Sax2 Network Intrusion Detection System

A professional intrusion detection and protection system (NIDS) which excels at real-time packet capture, 24/7 network monitor, advanced protocol analysis and automatic expert detection.  

CVE-2000-0001

Description:
RealMedia server allows remote attackers to cause a denial of service via a long ramgen request. Status: Entry
Reference: BUGTRAQ:19991222 RealMedia Server 5.0 Crasher (rmscrash.c)
Reference: BID:888
Reference: URL:http://www.securityfocus.com/bid/888
Reference: XF:realserver-ramgen-dos

Description:
Buffer overflow in ZBServer Pro 1.50 allows remote attackers to execute commands via a long GET request. Status: Entry
Reference: NTBUGTRAQ:19991223 Local / Remote GET Buffer Overflow Vulnerability in ZBServer 1.5 Pro Edition for Win98/NT
Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind9912&L=NTBUGTRAQ&P=R3556
Reference: BUGTRAQ:19991223 Local / Remote GET Buffer Overflow Vulnerability in ZBServer 1.5 Pro Edition for Win98/NT
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94598388530358&w=2
Reference: BUGTRAQ:20000128 ZBServer 1.50-r1x exploit (WinNT)
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=36B0596E.8D111D66@teleline.es
Reference: VULNWATCH:20020114 ZBServer Pro DoS Vulnerability
Reference: BID:889
Reference: URL:http://www.securityfocus.com/bid/889
Reference: XF:zbserver-get-bo

Description:
Buffer overflow in UnixWare rtpm program allows local users to gain privileges via a long environmental variable. Status: Entry
Reference: BUGTRAQ:19991230 UnixWare rtpm exploit + discussion
Reference: BUGTRAQ:20000127 New SCO patches...
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94908470928258&w=2

Description:
ZBServer Pro allows remote attackers to read source code for executable files by inserting a . (dot) into the URL. Status: Entry
Reference: NTBUGTRAQ:19991223 Local / Remote GET Buffer Overflow Vulnerability in ZBServer 1.5 Pro Edition for Win98/NT
Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind9912&L=NTBUGTRAQ&P=R3556
Reference: BUGTRAQ:19991223 Re: Local / Remote GET Buffer Overflow Vulnerability in ZBServer 1.5 Pro Edition for Win98/NT
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94606572912422&w=2
Reference: XF:zbserver-url-dot

Description:
strace allows local users to read arbitrary files via memory mapped file names. Status: Entry
Reference: BUGTRAQ:19991225 strace can lie
Reference: URL:http://online.securityfocus.com/archive/1/39831
Reference: XF:linux-strace(4554)
Reference: URL:http://xforce.iss.net/static/4554.php

Description:
Trend Micro PC-Cillin does not restrict access to its internal proxy port, allowing remote attackers to conduct a denial of service. Status: Entry
Reference: BUGTRAQ:19991230 PC-Cillin 6.x DoS Attack
Reference: XF:pccillin-proxy-remote-dos(4491)
Reference: URL:http://xforce.iss.net/static/4491.php
Reference: BID:1740
Reference: URL:http://www.securityfocus.com/bid/1740

Description:
The bna_pass program in Optivity NETarchitect uses the PATH environmental variable for finding the "rm" program, which allows local users to execute arbitrary commands. Status: Entry
Reference: BUGTRAQ:19991230 bna,sh
Reference: XF:netarchitect-path-vulnerability
Reference: BID:907
Reference: URL:http://www.securityfocus.com/bid/907

Description:
WebWho+ whois.cgi program allows remote attackers to execute commands via shell metacharacters in the TLD parameter. Status: Entry
Reference: BUGTRAQ:19991226 WebWho+ ADVISORY
Reference: XF:http-cgi-webwhoplus

Description:
Buffer overflow in AnalogX SimpleServer:WWW HTTP server allows remote attackers to execute commands via a long GET request. Status: Entry
Reference: BUGTRAQ:19991231 Local / Remote GET Buffer Overflow Vulnerability in AnalogX SimpleServer:WWW HTTP Server v1.1
Reference: MISC:http://www.analogx.com/contents/download/network/sswww.htm
Reference: XF:simpleserver-get-bo
Reference: BID:906
Reference: URL:http://www.securityfocus.com/bid/906
Reference: OSVDB:1184
Reference: URL:http://www.osvdb.org/1184

Description:
Buffer overflow in w3-msql CGI program in miniSQL package allows remote attackers to execute commands. Status: Entry
Reference: BUGTRAQ:19991227 remote buffer overflow in miniSQL
Reference: BID:898
Reference: URL:http://www.securityfocus.com/bid/898
Reference: XF:w3-msql-scanf-bo

Description:
IRIX soundplayer program allows local users to gain privileges by including shell metacharacters in a .wav file, which is executed via the midikeys program. Status: Entry
Reference: BUGTRAQ:19991231 irix-soundplayer.sh
Reference: XF:irix-soundplayer-symlink
Reference: BID:909
Reference: URL:http://www.securityfocus.com/bid/909

Description:
Denial of service in Savant web server via a null character in the requested URL. Status: Entry
Reference: BUGTRAQ:19991228 Local / Remote D.o.S Attack in Savant Web Server V2.0 WIN9X / NT / 2K
Reference: BID:897
Reference: URL:http://www.securityfocus.com/bid/897
Reference: XF:savant-server-null-dos

Description:
CascadeView TFTP server allows local users to gain privileges via a symlink attack. Status: Entry
Reference: BUGTRAQ:19991231 tftpserv.sh
Reference: BID:910
Reference: URL:http://www.securityfocus.com/bid/910
Reference: XF:cascadeview-tftp-symlink

Description:
wmmon in FreeBSD allows local users to gain privileges via the .wmmonrc configuration file. Status: Entry
Reference: BUGTRAQ:19991221 Wmmon under FreeBSD
Reference: BID:885
Reference: URL:http://www.securityfocus.com/bid/885
Reference: XF:freebsd-wmmon-root-exploit
Reference: OSVDB:1169
Reference: URL:http://www.osvdb.org/1169

Description:
DNS PRO allows remote attackers to conduct a denial of service via a large number of connections. Status: Entry
Reference: NTBUGTRAQ:19991221 Remote D.o.S Attack in DNS PRO v5.7 WinNT From FBLI Software Vulnerability
Reference: BUGTRAQ:19991221 Remote D.o.S Attack in DNS PRO v5.7 WinNT From FBLI Software Vulnerability
Reference: XF:dnspro-flood-dos

Description:
Lotus Domino HTTP server does not properly disable anonymous access for the cgi-bin directory. Status: Entry
Reference: BUGTRAQ:19991221 serious Lotus Domino HTTP denial of service
Reference: BUGTRAQ:19991227 Re: Lotus Domino HTTP denial of service attack
Reference: BID:881
Reference: URL:http://www.securityfocus.com/bid/881

Description:
Buffer overflow in Lotus Domino HTTP server allows remote attackers to cause a denial of service via a long URL. Status: Entry
Reference: BUGTRAQ:19991221 serious Lotus Domino HTTP denial of service
Reference: BUGTRAQ:19991222 Lotus Notes HTTP cgi-bin vulnerability: possible workaround
Reference: BUGTRAQ:19991227 Re: Lotus Domino HTTP denial of service attack
Reference: BID:881
Reference: URL:http://www.securityfocus.com/bid/881
Reference: OSVDB:51
Reference: URL:http://www.osvdb.org/51

Description:
IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka the "Escape Character Parsing" vulnerability. Status: Entry
Reference: MISC:http://www.acrossecurity.com/aspr/ASPR-1999-11-10-1-PUB.txt
Reference: MS:MS99-061
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-061.asp
Reference: BUGTRAQ:19991228 Third Party Software Affected by IIS "Escape Character Parsing" Vulnerability
Reference: BUGTRAQ:19991229 More info on MS99-061 (IIS escape character vulnerability)
Reference: XF:iis-badescapes
Reference: MSKB:Q246401
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q246401

Description:
IIS 4.0 and Site Server 3.0 allow remote attackers to read source code for ASP files if the file is in a virtual directory whose name includes extensions such as .com, .exe, .sh, .cgi, or .dll, aka the "Virtual Directory Naming" vulnerability. Status: Entry
Reference: MS:MS99-058
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-058.mspx
Reference: MSKB:Q238606
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q238606
Reference: OSVDB:8098
Reference: URL:http://www.osvdb.org/8098

Description:
Buffer overflow in UnixWare i2odialogd daemon allows remote attackers to gain root access via a long username/password authorization string. Status: Entry
Reference: BUGTRAQ:19991222 UnixWare i2odialogd remote root exploit
Reference: BUGTRAQ:19991223 FYI, SCO Security patches available.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94606167110764&w=2
Reference: BID:876
Reference: URL:http://www.securityfocus.com/bid/876
Reference: OSVDB:6310
Reference: URL:http://www.osvdb.org/6310

Description:
IBM Network Station Manager NetStation allows local users to gain privileges via a symlink attack. Status: Entry
Reference: BUGTRAQ:19991227 IBM NetStation/UnixWare local root exploit
Reference: URL:http://www.securityfocus.com/archive/1/39962
Reference: BID:900
Reference: URL:http://www.securityfocus.com/bid/900
Reference: XF:ibm-netstat-race-condition(5381)
Reference: URL:http://www.iss.net/security_center/static/5381.php

Description:
UnixWare pis and mkpis commands allow local users to gain privileges via a symlink attack. Status: Entry
Reference: BUGTRAQ:19991227 UnixWare local pis exploit
Reference: BUGTRAQ:20000113 Info on some security holes reported against SCO Unixware.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94780294009285&w=2
Reference: BID:901
Reference: URL:http://www.securityfocus.com/bid/901

Description:
Solaris dmispd dmi_cmd allows local users to fill up restricted disk space by adding files to the /var/dmi/db database. Status: Entry
Reference: BUGTRAQ:19991222 Solaris 2.7 dmispd local/remote problems
Reference: XF:sol-dmispd-fill-disk
Reference: BID:878
Reference: URL:http://www.securityfocus.com/bid/878

Description:
The initscripts package in Red Hat Linux allows local users to gain privileges via a symlink attack. Status: Entry
Reference: L0PHT:19991227 initscripts-4.48-1 RedHat Linux 6.1
Reference: REDHAT:RHSA-1999:052-04

Description:
Solaris dmi_cmd allows local users to crash the dmispd daemon by adding a malformed file to the /var/dmi/db database. Status: Entry
Reference: BUGTRAQ:19991222 Solaris 2.7 dmispd local/remote problems
Reference: XF:sol-dmispd-dos
Reference: BID:878
Reference: URL:http://www.securityfocus.com/bid/878
Reference: OSVDB:7582
Reference: URL:http://www.osvdb.org/7582

Description:
InterScan VirusWall SMTP scanner does not properly scan messages with malformed attachments. Status: Entry
Reference: BUGTRAQ:19991227 Trend Micro InterScan VirusWall SMTP bug
Reference: BID:899
Reference: URL:http://www.securityfocus.com/bid/899
Reference: XF:interscan-viruswall-bypass

Description:
Netscape 4.7 records user passwords in the preferences.js file during an IMAP or POP session, even if the user has not enabled "remember passwords." Status: Entry
Reference: BUGTRAQ:19991222 More Netscape Passwords Available.
Reference: XF:netscape-password-preferences

Description:
Outlook Express 5 for Macintosh downloads attachments to HTML mail without prompting the user, aka the "HTML Mail Attachment" vulnerability. Status: Entry
Reference: MS:MS99-060
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-060.asp
Reference: MSKB:Q249082
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q249082

Description:
Majordomo wrapper allows local users to gain privileges by specifying an alternate configuration file. Status: Entry
Reference: BUGTRAQ:19991228 majordomo local exploit
Reference: BUGTRAQ:20000113 Info on some security holes reported against SCO Unixware.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94780294009285&w=2
Reference: BUGTRAQ:20000124 majordomo 1.94.5 does not fix all vulnerabilities
Reference: REDHAT:RHSA-2000:005
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-005.html
Reference: BID:903
Reference: URL:http://www.securityfocus.com/bid/903

Description:
AltaVista search engine allows remote attackers to read files above the document root via a .. (dot dot) in the query.cgi CGI program. Status: Entry
Reference: BUGTRAQ:19991229 AltaVista
Reference: BUGTRAQ:19991230 Follow UP AltaVista
Reference: BUGTRAQ:19991229 AltaVista followup and monitor script
Reference: BUGTRAQ:20000103 FW: Patch issued for AltaVista Search Engine Directory TraversalVulnerability
Reference: BUGTRAQ:20000109 Altavista followup
Reference: BID:896
Reference: URL:http://www.securityfocus.com/bid/896
Reference: OSVDB:15
Reference: URL:http://www.osvdb.org/15

Description:
glFtpD allows local users to gain privileges via metacharacters in the SITE ZIPCHK command. Status: Entry
Reference: BUGTRAQ:19991223 Multiple vulnerabilites in glFtpD (current versions)

Description:
Macintosh systems generate large ICMP datagrams in response to malformed datagrams, allowing them to be used as amplifiers in a flood attack. Status: Entry
Reference: BUGTRAQ:19991229 The "Mac DoS Attack," a Scheme for Blocking Internet Connections
Reference: BID:890
Reference: URL:http://www.securityfocus.com/bid/890

Description:
Buffer overflow in CSM mail server allows remote attackers to cause a denial of service or execute commands via a long HELO command. Status: Entry
Reference: BUGTRAQ:19991229 Local / Remote D.o.S Attack in CSM Mail Server for Windows 95/NT v.2000.08.A
Reference: XF:csm-server-bo
Reference: BID:895
Reference: URL:http://www.securityfocus.com/bid/895

Description:
Buffer overflow in CamShot WebCam HTTP server allows remote attackers to execute commands via a long GET request. Status: Entry
Reference: BUGTRAQ:19991230 Local / Remote GET Buffer Overflow Vulnerability in CamShot WebCam HTTP Server v2.5 for Win9x/NT
Reference: BID:905
Reference: URL:http://www.securityfocus.com/bid/905
Reference: XF:camshot-http-get-overflow

Description:
Macros in War FTP 1.70 and 1.67b2 allow local or remote attackers to read arbitrary files or execute commands. Status: Entry
Reference: BUGTRAQ:20000105 SECURITY ALERT - WAR FTP DAEMON ALL VERSIONS
Reference: BID:919
Reference: URL:http://www.securityfocus.com/bid/919
Reference: XF:warftp-macro-access-files

Description:
MySQL allows local users to modify passwords for arbitrary MySQL users via the GRANT privilege. Status: Entry
Reference: BUGTRAQ:20000111 Serious bug in MySQL password handling.
Reference: BUGTRAQ:20000113 New MySQL Available
Reference: XF:mysql-pwd-grant
Reference: BID:926
Reference: URL:http://www.securityfocus.com/bid/926

Description:
get_it program in Corel Linux Update allows local users to gain root access by specifying an alternate PATH for the cp program. Status: Entry
Reference: BUGTRAQ:20000112 Serious Bug in Corel Linux.(Local root exploit)
Reference: BID:928
Reference: URL:http://www.securityfocus.com/bid/928
Reference: CONFIRM:http://linux.corel.com/support/clos_patch1.htm
Reference: XF:linux-corel-update

Description:
The Allaire Spectra Webtop allows authenticated users to access other Webtop sections by specifying explicit URLs. Status: Entry
Reference: ALLAIRE:ASB00-01
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=13976&Method=Full
Reference: XF:allaire-webtop-access
Reference: BID:915
Reference: URL:http://www.securityfocus.com/bid/915

Description:
The Allaire Spectra Configuration Wizard allows remote attackers to cause a denial of service by repeatedly resubmitting data collections for indexing via a URL. Status: Entry
Reference: ALLAIRE:ASB00-02
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=13977&Method=Full
Reference: BID:916
Reference: URL:http://www.securityfocus.com/bid/916
Reference: XF:allaire-spectra-config-dos

Description:
Red Hat userhelper program in the usermode package allows local users to gain root access via PAM and a .. (dot dot) attack. Status: Entry
Reference: L0PHT:20000104 PamSlam
Reference: URL:http://www.l0pht.com/advisories/pam_advisory
Reference: REDHAT:RHSA-2000:001
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-001.html
Reference: XF:linux-pam-userhelper
Reference: URL:http://xforce.iss.net/search.php3?type=2&pattern=linux-pam-userhelper
Reference: BID:913
Reference: URL:http://www.securityfocus.com/bid/913

Description:
Microsoft Commercial Internet System (MCIS) IMAP server allows remote attackers to cause a denial of service via a malformed IMAP request. Status: Entry
Reference: MS:MS00-001
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-001.asp
Reference: MSKB:Q246731
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q246731
Reference: BID:912
Reference: URL:http://www.securityfocus.com/bid/912
Reference: XF:mcis-malformed-imap

