetBSD 1.3.3 and Linux systems allows local users to flood other systems by providing traceroute with a large waittime (-w) option, which is not parsed properly and sets the time delay for sending packets to zero. ====================================================== Name: CVE-2000-0315 Status: Entry Reference: BUGTRAQ:19990213 traceroute as a flooder Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91893782027835&w=2 Reference: NETBSD:NetBSD-SA1999-004 Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA1999-004.txt.asc Reference: OSVDB:7575 Reference: URL:http://www.osvdb.org/7575 traceroute in NetBSD 1.3.3 and Linux systems allows local unprivileged users to modify the source address of the packets, which could be used in spoofing attacks. ====================================================== Name: CVE-2000-0316 Status: Entry Reference: BUGTRAQ:20000424 Solaris 7 x86 lp exploit Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0191.html Reference: SUNBUG:4314312 Reference: BID:1143 Reference: URL:http://www.securityfocus.com/bid/1143 Reference: XF:solaris-lp-bo Buffer overflow in Solaris 7 lp allows local users to gain root privileges via a long -d option. ====================================================== Name: CVE-2000-0318 Status: Entry Reference: NTBUGTRAQ:20000413 Security problems with Atrium Mercur Mailserver 3.20 Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0057.html Reference: BID:1144 Reference: URL:http://www.securityfocus.com/bid/1144 Reference: XF:mercur-remote-dot-attack Atrium Mercur Mail Server 3.2 allows local attackers to read other user's email and create arbitrary files via a dot dot (..) attack. ====================================================== Name: CVE-2000-0319 Status: Entry Reference: BUGTRAQ:20000424 unsafe fgets() in sendmail's mail.local Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=2694.000424@SECURITY.NNOV.RU Reference: XF:sendmail-maillocal-dos Reference: BID:1146 Reference: URL:http://www.securityfocus.com/bid/1146 mail.local in Sendmail 8.10.x does not properly identify the .\n string which identifies the end of message text, which allows a remote attacker to cause a denial of service or corrupt mailboxes via a message line that is 2047 characters long and ends in .\n. ====================================================== Name: CVE-2000-0320 Status: Entry Reference: BUGTRAQ:20000421 unsafe fgets() in qpopper Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=9763.000421@SECURITY.NNOV.RU Reference: BID:1133 Reference: URL:http://www.securityfocus.com/bid/1133 Reference: XF:qpopper-fgets-spoofing Qpopper 2.53 and 3.0 does not properly identify the \n string which identifies the end of message text, which allows a remote attacker to cause a denial of service or corrupt mailboxes via a message line that is 1023 characters long and ends in \n. ====================================================== Name: CVE-2000-0322 Status: Entry Reference: BUGTRAQ:20000424 piranha default password/exploit Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Enip.BSO.23.0004241601140.28851-100000@www.whitehats.com Reference: REDHAT:RHSA-2000:014 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-014.html Reference: BID:1149 Reference: URL:http://www.securityfocus.com/bid/1149 Reference: XF:piranha-passwd-execute The passwd.php3 CGI script in the Red Hat Piranha Virtual Server Package allows local users to execure arbitrary commands via shell metacharacters. ====================================================== Name: CVE-2000-0323 Status: Entry Reference: BUGTRAQ:19990728 Alert : MS Office 97 Vulnerability Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=1999-08-22&msg=19990729195531.25108.qmail@underground.org Reference: MS:MS99-030 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-030.asp Reference: XF:jet-text-isam Reference: BID:595 Reference: URL:http://www.securityfocus.com/level2/?go=vulnerabilities&id=595 The Microsoft Jet database engine allows an attacker to modify text files via a database query, aka the "Text I-ISAM" vulnerability. ====================================================== Name: CVE-2000-0324 Status: Entry Reference: BUGTRAQ:20000425 Denial of Service Against pcAnywhere. Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.3.96.1000425150157.13567A-100000@sword.damocles.com Reference: BUGTRAQ:20010211 Symantec pcAnywhere 9.0 DoS / Buffer Overflow Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0201.html Reference: BUGTRAQ:20010212 Re: Symantec pcAnywhere 9.0 DoS / Buffer Overflow Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0258.html Reference: BID:1150 Reference: URL:http://www.securityfocus.com/bid/1150 Reference: XF:pcanywhere-tcpsyn-dos(4347) Reference: URL:http://www.iss.net/security_center/static/4347.php Reference: OSVDB:1301 Reference: URL:http://www.osvdb.org/1301 pcAnywhere 8.x and 9.0 allows remote attackers to cause a denial of service via a TCP SYN scan, e.g. by nmap. ====================================================== Name: CVE-2000-0327 Status: Entry Reference: BUGTRAQ:19991014 Another Microsoft Java Flaw Disovered Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93993545118416&w=2 Reference: MS:MS99-045 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-045.asp Reference: XF:msvm-verifier-java Microsoft Virtual Machine (VM) allows remote attackers to escape the Java sandbox and execute commands via an applet containing an illegal cast operation, aka the "Virtual Machine Verifier" vulnerability. ====================================================== Name: CVE-2000-0328 Status: Entry Reference: BUGTRAQ:19990824 NT Predictable Initial TCP Sequence numbers - changes observed with SP4 Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=4.1.19990824165629.00abcb40@192.168.124.1 Reference: MS:MS99-046 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-046.asp Reference: BID:604 Reference: URL:http://www.securityfocus.com/bid/604 Reference: XF:nt-sequence-prediction-sp4 Reference: XF:tcp-seq-predict Windows NT 4.0 generates predictable random TCP initial sequence numbers (ISN), which allows remote attackers to perform spoofing and session hijacking. ====================================================== Name: CVE-2000-0329 Status: Entry Reference: MS:MS99-048 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-048.asp Reference: XF:ie-active-setup-control A Microsoft ActiveX control allows a remote attacker to execute a malicious cabinet file via an attachment and an embedded script in an HTML mail, aka the "Active Setup Control" vulnerability. ====================================================== Name: CVE-2000-0330 Status: Entry Reference: MS:MS99-049 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-049.asp Reference: XF:win-fileurl-overflow The networking software in Windows 95 and Windows 98 allows remote attackers to execute commands via a long file name string, aka the "File Access URL" vulnerability. ====================================================== Name: CVE-2000-0331 Status: Entry Reference: BUGTRAQ:20000421 CMD.EXE overflow (CISADV000420) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0147.html Reference: MS:MS00-027 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-027.asp Reference: BID:1135 Reference: URL:http://www.securityfocus.com/bid/1135 Reference: XF:nt-cmd-overflow Buffer overflow in Microsoft command processor (CMD.EXE) for Windows NT and Windows 2000 allows a local user