Description:
IMail IMONITOR status.cgi CGI script allows remote attackers to cause a denial of service with many calls to status.cgi. Status: Entry
Reference: BUGTRAQ:20000105 Local / Remote D.o.S Attack in IMail IMONITOR Server for WinNT Version 5.08
Reference: BID:914
Reference: URL:http://www.securityfocus.com/bid/914
Reference: XF:imail-imonitor-status-dos

Description:
Cold Fusion CFCACHE tag places temporary cache files within the web document root, allowing remote attackers to obtain sensitive system information. Status: Entry
Reference: ALLAIRE:ASB00-03
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=13978&Method=Full
Reference: XF:coldfusion-cfcache
Reference: BID:917
Reference: URL:http://www.securityfocus.com/bid/917

Description:
Buffer overflow in aVirt Rover POP3 server 1.1 allows remote attackers to cause a denial of service via a long user name. Status: Entry
Reference: NTBUGTRAQ:19991227 Local / Remote Remote DoS Attack in Rover POP3 Server V1.1 NT From aVirt
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=94647711311057&w=2
Reference: BUGTRAQ:19991227 Local / Remote Remote DoS Attack in Rover POP3 Server V1.1 NT From aVirt
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94633851427858&w=2
Reference: BID:894
Reference: URL:http://www.securityfocus.com/bid/894
Reference: XF:avirt-rover-pop3-dos(3765)
Reference: URL:http://www.iss.net/security_center/static/3765.php

Description:
The DTML implementation in the Z Object Publishing Environment (Zope) allows remote attackers to conduct unauthorized activities. Status: Entry
Reference: BUGTRAQ:20000104 [petrilli@digicool.com: [Zope] SECURITY ALERT]
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000104222219.B41650@schvin.net
Reference: BID:922
Reference: URL:http://www.securityfocus.com/bid/922
Reference: XF:zope-dtml

Description:
cgiproc CGI script in Nortel Contivity HTTP server allows remote attackers to read arbitrary files by specifying the filename in a parameter to the script. Status: Entry
Reference: BUGTRAQ:20000118 Nortel Contivity Vulnerability
Reference: XF:http-cgi-cgiproc-file-read
Reference: BID:938
Reference: URL:http://www.securityfocus.com/bid/938

Description:
cgiproc CGI script in Nortel Contivity HTTP server allows remote attackers to cause a denial of service via a malformed URL that includes shell metacharacters. Status: Entry
Reference: BUGTRAQ:20000118 Nortel Contivity Vulnerability
Reference: BID:938
Reference: URL:http://www.securityfocus.com/bid/938
Reference: XF:http-cgi-cgiproc-dos
Reference: OSVDB:7583
Reference: URL:http://www.osvdb.org/7583

Description:
Buffer overflow in InetServ 3.0 allows remote attackers to execute commands via a long GET request. Status: Entry
Reference: NTBUGTRAQ:20000117 Remote Buffer Exploit - InetServ 3.0
Reference: XF:inetserv-get-bo

Description:
NtImpersonateClientOfPort local procedure call in Windows NT 4.0 allows local users to gain privileges, aka "Spoofed LPC Port Request." Status: Entry
Reference: BINDVIEW:20000113 Local Promotion Vulnerability in Windows NT 4
Reference: URL:http://www.bindview.com/security/advisory/adv_NtImpersonate.html
Reference: MS:MS00-003
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-003.asp
Reference: MSKB:Q247869
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q247869
Reference: XF:nt-spoofed-lpc-port
Reference: URL:http://xforce.iss.net/search.php3?type=2&pattern=nt-spoofed-lpc-port
Reference: BID:934
Reference: URL:http://www.securityfocus.com/bid/934

Description:
Visual Casel (Vcasel) does not properly prevent users from executing files, which allows local users to use a relative pathname to specify an alternate file which has an approved name and possibly gain privileges. Status: Entry
Reference: BUGTRAQ:20000118 Warning: VCasel security hole.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94823061421676&w=2
Reference: BID:937
Reference: URL:http://www.securityfocus.com/bid/937
Reference: XF:vcasel-filename-trusting(3867)
Reference: URL:http://www.iss.net/security_center/static/3867.php

Description:
Buffer overflow in Microsoft Rich Text Format (RTF) reader allows attackers to cause a denial of service via a malformed control word. Status: Entry
Reference: MS:MS00-005
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-005.asp
Reference: MSKB:Q249973
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q249973
Reference: XF:win-malformed-rtf-control-word
Reference: URL:http://xforce.iss.net/search.php3?type=2&pattern=win-malformed-rtf-control-word

Description:
Super Mail Transfer Package (SMTP), later called MsgCore, has a memory leak which allows remote attackers to cause a denial of service by repeating multiple HELO, MAIL FROM, RCPT TO, and DATA commands in the same session. Status: Entry
Reference: NTBUGTRAQ:20000113 Local / Remote D.o.S Attack in Super Mail Transfer Package (SMTP) Server for WinNT Version 1.9x
Reference: BUGTRAQ:20000113 Local / Remote D.o.S Attack in Super Mail Transfer Package (SMTP) Server for WinNT Version 1.9x
Reference: BID:930
Reference: URL:http://www.securityfocus.com/bid/930
Reference: XF:supermail-memleak-dos

Description:
nviboot boot script in the Debian nvi package allows local users to delete files via malformed entries in vi.recover. Status: Entry
Reference: BUGTRAQ:19991230 vibackup.sh
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94709988232618&w=2
Reference: DEBIAN:20000108
Reference: XF:nvi-delete-files
Reference: BID:1439
Reference: URL:http://www.securityfocus.com/bid/1439

Description:
AIX techlibss allows local users to overwrite files via a symlink attack. Status: Entry
Reference: BUGTRAQ:20000110 2nd attempt: AIX techlibss follows links
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94757136413681&w=2
Reference: BID:931
Reference: URL:http://www.securityfocus.com/bid/931
Reference: XF:aix-techlibss-symbolic-link

Description:
HP asecure creates the Audio Security File audio.sec with insecure permissions, which allows local users to cause a denial of service or gain additional privileges. Status: Entry
Reference: HP:HPSBUX0001-109
Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2031
Reference: XF:hp-audio-security-perms

Description:
Netscape Mail Notification (nsnotify) utility in Netscape Communicator uses IMAP without SSL, even if the user has set a preference for Communicator to use an SSL connection, allowing a remote attacker to sniff usernames and passwords in plaintext. Status: Entry
Reference: BUGTRAQ:20000113 Misleading sense of security in Netscape
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94790377622943&w=2
Reference: XF:netscape-mail-notify-plaintext(4385)
Reference: URL:http://www.iss.net/security_center/static/4385.php

Description:
Buffer overflow in the conversion utilities for Japanese, Korean and Chinese Word 5 documents allows an attacker to execute commands, aka the "Malformed Conversion Data" vulnerability. Status: Entry
Reference: MS:MS00-002
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-002.mspx
Reference: XF:office-malformed-convert
Reference: BID:946
Reference: URL:http://www.securityfocus.com/bid/946

Description:
The rdisk utility in Microsoft Terminal Server Edition and Windows NT 4.0 stores registry hive information in a temporary file with permissions that allow local users to read it, aka the "RDISK Registry Enumeration File" vulnerability. Status: Entry
Reference: NTBUGTRAQ:20000121 RDISK registry enumeration file vulnerability in Windows NT 4.0 Terminal Server Edition
Reference: BUGTRAQ:20000122 RDISK registry enumeration file vulnerability in Windows NT 4.0 Terminal Server Edition
Reference: MS:MS00-004
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-004.mspx
Reference: MSKB:Q249108
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q249108
Reference: BID:947
Reference: URL:http://www.securityfocus.com/bid/947
Reference: XF:nt-rdisk-enum-file

Description:
VMWare 1.1.2 allows local users to cause a denial of service via a symlink attack. Status: Entry
Reference: BUGTRAQ:20000124 VMware 1.1.2 Symlink Vulnerability
Reference: XF:linux-vmware-symlink
Reference: BID:943
Reference: URL:http://www.securityfocus.com/bid/943
Reference: OSVDB:1205
Reference: URL:http://www.osvdb.org/1205

Description:
Buffer overflow in vchkpw/vpopmail POP authentication package allows remote attackers to gain root privileges via a long username or password. Status: Entry
Reference: BUGTRAQ:20000122 remote root qmail-pop with vpopmail advisory and exploit with patch
Reference: BUGTRAQ:20000123 Re: vpopmail/vchkpw remote root exploit
Reference: BID:942
Reference: URL:http://www.securityfocus.com/bid/942
Reference: MISC:http://www.inter7.com/vpopmail/ChangeLog
Reference: MISC:http://www.inter7.com/vpopmail/

Description:
The BSD make program allows local users to modify files via a symlink attack when the -j option is being used. Status: Entry
Reference: FREEBSD:FreeBSD-SA-00:01
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:01.make.asc
Reference: BID:939
Reference: URL:http://www.securityfocus.com/bid/939
Reference: XF:gnu-makefile-tmp-root

Description:
procfs in BSD systems allows local users to gain root privileges by modifying the /proc/pid/mem interface via a modified file descriptor for stderr. Status: Entry
Reference: BUGTRAQ:20000121 *BSD procfs vulnerability
Reference: FREEBSD:FreeBSD-SA-00:02
Reference: NETBSD:NetBSD-SA2000-001
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2000-001.txt.asc
Reference: OPENBSD:20000120 [2.6] 018: SECURITY FIX: Jan 20, 2000
Reference: BID:940
Reference: URL:http://www.securityfocus.com/bid/940
Reference: OSVDB:20760
Reference: URL:http://www.osvdb.org/20760
Reference: XF:netbsd-procfs(3995)
Reference: URL:http://xforce.iss.net/xforce/xfdb/3995

Description:
The PMTU discovery procedure used by HP-UX 10.30 and 11.00 for determining the optimum MTU generates large amounts of traffic in response to small packets, allowing remote attackers to cause the system to be used as a packet amplifier. Status: Entry
Reference: HP:HPSBUX0001-110
Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2041
Reference: BID:944
Reference: URL:http://www.securityfocus.com/bid/944

Description:
The WebHits ISAPI filter in Microsoft Index Server allows remote attackers to read arbitrary files, aka the "Malformed Hit-Highlighting Argument" vulnerability. Status: Entry
Reference: NTBUGTRAQ:20000127 Alert: MS IIS 4 / IS 2 (Cerberus Security Advisory CISADV000126)
Reference: MS:MS00-006
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-006.asp
Reference: BID:950
Reference: URL:http://www.securityfocus.com/bid/950
Reference: XF:http-indexserver-dirtrans
Reference: OSVDB:1210
Reference: URL:http://www.osvdb.org/1210

Description:
Microsoft Index Server allows remote attackers to determine the real path for a web directory via a request to an Internet Data Query file that does not exist. Status: Entry
Reference: MS:MS00-006
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-006.asp

Description:
Buffer overflow in UnixWare ppptalk command allows local users to gain privileges via a long prompt argument. Status: Entry
Reference: BUGTRAQ:20000119 Unixware ppptalk
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94848865112897&w=2

Description:
The SMS Remote Control program is installed with insecure permissions, which allows local users to gain privileges by modifying or replacing the program. Status: Entry
Reference: NTBUGTRAQ:20000115 Security Vulnerability with SMS 2.0 Remote Control
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/current/0045.html
Reference: MS:MS00-012
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-012.asp

Description:
Linux apcd program allows local attackers to modify arbitrary files via a symlink attack. Status: Entry
Reference: DEBIAN:20000201
Reference: URL:http://www.debian.org/security/2000/20000201
Reference: BID:958
Reference: URL:http://www.securityfocus.com/bid/958

Description:
The RightFax web client uses predictable session numbers, which allows remote attackers to hijack user sessions. Status: Entry
Reference: BUGTRAQ:20000129 [LoWNOISE] Rightfax web client 5.2
Reference: BID:953
Reference: URL:http://www.securityfocus.com/bid/953
Reference: XF:avt-rightfax-predict-session

Description:
The default installation of Debian GNU/Linux uses an insecure Master Boot Record (MBR) which allows a local user to boot from a floppy disk during the installation. Status: Entry
Reference: BUGTRAQ:20000202 vulnerability in Linux Debian default boot configuration
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94973075614088&w=2
Reference: BID:960
Reference: URL:http://www.securityfocus.com/bid/960
Reference: XF:debian-mbr-bypass-security

Description:
The SyGate Remote Management program does not properly restrict access to its administration service, which allows remote attackers to cause a denial of service, or access network traffic statistics. Status: Entry
Reference: BUGTRAQ:20000128 SyGate 3.11 Port 7323 / Remote Admin hole
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94934808714972&w=2
Reference: BUGTRAQ:20000202 SV: SyGate 3.11 Port 7323 / Remote Admin hole
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94952641025328&w=2
Reference: BUGTRAQ:20000203 UPDATE: Sygate 3.11 Port 7323 Telnet Hole
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94973281714994&w=2
Reference: CONFIRM:http://www.sybergen.com/support/fix.htm
Reference: BID:952
Reference: URL:http://www.securityfocus.com/bid/952

Description:
Firewall-1 does not properly filter script tags, which allows remote attackers to bypass the "Strip Script Tags" restriction by including an extra < in front of the SCRIPT tag. Status: Entry
Reference: NTBUGTRAQ:20000129 "Strip Script Tags" in FW-1 can be circumvented
Reference: BUGTRAQ:20000129 "Strip Script Tags" in FW-1 can be circumvented
Reference: BID:954
Reference: URL:http://www.securityfocus.com/bid/954
Reference: XF:http-script-bypass
Reference: OSVDB:1212
Reference: URL:http://www.osvdb.org/1212

Description:
The siteUserMod.cgi program in Cobalt RaQ2 servers allows any Site Administrator to modify passwords for other users, site administrators, and possibly admin (root). Status: Entry
Reference: BUGTRAQ:20000127 Cobalt RaQ2 - a user of mine changed my admin password..
Reference: BUGTRAQ:20000131 [ Cobalt ] Security Advisory -- 01.31.2000
Reference: XF:http-cgi-cobalt-passwords
Reference: BID:951
Reference: URL:http://www.securityfocus.com/bid/951

Description:
The Remote Access Service invoke.cfm template in Allaire Spectra 1.0 allows users to bypass authentication via the bAuthenticated parameter. Status: Entry
Reference: ALLAIRE:ASB00-04
Reference: BID:955
Reference: URL:http://www.securityfocus.com/bid/955
Reference: XF:allaire-spectra-ras-access(4025)
Reference: URL:http://xforce.iss.net/static/4025.php

Description:
The Recycle Bin utility in Windows NT and Windows 2000 allows local users to read or modify files by creating a subdirectory with the victim's SID in the recycler directory, aka the "Recycle Bin Creation" vulnerability. Status: Entry
Reference: NTBUGTRAQ:20000201 "Recycle Bin Creation" Vulnerability in Windows NT / Windows 2000
Reference: MS:MS00-007
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-007.mspx
Reference: MSKB:Q248399
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q248399
Reference: BID:963
Reference: URL:http://www.securityfocus.com/bid/963

Description:
The Webspeed configuration program does not properly disable access to the WSMadmin utility, which allows remote attackers to gain privileges via wsisa.dll. Status: Entry
Reference: BUGTRAQ:20000203 Webspeed security issue
Reference: CONFIRM:http://www.progress.com/services/support/cgi-bin/techweb-kbase.cgi/webkb.html?kbid=19412&keywords=security%20Webspeed
Reference: BID:969
Reference: URL:http://www.securityfocus.com/bid/969
Reference: XF:webspeed-adminutil-auth

Description:
The Finger Server 0.82 allows remote attackers to execute commands via shell metacharacters. Status: Entry
Reference: BUGTRAQ:20000204 "The Finger Server"
Reference: CONFIRM:http://www.glazed.org/finger/changelog.txt
Reference: XF:finger-server-input
Reference: OSVDB:7610
Reference: URL:http://www.osvdb.org/7610

Description:
Buffer overflow in SCO scohelp program allows remote attackers to execute commands. Status: Entry
Reference: BUGTRAQ:20000127 New SCO patches...
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94908470928258&w=2
Reference: SCO:SB-00.02a
Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-00.02a
Reference: XF:sco-help-bo

Description:
Buffer overflow in War FTPd 1.6x allows users to cause a denial of service via long MKD and CWD commands. Status: Entry
Reference: BUGTRAQ:20000201 war-ftpd 1.6x DoS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94960703721503&w=2
Reference: BID:966
Reference: URL:http://www.securityfocus.com/bid/966
Reference: OSVDB:4677
Reference: URL:http://www.osvdb.org/4677