to cause a denial of service via a long environment variable, aka the "Malformed Environment Variable" vulnerability. ====================================================== Name: CVE-2000-0332 Status: Entry Reference: BUGTRAQ:20000502 Fun with UltraBoard V1.6X Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000503091316.99073.qmail@hotmail.com Reference: BID:1164 Reference: URL:http://www.securityfocus.com/bid/1164 Reference: XF:ultraboard-printabletopic-fileread Reference: OSVDB:1309 Reference: URL:http://www.osvdb.org/1309 Reference: OSVDB:4065 Reference: URL:http://www.osvdb.org/4065 UltraBoard.pl or UltraBoard.cgi CGI scripts in UltraBoard 1.6 allows remote attackers to read arbitrary files via a pathname string that includes a dot dot (..) and ends with a null byte. ====================================================== Name: CVE-2000-0334 Status: Entry Reference: ALLAIRE:ASB00-10 Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=15411&Method=Full Reference: BID:1181 Reference: URL:http://www.securityfocus.com/bid/1181 Reference: XF:allaire-spectra-container-editor-preview The Allaire Spectra container editor preview tool does not properly enforce object security, which allows an attacker to conduct unauthorized activities via an object-method that is added to the container object with a publishing rule. ====================================================== Name: CVE-2000-0335 Status: Entry Reference: BUGTRAQ:20000502 glibc resolver weakness Reference: BID:1166 Reference: URL:http://www.securityfocus.com/bid/1166 Reference: XF:glibc-resolver-id-predictable The resolver in glibc 2.1.3 uses predictable IDs, which allows a local attacker to spoof DNS query results. ====================================================== Name: CVE-2000-0336 Status: Entry Reference: REDHAT:RHSA-2000:012 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-012.html Reference: CALDERA:CSSA-2000-009.0 Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-009.0.txt Reference: TURBO:TLSA2000010-1 Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2000-May/000009.html Reference: BID:1232 Reference: URL:http://www.securityfocus.com/bid/1232 Reference: XF:openldap-symlink-attack Linux OpenLDAP server allows local users to modify arbitrary files via a symlink attack. ====================================================== Name: CVE-2000-0337 Status: Entry Reference: BUGTRAQ:20000424 Solaris x86 Xsun overflow. Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0188.html Reference: SUNBUG:4335411 Reference: XF:solaris-xsun-bo Reference: BID:1140 Reference: URL:http://www.securityfocus.com/bid/1140 Buffer overflow in Xsun X server in Solaris 7 allows local users to gain root privileges via a long -dev parameter. ====================================================== Name: CVE-2000-0338 Status: Entry Reference: BUGTRAQ:20000423 CVS DoS Reference: URL:http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3D20000423174038.A520%40clico.pl Reference: BID:1136 Reference: URL:http://www.securityfocus.com/bid/1136 Reference: XF:cvs-tempfile-dos Concurrent Versions Software (CVS) uses predictable temporary file names for locking, which allows local users to cause a denial of service by creating the lock directory before it is created for use by a legitimate CVS user. ====================================================== Name: CVE-2000-0339 Status: Entry Reference: BUGTRAQ:20000420 ZoneAlarm Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000421044123.2353.qmail@securityfocus.com Reference: BID:1137 Reference: URL:http://www.securityfocus.com/bid/1137 Reference: XF:zonealarm-portscan Reference: OSVDB:1294 Reference: URL:http://www.osvdb.org/1294 ZoneAlarm 2.1.10 and earlier does not filter UDP packets with a source port of 67, which allows remote attackers to bypass the firewall rules. ====================================================== Name: CVE-2000-0340 Status: Entry Reference: BUGTRAQ:20000428 SuSE 6.3 Gnomelib buffer overflow Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=00042902575201.09597@wintermute-pub Reference: CONFIRM:http://www.suse.com/us/support/download/updates/axp_63.html Reference: BID:1155 Reference: URL:http://www.securityfocus.com/bid/1155 Reference: XF:linux-gnomelib-bo Buffer overflow in Gnomelib in SuSE Linux 6.3 allows local users to execute arbitrary commands via the DISPLAY environmental variable. ====================================================== Name: CVE-2000-0341 Status: Entry Reference: NTBUGTRAQ:20000501 Remote DoS attack in CASSANDRA NNTPServer v1.10 from ATRIUM Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=95736106504870&w=2 Reference: BID:1156 Reference: URL:http://www.securityfocus.com/bid/1156 Reference: XF:nntpserver-cassandra-bo ATRIUM Cassandra NNTP Server 1.10 allows remote attackers to cause a denial of service via a long login name. ====================================================== Name: CVE-2000-0342 Status: Entry Reference: MISC:http://www.peacefire.org/security/stealthattach/explanation.html Reference: CONFIRM:http://news.cnet.com/news/0-1005-200-1773077.html?tag=st.ne.fd.lthd.1005-200-1773077 Reference: BID:1157 Reference: URL:http://www.securityfocus.com/bid/1157 Reference: XF:eudora-warning-message Eudora 4.x allows remote attackers to bypass the user warning for executable attachments such as .exe, .com, and .bat by using a .lnk file that refers to the attachment, aka "Stealth Attachment." ====================================================== Name: CVE-2000-0344 Status: Entry Reference: BUGTRAQ:20000501 Linux knfsd DoS issue Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.21.0005012042550.6419-100000@ferret.lmh.ox.ac.uk Reference: BID:1160 Reference: URL:http://www.securityfocus.com/bid/1160 Reference: XF:linux-knfsd-dos The knfsd NFS server in Linux kernel 2.2.x allows remote attackers to cause a denial of service via a negative size value. ====================================================== Name: CVE-2000-0346 Status: Entry Reference: BUGTRAQ:20000502 INFO:AppleShare IP 6.3.2 squashes security bug Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000502133240.21807.qmail@securityfocus.com Reference: CONFIRM:http://asu.info.apple.com/swupdates.nsf/artnum/n11670 Reference: XF:macos-appleshare-invalid-range Reference: BID:1162 Reference: URL:http://www.securityfocus.com/bid/1162 AppleShare IP 6.1 and later allows a remote attacker to read potentially sensitive information via an invalid range request to the web server. ====================================================== Name: CVE-2000-0347 Status: Entry Reference: NTBUGTRAQ:20000501 el8.org advisory - Win 95/98 DoS (RFParalyze.c) Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=95737580922397&w=2 Reference: BID:1163 Reference: URL:http://www.securityfocus.com/bid/1163 Reference: XF:win-netbios-source-null Windows 95 and Windows 98 allow a remote attacker to cause a denial of service via a NetBIOS session request packet with a NULL source name. ====================================================== Name: CVE-2000-0348 Status: Entry Reference: SCO:SB-99.10 Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-99.10a A vulnerability in the Sendmail configuration file sendmail.cf as installed in SCO UnixWare 7.1.0 and earlier allows an attacker to gain root privileges. ====================================================== Name: CVE-2000-0349 Status: Entry Reference: SCO:SB-99.13 Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-99.13a