Description:
Internet Anywhere POP3 Mail Server allows local users to cause a denial of service via a malformed RETR command. Status: Entry
Reference: BUGTRAQ:20000210 remote DoS on Internet Anywhere Mail Server Ver.3.1.3
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95021326417936&w=2
Reference: BID:982
Reference: URL:http://www.securityfocus.com/bid/982

Description:
Internet Anywhere POP3 Mail Server allows remote attackers to cause a denial of service via a large number of connections. Status: Entry
Reference: BUGTRAQ:20000210 remote DoS on Internet Anywhere Mail Server Ver.3.1.3
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95021326417936&w=2
Reference: NTBUGTRAQ:20000210 remote DoS on Internet Anywhere Mail Server Ver.3.1.3
Reference: BID:980
Reference: URL:http://www.securityfocus.com/bid/980

Description:
Infopop Ultimate Bulletin Board (UBB) allows remote attackers to execute commands via shell metacharacters in the topic hidden field. Status: Entry
Reference: BUGTRAQ:20000211 perl-cgi hole in UltimateBB by Infopop Corp.
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-8&msg=20000211224935.A13236@infomag.ape.relarn.ru
Reference: BUGTRAQ:20000225 FW: Important UBB News For Licensed Users
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-22&msg=NDBBLKOPOLNKELHPDEFKIEPGCAAA.renzo.toma@veronica.nl
Reference: BID:991
Reference: URL:http://www.securityfocus.com/bid/991
Reference: MISC:http://www.ultimatebb.com/home/versions.shtml
Reference: XF:http-cgi-ultimatebb

Description:
Axis 700 Network Scanner does not properly restrict access to administrator URLs, which allows users to bypass the password protection via a .. (dot dot) attack. Status: Entry
Reference: BUGTRAQ:20000207 Infosec.20000207.axis700.a
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0034.html
Reference: BID:971
Reference: URL:http://www.securityfocus.com/bid/971

Description:
The libguile.so library file used by gnucash in Debian GNU/Linux is installed with world-writable permissions. Status: Entry
Reference: BUGTRAQ:20000205 Debian (frozen): Perms on /usr/lib/libguile.so.6.0.0

Description:
The Java Server in the Novell GroupWise Web Access Enhancement Pack allows remote attackers to cause a denial of service via a long URL to the servlet. Status: Entry
Reference: BUGTRAQ:20000207 Novell GroupWise 5.5 Enhancement Pack Web Access Denial of Servic e
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0049.html
Reference: BID:972
Reference: URL:http://www.securityfocus.com/bid/972
Reference: XF:novell-groupwise-url-dos

Description:
MySQL 3.22 allows remote attackers to bypass password authentication and access a database via a short check string. Status: Entry
Reference: BUGTRAQ:20000208 Remote access vulnerability in all MySQL server versions
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0053.html
Reference: BUGTRAQ:20000214 MySQL 3.22.32 released
Reference: BID:975
Reference: URL:http://www.securityfocus.com/bid/975

Description:
Zeus web server allows remote attackers to view the source code for CGI programs via a null character (%00) at the end of a URL. Status: Entry
Reference: BUGTRAQ:20000209 [SAFER 000209.EXP.1.2] Zeus Web Server - obtaining source of CGI scripts
Reference: BUGTRAQ:20000208 Zeus Web Server: Null Terminated Strings
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0057.html
Reference: BID:977
Reference: URL:http://www.securityfocus.com/bid/977
Reference: OSVDB:254
Reference: URL:http://www.osvdb.org/254
Reference: XF:zeus-server-null-string(3982)
Reference: URL:http://xforce.iss.net/xforce/xfdb/3982

Description:
Check Point Firewall-1 allows remote attackers to bypass port access restrictions on an FTP server by forcing it to send malicious packets that Firewall-1 misinterprets as a valid 227 response to a client's PASV attempt. Status: Entry
Reference: BUGTRAQ:20000209 FireWall-1 FTP Server Vulnerability
Reference: BUGTRAQ:20000212 Re: FireWall-1 FTP Server Vulnerability
Reference: BUGTRAQ:20000210 Multiple firewalls: FTP Application Level Gateway "PASV" Vulnerability
Reference: CERT-VN:VU#328867
Reference: URL:http://www.kb.cert.org/vuls/id/328867
Reference: BID:979
Reference: URL:http://www.securityfocus.com/bid/979
Reference: OSVDB:4417
Reference: URL:http://www.osvdb.org/4417

Description:
Remote attackers can cause a denial of service in Novell BorderManager 3.5 by pressing the enter key in a telnet connection to port 2000. Status: Entry
Reference: BUGTRAQ:20000209 Novell BorderManager 3.5 Remote Slow Death
Reference: BUGTRAQ:20000211 BorderManager csatpxy.nlm fix avalable.
Reference: BID:976
Reference: URL:http://www.securityfocus.com/bid/976
Reference: OSVDB:7468
Reference: URL:http://www.osvdb.org/7468

Description:
Internet Explorer 4.x and 5.x allows remote web servers to access files on the client that are outside of its security domain, aka the "Image Source Redirect" vulnerability. Status: Entry
Reference: MS:MS00-009
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-009.mspx
Reference: OSVDB:7827
Reference: URL:http://www.osvdb.org/7827
Reference: XF:ie-image-source-redirect(3996)
Reference: URL:http://xforce.iss.net/xforce/xfdb/3996

Description:
NetBSD ptrace call on VAX allows local users to gain privileges by modifying the PSL contents in the debugging process. Status: Entry
Reference: NETBSD:1999-012
Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA1999-012.txt.asc
Reference: BID:992
Reference: URL:http://www.securityfocus.com/bid/992
Reference: XF:netbsd-ptrace

Description:
HP Ignite-UX does not save /etc/passwd when it creates an image of a trusted system, which can set the password field to a blank and allow an attacker to gain privileges. Status: Entry
Reference: HP:HPSBUX0002-111
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-15&msg=20000217160216.13708.qmail@underground.org

Description:
Sample web sites on Microsoft Site Server 3.0 Commerce Edition do not validate an identification number, which allows remote attackers to execute SQL commands. Status: Entry
Reference: MS:MS00-010
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-010.asp
Reference: BID:994
Reference: URL:http://www.securityfocus.com/bid/994

Description:
The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x allows a remote attacker to read files via a malicious Java applet that escapes the Java sandbox, aka the "VM File Reading" vulnerability. Status: Entry
Reference: MS:MS00-011
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-011.asp

Description:
The installation of Sun Internet Mail Server (SIMS) creates a world-readable file that allows local users to obtain passwords. Status: Entry
Reference: BUGTRAQ:20000220 Sun Internet Mail Server
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-15&msg=Pine.SOL.4.21.0002200031320.22675-100000@klayman.hq.formus.pl
Reference: SUNBUG:4316521
Reference: BID:1004
Reference: URL:http://www.securityfocus.com/bid/1004
Reference: XF:sims-temp-world-readable

Description:
The Delegate application proxy has several buffer overflows which allow a remote attacker to execute commands. Status: Entry
Reference: BUGTRAQ:20000210 Re: application proxies?
Reference: FREEBSD:FreeBSD-SA-00:04
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-15&msg=Pine.BSF.4.21.0002192249290.10784-100000@freefall.freebsd.org
Reference: CIAC:K-023
Reference: URL:http://www.ciac.org/ciac/bulletins/k-023.shtml
Reference: XF:delegate-proxy-bo

Description:
Buffer overflow in the InterAccess telnet server TelnetD allows remote attackers to execute commands via a long login name. Status: Entry
Reference: BUGTRAQ:20000221 Local / Remote Exploiteable Buffer Overflow Vulnerability in InterAccess TelnetD Server 4.0 for Windows NT
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NCBBKFKDOLAGKIAPMILPGEJHCCAA.labs@ussrback.com
Reference: BUGTRAQ:20000223 Pragma Systems response to USSRLabs report
Reference: BID:995
Reference: URL:http://www.securityfocus.com/bid/995
Reference: XF:interaccess-telnet-login-bo

Description:
Microsoft Windows 9x operating systems allow an attacker to cause a denial of service via a pathname that includes file device names, aka the "DOS Device in Path Name" vulnerability. Status: Entry
Reference: BUGTRAQ:20000306 con\con is a old thing (anyway is cool)
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NCBBKFKDOLAGKIAPMILPCENECCAA.labs@ussrback.com
Reference: MS:MS00-017
Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2126
Reference: BID:1043
Reference: URL:http://www.securityfocus.com/bid/1043
Reference: XF:win-dos-devicename-dos

Description:
Batch files in the Oracle web listener ows-bin directory allow remote attackers to execute commands via a malformed URL that includes '?&'. Status: Entry
Reference: NTBUGTRAQ:20000314 Oracle Web Listener 4.0.x
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q1/0211.html
Reference: BID:1053
Reference: URL:http://www.securityfocus.com/bid/1053
Reference: XF:oracle-weblistener-remote-attack

Description:
Buffer overflow in the man program in Linux allows local users to gain privileges via the MANPAGER environmental variable. Status: Entry
Reference: BUGTRAQ:20000226 man bugs might lead to root compromise (RH 6.1 and other boxes)
Reference: BID:1011
Reference: URL:http://www.securityfocus.com/bid/1011

Description:
atsadc in the atsar package for Linux does not properly check the permissions of an output file, which allows local users to gain root privileges. Status: Entry
Reference: BUGTRAQ:20000311 TESO advisory -- atsadc
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0102.html
Reference: XF:atsar-root-access
Reference: BID:1048
Reference: URL:http://www.securityfocus.com/bid/1048

Description:
The mtr program only uses a seteuid call when attempting to drop privileges, which could allow local users to gain root privileges. Status: Entry
Reference: BUGTRAQ:20000303 Potential security problem with mtr
Reference: DEBIAN:20000309 mtr
Reference: FREEBSD:FreeBSD-SA-00:09
Reference: BUGTRAQ:20000308 [TL-Security-Announce] mtr-0.41 and earlier TLSA2000003-1 (fwd)
Reference: BID:1038
Reference: URL:http://www.securityfocus.com/bid/1038

Description:
StarOffice StarScheduler web server allows remote attackers to read arbitrary files via a .. (dot dot) attack. Status: Entry
Reference: BUGTRAQ:20000308 [SAFER 000309.EXP.1.4] StarScheduler (StarOffice) vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0063.html
Reference: BID:1040
Reference: URL:http://www.securityfocus.com/bid/1040
Reference: XF:staroffice-scheduler-fileread

Description:
Buffer overflow in StarOffice StarScheduler web server allows remote attackers to gain root access via a long GET command. Status: Entry
Reference: BUGTRAQ:20000308 [SAFER 000309.EXP.1.4] StarScheduler (StarOffice) vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0063.html
Reference: XF:staroffice-scheduler-bo
Reference: BID:1039
Reference: URL:http://www.securityfocus.com/bid/1039

Description:
ServerIron switches by Foundry Networks have predictable TCP/IP sequence numbers, which allows remote attackers to spoof or hijack sessions. Status: Entry
Reference: BUGTRAQ:20000227 Advisory: Foundry Networks ServerIron TCP/IP sequence predictability
Reference: MISC:http://www.foundrynet.com/bugTraq.html
Reference: BID:1017
Reference: URL:http://www.securityfocus.com/bid/1017

Description:
HP OpenView OmniBack 2.55 allows remote attackers to cause a denial of service via a large number of connections to port 5555. Status: Entry
Reference: BUGTRAQ:20000228 HP Omniback remote DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0387.html
Reference: HP:HPSBUX0006-115
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0006-115
Reference: BID:1015
Reference: URL:http://www.securityfocus.com/bid/1015
Reference: XF:omniback-connection-dos

Description:
Sojourn search engine allows remote attackers to read arbitrary files via a .. (dot dot) attack. Status: Entry
Reference: NTBUGTRAQ:20000313 SOJOURN Search engine exposes files
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q1/0201.html
Reference: BID:1052
Reference: URL:http://www.securityfocus.com/bid/1052
Reference: XF:sojourn-file-read(4197)
Reference: URL:http://xforce.iss.net/static/4197.php

Description:
Firewall-1 3.0 and 4.0 leaks packets with private IP address information, which could allow remote attackers to determine the real IP address of the host that is making the connection. Status: Entry
Reference: BUGTRAQ:20000311 Our old friend Firewall-1
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0119.html
Reference: BID:1054
Reference: URL:http://www.securityfocus.com/bid/1054
Reference: OSVDB:1256
Reference: URL:http://www.osvdb.org/1256

Description:
iPlanet Web Server 4.1 allows remote attackers to cause a denial of service via a large number of GET commands, which consumes memory and causes a kernel panic. Status: Entry
Reference: BUGTRAQ:20000223 DoS for the iPlanet Web Server, Enterprise Edition 4.1

Description:
Buffer overflow in ircII 4.4 IRC client allows remote attackers to execute commands via the DCC chat capability. Status: Entry
Reference: BUGTRAQ:20000310 Fwd: ircii-4.4 buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0093.html
Reference: FREEBSD:FreeBSD-SA-00:11
Reference: REDHAT:RHSA-2000:008
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-008.html
Reference: BID:1046
Reference: URL:http://www.securityfocus.com/bid/1046

Description:
Linux printtool sets the permissions of printer configuration files to be world-readable, which allows local attackers to obtain printer share passwords. Status: Entry
Reference: BUGTRAQ:20000309
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0082.html
Reference: BID:1037
Reference: URL:http://www.securityfocus.com/bid/1037

Description:
RealMedia RealServer reveals the real IP address of a Real Server, even if the address is supposed to be private. Status: Entry
Reference: BUGTRAQ:20000308 RealServer exposes internal IP addresses
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0069.html
Reference: BID:1049
Reference: URL:http://www.securityfocus.com/bid/1049

Description:
Buffer overflow in the dump utility in the Linux ext2fs backup package allows local users to gain privileges via a long command line argument. Status: Entry
Reference: BUGTRAQ:20000228 [ Hackerslab bug_paper ] Linux dump buffer overflow
Reference: TURBO:TLSA200007-1
Reference: REDHAT:RHSA-2000:100
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-100.html
Reference: BID:1020
Reference: URL:http://www.securityfocus.com/bid/1020

Description:
ColdFusion Server 4.x allows remote attackers to determine the real pathname of the server via an HTTP request to the application.cfm or onrequestend.cfm files. Status: Entry
Reference: NTBUGTRAQ:20000301 ColdFusions application.cfm shows full path
Reference: BUGTRAQ:20000305 ColdFusion Bug: Application.cfm shows full path
Reference: BID:1021
Reference: URL:http://www.securityfocus.com/bid/1021

Description:
Axis StorPoint CD allows remote attackers to access administrator URLs without authentication via a .. (dot dot) attack. Status: Entry
Reference: BUGTRAQ:20000229 Infosec.20000229.axisstorpointcd.a
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=41256894.00492503.00@mailgw.backupcentralen.se
Reference: XF:axis-storpoint-auth
Reference: BID:1025
Reference: URL:http://www.securityfocus.com/bid/1025
Reference: OSVDB:19
Reference: URL:http://www.osvdb.org/19

Description:
The default installation of Caldera OpenLinux 2.3 includes the CGI program rpm_query, which allows remote attackers to determine what packages are installed on the system. Status: Entry
Reference: BUGTRAQ:20000304 OpenLinux 2.3: rpm_query
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0029.html
Reference: BID:1036
Reference: URL:http://www.securityfocus.com/bid/1036

Description:
The default configuration of Dosemu in Corel Linux 1.0 allows local users to execute the system.com program and gain privileges. Status: Entry
Reference: BUGTRAQ:20000302 Corel Linux 1.0 dosemu default configuration: Local root vuln
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200003020436.PAA20168@jawa.chilli.net.au
Reference: BID:1030
Reference: URL:http://www.securityfocus.com/bid/1030
Reference: XF:linux-dosemu-config

Description:
buildxconf in Corel Linux allows local users to modify or create arbitrary files via the -x or -f parameters. Status: Entry
Reference: BUGTRAQ:20000224 Corel Linux 1.0 local root compromise
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0323.html
Reference: BID:1007
Reference: URL:http://www.securityfocus.com/bid/1007

Description:
setxconf in Corel Linux allows local users to gain root access via the -T parameter, which executes the user's .xserverrc file. Status: Entry
Reference: BUGTRAQ:20000224 Corel Linux 1.0 local root compromise
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0323.html
Reference: BID:1008
Reference: URL:http://www.securityfocus.com/bid/1008
Reference: XF:corel-linux-setxconf-root