Vulnerability in the passthru driver in SCO UnixWare 7.1.0 allows an attacker to cause a denial of service. ====================================================== Name: CVE-2000-0350 Status: Entry Reference: MISC:http://www.securityfocus.com/templates/advisory.html?id=2220 Reference: CONFIRM:http://advice.networkice.com/advice/Support/KB/q000166/ Reference: BID:1216 Reference: URL:http://www.securityfocus.com/bid/1216 Reference: XF:netice-icecap-alert-execute Reference: XF:netice-icecap-default Reference: OSVDB:312 Reference: URL:http://www.osvdb.org/312 A debugging feature in NetworkICE ICEcap 2.0.23 and earlier is enabled, which allows a remote attacker to bypass the weak authentication and post unencrypted events. ====================================================== Name: CVE-2000-0351 Status: Entry Reference: SCO:SB-99.09 Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-99.09b Some packaging commands in SCO UnixWare 7.1.0 have insecure privileges, which allows local users to add or remove software packages. ====================================================== Name: CVE-2000-0352 Status: Entry Reference: BUGTRAQ:19991117 Pine: expanding env vars in URLs (seems to be fixed as of 4.21) Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.9911171818220.12375-100000@ray.compu-aid.com Reference: CALDERA:CSSA-1999-036.0 Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-036.0.txt Reference: SUSE:19991227 Security hole in Pine < 4.21 Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_36.html Reference: XF:pine-remote-exe Reference: BID:810 Reference: URL:http://www.securityfocus.com/bid/810 Pine before version 4.21 does not properly filter shell metacharacters from URLs, which allows remote attackers to execute arbitrary commands via a malformed URL. ====================================================== Name: CVE-2000-0353 Status: Entry Reference: MISC:http://www.securiteam.com/unixfocus/HHP-Pine_remote_exploit.html Reference: SUSE:19990628 Execution of commands in Pine 4.x Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_6.html Reference: SUSE:19990911 Update for Pine (fixed IMAP support) Reference: URL:http://www.novell.com/linux/security/advisories/pine_update_announcement.html Reference: BID:1247 Reference: URL:http://www.securityfocus.com/bid/1247 Reference: XF:pine-lynx-execute-commands Pine 4.x allows a remote attacker to execute arbitrary commands via an index.html file which executes lynx and obtains a uudecoded file from a malicious web server, which is then executed by Pine. ====================================================== Name: CVE-2000-0354 Status: Entry Reference: BUGTRAQ:19990928 mirror 2.9 hole Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=15769.990928@tomcat.ru Reference: DEBIAN:19991018 Incorrect directory name handling in mirror Reference: URL:http://www.debian.org/security/1999/19991018 Reference: SUSE:19991001 Security hole in mirror Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_22.html Reference: BID:681 Reference: URL:http://www.securityfocus.com/bid/681 Reference: XF:mirror-perl-remote-file-creation mirror 2.8.x in Linux systems allows remote attackers to create files one level above the local target directory. ====================================================== Name: CVE-2000-0356 Status: Entry Reference: REDHAT:RHSA-1999:040 Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=1789 Reference: XF:linux-pam-nis-login Reference: BID:697 Reference: URL:http://www.securityfocus.com/bid/697 Pluggable Authentication Modules (PAM) in Red Hat Linux 6.1 does not properly lock access to disabled NIS accounts. ====================================================== Name: CVE-2000-0359 Status: Entry Reference: BUGTRAQ:19991113 thttpd 2.04 stack overflow (VD#6) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/1626.html Reference: SUSE:19991116 Security hole in thttpd 1.90a - 2.04 Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_30.html Reference: XF:thttpd-ifmodifiedsince-header-dos Reference: BID:1248 Reference: URL:http://www.securityfocus.com/bid/1248 Buffer overflow in Trivial HTTP (THTTPd) allows remote attackers to cause a denial of service or execute arbitrary commands via a long If-Modified-Since header. ====================================================== Name: CVE-2000-0360 Status: Entry Reference: SUSE:19991124 Security hole in inn <= 2.2.1 Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_34.html Reference: CALDERA:CSSA-1999-038.0 Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-038.0.txt Reference: XF:inn-remote-dos Reference: BID:1249 Reference: URL:http://www.securityfocus.com/bid/1249 Buffer overflow in INN 2.2.1 and earlier allows remote attackers to cause a denial of service via a maliciously formatted article. ====================================================== Name: CVE-2000-0361 Status: Entry Reference: SUSE:19991214 Security hole in wvdial <= 1.4 Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_35.html Reference: XF:wvdial-gain-dialup-info The PPP wvdial.lxdialog script in wvdial 1.4 and earlier creates a .config file with world readable permissions, which allows a local attacker in the dialout group to access login and password information. ====================================================== Name: CVE-2000-0362 Status: Entry Reference: SUSE:19991019 Security hole in cdwtools < 093 Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_25.html Reference: BID:738 Reference: URL:http://www.securityfocus.com/bid/738 Reference: XF:linux-cdda2cdr Buffer overflows in Linux cdwtools 093 and earlier allows local users to gain root privileges. ====================================================== Name: CVE-2000-0363 Status: Entry Reference: SUSE:19991019 Security hole in cdwtools < 093 Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_25.html Reference: BID:738 Reference: URL:http://www.securityfocus.com/bid/738 Reference: XF:linux-cdda2cdr Linux cdwtools 093 and earlier allows local users to gain root privileges via the /tmp directory. ====================================================== Name: CVE-2000-0366 Status: Entry Reference: DEBIAN:19991202 problem restoring symlinks Reference: URL:http://www.debian.org/security/1999/19991202 Reference: XF:debian-dump-modify-ownership Reference: BID:1442 Reference: URL:http://www.securityfocus.com/bid/1442 dump in Debian GNU/Linux 2.1 does not properly restore symlinks, which allows a local user to modify the ownership of arbitrary files. ====================================================== Name: CVE-2000-0367 Status: Entry Reference: DEBIAN:19990218 Root exploit in eterm Reference: URL:http://www.debian.org/security/1999/19990218 Reference: XF:linux-eterm Vulnerability in eterm 0.8.8 in Debian GNU/Linux allows an attacker to gain root privileges. ====================================================== Name: CVE-2000-0368 Status: Entry Reference: CISCO:19981014 Cisco IOS Command History Release at Login Prompt Reference: URL:http://www.cisco.com/warp/public/770/ioshist-pub.shtml Reference: CIAC:J-009 Reference: URL:http://www.ciac.org/ciac/bulletins/j-009.shtml Classic Cisco IOS 9.1 and later allows attackers with access to the loging prompt to obtain portions of the command history of previous users, which may allow the attacker to access sensitive data. ====================================================== Name: CVE-2000-0369 Status: Entry Reference: CALDERA:CSSA-1999-029.1 Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-029.1.txt Reference: BID:1266 Reference: URL:http://www.securityfocus.com/bid/1266 Reference: XF:caldera-ident-server-dos The IDENT server in Caldera Linux 2.3 creates multiple threads for each IDENT request, which allows remote attackers to cause a denial of service. ====================================================== Name: CVE-2000-0370 Status: Entry Reference: CALDERA:CSSA-1999-001.0 Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-001.0.txt Reference: BID:1268 Reference: URL:http://www.securityfocus.com/bid/1268 Reference: XF:caldera-smail-rmail-command The debug option in Caldera Linux smail allows remote attackers to execute commands via shell metacharacters in the -D option for the rmail command. ====================================================== Name: CVE-2000-0371 Status: Entry Reference: CALDERA:CSSA-1999-005.0 Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-005.0.txt Reference: BID:1269 Reference: URL:http://www.securityfocus.com/bid/1269 Reference: XF:kde-mediatool The libmediatool library used for the KDE mediatool allows local users to create arbitrary files via a symlink attack. ====================================================== Name: CVE-2000-0372 Status: Entry Reference: CALDERA:CSSA-1999-014.0 Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-014.0.txt Reference: XF:linux-rmt Reference: URL:http://xforce.iss.net/static/2268.php Reference: OSVDB:7940 Reference: URL:http://www.osvdb.org/7940 Vulnerability in Caldera rmt command in the dump package 0.4b4 allows a local user to gain root privileges. ====================================================== Name: CVE-2000-0373 Status: Entry Reference: CALDERA:CSSA-1999-015.0 Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-015.0.txt Reference: REDHAT:RHSA-1999:015-01 Reference: URL:http://www.redhat.com/support/errata/RHSA1999015_01.html Reference: XF:kde-kvt Reference: URL:http://xforce.iss.net/static/2266.php Vulnerabilities in the KDE kvt terminal program allow local users to gain root privileges. ====================================================== Name: CVE-2000-0374 Status: Entry Reference: CALDERA:CSSA-1999-021.0 Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-021.0.txt Reference: MANDRAKE:MDKSA-2002:025 Reference: URL:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:025 Reference: BID:1446 Reference: URL:http://www.securityfocus.com/bid/1446 Reference: XF:xdmcp-kdm-default-configuration(4856) Reference: URL:http://xforce.iss.net/xforce/xfdb/4856 The default configuration of kdm in Caldera and Mandrake Linux, and possibly other distributions, allows XDMCP connections from any host, which allows remote attackers to obtain sensitive information or bypass additional access restrictions. ====================================================== Name: CVE-2000-0375 Status: Entry Reference: FREEBSD:FreeBSD-SA-99:04 Reference: OSVDB:6084 Reference: URL:http://www.osvdb.org/6084 The kernel in FreeBSD 3.2 follows symbolic links when it creates core dump files, which allows local attackers to modify arbitrary files. ====================================================== Name: CVE-2000-0376 Status: Entry Reference: ISS:20000607 Buffer Overflow in i-drive Filo (tm) software Reference: BID:1324 Reference: URL:http://www.securityfocus.com/bid/1324 Reference: XF:idrive-filo-bo Buffer overflow in the HTTP proxy server for the i-drive Filo software allows remote attackers to execute arbitrary commands via a long HTTP GET request. ====================================================== Name: CVE-2000-0377 Status: Entry Reference: MS:MS00-040 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-040.asp Reference: MSKB:Q264684 Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=264684 Reference: XF:nt-registry-request-dos Reference: BID:1331 Reference: URL:http://www.securityfocus.com/bid/1331 Reference: OVAL:oval:org.mitre.oval:def:1021 Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1021 The Remote Registry server in Windows NT 4.0 allows local authenticated users to cause a denial of service via a malformed request, which causes the winlogon process to fail, aka the "Remote Registry Access Authentication" vulnerability. ====================================================== Name: CVE-2000-0378 Status: Entry Reference: BUGTRAQ:20000502 pam_console bug Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0023.html Reference: BID:1176 Reference: URL:http://www.securityfocus.com/bid/1176 Reference: XF:linux-pam-sniff-activities The pam_console PAM module in Linux systems performs a chown on various devices upon a user login, but an open file descriptor for those devices can be maintained after the user logs out, which allows that user to sniff activity on these devices when subsequent users log in. ====================================================== Name: CVE-2000-0379 Status: Entry Reference: BUGTRAQ:20000507 Advisory: Netopia R9100 router vulnerability Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200005082054.NAA32590@linux.mtndew.com Reference: CONFIRM:http://www.netopia.com/equipment/purchase/fmw_update.html Reference: BID:1177 Reference: URL:http://www.securityfocus.com/bid/1177 Reference: XF:netopia-snmp-comm-strings The Netopia R9100 router does not prevent authenticated users from modifying SNMP tables, even if the administrator has configured it to do so. ====================================================== Name: CVE-2000-0380 Status: Entry Reference: BUGTRAQ:20000426 Cisco HTTP possible bug: Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0261.html Reference: CISCO:20000514 Cisco IOS HTTP Server Vulnerability Reference: URL:http://www.cisco.com/warp/public/707/ioshttpserver-pub.shtml Reference: XF:cisco-ios-http-dos Reference: BID:1154 Reference: URL:http://www.securityfocus.com/bid/1154 Reference: OSVDB:1302 Reference: URL:http://www.osvdb.org/1302 The IOS HTTP service in Cisco routers and switches running IOS 11.1 through 12.1 allows remote attackers to cause a denial of service by requesting a URL that contains a %% string. ====================================================== Name: CVE-2000-0381 Status: Entry Reference: BUGTRAQ:20000505 Black Watch Labs Vulnerability Alert Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0067.html Reference: MISC:http://www.perfectotech.com/blackwatchlabs/vul5_05.html Reference: XF:http-cgi-dbman-db Reference: BID:1178 Reference: URL:http://www.securityfocus.com/bid/1178 The Gossamer Threads DBMan db.cgi CGI script allows remote attackers to view environmental variables and setup information by referencing a non-existing database in the db parameter. ====================================================== Name: CVE-2000-0382 Status: Entry Reference: ALLAIRE:ASB00-12 Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=15697&Method=Full Reference: BID:1179 Reference: URL:http://www.securityfocus.com/bid/1179 Reference: XF:allaire-clustercats-url-redirect ColdFusion ClusterCATS appends stale query string arguments to a URL during HTML redirection, which may provide sensitive information to the redirected site. ====================================================== Name: CVE-2000-0387 Status: Entry Reference: FREEBSD:FreeBSD-SA-00:16 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:16.golddig.asc Reference: BID:1184 Reference: URL:http://www.securityfocus.com/bid/1184 Reference: XF:golddig-overwrite-files The makelev program in the golddig game from the FreeBSD ports collection allows local users to overwrite arbitrary files. ====================================================== Name: CVE-2000-0388 Status: Entry Reference: FREEBSD:FreeBSD-SA-00:17 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00%3A17.libmytinfo.asc Reference: BID:1185 Reference: URL:http://www.securityfocus.com/bid/1185 Reference: XF:libmytinfo-bo Buffer overflow in FreeBSD libmytinfo library allows local users to execute commands via a long TERMCAP environmental variable. ====================================================== Name: CVE-2000-0389 Status: Entry Reference: BUGTRAQ:20000516 BUFFER OVERRUN VULNERABILITIES IN KERBEROS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0184.html Reference: CERT:CA-2000-06 Reference: URL:http://www.cert.org/advisories/CA-2000-06.html Reference: FREEBSD:FreeBSD-SA-00:20 Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-05/0295.html Reference: REDHAT:RHSA-2000:025 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-025.html Reference: XF:kerberos-krb-rd-req-bo Reference: BID:1220 Reference: URL:http://www.securityfocus.com/bid/1220 Buffer overflow in krb_rd_req function in Kerberos 4 and 5 allows remote attackers to gain root privileges. ====================================================== Name: CVE-2000-0390 Status: Entry Reference: BUGTRAQ:20000516 BUFFER OVERRUN VULNERABILITIES IN KERBEROS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0184.html Reference: CERT:CA-2000-06 Reference: URL:http://www.cert.org/advisories/CA-2000-06.html Reference: FREEBSD:FreeBSD-SA-00:20 Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-05/0295.html Reference: REDHAT:RHSA-2000:025 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-025.html Reference: BID:1220 Reference: URL:http://www.securityfocus.com/bid/1220 Reference: XF:kerberos-krb425-conv-principal-bo Reference: OSVDB:4884 Reference: URL:http://www.osvdb.org/4884 Buffer overflow in krb425_conv_principal function in Kerberos 5 allows remote attackers to gain root privileges. ====================================================== Name: CVE-2000-0391 Status: Entry Reference: BUGTRAQ:20000516 BUFFER OVERRUN VULNERABILITIES IN KERBEROS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0184.html Reference: CERT:CA-2000-06 Reference: URL:http://www.cert.org/advisories/CA-2000-06.html Reference: FREEBSD:FreeBSD-SA-00:20 Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-05/0295.html Reference: REDHAT:RHSA-2000:025 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-025.html Reference: XF:kerberos-krshd-bo Reference: BID:1220 Reference: URL:http://www.securityfocus.com/bid/1220 Reference: OSVDB:4876 Reference: URL:http://www.osvdb.org/4876 Buffer overflow in krshd in Kerberos 5 allows remote attackers to gain root privileges. ====================================================== Name: CVE-2000-0392 Status: Entry Reference: BUGTRAQ:20000516 BUFFER OVERRUN VULNERABILITIES IN KERBEROS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0184.html Reference: CERT:CA-2000-06 Reference: URL:http://www.cert.org/advisories/CA-2000-06.html Reference: FREEBSD:FreeBSD-SA-00:20 Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-05/0295.html Reference: REDHAT:RHSA-2000:025 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-025.html Reference: XF:kerberos-ksu-bo Reference: BID:1220 Reference: URL:http://www.securityfocus.com/bid/1220 Buffer overflow in ksu in Kerberos 5 allows local users to gain root privileges. ====================================================== Name: CVE-2000-0393 Status: Entry Reference: BUGTRAQ:20000516 kscd vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0172.html Reference: SUSE:20000529 kmulti <= 1.1.2 Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_50.html Reference: XF:kscd-shell-env-variable Reference: BID:1206 Reference: URL:http://www.securityfocus.com/bid/1206 The KDE kscd program does not drop privileges when executing a program specified in a user's SHELL environmental variable, which allows the user to gain privileges by specifying an alternate program to execute. ====================================================== Name: CVE-2000-0394 Status: Entry Reference: BUGTRAQ:20000519 RFP2K05: NetProwler vs. RFProwler Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95878603510835&w=2 Reference: BUGTRAQ:20000522 RFP2K05 - NetProwler "Fragmentation" Issue Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=392AD3B3.3E9BE3EA@axent.com Reference: XF:axent-netprowler-ipfrag-dos Reference: BID:1225 Reference: URL:http://www.securityfocus.com/bid/1225 NetProwler 3.0 allows remote attackers to cause a denial of service by sending malformed IP packets that trigger NetProwler's Man-in-the-Middle signature. ====================================================== Name: CVE-2000-0395 Status: Entry Reference: BUGTRAQ:20000516 CProxy v3.3 SP 2 DoS Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=007d01bfbf48$e44f0e40$01dc11ac@peopletel.org Reference: XF:cproxy-http-dos Reference: BID:1213 Reference: URL:http://www.securityfocus.com/bid/1213 Buffer overflow in CProxy 3.3 allows remote users to cause a denial of service via a long HTTP request. ====================================================== Name: CVE-2000-0396 Status: Entry Reference: BUGTRAQ:20000524 Alert: Carello File Creation flaw Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0285.html Reference: BID:1245 Reference: URL:http://www.securityfocus.com/bid/1245 Reference: XF:carello-file-duplication The add.exe program in the Carello shopping cart software allows remote attackers to duplicate files on the server, which could allow the attacker to read source code for web scripts such as .ASP files. ====================================================== Name: CVE-2000-0397 Status: Entry Reference: BUGTRAQ:20000515 Vulnerability in EMURL-based e-mail providers Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0160.html Reference: XF:emurl-account-access Reference: BID:1203 Reference: URL:http://www.securityfocus.com/bid/1203 The EMURL web-based email account software encodes predictable identifiers in user session URLs, which allows a remote attacker to access a user's email account. ====================================================== Name: CVE-2000-0398 Status: Entry Reference: BUGTRAQ:20000524 Alert: Buffer overflow in Rockliffe's MailSite Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0286.html Reference: BID:1244 Reference: URL:http://www.securityfocus.com/bid/1244 Reference: XF:mailsite-get-overflow Buffer overflow in wconsole.dll in Rockliffe MailSite Management Agent allows remote attackers to execute arbitrary commands via a long query_string parameter in the HTTP GET request. ====================================================== Name: CVE-2000-0399 Status: Entry Reference: BUGTRAQ:20000524 Deerfield Communications MDaemon Mail Server DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0301.html Reference: XF:deerfield-mdaemon-dos Reference: BID:1250 Reference: URL:http://www.securityfocus.com/bid/1250 Buffer overflow in MDaemon POP server allows remote attackers to cause a denial of service via a long user name. ====================================================== Name: CVE-2000-0402 Status: Entry Reference: MS:MS00-035 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-035.asp Reference: MSKB:Q263968 Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=263968 