Description:
Buffer overflow in mhshow in the Linux nmh package allows remote attackers to execute commands via malformed MIME headers in an email message. Status: Entry
Reference: DEBIAN:20000229
Reference: REDHAT:RHSA-2000:006
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-006.html
Reference: BID:1018
Reference: URL:http://www.securityfocus.com/bid/1018

Description:
Buffer overflow in Microsoft Clip Art Gallery allows remote attackers to cause a denial of service or execute commands via a malformed CIL (clip art library) file, aka the "Clip Art Buffer Overrun" vulnerability. Status: Entry
Reference: MS:MS00-015
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-015.mspx
Reference: BID:1034
Reference: URL:http://www.securityfocus.com/bid/1034

Description:
The window.showHelp() method in Internet Explorer 5.x does not restrict HTML help files (.chm) to be executed from the local host, which allows remote attackers to execute arbitrary commands via Microsoft Networking. Status: Entry
Reference: BUGTRAQ:20000301 IE 5.x allows executing arbitrary programs using .chm files
Reference: BID:1033
Reference: URL:http://www.securityfocus.com/bid/1033

Description:
Microsoft SQL Server 7.0 and Microsoft Data Engine (MSDE) 1.0 allow remote attackers to gain privileges via a malformed Select statement in an SQL query. Status: Entry
Reference: MS:MS00-014
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-014.mspx
Reference: BID:1041
Reference: URL:http://www.securityfocus.com/bid/1041

Description:
The installation of Oracle 8.1.5.x on Linux follows symlinks and creates the orainstRoot.sh file with world-writeable permissions, which allows local users to gain privileges. Status: Entry
Reference: BUGTRAQ:20000305 Oracle installer problem
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0023.html
Reference: BID:1035
Reference: URL:http://www.securityfocus.com/bid/1035

Description:
SGI InfoSearch CGI program infosrch.cgi allows remote attackers to execute commands via shell metacharacters. Status: Entry
Reference: BUGTRAQ:20000301 infosrch.cgi vulnerability (IRIX 6.5)
Reference: SGI:20000501-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20000501-01-P
Reference: XF:irix-infosrch-fname
Reference: BID:1031
Reference: URL:http://www.securityfocus.com/bid/1031

Description:
The htdig (ht://Dig) CGI program htsearch allows remote attackers to read arbitrary files by enclosing the file name with backticks (`) in parameters to htsearch. Status: Entry
Reference: BUGTRAQ:20000228 ht://Dig remote information exposure
Reference: FREEBSD:FreeBSD-SA-00:06
Reference: DEBIAN:20000227
Reference: TURBO:TLSA200005-1
Reference: BID:1026
Reference: URL:http://www.securityfocus.com/bid/1026

Description:
Buffer overflow in Lynx 2.x allows remote attackers to crash Lynx and possibly execute commands via a long URL in a malicious web page. Status: Entry
Reference: BUGTRAQ:20000227 lynx - someone is deaf and blind ;)
Reference: FREEBSD:FreeBSD-SA-00:08
Reference: BID:1012
Reference: URL:http://www.securityfocus.com/bid/1012

Description:
The lit program in Sun Flex License Manager (FlexLM) follows symlinks, which allows local users to modify arbitrary files. Status: Entry
Reference: BUGTRAQ:20000221 flex license manager tempfile predictable name...
Reference: BID:998
Reference: URL:http://www.securityfocus.com/bid/998

Description:
The Windows Media server allows remote attackers to cause a denial of service via a series of client handshake packets that are sent in an improper sequence, aka the "Misordered Windows Media Services Handshake" vulnerability. Status: Entry
Reference: MS:MS00-013
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-013.mspx
Reference: XF:win-media-dos
Reference: BID:1000
Reference: URL:http://www.securityfocus.com/bid/1000

Description:
InterAccess TelnetID Server 4.0 allows remote attackers to conduct a denial of service via malformed terminal client configuration information. Status: Entry
Reference: BUGTRAQ:20000224 Local / Remote D.o.S Attack in InterAccess TelnetD Server Release 4.0 *ALL BUILDS* for WinNT Vulnerability
Reference: BID:1001
Reference: URL:http://www.securityfocus.com/bid/1001
Reference: XF:interaccess-telnet-dos(4033)
Reference: URL:http://xforce.iss.net/xforce/xfdb/4033

Description:
Vulnerability in SCO cu program in UnixWare 7.x allows local users to gain privileges. Status: Entry
Reference: SCO:SB-00.05
Reference: BID:1019
Reference: URL:http://www.securityfocus.com/bid/1019

Description:
The default configuration of SSH allows X forwarding, which could allow a remote attacker to control a client's X sessions via a malicious xauth program. Status: Entry
Reference: BUGTRAQ:20000224 SSH & xauth
Reference: BID:1006
Reference: URL:http://www.securityfocus.com/bid/1006

Description:
Buffer overflow in Linux mount and umount allows local users to gain root privileges via a long relative pathname. Status: Entry
Reference: SUSE:20000210 util < 2.10f
Reference: CALDERA:CSSA-2000-002.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2000-002.0.txt
Reference: OSVDB:6980
Reference: URL:http://www.osvdb.org/6980
Reference: OSVDB:7004
Reference: URL:http://www.osvdb.org/7004

Description:
The Nautica Marlin bridge allows remote attackers to cause a denial of service via a zero length UDP packet to the SNMP port. Status: Entry
Reference: BUGTRAQ:20000225 Scorpion Marlin
Reference: BID:1009
Reference: URL:http://www.securityfocus.com/bid/1009

Description:
The installation for Windows 2000 does not activate the Administrator password until the system has rebooted, which allows remote attackers to connect to the ADMIN$ share without a password until the reboot occurs. Status: Entry
Reference: BUGTRAQ:20000215 Windows 2000 installation process weakness
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000215155750.M4500@safe.hsc.fr
Reference: BID:990
Reference: URL:http://www.securityfocus.com/bid/990

Description:
Buffer overflow in the wmcdplay CD player program for the WindowMaker desktop allows local users to gain root privileges via a long parameter. Status: Entry
Reference: BUGTRAQ:20000311 TESO advisory -- wmcdplay
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0107.html
Reference: BID:1047
Reference: URL:http://www.securityfocus.com/bid/1047

Description:
ARCserve agent in SCO UnixWare 7.x allows local attackers to gain root privileges via a symlink attack. Status: Entry
Reference: NAI:20000215 ARCserve symlink vulnerability
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-15&msg=000101bf78af$94528870$4d2f45a1@jmagdych.na.nai.com
Reference: SCO:SSE063
Reference: XF:sco-openserver-arc-symlink

Description:
The Pocsag POC32 program does not properly prevent remote users from accessing its server port, even if the option has been disabled. Status: Entry
Reference: BUGTRAQ:20000303 Pocsag remote access to client can't be disabled.
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=003601bf854b$6893a090$0100a8c0@FIREWALKER
Reference: BID:1032
Reference: URL:http://www.securityfocus.com/bid/1032
Reference: XF:telnet-pocsag
Reference: OSVDB:259
Reference: URL:http://www.osvdb.org/259

Description:
IIS 4.0 allows attackers to cause a denial of service by requesting a large buffer in a POST or PUT command which consumes memory, aka the "Chunked Transfer Encoding Buffer Overflow Vulnerability." Status: Entry
Reference: MS:MS00-018
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-018.asp
Reference: BID:1066
Reference: URL:http://www.securityfocus.com/bid/1066
Reference: XF:iis-chunked-encoding-dos

Description:
Microsoft Windows Media License Manager allows remote attackers to cause a denial of service by sending a malformed request that causes the manager to halt, aka the "Malformed Media License Request" Vulnerability. Status: Entry
Reference: MS:MS00-016
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-016.asp
Reference: BID:1058
Reference: URL:http://www.securityfocus.com/bid/1058
Reference: XF:mwmt-malformed-media-license

Description:
gpm-root in the gpm package does not properly drop privileges, which allows local users to gain privileges by starting a utility from gpm-root. Status: Entry
Reference: BUGTRAQ:20000322 gpm-root
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0242.html
Reference: SUSE:20000405 Security hole in gpm < 1.18.1
Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_45.html
Reference: REDHAT:RHSA-2000:009
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-009.html
Reference: REDHAT:RHSA-2000:045
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-045.html
Reference: BID:1069
Reference: URL:http://www.securityfocus.com/bid/1069
Reference: XF:linux-gpm-root

Description:
Buffer overflow in imwheel allows local users to gain root privileges via the imwheel-solo script and a long HOME environmental variable. Status: Entry
Reference: BUGTRAQ:20000316 TESO & C-Skills development advisory -- imwheel
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0168.html
Reference: REDHAT:RHSA-2000:016
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-016.html
Reference: XF:linux-imwheel-bo
Reference: BID:1060
Reference: URL:http://www.securityfocus.com/bid/1060

Description:
Linux kreatecd trusts a user-supplied path that is used to find the cdrecord program, allowing local users to gain root privileges. Status: Entry
Reference: BUGTRAQ:20000316 "TESO & C-Skills development advisory -- kreatecd" at:
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0162.html
Reference: SUSE:20000405 Security hole in kreatecd < 0.3.8b
Reference: XF:linux-kreatecd-path
Reference: BID:1061
Reference: URL:http://www.securityfocus.com/bid/1061

Description:
Microsoft TCP/IP Printing Services, aka Print Services for Unix, allows an attacker to cause a denial of service via a malformed TCP/IP print request. Status: Entry
Reference: MS:MS00-021
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-021.asp
Reference: BUGTRAQ:20000330 Remote DoS Attack in Windows 2000/NT 4.0 TCP/IP Print Request Server Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0306.html
Reference: BID:1082
Reference: URL:http://www.securityfocus.com/bid/1082
Reference: XF:win-tcpip-printing-dos

Description:
SuSE Linux IMAP server allows remote attackers to bypass IMAP authentication and gain privileges. Status: Entry
Reference: SUSE:20000327 Security hole in SuSE Linux IMAP Server
Reference: URL:http://archives.neohapsis.com/archives/vendor/2000-q1/0035.html
Reference: XF:linux-imap-remote-unauthorized-access

Description:
The default configuration of Cobalt RaQ2 and RaQ3 as specified in access.conf allows remote attackers to view sensitive contents of a .htaccess file. Status: Entry
Reference: BUGTRAQ:20000330 Cobalt apache configuration exposes .htaccess
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000330220757.28456.qmail@securityfocus.com
Reference: CONFIRM:http://www.securityfocus.com/templates/advisory.html?id=2150
Reference: BID:1083
Reference: URL:http://www.securityfocus.com/bid/1083
Reference: XF:cobalt-raq-remote-access

Description:
Buffer overflow in the huh program in the orville-write package allows local users to gain root privileges. Status: Entry
Reference: FREEBSD:FreeBSD-SA-00:10
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:10-orville-write.asc
Reference: BID:1070
Reference: URL:http://www.securityfocus.com/bid/1070
Reference: XF:freebsd-orvillewrite-bo
Reference: OSVDB:1263
Reference: URL:http://www.osvdb.org/1263

Description:
Netscape Enterprise Server with Directory Indexing enabled allows remote attackers to list server directories via web publishing tags such as ?wp-ver-info and ?wp-cs-dump. Status: Entry
Reference: BUGTRAQ:20000317 [SAFER 000317.EXP.1.5] Netscape Enterprise Server and '?wp' tags
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=38D2173D.24E39DD0@relaygroup.com
Reference: BID:1063
Reference: URL:http://www.securityfocus.com/bid/1063
Reference: XF:netscape-server-directory-indexing

Description:
Netscape Enterprise Server with Web Publishing enabled allows remote attackers to list arbitrary directories via a GET request for the /publisher directory, which provides a Java applet that allows the attacker to browse the directories. Status: Entry
Reference: MISC:http://zsh.stupidphat.com/advisory.cgi?000311-1
Reference: BID:1075
Reference: URL:http://www.securityfocus.com/bid/1075
Reference: XF:netscape-webpublisher-invalid-access

Description:
Buffer overflow in the web server for Norton AntiVirus for Internet Email Gateways allows remote attackers to cause a denial of service via a long URL. Status: Entry
Reference: BUGTRAQ:20000317 DoS with NAVIEG
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=s8d1f3e3.036@kib.co.kodiak.ak.us
Reference: XF:nav-email-gateway-dos
Reference: BID:1064
Reference: URL:http://www.securityfocus.com/bid/1064

Description:
vqSoft vqServer program allows remote attackers to read arbitrary files via a /........../ in the URL, a variation of a .. (dot dot) attack. Status: Entry
Reference: BUGTRAQ:20000321 vqserver /........../
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=4.1.20000321084646.0095c7f0@olga.swip.net
Reference: CONFIRM:http://www.vqsoft.com/vq/server/faqs/dotdotbug.html
Reference: XF:vqserver-dir-traverse
Reference: BID:1067
Reference: URL:http://www.securityfocus.com/bid/1067
Reference: OSVDB:270
Reference: URL:http://www.osvdb.org/270

Description:
AnalogX SimpleServer:WWW HTTP server 1.03 allows remote attackers to cause a denial of service via a short GET request to cgi-bin. Status: Entry
Reference: BUGTRAQ:20000324 AnalogX SimpleServer 1.03 Remote Crash" at:
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=web-5645555@post2.rnci.com
Reference: MISC:http://www.analogx.com/contents/download/network/sswww.htm
Reference: XF:simpleserver-exception-dos(4189)
Reference: URL:http://xforce.iss.net/static/4189.php
Reference: BID:1076
Reference: URL:http://www.securityfocus.com/bid/1076
Reference: OSVDB:1265
Reference: URL:http://www.osvdb.org/1265

Description:
Vulnerability in SGI IRIX objectserver daemon allows remote attackers to create user accounts. Status: Entry
Reference: BUGTRAQ:20000328 Objectserver vulnerability
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200003290852.aa27218@blaze.arl.mil
Reference: SGI:20000303-01-PX
Reference: URL:ftp://sgigate.sgi.com/security/20000303-01-PX
Reference: CIAC:K-030
Reference: URL:http://www.ciac.org/ciac/bulletins/k-030.shtml
Reference: BID:1079
Reference: URL:http://www.securityfocus.com/bid/1079
Reference: OSVDB:1267
Reference: URL:http://www.osvdb.org/1267
Reference: XF:irix-objectserver-create-accounts(4206)
Reference: URL:http://xforce.iss.net/xforce/xfdb/4206

Description:
IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mapped to a UNC share, which allows remote attackers to read the source code of ASP and other files, aka the "Virtualized UNC Share" vulnerability. Status: Entry
Reference: MS:MS00-019
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-019.asp
Reference: MSKB:Q249599
Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=249599
Reference: BID:1081
Reference: URL:http://www.securityfocus.com/bid/1081
Reference: XF:iis-virtual-unc-share

Description:
Unknown vulnerability in Generic-NQS (GNQS) allows local users to gain root privileges. Status: Entry
Reference: BUGTRAQ:20000322 Local root compromise in GNQS 3.50.6 and 3.50.7
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0236.html
Reference: MISC:http://ftp.gnqs.org/pub/gnqs/source/by-version-number/v3.50/Generic-NQS-3.50.8-ChangeLog.txt
Reference: FREEBSD:FreeBSD-SA-00:13
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:13.generic-nqs.asc
Reference: BID:1842
Reference: URL:http://www.securityfocus.com/bid/1842
Reference: XF:generic-nqs-local-root(4306)
Reference: URL:http://xforce.iss.net/xforce/xfdb/4306

Description:
The AIX Fast Response Cache Accelerator (FRCA) allows local users to modify arbitrary files via the configuration capability in the frcactrl program. Status: Entry
Reference: ISS:20000426 Insecure file handling in IBM AIX frcactrl program
Reference: URL:http://xforce.iss.net/alerts/advise47.php3
Reference: IBM:ERS-OAR-E01-2000:075.1
Reference: XF:aix-frcactrl
Reference: BID:1152
Reference: URL:http://www.securityfocus.com/bid/1152

Description:
HP-UX 11.04 VirtualVault (VVOS) sends data to unprivileged processes via an interface that has multiple aliased IP addresses. Status: Entry
Reference: HP:HPSBUX0004-112
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0021.html
Reference: BID:1090
Reference: URL:http://www.securityfocus.com/bid/1090
Reference: XF:hp-virtual-vault

Description:
The dansie shopping cart application cart.pl allows remote attackers to execute commands via a shell metacharacters in a form variable. Status: Entry
Reference: BUGTRAQ:20000411 Back Door in Commercial Shopping Cart
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0051.html
Reference: BID:1115
Reference: URL:http://www.securityfocus.com/bid/1115
Reference: XF:dansie-shell-metacharacters
Reference: URL:http://xforce.iss.net/static/4975.php