Reference: BID:1281 Reference: URL:http://www.securityfocus.com/bid/1281 Reference: XF:mssql-agent-stored-pw Reference: XF:mssql-sa-pw-in-sqlsplog The Mixed Mode authentication capability in Microsoft SQL Server 7.0 stores the System Administrator (sa) account in plaintext in a log file which is readable by any user, aka the "SQL Server 7.0 Service Pack Password" vulnerability. ====================================================== Name: CVE-2000-0403 Status: Entry Reference: MS:MS00-036 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-036.asp Reference: MSKB:Q263307 Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=263307 Reference: XF:win-browser-hostannouncement Reference: BID:1261 Reference: URL:http://www.securityfocus.com/bid/1261 The CIFS Computer Browser service on Windows NT 4.0 allows a remote attacker to cause a denial of service by sending a large number of host announcement requests to the master browse tables, aka the "HostAnnouncement Flooding" or "HostAnnouncement Frame" vulnerability. ====================================================== Name: CVE-2000-0404 Status: Entry Reference: MS:MS00-036 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-036.asp Reference: MSKB:Q262694 Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=262694 Reference: BID:1262 Reference: URL:http://www.securityfocus.com/bid/1262 Reference: XF:win-browser-reset-frame The CIFS Computer Browser service allows remote attackers to cause a denial of service by sending a ResetBrowser frame to the Master Browser, aka the "ResetBrowser Frame" vulnerability. ====================================================== Name: CVE-2000-0405 Status: Entry Reference: L0PHT:20000515 AntiSniff version 1.01 and Researchers version 1 DNS overflow Reference: URL:http://www.l0pht.com/advisories/asniff_advisory.txt Reference: BID:1207 Reference: URL:http://www.securityfocus.com/bid/1207 Reference: XF:antisniff-dns-overflow Reference: OSVDB:3179 Reference: URL:http://www.osvdb.org/3179 Buffer overflow in L0pht AntiSniff allows remote attackers to execute arbitrary commands via a malformed DNS response packet. ====================================================== Name: CVE-2000-0406 Status: Entry Reference: MISC:http://www.acrossecurity.com/aspr/ASPR-2000-04-06-1-PUB.txt Reference: CERT:CA-2000-05 Reference: URL:http://www.cert.org/advisories/CA-2000-05.html Reference: REDHAT:RHSA-2000:028 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-028.html Reference: BID:1188 Reference: URL:http://www.securityfocus.com/bid/1188 Reference: XF:netscape-invalid-ssl-sessions Netscape Communicator before version 4.73 and Navigator 4.07 do not properly validate SSL certificates, which allows remote attackers to steal information by redirecting traffic from a legitimate web server to their own malicious server, aka the "Acros-Suencksen SSL" vulnerability. ====================================================== Name: CVE-2000-0407 Status: Entry Reference: BUGTRAQ:20000512 New Solaris root exploit for /usr/lib/lp/bin/netpr Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0141.html Reference: XF:sol-netpr-bo Reference: BID:1200 Reference: URL:http://www.securityfocus.com/bid/1200 Buffer overflow in Solaris netpr program allows local users to execute arbitrary commands via a long -p option. ====================================================== Name: CVE-2000-0408 Status: Entry Reference: MISC:http://www.ussrback.com/labs40.html Reference: MS:MS00-030 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-030.asp Reference: MSKB:Q260205 Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=260205 Reference: XF:iis-url-extension-data-dos Reference: BID:1190 Reference: URL:http://www.securityfocus.com/bid/1190 IIS 4.05 and 5.0 allow remote attackers to cause a denial of service via a long, complex URL that appears to contain a large number of file extensions, aka the "Malformed Extension Data in URL" vulnerability. ====================================================== Name: CVE-2000-0409 Status: Entry Reference: BUGTRAQ:20000510 Possible symlink problems with Netscape 4.73 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0126.html Reference: BID:1201 Reference: URL:http://www.securityfocus.com/bid/1201 Reference: XF:netscape-import-certificate-symlink Netscape 4.73 and earlier follows symlinks when it imports a new certificate, which allows local users to overwrite files of the user importing the certificate. ====================================================== Name: CVE-2000-0410 Status: Entry Reference: NTBUGTRAQ:20000510 Cold Fusion Server 4.5.1 DoS Vulnerability. Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0005&L=ntbugtraq&F=&S=&P=4843 Reference: XF:coldfusion-cfcache-dos Reference: BID:1192 Reference: URL:http://www.securityfocus.com/bid/1192 ColdFusion Server 4.5.1 allows remote attackers to cause a denial of service by making repeated requests to a CFCACHE tagged cache file that is not stored in memory. ====================================================== Name: CVE-2000-0411 Status: Entry Reference: BUGTRAQ:20000510 Black Watch Labs Vulnerability Alert Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0125.html Reference: MISC:http://www.perfectotech.com/blackwatchlabs/vul5_10.html Reference: XF:http-cgi-formmail-environment Reference: BID:1187 Reference: URL:http://www.securityfocus.com/bid/1187 Matt Wright's FormMail CGI script allows remote attackers to obtain environmental variables via the env_report parameter. ====================================================== Name: CVE-2000-0414 Status: Entry Reference: HP:HPSBUX0005-113 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0047.html Reference: XF:hp-shutdown-privileges Reference: BID:1214 Reference: URL:http://www.securityfocus.com/bid/1214 Vulnerability in shutdown command for HP-UX 11.X and 10.X allows allows local users to gain privileges via malformed input variables. ====================================================== Name: CVE-2000-0416 Status: Entry Reference: BUGTRAQ:20000511 NTMail Proxy Exploit Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NABBJLKKPKIHDIMKFKGCMEFANMAB.georger@nls.net Reference: CONFIRM:http://www.gordano.com/support/archives/ntmail/2000-05/00001114.htm Reference: XF:ntmail-bypass-proxy Reference: BID:1196 Reference: URL:http://www.securityfocus.com/bid/1196 NTMail 5.x allows network users to bypass the NTMail proxy restrictions by redirecting their requests to NTMail's web configuration server. ====================================================== Name: CVE-2000-0417 Status: Entry Reference: BUGTRAQ:20000505 Cayman 3220-H DSL Router DOS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0075.html Reference: BUGTRAQ:20000523 Cayman 3220H DSL Router Software Update and New Bonus Attack Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0280.html Reference: XF:cayman-router-dos Reference: BID:1219 Reference: URL:http://www.securityfocus.com/bid/1219 The HTTP administration interface to the Cayman 3220-H DSL router allows remote attackers to cause a denial of service via a long username or password. ====================================================== Name: CVE-2000-0418 Status: Entry Reference: BUGTRAQ:20000523 Cayman 3220H DSL Router Software Update and New Bonus Attack Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0280.html Reference: XF:cayman-dsl-dos Reference: BID:1240 Reference: URL:http://www.securityfocus.com/bid/1240 The Cayman 3220-H DSL router allows remote attackers to cause a denial of service via oversized ICMP echo (ping) requests. ====================================================== Name: CVE-2000-0419 Status: Entry Reference: MS:MS00-034 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-034.asp Reference: MSKB:Q262767 Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=262767 Reference: CERT:CA-2000-07 Reference: URL:http://www.cert.org/advisories/CA-2000-07.html Reference: BID:1197 Reference: URL:http://www.securityfocus.com/bid/1197 Reference: XF:office-ua-control The Office 2000 UA ActiveX Control is marked as "safe for scripting," which allows remote attackers to conduct unauthorized activities via the "Show Me" function in Office Help, aka the "Office 2000 UA Control" vulnerability. ====================================================== Name: CVE-2000-0421 Status: Entry Reference: BUGTRAQ:20000510 Advisory: Unchecked system(blaat $var blaat) call in Bugzilla 2.8 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0128.html Reference: XF:bugzilla-unchecked-system-call Reference: BID:1199 Reference: URL:http://www.securityfocus.com/bid/1199 The process_bug.cgi script in Bugzilla allows remote attackers to execute arbitrary commands via shell metacharacters. ====================================================== Name: CVE-2000-0424 Status: Entry Reference: BUGTRAQ:20000514 Vulnerability in CGI counter 4.0.7 by George Burgyan Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200005151024.aa01811@blaze.arl.mil Reference: BID:1202 Reference: URL:http://www.securityfocus.com/bid/1202 Reference: XF:http-cgi-burgyan-counter The CGI counter 4.0.7 by George Burgyan allows remote attackers to execute arbitrary commands via shell metacharacters. ====================================================== Name: CVE-2000-0425 Status: Entry Reference: CONFIRM:http://www.lsoft.com/news/default.asp?item=Advisory0 Reference: BUGTRAQ:20000505 Alert: Listserv Web Archives (wa) buffer overflow Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0048.html Reference: XF:http-cgi-listserv-wa-bo Reference: BID:1167 Reference: URL:http://www.securityfocus.com/bid/1167 Buffer overflow in the Web Archives component of L-Soft LISTSERV 1.8 allows remote attackers to execute arbitrary commands. ====================================================== Name: CVE-2000-0426 Status: Entry Reference: BUGTRAQ:20000505 Re: Fun with UltraBoard V1.6X Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0059.html Reference: BID:1175 Reference: URL:http://www.securityfocus.com/bid/1175 Reference: XF:ultraboard-cgi-dos UltraBoard 1.6 and other versions allow remote attackers to cause a denial of service by referencing UltraBoard in the Session parameter, which causes UltraBoard to fork copies of itself. ====================================================== Name: CVE-2000-0427 Status: Entry Reference: L0PHT:20000504 eToken Private Information Extraction and Physical Attack Reference: URL:http://www.l0pht.com/advisories/etoken-piepa.txt Reference: XF:aladdin-etoken-pin-reset Reference: BID:1170 Reference: URL:http://www.securityfocus.com/bid/1170 Reference: OSVDB:3266 Reference: URL:http://www.osvdb.org/3266 The Aladdin Knowledge Systems eToken device allows attackers with physical access to the device to obtain sensitive information without knowing the PIN of the owner by resetting the PIN in the EEPROM. ====================================================== Name: CVE-2000-0428 Status: Entry Reference: NAI:20000503 Trend Micro InterScan VirusWall Remote Overflow Reference: URL:http://www.nai.com/nai_labs/asp_set/advisory/39_Trend.asp Reference: BID:1168 Reference: URL:http://www.securityfocus.com/bid/1168 Reference: XF:interscan-viruswall-bo Buffer overflow in the SMTP gateway for InterScan Virus Wall 3.32 and earlier allows a remote attacker to execute arbitrary commands via a long filename for a uuencoded attachment. ====================================================== Name: CVE-2000-0430 Status: Entry Reference: BUGTRAQ:20000503 Another interesting Cart32 command Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95738697301956&w=2 Reference: XF:cart32-expdate Reference: BID:1358 Reference: URL:http://www.securityfocus.com/bid/1358 Cart32 allows remote attackers to access sensitive debugging information by appending /expdate to the URL request. ====================================================== Name: CVE-2000-0431 Status: Entry Reference: BUGTRAQ:20000522 Problem with FrontPage on Cobalt RaQ2/RaQ3 Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000523100045.B11049@HiWAAY.net Reference: BUGTRAQ:20000525 Cobalt Networks - Security Advisory - Frontpage Reference: CONFIRM:http://archives.neohapsis.com/archives/bugtraq/2000-05/0305.html Reference: BID:1238 Reference: URL:http://www.securityfocus.com/bid/1238 Reference: XF:cobalt-cgiwrap-bypass Reference: OSVDB:1346 Reference: URL:http://www.osvdb.org/1346 Cobalt RaQ2 and RaQ3 does not properly set the access permissions and ownership for files that are uploaded via FrontPage, which allows attackers to bypass cgiwrap and modify files. ====================================================== Name: CVE-2000-0432 Status: Entry Reference: BUGTRAQ:20000516 Vuln in calender.pl (Matt Kruse calender script) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0173.html Reference: BID:1215 Reference: URL:http://www.securityfocus.com/bid/1215 Reference: XF:http-cgi-calendar-execute The calender.pl and the calendar_admin.pl calendar scripts by Matt Kruse allow remote attackers to execute arbitrary commands via shell metacharacters. ====================================================== Name: CVE-2000-0435 Status: Entry Reference: BUGTRAQ:20000516 Allmanage.pl Vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0167.html Reference: XF:http-cgi-allmanage-account-access Reference: BID:1217 Reference: URL:http://www.securityfocus.com/bid/1217 Reference: OSVDB:1337 Reference: URL:http://www.osvdb.org/1337 The allmanageup.pl file upload CGI script in the Allmanage Website administration software 2.6 can be called directly by remote attackers, which allows them to modify user accounts or web pages. ====================================================== Name: CVE-2000-0436 Status: Entry Reference: BUGTRAQ:20000522 MetaProducts Offline Explorer Directory Traversal Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0254.html Reference: CONFIRM:http://www.metaproducts.com/mpOE-HY.html Reference: BID:1231 Reference: URL:http://www.securityfocus.com/bid/1231 Reference: XF:offline-explorer-directory-traversal MetaProducts Offline Explorer 1.2 and earlier allows remote attackers to access arbitrary files via a .. (dot dot) attack. ====================================================== Name: CVE-2000-0437 Status: Entry Reference: CONFIRM:http://www.tis.com/support/cyberadvisory.html Reference: CONFIRM:http://www.pgp.com/jump/gauntlet_advisory.asp Reference: BUGTRAQ:20000522 Gauntlet CyberPatrol Buffer Overflow Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0249.html Reference: XF:gauntlet-cyberdaemon-bo Reference: BID:1234 Reference: URL:http://www.securityfocus.com/bid/1234 Reference: OSVDB:322 Reference: URL:http://www.osvdb.org/322 Buffer overflow in the CyberPatrol daemon "cyberdaemon" used in gauntlet and WebShield allows remote attackers to cause a denial of service or execute arbitrary