Description:
The dansie shopping cart application cart.pl allows remote attackers to modify sensitive purchase information via hidden form fields. Status: Entry
Reference: BUGTRAQ:20000411 Re: Back Door in Commercial Shopping Cart
Reference: BID:1115
Reference: URL:http://www.securityfocus.com/bid/1115
Reference: XF:shopping-cart-form-tampering
Reference: URL:http://xforce.iss.net/static/4621.php

Description:
The dansie shopping cart application cart.pl allows remote attackers to obtain the shopping cart database and configuration information via a URL that references either the env, db, or vars form variables. Status: Entry
Reference: BUGTRAQ:20000411 Re: Back Door in Commercial Shopping Cart
Reference: BID:1115
Reference: URL:http://www.securityfocus.com/bid/1115
Reference: XF:dansie-form-variables
Reference: URL:http://xforce.iss.net/static/4954.php

Description:
The Nbase-Xyplex EdgeBlaster router allows remote attackers to cause a denial of service via a scan for the FormMail CGI program. Status: Entry
Reference: BUGTRAQ:20000405 SilverBack Security Advisory: Nbase-Xyplex DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0022.html
Reference: BID:1091
Reference: URL:http://www.securityfocus.com/bid/1091
Reference: XF:nbase-xyplex-router

Description:
Buffer overflow in the NetWare remote web administration utility allows remote attackers to cause a denial of service or execute commands via a long URL. Status: Entry
Reference: BUGTRAQ:20000418 Novell Netware 5.1 (server 5.00h, Dec 11, 1999)...
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.21.0004171825340.10088-100000@nimue.tpi.pl
Reference: BID:1118
Reference: URL:http://www.securityfocus.com/bid/1118
Reference: XF:netware-remote-admin-overflow

Description:
IIS 4.0 and 5.0 allows remote attackers to cause a denial of service by sending many URLs with a large number of escaped characters, aka the "Myriad Escaped Characters" Vulnerability. Status: Entry
Reference: MS:MS00-023
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-023.asp
Reference: BID:1101
Reference: URL:http://www.securityfocus.com/bid/1101

Description:
Buffer overflow in the dvwssr.dll DLL in Microsoft Visual Interdev 1.0 allows users to cause a denial of service or execute commands, aka the "Link View Server-Side Component" vulnerability. Status: Entry
Reference: MS:MS00-025
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-025.asp
Reference: BID:1109
Reference: URL:http://www.securityfocus.com/bid/1109
Reference: OSVDB:282
Reference: URL:http://www.osvdb.org/282

Description:
The AVM KEN! web server allows remote attackers to read arbitrary files via a .. (dot dot) attack. Status: Entry
Reference: BUGTRAQ:20000415 (no subject)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0073.html
Reference: BUGTRAQ:20000418 AVM's Statement
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=383085010.956159226625.JavaMail.root@web305-mc.mail.com
Reference: XF:ken-download-files
Reference: BID:1103
Reference: URL:http://www.securityfocus.com/bid/1103
Reference: OSVDB:1282
Reference: URL:http://www.osvdb.org/1282

Description:
The AVM KEN! ISDN Proxy server allows remote attackers to cause a denial of service via a malformed request. Status: Entry
Reference: BUGTRAQ:20000415 (no subject)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0073.html
Reference: BUGTRAQ:20000418 AVM's Statement
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=383085010.956159226625.JavaMail.root@web305-mc.mail.com
Reference: BID:1103
Reference: URL:http://www.securityfocus.com/bid/1103
Reference: XF:ken-dos

Description:
The X font server xfs in Red Hat Linux 6.x allows an attacker to cause a denial of service via a malformed request. Status: Entry
Reference: BUGTRAQ:20000416 xfs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0079.html
Reference: XF:redhat-fontserver-dos
Reference: BID:1111
Reference: URL:http://www.securityfocus.com/bid/1111

Description:
Panda Security 3.0 with registry editing disabled allows users to edit the registry and gain privileges by directly executing a .reg file or using other methods. Status: Entry
Reference: BUGTRAQ:20000417 bugs in Panda Security 3.0
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=38FB45F2.550EA000@teleline.es
Reference: CONFIRM:http://updates.pandasoftware.com/docs/us/Avoidvulnerability.zip
Reference: XF:panda-admin-privileges
Reference: BID:1119
Reference: URL:http://www.securityfocus.com/bid/1119

Description:
Panda Security 3.0 allows users to uninstall the Panda software via its Add/Remove Programs applet. Status: Entry
Reference: BUGTRAQ:20000417 bugs in Panda Security 3.0
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=38FB45F2.550EA000@teleline.es
Reference: CONFIRM:http://updates.pandasoftware.com/docs/us/Avoidvulnerability.zip
Reference: BID:1119
Reference: URL:http://www.securityfocus.com/bid/1119
Reference: XF:panda-uninstall-program

Description:
Cisco Catalyst 5.4.x allows a user to gain access to the "enable" mode without a password. Status: Entry
Reference: CISCO:20000419 Cisco Catalyst Enable Password Bypass Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/catos-enable-bypass-pub.shtml
Reference: XF:cisco-catalyst-password-bypass
Reference: BID:1122
Reference: URL:http://www.securityfocus.com/bid/1122
Reference: OSVDB:1288
Reference: URL:http://www.osvdb.org/1288

Description:
Cisco IOS 11.x and 12.x allows remote attackers to cause a denial of service by sending the ENVIRON option to the Telnet daemon before it is ready to accept it, which causes the system to reboot. Status: Entry
Reference: CISCO:20000420 Cisco IOS Software TELNET Option Handling Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/iostelnetopt-pub.shtml
Reference: BID:1123
Reference: URL:http://www.securityfocus.com/bid/1123
Reference: XF:cisco-ios-option-handling
Reference: OSVDB:1289
Reference: URL:http://www.osvdb.org/1289

Description:
RealNetworks RealServer allows remote attackers to cause a denial of service by sending malformed input to the server at port 7070. Status: Entry
Reference: BUGTRAQ:20000420 Remote DoS attack in Real Networks Real Server Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95625288231045&w=2
Reference: CONFIRM:http://service.real.com/help/faq/servg270.html
Reference: XF:realserver-remote-dos
Reference: BID:1128
Reference: URL:http://www.securityfocus.com/bid/1128

Description:
PCAnywhere allows remote attackers to cause a denial of service by terminating the connection before PCAnywhere provides a login prompt. Status: Entry
Reference: BUGTRAQ:20000409 A funny way to DOS pcANYWHERE8.0 and 9.0
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0031.html
Reference: BID:1095
Reference: URL:http://www.securityfocus.com/bid/1095
Reference: XF:pcanywhere-login-dos

Description:
The Linux trustees kernel patch allows attackers to cause a denial of service by accessing a file or directory with a long name. Status: Entry
Reference: BUGTRAQ:20000410 linux trustees 1.5 long path name vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0035.html
Reference: CONFIRM:http://www.braysystems.com/linux/trustees.html
Reference: XF:linux-trustees-patch-dos
Reference: BID:1096
Reference: URL:http://www.securityfocus.com/bid/1096

Description:
BeOS 4.5 and 5.0 allow local users to cause a denial of service via malformed direct system calls using interrupt 37. Status: Entry
Reference: BUGTRAQ:20000410 BeOS syscall bug
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000410131628.659.qmail@securityfocus.com
Reference: BID:1098
Reference: URL:http://www.securityfocus.com/bid/1098
Reference: XF:beos-syscall-dos

Description:
Microsoft Excel 97 and 2000 does not warn the user when executing Excel Macro Language (XLM) macros in external text files, which could allow an attacker to execute a macro virus, aka the "XLM Text Macro" vulnerability. Status: Entry
Reference: MS:MS00-022
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-022.asp
Reference: BID:1087
Reference: URL:http://www.securityfocus.com/bid/1087
Reference: OSVDB:1272
Reference: URL:http://www.osvdb.org/1272

Description:
The SalesLogix Eviewer allows remote attackers to cause a denial of service by accessing the URL for the slxweb.dll administration program, which does not authenticate the user. Status: Entry
Reference: BUGTRAQ:20000331 SalesLogix Eviewer Web App Bug: URL request crashes eviewer web application
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/current/0006.html
Reference: BID:1089
Reference: URL:http://www.securityfocus.com/bid/1089
Reference: XF:eviewer-admin-request-dos

Description:
BeOS allows remote attackers to cause a denial of service via malformed packets whose length field is less than the length of the headers. Status: Entry
Reference: BUGTRAQ:20000407 BeOS Networking DOS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0029.html
Reference: MISC:http://bebugs.be.com/devbugs/detail.php3?oid=2505312
Reference: BID:1100
Reference: URL:http://www.securityfocus.com/bid/1100
Reference: XF:beos-networking-dos

Description:
TalentSoft webpsvr daemon in the Web+ shopping cart application allows remote attackers to read arbitrary files via a .. (dot dot) attack on the webplus CGI program. Status: Entry
Reference: BUGTRAQ:20000412 TalentSoft Web+ Input Validation Bug Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0050.html
Reference: CONFIRM:ftp://ftp.talentsoft.com/Download/Webplus/Unix/Patches/Webplus46p%20Read%20me.html
Reference: BID:1102
Reference: URL:http://www.securityfocus.com/bid/1102
Reference: XF:talentsoft-web-input

Description:
The default installation of IRIX Performance Copilot allows remote attackers to access sensitive system information via the pmcd daemon. Status: Entry
Reference: BUGTRAQ:20000412 Performance Copilot for IRIX 6.5
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0056.html
Reference: BID:1106
Reference: URL:http://www.securityfocus.com/bid/1106
Reference: XF:irix-pmcd-info

Description:
Buffer overflow in XFree86 3.3.x allows local users to execute arbitrary commands via a long -xkbmap parameter. Status: Entry
Reference: BUGTRAQ:20000416 XFree86 server overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0076.html
Reference: BID:1306
Reference: URL:http://www.securityfocus.com/bid/1306
Reference: XF:xfree86-xkbmap-parameter-bo

Description:
The BizDB CGI script bizdb-search.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the dbname parameter. Status: Entry
Reference: BUGTRAQ:20000412 BizDB Search Script Enables Shell Command Execution at the Server
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0058.html
Reference: BID:1104
Reference: URL:http://www.securityfocus.com/bid/1104
Reference: XF:http-cgi-bizdb

Description:
IP masquerading in Linux 2.2.x allows remote attackers to route UDP packets through the internal interface by modifying the external source IP address and port number to match those of an established connection. Status: Entry
Reference: BUGTRAQ:20000327 Security Problems with Linux 2.2.x IP Masquerading
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0284.html
Reference: SUSE:20000520 Security hole in kernel < 2.2.15
Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_48.html
Reference: BID:1078
Reference: URL:http://www.securityfocus.com/bid/1078
Reference: XF:linux-masquerading-dos

Description:
Buffer overflow in Webstar HTTP server allows remote attackers to cause a denial of service via a long GET request. Status: Entry
Reference: BUGTRAQ:20000331 Webstar 4.0 Buffer overflow vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0005.html
Reference: XF:macos-webstar-get-bo(4792)
Reference: URL:http://xforce.iss.net/static/4792.php
Reference: BID:1822
Reference: URL:http://www.securityfocus.com/bid/1822

Description:
The Adtran MX2800 M13 Multiplexer allows remote attackers to cause a denial of service via a ping flood to the Ethernet interface, which causes the device to crash. Status: Entry
Reference: BUGTRAQ:20000418 Adtran DoS
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.10004190908140.32750-100000@localhost.localdomain
Reference: BID:1129
Reference: URL:http://www.securityfocus.com/bid/1129
Reference: XF:adtran-ping-dos

Description:
Buffer overflow in healthd for FreeBSD allows local users to gain root privileges. Status: Entry
Reference: FREEBSD:FreeBSD-SA-00:12
Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2162
Reference: BID:1107
Reference: URL:http://www.securityfocus.com/bid/1107
Reference: XF:freebsd-healthd
Reference: OSVDB:606
Reference: URL:http://www.osvdb.org/606

Description:
fcheck allows local users to gain privileges by embedding shell metacharacters into file names that are processed by fcheck. Status: Entry
Reference: BUGTRAQ:20000331 fcheck v.2.7.45 and insecure use of Perl's system()
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/current/0011.html
Reference: BID:1086
Reference: URL:http://www.securityfocus.com/bid/1086
Reference: XF:fcheck-shell

Description:
Allaire Forums 2.0.5 allows remote attackers to bypass access restrictions to secure conferences via the rightAccessAllForums or rightModerateAllForums variables. Status: Entry
Reference: ALLAIRE:ASB00-06
Reference: URL:http://www2.allaire.com/handlers/index.cfm?ID=15099&Method=Full
Reference: BID:1085
Reference: URL:http://www.securityfocus.com/bid/1085
Reference: XF:allaire-forums-allaccess
Reference: OSVDB:1270
Reference: URL:http://www.osvdb.org/1270

Description:
The unattended installation of Windows 2000 with the OEMPreinstall option sets insecure permissions for the All Users and Default Users directories. Status: Entry
Reference: NTBUGTRAQ:20000407 All Users startup folder left open if unattended install and OEMP reinstall=1
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0027.html
Reference: XF:win2k-unattended-install(4278)
Reference: URL:http://xforce.iss.net/static/4278.php
Reference: BID:1758
Reference: URL:http://www.securityfocus.com/bid/1758

Description:
Ipswitch IMAIL server 6.02 and earlier allows remote attackers to cause a denial of service via the AUTH CRAM-MD5 command. Status: Entry
Reference: BUGTRAQ:20000405 Re: IMAIL (Ipswitch) DoS with Eudora (Qualcomm)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95505800117143&w=2
Reference: CONFIRM:http://support.ipswitch.com/kb/IM-20000208-DM02.htm
Reference: BID:1094
Reference: URL:http://www.securityfocus.com/bid/1094
Reference: XF:ipswitch-imail-dos

Description:
Microsoft Index Server allows remote attackers to view the source code of ASP files by appending a %20 to the filename in the CiWebHitsFile argument to the null.htw URL. Status: Entry
Reference: BUGTRAQ:20000331 Alert: MS Index Server (CISADV000330)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95453598317340&w=2
Reference: MS:MS00-006
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-006.asp
Reference: BID:1084
Reference: URL:http://www.securityfocus.com/bid/1084
Reference: XF:http-indexserver-asp-source
Reference: OSVDB:271
Reference: URL:http://www.osvdb.org/271

Description:
Quake3 Arena allows malicious server operators to read or modify files on a client via a dot dot (..) attack. Status: Entry
Reference: ISS:20000503 Vulnerability in Quake3Arena Auto-Download Feature
Reference: URL:http://xforce.iss.net/alerts/advise50.php3
Reference: CONFIRM:http://www.quake3arena.com/news/index.html
Reference: BID:1169
Reference: URL:http://www.securityfocus.com/bid/1169
Reference: XF:quake3-auto-download
Reference: OSVDB:7531
Reference: URL:http://www.osvdb.org/7531

Description:
Microsoft IIS 4.0 and 5.0 with the IISADMPWD virtual directory installed allows a remote attacker to cause a denial of service via a malformed request to the inetinfo.exe program, aka the "Undelimited .HTR Request" vulnerability. Status: Entry
Reference: ISS:20000511 Microsoft IIS Remote Denial of Service Attack
Reference: URL:http://xforce.iss.net/alerts/advise52.php3
Reference: MS:MS00-031
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-031.mspx
Reference: BID:1191
Reference: URL:http://www.securityfocus.com/bid/1191
Reference: XF:iis-authchangeurl-dos

Description:
Windows 95, Windows 98, Windows 2000, Windows NT 4.0, and Terminal Server systems allow a remote attacker to cause a denial of service by sending a large number of identical fragmented IP packets, aka jolt2 or the "IP Fragment Reassembly" vulnerability. Status: Entry
Reference: BINDVIEW:20000519 jolt2 - Remote DoS against NT, W2K, 9x
Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2240
Reference: MS:MS00-029
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-029.asp
Reference: BID:1236
Reference: URL:http://www.securityfocus.com/bid/1236
Reference: XF:ip-fragment-reassembly-dos

Description:
Buffer overflow in calserver in SCO OpenServer allows remote attackers to gain root access via a long message. Status: Entry
Reference: SCO:SB-99.02
Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-99.02a
Reference: BUGTRAQ:19981229 Local/remote exploit for SCO UNIX.
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=1998-12-29&msg=AAh6GYsGU1@leshka.chuvashia.su

Description:
Vulnerability in xserver in SCO UnixWare 2.1.x and OpenServer 5.05 and earlier allows an attacker to cause a denial of service which prevents access to reserved port numbers below 1024. Status: Entry
Reference: SCO:SB-99.07
Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-99.07b