commands. ====================================================== Name: CVE-2000-0438 Status: Entry Reference: BUGTRAQ:20000522 fdmount buffer overflow Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0245.html Reference: XF:linux-fdmount-bo Reference: BID:1239 Reference: URL:http://www.securityfocus.com/bid/1239 Buffer overflow in fdmount on Linux systems allows local users in the "floppy" group to execute arbitrary commands via a long mountpoint parameter. ====================================================== Name: CVE-2000-0439 Status: Entry Reference: BUGTRAQ:20000510 IE Domain Confusion Vulnerability Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000511135609.D7774@securityfocus.com Reference: BUGTRAQ:20000511 IE Domain Confusion Vulnerability is an Email problem also Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NDBBKGHPMKBKDDGLDEEHAEHMDIAA.rms2000@bellatlantic.net Reference: MS:MS00-033 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-033.asp Reference: BID:1194 Reference: URL:http://www.securityfocus.com/bid/1194 Reference: OSVDB:1326 Reference: URL:http://www.osvdb.org/1326 Reference: XF:ie-cookie-disclosure(4447) Reference: URL:http://xforce.iss.net/xforce/xfdb/4447 Internet Explorer 4.0 and 5.0 allows a malicious web site to obtain client cookies from another domain by including that domain name and escaped characters in a URL, aka the "Unauthorized Cookie Access" vulnerability. ====================================================== Name: CVE-2000-0440 Status: Entry Reference: NETBSD:NetBSD-SA2000-002 Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-002.txt.asc Reference: FREEBSD:FreeBSD-SA-00:23 Reference: BUGTRAQ:20000506 [NHC20000504a.0: NetBSD Panics when sent unaligned IP options] Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0088.html Reference: BID:1173 Reference: URL:http://www.securityfocus.com/bid/1173 Reference: XF:netbsd-unaligned-ip-options NetBSD 1.4.2 and earlier allows remote attackers to cause a denial of service by sending a packet with an unaligned IP timestamp option. ====================================================== Name: CVE-2000-0441 Status: Entry Reference: IBM:ERS-OAR-E01-2000:087.1 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0275.html Reference: BID:1241 Reference: URL:http://www.securityfocus.com/bid/1241 Reference: XF:aix-local-filesystem Vulnerability in AIX 3.2.x and 4.x allows local users to gain write access to files on locally or remotely mounted AIX filesystems. ====================================================== Name: CVE-2000-0442 Status: Entry Reference: BUGTRAQ:20000523 Qpopper 2.53 remote problem, user can gain gid=mail Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0267.html Reference: SUSE:20000608 pop <= 2000.3.4 Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_51.html Reference: BID:1242 Reference: URL:http://www.securityfocus.com/bid/1242 Reference: XF:qualcomm-qpopper-euidl Qpopper 2.53 and earlier allows local users to gain privileges via a formatting string in the From: header, which is processed by the euidl command. ====================================================== Name: CVE-2000-0443 Status: Entry Reference: BUGTRAQ:20000524 HP Web JetAdmin Version 5.6 Web interface Server Directory Traversal Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0281.html Reference: XF:hp-jetadmin-directory-traversal Reference: BID:1243 Reference: URL:http://www.securityfocus.com/bid/1243 Reference: OSVDB:1350 Reference: URL:http://www.osvdb.org/1350 The web interface server in HP Web JetAdmin 5.6 allows remote attackers to read arbitrary files via a .. (dot dot) attack. ====================================================== Name: CVE-2000-0445 Status: Entry Reference: BUGTRAQ:20000523 Key Generation Security Flaw in PGP 5.0 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0273.html Reference: CERT:CA-2000-09 Reference: URL:http://www.cert.org/advisories/CA-2000-09.html Reference: BID:1251 Reference: URL:http://www.securityfocus.com/bid/1251 Reference: XF:pgp-key-predictable Reference: OSVDB:1355 Reference: URL:http://www.osvdb.org/1355 The pgpk command in PGP 5.x on Unix systems uses an insufficiently random data source for non-interactive key pair generation, which may produce predictable keys. ====================================================== Name: CVE-2000-0446 Status: Entry Reference: BUGTRAQ:20000524 Remote xploit for MDBMS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0274.html Reference: XF:mdbms-bo Reference: BID:1252 Reference: URL:http://www.securityfocus.com/bid/1252 Buffer overflow in MDBMS database server allows remote attackers to execute arbitrary commands via a long string. ====================================================== Name: CVE-2000-0447 Status: Entry Reference: BUGTRAQ:20000525 DST2K0003 : Buffer Overrun in NAI WebShield SMTP v4.5.44 Managem ent Tool Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=6C740781F92BD411831F0090273A8AB806FD4A@exchange.servers.delphis.net Reference: XF:nai-webshield-bo Reference: BID:1254 Reference: URL:http://www.securityfocus.com/bid/1254 Reference: OSVDB:327 Reference: URL:http://www.osvdb.org/327 Buffer overflow in WebShield SMTP 4.5.44 allows remote attackers to execute arbitrary commands via a long configuration parameter to the WebShield remote management service. ====================================================== Name: CVE-2000-0448 Status: Entry Reference: BUGTRAQ:20000525 DST2K0003 : Buffer Overrun in NAI WebShield SMTP v4.5.44 Managem ent Tool Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=6C740781F92BD411831F0090273A8AB806FD4A@exchange.servers.delphis.net Reference: XF:nai-webshield-getconfig Reference: BID:1253 Reference: URL:http://www.securityfocus.com/bid/1253 Reference: OSVDB:326 Reference: URL:http://www.osvdb.org/326 The WebShield SMTP Management Tool version 4.5.44 does not properly restrict access to the management port when an IP address does not resolve to a hostname, which allows remote attackers to access the configuration via the GET_CONFIG command. ====================================================== Name: CVE-2000-0451 Status: Entry Reference: BUGTRAQ:20000518 Remote Dos attack against Intel express 8100 router Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0229.html Reference: XF:intel-8100-remote-dos Reference: BID:1228 Reference: URL:http://www.securityfocus.com/bid/1228 The Intel express 8100 ISDN router allows remote attackers to cause a denial of service via oversized or fragmented ICMP packets. ====================================================== Name: CVE-2000-0452 Status: Entry Reference: BUGTRAQ:20000518 Lotus ESMTP Service (Lotus Domino Release 5.0.1 (Intl)) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0219.html Reference: XF:lotus-domino-esmtp-bo Reference: BID:1229 Reference: URL:http://www.securityfocus.com/bid/1229 Reference: OSVDB:321 Reference: URL:http://www.osvdb.org/321 Buffer overflow in the ESMTP service of Lotus Domino Server 5.0.1 allows remote attackers to cause a denial of service via a long MAIL FROM command. ====================================================== Name: CVE-2000-0453 Status: Entry Reference: BUGTRAQ:20000518 Nasty XFree Xserver DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0223.html Reference: CALDERA:CSSA-2000-012.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2000-012.0.txt Reference: BID:1235 Reference: URL:http://www.securityfocus.com/bid/1235 XFree86 3.3.x and 4.0 allows a