Description:
Insecure file permissions for Netscape FastTrack Server 2.x, Enterprise Server 2.0, and Proxy Server 2.5 in SCO UnixWare 7.0.x and 2.1.3 allow an attacker to gain root privileges. Status: Entry
Reference: SCO:SB-99.08
Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-99.08a

Description:
The i386 trace-trap handling in OpenBSD 2.4 with DDB enabled allows a local user to cause a denial of service. Status: Entry
Reference: OPENBSD:19990212 i386 trace-trap handling when DDB was configured could cause a system crash.
Reference: URL:http://www.openbsd.org/errata24.html#trctrap
Reference: OSVDB:6126
Reference: URL:http://www.osvdb.org/6126

Description:
IP fragment assembly in OpenBSD 2.4 allows a remote attacker to cause a denial of service by sending a large number of fragmented packets. Status: Entry
Reference: OPENBSD:19990217 IP fragment assembly can bog the machine excessively and cause problems.
Reference: URL:http://www.openbsd.org/errata24.html#maxqueue
Reference: OSVDB:7539
Reference: URL:http://www.osvdb.org/7539

Description:
The Windows 2000 domain controller allows a malicious user to modify Active Directory information by modifying an unprotected attribute, aka the "Mixed Object Access" vulnerability. Status: Entry
Reference: MS:MS00-026
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-026.asp
Reference: XF:ms-mixed-object
Reference: BID:1145
Reference: URL:http://www.securityfocus.com/bid/1145

Description:
Vulnerability in OpenBSD 2.6 allows a local user to change interface media configurations. Status: Entry
Reference: OPENBSD:19991109 Any user can change interface media configurations.
Reference: URL:http://www.openbsd.org/errata.html#ifmedia
Reference: OSVDB:7540
Reference: URL:http://www.osvdb.org/7540

Description:
traceroute in NetBSD 1.3.3 and Linux systems allows local users to flood other systems by providing traceroute with a large waittime (-w) option, which is not parsed properly and sets the time delay for sending packets to zero. Status: Entry
Reference: BUGTRAQ:19990213 traceroute as a flooder
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91893782027835&w=2
Reference: NETBSD:NetBSD-SA1999-004
Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA1999-004.txt.asc
Reference: OSVDB:7574
Reference: URL:http://www.osvdb.org/7574

Description:
traceroute in NetBSD 1.3.3 and Linux systems allows local unprivileged users to modify the source address of the packets, which could be used in spoofing attacks. Status: Entry
Reference: BUGTRAQ:19990213 traceroute as a flooder
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91893782027835&w=2
Reference: NETBSD:NetBSD-SA1999-004
Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA1999-004.txt.asc
Reference: OSVDB:7575
Reference: URL:http://www.osvdb.org/7575

Description:
Buffer overflow in Solaris 7 lp allows local users to gain root privileges via a long -d option. Status: Entry
Reference: BUGTRAQ:20000424 Solaris 7 x86 lp exploit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0191.html
Reference: SUNBUG:4314312
Reference: BID:1143
Reference: URL:http://www.securityfocus.com/bid/1143
Reference: XF:solaris-lp-bo

Description:
Atrium Mercur Mail Server 3.2 allows local attackers to read other user's email and create arbitrary files via a dot dot (..) attack. Status: Entry
Reference: NTBUGTRAQ:20000413 Security problems with Atrium Mercur Mailserver 3.20
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0057.html
Reference: BID:1144
Reference: URL:http://www.securityfocus.com/bid/1144
Reference: XF:mercur-remote-dot-attack

Description:
mail.local in Sendmail 8.10.x does not properly identify the .\n string which identifies the end of message text, which allows a remote attacker to cause a denial of service or corrupt mailboxes via a message line that is 2047 characters long and ends in .\n. Status: Entry
Reference: BUGTRAQ:20000424 unsafe fgets() in sendmail's mail.local
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=2694.000424@SECURITY.NNOV.RU
Reference: XF:sendmail-maillocal-dos
Reference: BID:1146
Reference: URL:http://www.securityfocus.com/bid/1146

Description:
Qpopper 2.53 and 3.0 does not properly identify the \n string which identifies the end of message text, which allows a remote attacker to cause a denial of service or corrupt mailboxes via a message line that is 1023 characters long and ends in \n. Status: Entry
Reference: BUGTRAQ:20000421 unsafe fgets() in qpopper
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=9763.000421@SECURITY.NNOV.RU
Reference: BID:1133
Reference: URL:http://www.securityfocus.com/bid/1133
Reference: XF:qpopper-fgets-spoofing

Description:
The passwd.php3 CGI script in the Red Hat Piranha Virtual Server Package allows local users to execure arbitrary commands via shell metacharacters. Status: Entry
Reference: BUGTRAQ:20000424 piranha default password/exploit
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Enip.BSO.23.0004241601140.28851-100000@www.whitehats.com
Reference: REDHAT:RHSA-2000:014
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-014.html
Reference: BID:1149
Reference: URL:http://www.securityfocus.com/bid/1149
Reference: XF:piranha-passwd-execute

Description:
The Microsoft Jet database engine allows an attacker to modify text files via a database query, aka the "Text I-ISAM" vulnerability. Status: Entry
Reference: BUGTRAQ:19990728 Alert : MS Office 97 Vulnerability
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=1999-08-22&msg=19990729195531.25108.qmail@underground.org
Reference: MS:MS99-030
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-030.asp
Reference: XF:jet-text-isam
Reference: BID:595
Reference: URL:http://www.securityfocus.com/level2/?go=vulnerabilities&id=595

Description:
pcAnywhere 8.x and 9.0 allows remote attackers to cause a denial of service via a TCP SYN scan, e.g. by nmap. Status: Entry
Reference: BUGTRAQ:20000425 Denial of Service Against pcAnywhere.
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.3.96.1000425150157.13567A-100000@sword.damocles.com
Reference: BUGTRAQ:20010211 Symantec pcAnywhere 9.0 DoS / Buffer Overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0201.html
Reference: BUGTRAQ:20010212 Re: Symantec pcAnywhere 9.0 DoS / Buffer Overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0258.html
Reference: BID:1150
Reference: URL:http://www.securityfocus.com/bid/1150
Reference: XF:pcanywhere-tcpsyn-dos(4347)
Reference: URL:http://www.iss.net/security_center/static/4347.php
Reference: OSVDB:1301
Reference: URL:http://www.osvdb.org/1301

Description:
Microsoft Virtual Machine (VM) allows remote attackers to escape the Java sandbox and execute commands via an applet containing an illegal cast operation, aka the "Virtual Machine Verifier" vulnerability. Status: Entry
Reference: BUGTRAQ:19991014 Another Microsoft Java Flaw Disovered
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93993545118416&w=2
Reference: MS:MS99-045
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-045.asp
Reference: XF:msvm-verifier-java

Description:
Windows NT 4.0 generates predictable random TCP initial sequence numbers (ISN), which allows remote attackers to perform spoofing and session hijacking. Status: Entry
Reference: BUGTRAQ:19990824 NT Predictable Initial TCP Sequence numbers - changes observed with SP4
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=4.1.19990824165629.00abcb40@192.168.124.1
Reference: MS:MS99-046
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-046.asp
Reference: BID:604
Reference: URL:http://www.securityfocus.com/bid/604
Reference: XF:nt-sequence-prediction-sp4
Reference: XF:tcp-seq-predict

Description:
A Microsoft ActiveX control allows a remote attacker to execute a malicious cabinet file via an attachment and an embedded script in an HTML mail, aka the "Active Setup Control" vulnerability. Status: Entry
Reference: MS:MS99-048
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-048.asp
Reference: XF:ie-active-setup-control

Description:
The networking software in Windows 95 and Windows 98 allows remote attackers to execute commands via a long file name string, aka the "File Access URL" vulnerability. Status: Entry
Reference: MS:MS99-049
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-049.asp
Reference: XF:win-fileurl-overflow

Description:
Buffer overflow in Microsoft command processor (CMD.EXE) for Windows NT and Windows 2000 allows a local user to cause a denial of service via a long environment variable, aka the "Malformed Environment Variable" vulnerability. Status: Entry
Reference: BUGTRAQ:20000421 CMD.EXE overflow (CISADV000420)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0147.html
Reference: MS:MS00-027
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-027.asp
Reference: BID:1135
Reference: URL:http://www.securityfocus.com/bid/1135
Reference: XF:nt-cmd-overflow

Description:
UltraBoard.pl or UltraBoard.cgi CGI scripts in UltraBoard 1.6 allows remote attackers to read arbitrary files via a pathname string that includes a dot dot (..) and ends with a null byte. Status: Entry
Reference: BUGTRAQ:20000502 Fun with UltraBoard V1.6X
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000503091316.99073.qmail@hotmail.com
Reference: BID:1164
Reference: URL:http://www.securityfocus.com/bid/1164
Reference: XF:ultraboard-printabletopic-fileread
Reference: OSVDB:1309
Reference: URL:http://www.osvdb.org/1309
Reference: OSVDB:4065
Reference: URL:http://www.osvdb.org/4065

Description:
The Allaire Spectra container editor preview tool does not properly enforce object security, which allows an attacker to conduct unauthorized activities via an object-method that is added to the container object with a publishing rule. Status: Entry
Reference: ALLAIRE:ASB00-10
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=15411&Method=Full
Reference: BID:1181
Reference: URL:http://www.securityfocus.com/bid/1181
Reference: XF:allaire-spectra-container-editor-preview

Description:
The resolver in glibc 2.1.3 uses predictable IDs, which allows a local attacker to spoof DNS query results. Status: Entry
Reference: BUGTRAQ:20000502 glibc resolver weakness
Reference: BID:1166
Reference: URL:http://www.securityfocus.com/bid/1166
Reference: XF:glibc-resolver-id-predictable

Description:
Linux OpenLDAP server allows local users to modify arbitrary files via a symlink attack. Status: Entry
Reference: REDHAT:RHSA-2000:012
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-012.html
Reference: CALDERA:CSSA-2000-009.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-009.0.txt
Reference: TURBO:TLSA2000010-1
Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2000-May/000009.html
Reference: BID:1232
Reference: URL:http://www.securityfocus.com/bid/1232
Reference: XF:openldap-symlink-attack

Description:
Buffer overflow in Xsun X server in Solaris 7 allows local users to gain root privileges via a long -dev parameter. Status: Entry
Reference: BUGTRAQ:20000424 Solaris x86 Xsun overflow.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0188.html
Reference: SUNBUG:4335411
Reference: XF:solaris-xsun-bo
Reference: BID:1140
Reference: URL:http://www.securityfocus.com/bid/1140

Description:
Concurrent Versions Software (CVS) uses predictable temporary file names for locking, which allows local users to cause a denial of service by creating the lock directory before it is created for use by a legitimate CVS user. Status: Entry
Reference: BUGTRAQ:20000423 CVS DoS
Reference: URL:http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3D20000423174038.A520%40clico.pl
Reference: BID:1136
Reference: URL:http://www.securityfocus.com/bid/1136
Reference: XF:cvs-tempfile-dos

Description:
ZoneAlarm 2.1.10 and earlier does not filter UDP packets with a source port of 67, which allows remote attackers to bypass the firewall rules. Status: Entry
Reference: BUGTRAQ:20000420 ZoneAlarm
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000421044123.2353.qmail@securityfocus.com
Reference: BID:1137
Reference: URL:http://www.securityfocus.com/bid/1137
Reference: XF:zonealarm-portscan
Reference: OSVDB:1294
Reference: URL:http://www.osvdb.org/1294

Description:
Buffer overflow in Gnomelib in SuSE Linux 6.3 allows local users to execute arbitrary commands via the DISPLAY environmental variable. Status: Entry
Reference: BUGTRAQ:20000428 SuSE 6.3 Gnomelib buffer overflow
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=00042902575201.09597@wintermute-pub
Reference: CONFIRM:http://www.suse.com/us/support/download/updates/axp_63.html
Reference: BID:1155
Reference: URL:http://www.securityfocus.com/bid/1155
Reference: XF:linux-gnomelib-bo

Description:
ATRIUM Cassandra NNTP Server 1.10 allows remote attackers to cause a denial of service via a long login name. Status: Entry
Reference: NTBUGTRAQ:20000501 Remote DoS attack in CASSANDRA NNTPServer v1.10 from ATRIUM
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=95736106504870&w=2
Reference: BID:1156
Reference: URL:http://www.securityfocus.com/bid/1156
Reference: XF:nntpserver-cassandra-bo

Description:
Eudora 4.x allows remote attackers to bypass the user warning for executable attachments such as .exe, .com, and .bat by using a .lnk file that refers to the attachment, aka "Stealth Attachment." Status: Entry
Reference: MISC:http://www.peacefire.org/security/stealthattach/explanation.html
Reference: CONFIRM:http://news.cnet.com/news/0-1005-200-1773077.html?tag=st.ne.fd.lthd.1005-200-1773077
Reference: BID:1157
Reference: URL:http://www.securityfocus.com/bid/1157
Reference: XF:eudora-warning-message

Description:
The knfsd NFS server in Linux kernel 2.2.x allows remote attackers to cause a denial of service via a negative size value. Status: Entry
Reference: BUGTRAQ:20000501 Linux knfsd DoS issue
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.21.0005012042550.6419-100000@ferret.lmh.ox.ac.uk
Reference: BID:1160
Reference: URL:http://www.securityfocus.com/bid/1160
Reference: XF:linux-knfsd-dos

Description:
AppleShare IP 6.1 and later allows a remote attacker to read potentially sensitive information via an invalid range request to the web server. Status: Entry
Reference: BUGTRAQ:20000502 INFO:AppleShare IP 6.3.2 squashes security bug
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000502133240.21807.qmail@securityfocus.com
Reference: CONFIRM:http://asu.info.apple.com/swupdates.nsf/artnum/n11670
Reference: XF:macos-appleshare-invalid-range
Reference: BID:1162
Reference: URL:http://www.securityfocus.com/bid/1162

Description:
Windows 95 and Windows 98 allow a remote attacker to cause a denial of service via a NetBIOS session request packet with a NULL source name. Status: Entry
Reference: NTBUGTRAQ:20000501 el8.org advisory - Win 95/98 DoS (RFParalyze.c)
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=95737580922397&w=2
Reference: BID:1163
Reference: URL:http://www.securityfocus.com/bid/1163
Reference: XF:win-netbios-source-null

Description:
A vulnerability in the Sendmail configuration file sendmail.cf as installed in SCO UnixWare 7.1.0 and earlier allows an attacker to gain root privileges. Status: Entry
Reference: SCO:SB-99.10
Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-99.10a

Description:
Vulnerability in the passthru driver in SCO UnixWare 7.1.0 allows an attacker to cause a denial of service. Status: Entry
Reference: SCO:SB-99.13
Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-99.13a

Description:
A debugging feature in NetworkICE ICEcap 2.0.23 and earlier is enabled, which allows a remote attacker to bypass the weak authentication and post unencrypted events. Status: Entry
Reference: MISC:http://www.securityfocus.com/templates/advisory.html?id=2220
Reference: CONFIRM:http://advice.networkice.com/advice/Support/KB/q000166/
Reference: BID:1216
Reference: URL:http://www.securityfocus.com/bid/1216
Reference: XF:netice-icecap-alert-execute
Reference: XF:netice-icecap-default
Reference: OSVDB:312
Reference: URL:http://www.osvdb.org/312

Description:
Some packaging commands in SCO UnixWare 7.1.0 have insecure privileges, which allows local users to add or remove software packages. Status: Entry
Reference: SCO:SB-99.09
Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-99.09b

Description:
Pine before version 4.21 does not properly filter shell metacharacters from URLs, which allows remote attackers to execute arbitrary commands via a malformed URL. Status: Entry
Reference: BUGTRAQ:19991117 Pine: expanding env vars in URLs (seems to be fixed as of 4.21)
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.9911171818220.12375-100000@ray.compu-aid.com
Reference: CALDERA:CSSA-1999-036.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-036.0.txt
Reference: SUSE:19991227 Security hole in Pine < 4.21
Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_36.html
Reference: XF:pine-remote-exe
Reference: BID:810
Reference: URL:http://www.securityfocus.com/bid/810

Description:
Pine 4.x allows a remote attacker to execute arbitrary commands via an index.html file which executes lynx and obtains a uudecoded file from a malicious web server, which is then executed by Pine. Status: Entry
Reference: MISC:http://www.securiteam.com/unixfocus/HHP-Pine_remote_exploit.html
Reference: SUSE:19990628 Execution of commands in Pine 4.x
Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_6.html
Reference: SUSE:19990911 Update for Pine (fixed IMAP support)
Reference: URL:http://www.novell.com/linux/security/advisories/pine_update_announcement.html
Reference: BID:1247
Reference: URL:http://www.securityfocus.com/bid/1247
Reference: XF:pine-lynx-execute-commands

Description:
mirror 2.8.x in Linux systems allows remote attackers to create files one level above the local target directory. Status: Entry
Reference: BUGTRAQ:19990928 mirror 2.9 hole
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=15769.990928@tomcat.ru
Reference: DEBIAN:19991018 Incorrect directory name handling in mirror
Reference: URL:http://www.debian.org/security/1999/19991018
Reference: SUSE:19991001 Security hole in mirror
Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_22.html
Reference: BID:681
Reference: URL:http://www.securityfocus.com/bid/681
Reference: XF:mirror-perl-remote-file-creation

Description:
Pluggable Authentication Modules (PAM) in Red Hat Linux 6.1 does not properly lock access to disabled NIS accounts. Status: Entry
Reference: REDHAT:RHSA-1999:040
Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=1789
Reference: XF:linux-pam-nis-login
Reference: BID:697
Reference: URL:http://www.securityfocus.com/bid/697

Description:
Buffer overflow in Trivial HTTP (THTTPd) allows remote attackers to cause a denial of service or execute arbitrary commands via a long If-Modified-Since header. Status: Entry
Reference: BUGTRAQ:19991113 thttpd 2.04 stack overflow (VD#6)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/1626.html
Reference: SUSE:19991116 Security hole in thttpd 1.90a - 2.04
Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_30.html
Reference: XF:thttpd-ifmodifiedsince-header-dos
Reference: BID:1248
Reference: URL:http://www.securityfocus.com/bid/1248

Description:
Buffer overflow in INN 2.2.1 and earlier allows remote attackers to cause a denial of service via a maliciously formatted article. Status: Entry
Reference: SUSE:19991124 Security hole in inn <= 2.2.1
Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_34.html
Reference: CALDERA:CSSA-1999-038.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-038.0.txt
Reference: XF:inn-remote-dos
Reference: BID:1249
Reference: URL:http://www.securityfocus.com/bid/1249

Description:
The PPP wvdial.lxdialog script in wvdial 1.4 and earlier creates a .config file with world readable permissions, which allows a local attacker in the dialout group to access login and password information. Status: Entry
Reference: SUSE:19991214 Security hole in wvdial <= 1.4
Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_35.html
Reference: XF:wvdial-gain-dialup-info

Description:
Buffer overflows in Linux cdwtools 093 and earlier allows local users to gain root privileges. Status: Entry
Reference: SUSE:19991019 Security hole in cdwtools < 093
Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_25.html
Reference: BID:738
Reference: URL:http://www.securityfocus.com/bid/738
Reference: XF:linux-cdda2cdr

Description:
Linux cdwtools 093 and earlier allows local users to gain root privileges via the /tmp directory. Status: Entry
Reference: SUSE:19991019 Security hole in cdwtools < 093
Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_25.html
Reference: BID:738
Reference: URL:http://www.securityfocus.com/bid/738
Reference: XF:linux-cdda2cdr

Description:
dump in Debian GNU/Linux 2.1 does not properly restore symlinks, which allows a local user to modify the ownership of arbitrary files. Status: Entry
Reference: DEBIAN:19991202 problem restoring symlinks
Reference: URL:http://www.debian.org/security/1999/19991202
Reference: XF:debian-dump-modify-ownership
Reference: BID:1442
Reference: URL:http://www.securityfocus.com/bid/1442

Description:
Vulnerability in eterm 0.8.8 in Debian GNU/Linux allows an attacker to gain root privileges. Status: Entry
Reference: DEBIAN:19990218 Root exploit in eterm
Reference: URL:http://www.debian.org/security/1999/19990218
Reference: XF:linux-eterm

Description:
Classic Cisco IOS 9.1 and later allows attackers with access to the loging prompt to obtain portions of the command history of previous users, which may allow the attacker to access sensitive data. Status: Entry
Reference: CISCO:19981014 Cisco IOS Command History Release at Login Prompt
Reference: URL:http://www.cisco.com/warp/public/770/ioshist-pub.shtml
Reference: CIAC:J-009
Reference: URL:http://www.ciac.org/ciac/bulletins/j-009.shtml

Description:
The IDENT server in Caldera Linux 2.3 creates multiple threads for each IDENT request, which allows remote attackers to cause a denial of service. Status: Entry
Reference: CALDERA:CSSA-1999-029.1
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-029.1.txt
Reference: BID:1266
Reference: URL:http://www.securityfocus.com/bid/1266
Reference: XF:caldera-ident-server-dos

Description:
The debug option in Caldera Linux smail allows remote attackers to execute commands via shell metacharacters in the -D option for the rmail command. Status: Entry
Reference: CALDERA:CSSA-1999-001.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-001.0.txt
Reference: BID:1268
Reference: URL:http://www.securityfocus.com/bid/1268
Reference: XF:caldera-smail-rmail-command

Description:
The libmediatool library used for the KDE mediatool allows local users to create arbitrary files via a symlink attack. Status: Entry
Reference: CALDERA:CSSA-1999-005.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-005.0.txt
Reference: BID:1269
Reference: URL:http://www.securityfocus.com/bid/1269
Reference: XF:kde-mediatool

Description:
Vulnerability in Caldera rmt command in the dump package 0.4b4 allows a local user to gain root privileges. Status: Entry
Reference: CALDERA:CSSA-1999-014.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-014.0.txt
Reference: XF:linux-rmt
Reference: URL:http://xforce.iss.net/static/2268.php
Reference: OSVDB:7940
Reference: URL:http://www.osvdb.org/7940

Description:
Vulnerabilities in the KDE kvt terminal program allow local users to gain root privileges. Status: Entry
Reference: CALDERA:CSSA-1999-015.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-015.0.txt
Reference: REDHAT:RHSA-1999:015-01
Reference: URL:http://www.redhat.com/support/errata/RHSA1999015_01.html
Reference: XF:kde-kvt
Reference: URL:http://xforce.iss.net/static/2266.php

Description:
The default configuration of kdm in Caldera and Mandrake Linux, and possibly other distributions, allows XDMCP connections from any host, which allows remote attackers to obtain sensitive information or bypass additional access restrictions. Status: Entry
Reference: CALDERA:CSSA-1999-021.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-021.0.txt
Reference: MANDRAKE:MDKSA-2002:025
Reference: URL:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:025
Reference: BID:1446
Reference: URL:http://www.securityfocus.com/bid/1446
Reference: XF:xdmcp-kdm-default-configuration(4856)
Reference: URL:http://xforce.iss.net/xforce/xfdb/4856

Description:
The kernel in FreeBSD 3.2 follows symbolic links when it creates core dump files, which allows local attackers to modify arbitrary files. Status: Entry
Reference: FREEBSD:FreeBSD-SA-99:04
Reference: OSVDB:6084
Reference: URL:http://www.osvdb.org/6084

Description:
Buffer overflow in the HTTP proxy server for the i-drive Filo software allows remote attackers to execute arbitrary commands via a long HTTP GET request. Status: Entry
Reference: ISS:20000607 Buffer Overflow in i-drive Filo (tm) software
Reference: BID:1324
Reference: URL:http://www.securityfocus.com/bid/1324
Reference: XF:idrive-filo-bo

Description:
The Remote Registry server in Windows NT 4.0 allows local authenticated users to cause a denial of service via a malformed request, which causes the winlogon process to fail, aka the "Remote Registry Access Authentication" vulnerability. Status: Entry
Reference: MS:MS00-040
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-040.asp
Reference: MSKB:Q264684
Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=264684
Reference: XF:nt-registry-request-dos
Reference: BID:1331
Reference: URL:http://www.securityfocus.com/bid/1331
Reference: OVAL:oval:org.mitre.oval:def:1021
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1021

Description:
The pam_console PAM module in Linux systems performs a chown on various devices upon a user login, but an open file descriptor for those devices can be maintained after the user logs out, which allows that user to sniff activity on these devices when subsequent users log in. Status: Entry
Reference: BUGTRAQ:20000502 pam_console bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0023.html
Reference: BID:1176
Reference: URL:http://www.securityfocus.com/bid/1176
Reference: XF:linux-pam-sniff-activities

Description:
The Netopia R9100 router does not prevent authenticated users from modifying SNMP tables, even if the administrator has configured it to do so. Status: Entry
Reference: BUGTRAQ:20000507 Advisory: Netopia R9100 router vulnerability
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200005082054.NAA32590@linux.mtndew.com
Reference: CONFIRM:http://www.netopia.com/equipment/purchase/fmw_update.html
Reference: BID:1177
Reference: URL:http://www.securityfocus.com/bid/1177
Reference: XF:netopia-snmp-comm-strings

Description:
The IOS HTTP service in Cisco routers and switches running IOS 11.1 through 12.1 allows remote attackers to cause a denial of service by requesting a URL that contains a %% string. Status: Entry
Reference: BUGTRAQ:20000426 Cisco HTTP possible bug:
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0261.html
Reference: CISCO:20000514 Cisco IOS HTTP Server Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/ioshttpserver-pub.shtml
Reference: XF:cisco-ios-http-dos
Reference: BID:1154
Reference: URL:http://www.securityfocus.com/bid/1154
Reference: OSVDB:1302
Reference: URL:http://www.osvdb.org/1302

Description:
The Gossamer Threads DBMan db.cgi CGI script allows remote attackers to view environmental variables and setup information by referencing a non-existing database in the db parameter. Status: Entry
Reference: BUGTRAQ:20000505 Black Watch Labs Vulnerability Alert
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0067.html
Reference: MISC:http://www.perfectotech.com/blackwatchlabs/vul5_05.html
Reference: XF:http-cgi-dbman-db
Reference: BID:1178
Reference: URL:http://www.securityfocus.com/bid/1178

Description:
ColdFusion ClusterCATS appends stale query string arguments to a URL during HTML redirection, which may provide sensitive information to the redirected site. Status: Entry
Reference: ALLAIRE:ASB00-12
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=15697&Method=Full
Reference: BID:1179
Reference: URL:http://www.securityfocus.com/bid/1179
Reference: XF:allaire-clustercats-url-redirect

Description:
The makelev program in the golddig game from the FreeBSD ports collection allows local users to overwrite arbitrary files. Status: Entry
Reference: FREEBSD:FreeBSD-SA-00:16
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:16.golddig.asc
Reference: BID:1184
Reference: URL:http://www.securityfocus.com/bid/1184
Reference: XF:golddig-overwrite-files

Description:
Buffer overflow in FreeBSD libmytinfo library allows local users to execute commands via a long TERMCAP environmental variable. Status: Entry
Reference: FREEBSD:FreeBSD-SA-00:17
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00%3A17.libmytinfo.asc
Reference: BID:1185
Reference: URL:http://www.securityfocus.com/bid/1185
Reference: XF:libmytinfo-bo

Description:
Buffer overflow in krb_rd_req function in Kerberos 4 and 5 allows remote attackers to gain root privileges. Status: Entry
Reference: BUGTRAQ:20000516 BUFFER OVERRUN VULNERABILITIES IN KERBEROS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0184.html
Reference: CERT:CA-2000-06
Reference: URL:http://www.cert.org/advisories/CA-2000-06.html
Reference: FREEBSD:FreeBSD-SA-00:20
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-05/0295.html
Reference: REDHAT:RHSA-2000:025
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-025.html
Reference: XF:kerberos-krb-rd-req-bo
Reference: BID:1220
Reference: URL:http://www.securityfocus.com/bid/1220

Description:
Buffer overflow in krb425_conv_principal function in Kerberos 5 allows remote attackers to gain root privileges. Status: Entry
Reference: BUGTRAQ:20000516 BUFFER OVERRUN VULNERABILITIES IN KERBEROS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0184.html
Reference: CERT:CA-2000-06
Reference: URL:http://www.cert.org/advisories/CA-2000-06.html
Reference: FREEBSD:FreeBSD-SA-00:20
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-05/0295.html
Reference: REDHAT:RHSA-2000:025
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-025.html
Reference: BID:1220
Reference: URL:http://www.securityfocus.com/bid/1220
Reference: XF:kerberos-krb425-conv-principal-bo
Reference: OSVDB:4884
Reference: URL:http://www.osvdb.org/4884

Description:
Buffer overflow in krshd in Kerberos 5 allows remote attackers to gain root privileges. Status: Entry
Reference: BUGTRAQ:20000516 BUFFER OVERRUN VULNERABILITIES IN KERBEROS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0184.html
Reference: CERT:CA-2000-06
Reference: URL:http://www.cert.org/advisories/CA-2000-06.html
Reference: FREEBSD:FreeBSD-SA-00:20
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-05/0295.html
Reference: REDHAT:RHSA-2000:025
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-025.html
Reference: XF:kerberos-krshd-bo
Reference: BID:1220
Reference: URL:http://www.securityfocus.com/bid/1220
Reference: OSVDB:4876
Reference: URL:http://www.osvdb.org/4876

Description:
Buffer overflow in ksu in Kerberos 5 allows local users to gain root privileges. Status: Entry
Reference: BUGTRAQ:20000516 BUFFER OVERRUN VULNERABILITIES IN KERBEROS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0184.html
Reference: CERT:CA-2000-06
Reference: URL:http://www.cert.org/advisories/CA-2000-06.html
Reference: FREEBSD:FreeBSD-SA-00:20
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-05/0295.html
Reference: REDHAT:RHSA-2000:025
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-025.html
Reference: XF:kerberos-ksu-bo
Reference: BID:1220
Reference: URL:http://www.securityfocus.com/bid/1220

Description:
The KDE kscd program does not drop privileges when executing a program specified in a user's SHELL environmental variable, which allows the user to gain privileges by specifying an alternate program to execute. Status: Entry
Reference: BUGTRAQ:20000516 kscd vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0172.html
Reference: SUSE:20000529 kmulti <= 1.1.2
Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_50.html
Reference: XF:kscd-shell-env-variable
Reference: BID:1206
Reference: URL:http://www.securityfocus.com/bid/1206

Description:
NetProwler 3.0 allows remote attackers to cause a denial of service by sending malformed IP packets that trigger NetProwler's Man-in-the-Middle signature. Status: Entry
Reference: BUGTRAQ:20000519 RFP2K05: NetProwler vs. RFProwler
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95878603510835&w=2
Reference: BUGTRAQ:20000522 RFP2K05 - NetProwler "Fragmentation" Issue
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=392AD3B3.3E9BE3EA@axent.com
Reference: XF:axent-netprowler-ipfrag-dos
Reference: BID:1225
Reference: URL:http://www.securityfocus.com/bid/1225

Description:
Buffer overflow in CProxy 3.3 allows remote users to cause a denial of service via a long HTTP request. Status: Entry
Reference: BUGTRAQ:20000516 CProxy v3.3 SP 2 DoS
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=007d01bfbf48$e44f0e40$01dc11ac@peopletel.org
Reference: XF:cproxy-http-dos
Reference: BID:1213
Reference: URL:http://www.securityfocus.com/bid/1213

Description:
The add.exe program in the Carello shopping cart software allows remote attackers to duplicate files on the server, which could allow the attacker to read source code for web scripts such as .ASP files. Status: Entry
Reference: BUGTRAQ:20000524 Alert: Carello File Creation flaw
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0285.html
Reference: BID:1245
Reference: URL:http://www.securityfocus.com/bid/1245
Reference: XF:carello-file-duplication

Description:
The EMURL web-based email account software encodes predictable identifiers in user session URLs, which allows a remote attacker to access a user's email account. Status: Entry
Reference: BUGTRAQ:20000515 Vulnerability in EMURL-based e-mail providers
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0160.html
Reference: XF:emurl-account-access
Reference: BID:1203
Reference: URL:http://www.securityfocus.com/bid/1203

Description:
Buffer overflow in wconsole.dll in Rockliffe MailSite Management Agent allows remote attackers to execute arbitrary commands via a long query_string parameter in the HTTP GET request. Status: Entry
Reference: BUGTRAQ:20000524 Alert: Buffer overflow in Rockliffe's MailSite
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0286.html
Reference: BID:1244
Reference: URL:http://www.securityfocus.com/bid/1244
Reference: XF:mailsite-get-overflow

Description:
Buffer overflow in MDaemon POP server allows remote attackers to cause a denial of service via a long user name. Status: Entry
Reference: BUGTRAQ:20000524 Deerfield Communications MDaemon Mail Server DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0301.html
Reference: XF:deerfield-mdaemon-dos
Reference: BID:1250
Reference: URL:http://www.securityfocus.com/bid/1250

Description:
The Mixed Mode authentication capability in Microsoft SQL Server 7.0 stores the System Administrator (sa) account in plaintext in a log file which is readable by any user, aka the "SQL Server 7.0 Service Pack Password" vulnerability. Status: Entry
Reference: MS:MS00-035
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-035.asp
Reference: MSKB:Q263968
Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=263968
Reference: BID:1281
Reference: URL:http://www.securityfocus.com/bid/1281
Reference: XF:mssql-agent-stored-pw
Reference: XF:mssql-sa-pw-in-sqlsplog

Description:
The CIFS Computer Browser service on Windows NT 4.0 allows a remote attacker to cause a denial of service by sending a large number of host announcement requests to the master browse tables, aka the "HostAnnouncement Flooding" or "HostAnnouncement Frame" vulnerability. Status: Entry
Reference: MS:MS00-036
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-036.asp
Reference: MSKB:Q263307
Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=263307
Reference: XF:win-browser-hostannouncement
Reference: BID:1261
Reference: URL:http://www.securityfocus.com/bid/1261

Description:
The CIFS Computer Browser service allows remote attackers to cause a denial of service by sending a ResetBrowser frame to the Master Browser, aka the "ResetBrowser Frame" vulnerability. Status: Entry
Reference: MS:MS00-036
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-036.asp
Reference: MSKB:Q262694
Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=262694
Reference: BID:1262
Reference: URL:http://www.securityfocus.com/bid/1262
Reference: XF:win-browser-reset-frame

Description:
Buffer overflow in L0pht AntiSniff allows remote attackers to execute arbitrary commands via a malformed DNS response packet. Status: Entry
Reference: L0PHT:20000515 AntiSniff version 1.01 and Researchers version 1 DNS overflow
Reference: URL:http://www.l0pht.com/advisories/asniff_advisory.txt
Reference: BID:1207
Reference: URL:http://www.securityfocus.com/bid/1207
Reference: XF:antisniff-dns-overflow
Reference: OSVDB:3179
Reference: URL:http://www.osvdb.org/3179

Description:
Netscape Communicator before version 4.73 and Navigator 4.07 do not properly validate SSL certificates, which allows remote attackers to steal information by redirecting traffic from a legitimate web server to their own malicious server, aka the "Acros-Suencksen SSL" vulnerability. Status: Entry
Reference: MISC:http://www.acrossecurity.com/aspr/ASPR-2000-04-06-1-PUB.txt
Reference: CERT:CA-2000-05
Reference: URL:http://www.cert.org/advisories/CA-2000-05.html
Reference: REDHAT:RHSA-2000:028
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-028.html
Reference: BID:1188
Reference: URL:http://www.securityfocus.com/bid/1188
Reference: XF:netscape-invalid-ssl-sessions

Description:
Buffer overflow in Solaris netpr program allows local users to execute arbitrary commands via a long -p option. Status: Entry
Reference: BUGTRAQ:20000512 New Solaris root exploit for /usr/lib/lp/bin/netpr
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0141.html
Reference: XF:sol-netpr-bo
Reference: BID:1200
Reference: URL:http://www.securityfocus.com/bid/1200

Description:
IIS 4.05 and 5.0 allow remote attackers to cause a denial of service via a long, complex URL that appears to contain a large number of file extensions, aka the "Malformed Extension Data in URL" vulnerability. Status: Entry
Reference: MISC:http://www.ussrback.com/labs40.html
Reference: MS:MS00-030
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-030.asp
Reference: MSKB:Q260205
Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=260205
Reference: XF:iis-url-extension-data-dos
Reference: BID:1190
Reference: URL:http://www.securityfocus.com/bid/1190

Description:
Netscape 4.73 and earlier follows symlinks when it imports a new certificate, which allows local users to overwrite files of the user importing the certificate. Status: Entry
Reference: BUGTRAQ:20000510 Possible symlink problems with Netscape 4.73
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0126.html
Reference: BID:1201
Reference: URL:http://www.securityfocus.com/bid/1201
Reference: XF:netscape-import-certificate-symlink

Description:
ColdFusion Server 4.5.1 allows remote attackers to cause a denial of service by making repeated requests to a CFCACHE tagged cache file that is not stored in memory. Status: Entry
Reference: NTBUGTRAQ:20000510 Cold Fusion Server 4.5.1 DoS Vulnerability.
Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0005&L=ntbugtraq&F=&S=&P=4843
Reference: XF:coldfusion-cfcache-dos
Reference: BID:1192
Reference: URL:http://www.securityfocus.com/bid/1192

Description:
Matt Wright's FormMail CGI script allows remote attackers to obtain environmental variables via the env_report parameter. Status: Entry
Reference: BUGTRAQ:20000510 Black Watch Labs Vulnerability Alert
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0125.html
Reference: MISC:http://www.perfectotech.com/blackwatchlabs/vul5_10.html
Reference: XF:http-cgi-formmail-environment
Reference: BID:1187
Reference: URL:http://www.securityfocus.com/bid/1187

Description:
Vulnerability in shutdown command for HP-UX 11.X and 10.X allows allows local users to gain privileges via malformed input variables. Status: Entry
Reference: HP:HPSBUX0005-113
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0047.html
Reference: XF:hp-shutdown-privileges
Reference: BID:1214
Reference: URL:http://www.securityfocus.com/bid/1214

Description:
NTMail 5.x allows network users to bypass the NTMail proxy restrictions by redirecting their requests to NTMail's web configuration server. Status: Entry
Reference: BUGTRAQ:20000511 NTMail Proxy Exploit
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NABBJLKKPKIHDIMKFKGCMEFANMAB.georger@nls.net
Reference: CONFIRM:http://www.gordano.com/support/archives/ntmail/2000-05/00001114.htm
Reference: XF:ntmail-bypass-proxy
Reference: BID:1196
Reference: URL:http://www.securityfocus.com/bid/1196

Description:
The HTTP administration interface to the Cayman 3220-H DSL router allows remote attackers to cause a denial of service via a long username or password. Status: Entry
Reference: BUGTRAQ:20000505 Cayman 3220-H DSL Router DOS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0075.html
Reference: BUGTRAQ:20000523 Cayman 3220H DSL Router Software Update and New Bonus Attack
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0280.html
Reference: XF:cayman-router-dos
Reference: BID:1219
Reference: URL:http://www.securityfocus.com/bid/1219

Description:
The Cayman 3220-H DSL router allows remote attackers to cause a denial of service via oversized ICMP echo (ping) requests. Status: Entry
Reference: BUGTRAQ:20000523 Cayman 3220H DSL Router Software Update and New Bonus Attack
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0280.html
Reference: XF:cayman-dsl-dos
Reference: BID:1240
Reference: URL:http://www.securityfocus.com/bid/1240

Description:
The Office 2000 UA ActiveX Control is marked as "safe for scripting," which allows remote attackers to conduct unauthorized activities via the "Show Me" function in Office Help, aka the "Office 2000 UA Control" vulnerability. Status: Entry
Reference: MS:MS00-034
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-034.asp
Reference: MSKB:Q262767
Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=262767
Reference: CERT:CA-2000-07
Reference: URL:http://www.cert.org/advisories/CA-2000-07.html
Reference: BID:1197
Reference: URL:http://www.securityfocus.com/bid/1197
Reference: XF:office-ua-control

Description:
The process_bug.cgi script in Bugzilla allows remote attackers to execute arbitrary commands via shell metacharacters. Status: Entry
Reference: BUGTRAQ:20000510 Advisory: Unchecked system(blaat $var blaat) call in Bugzilla 2.8
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0128.html
Reference: XF:bugzilla-unchecked-system-call
Reference: BID:1199
Reference: URL:http://www.securityfocus.com/bid/1199

Description:
The CGI counter 4.0.7 by George Burgyan allows remote attackers to execute arbitrary commands via shell metacharacters. Status: Entry
Reference: BUGTRAQ:20000514 Vulnerability in CGI counter 4.0.7 by George Burgyan
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200005151024.aa01811@blaze.arl.mil
Reference: BID:1202
Reference: URL:http://www.securityfocus.com/bid/1202
Reference: XF:http-cgi-burgyan-counter

Description:
Buffer overflow in the Web Archives component of L-Soft LISTSERV 1.8 allows remote attackers to execute arbitrary commands. Status: Entry
Reference: CONFIRM:http://www.lsoft.com/news/default.asp?item=Advisory0
Reference: BUGTRAQ:20000505 Alert: Listserv Web Archives (wa) buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0048.html
Reference: XF:http-cgi-listserv-wa-bo
Reference: BID:1167
Reference: URL:http://www.securityfocus.com/bid/1167

Description:
UltraBoard 1.6 and other versions allow remote attackers to cause a denial of service by referencing UltraBoard in the Session parameter, which causes UltraBoard to fork copies of itself. Status: Entry
Reference: BUGTRAQ:20000505 Re: Fun with UltraBoard V1.6X
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0059.html
Reference: BID:1175
Reference: URL:http://www.securityfocus.com/bid/1175
Reference: XF:ultraboard-cgi-dos

Description:
The Aladdin Knowledge Systems eToken device allows attackers with physical access to the device to obtain sensitive information without knowing the PIN of the owner by resetting the PIN in the EEPROM. Status: Entry
Reference: L0PHT:20000504 eToken Private Information Extraction and Physical Attack
Reference: URL:http://www.l0pht.com/advisories/etoken-piepa.txt
Reference: XF:aladdin-etoken-pin-reset
Reference: BID:1170
Reference: URL:http://www.securityfocus.com/bid/1170
Reference: OSVDB:3266
Reference: URL:http://www.osvdb.org/3266

Description:
Buffer overflow in the SMTP gateway for InterScan Virus Wall 3.32 and earlier allows a remote attacker to execute arbitrary commands via a long filename for a uuencoded attachment. Status: Entry
Reference: NAI:20000503 Trend Micro InterScan VirusWall Remote Overflow
Reference: URL:http://www.nai.com/nai_labs/asp_set/advisory/39_Trend.asp
Reference: BID:1168
Reference: URL:http://www.securityfocus.com/bid/1168
Reference: XF:interscan-viruswall-bo

Description:
Cart32 allows remote attackers to access sensitive debugging information by appending /expdate to the URL request. Status: Entry
Reference: BUGTRAQ:20000503 Another interesting Cart32 command
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95738697301956&w=2
Reference: XF:cart32-expdate
Reference: BID:1358
Reference: URL:http://www.securityfocus.com/bid/1358

Description:
Cobalt RaQ2 and RaQ3 does not properly set the access permissions and ownership for files that are uploaded via FrontPage, which allows attackers to bypass cgiwrap and modify files. Status: Entry
Reference: BUGTRAQ:20000522 Problem with FrontPage on Cobalt RaQ2/RaQ3
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000523100045.B11049@HiWAAY.net
Reference: BUGTRAQ:20000525 Cobalt Networks - Security Advisory - Frontpage
Reference: CONFIRM:http://archives.neohapsis.com/archives/bugtraq/2000-05/0305.html
Reference: BID:1238
Reference: URL:http://www.securityfocus.com/bid/1238
Reference: XF:cobalt-cgiwrap-bypass
Reference: OSVDB:1346
Reference: URL:http://www.osvdb.org/1346

Description:
The calender.pl and the calendar_admin.pl calendar scripts by Matt Kruse allow remote attackers to execute arbitrary commands via shell metacharacters. Status: Entry
Reference: BUGTRAQ:20000516 Vuln in calender.pl (Matt Kruse calender script)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0173.html
Reference: BID:1215
Reference: URL:http://www.securityfocus.com/bid/1215
Reference: XF:http-cgi-calendar-execute

Description:
The allmanageup.pl file upload CGI script in the Allmanage Website administration software 2.6 can be called directly by remote attackers, which allows them to modify user accounts or web pages. Status: Entry
Reference: BUGTRAQ:20000516 Allmanage.pl Vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0167.html
Reference: XF:http-cgi-allmanage-account-access
Reference: BID:1217
Reference: URL:http://www.securityfocus.com/bid/1217
Reference: OSVDB:1337
Reference: URL:http://www.osvdb.org/1337

Description:
MetaProducts Offline Explorer 1.2 and earlier allows remote attackers to access arbitrary files via a .. (dot dot) attack. Status: Entry
Reference: BUGTRAQ:20000522 MetaProducts Offline Explorer Directory Traversal Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0254.html
Reference: CONFIRM:http://www.metaproducts.com/mpOE-HY.html
Reference: BID:1231
Reference: URL:http://www.securityfocus.com/bid/1231
Reference: XF:offline-explorer-directory-traversal

Description:
Buffer overflow in the CyberPatrol daemon "cyberdaemon" used in gauntlet and WebShield allows remote attackers to cause a denial of service or execute arbitrary commands. Status: Entry
Reference: CONFIRM:http://www.tis.com/support/cyberadvisory.html
Reference: CONFIRM:http://www.pgp.com/jump/gauntlet_advisory.asp
Reference: BUGTRAQ:20000522 Gauntlet CyberPatrol Buffer Overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0249.html
Reference: XF:gauntlet-cyberdaemon-bo
Reference: BID:1234
Reference: URL:http://www.securityfocus.com/bid/1234
Reference: OSVDB:322
Reference: URL:http://www.osvdb.org/322

Description:
Buffer overflow in fdmount on Linux systems allows local users in the "floppy" group to execute arbitrary commands via a long mountpoint parameter. Status: Entry
Reference: BUGTRAQ:20000522 fdmount buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0245.html
Reference: XF:linux-fdmount-bo
Reference: BID:1239
Reference: URL:http://www.securityfocus.com/bid/1239

Description:
Internet Explorer 4.0 and 5.0 allows a malicious web site to obtain client cookies from another domain by including that domain name and escaped characters in a URL, aka the "Unauthorized Cookie Access" vulnerability. Status: Entry
Reference: BUGTRAQ:20000510 IE Domain Confusion Vulnerability
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000511135609.D7774@securityfocus.com
Reference: BUGTRAQ:20000511 IE Domain Confusion Vulnerability is an Email problem also
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NDBBKGHPMKBKDDGLDEEHAEHMDIAA.rms2000@bellatlantic.net
Reference: MS:MS00-033
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-033.asp
Reference: BID:1194
Reference: URL:http://www.securityfocus.com/bid/1194
Reference: OSVDB:1326
Reference: URL:http://www.osvdb.org/1326
Reference: XF:ie-cookie-disclosure(4447)
Reference: URL:http://xforce.iss.net/xforce/xfdb/4447

Description:
NetBSD 1.4.2 and earlier allows remote attackers to cause a denial of service by sending a packet with an unaligned IP timestamp option. Status: Entry
Reference: NETBSD:NetBSD-SA2000-002
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-002.txt.asc
Reference: FREEBSD:FreeBSD-SA-00:23
Reference: BUGTRAQ:20000506 [NHC20000504a.0: NetBSD Panics when sent unaligned IP options]
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0088.html
Reference: BID:1173
Reference: URL:http://www.securityfocus.com/bid/1173
Reference: XF:netbsd-unaligned-ip-options

Description:
Vulnerability in AIX 3.2.x and 4.x allows local users to gain write access to files on locally or remotely mounted AIX filesystems. Status: Entry
Reference: IBM:ERS-OAR-E01-2000:087.1
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0275.html
Reference: BID:1241
Reference: URL:http://www.securityfocus.com/bid/1241
Reference: XF:aix-local-filesystem

Description:
Qpopper 2.53 and earlier allows local users to gain privileges via a formatting string in the From: header, which is processed by the euidl command. Status: Entry
Reference: BUGTRAQ:20000523 Qpopper 2.53 remote problem, user can gain gid=mail
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0267.html
Reference: SUSE:20000608 pop <= 2000.3.4
Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_51.html
Reference: BID:1242
Reference: URL:http://www.securityfocus.com/bid/1242
Reference: XF:qualcomm-qpopper-euidl

Description:
The web interface server in HP Web JetAdmin 5.6 allows remote attackers to read arbitrary files via a .. (dot dot) attack. Status: Entry
Reference: BUGTRAQ:20000524 HP Web JetAdmin Version 5.6 Web interface Server Directory Traversal Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0281.html
Reference: XF:hp-jetadmin-directory-traversal
Reference: BID:1243
Reference: URL:http://www.securityfocus.com/bid/1243
Reference: OSVDB:1350
Reference: URL:http://www.osvdb.org/1350

Description:
The pgpk command in PGP 5.x on Unix systems uses an insufficiently random data source for non-interactive key pair generation, which may produce predictable keys. Status: Entry
Reference: BUGTRAQ:20000523 Key Generation Security Flaw in PGP 5.0
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0273.html
Reference: CERT:CA-2000-09
Reference: URL:http://www.cert.org/advisories/CA-2000-09.html
Reference: BID:1251
Reference: URL:http://www.securityfocus.com/bid/1251
Reference: XF:pgp-key-predictable
Reference: OSVDB:1355
Reference: URL:http://www.osvdb.org/1355

Description:
Buffer overflow in MDBMS database server allows remote attackers to execute arbitrary commands via a long string. Status: Entry
Reference: BUGTRAQ:20000524 Remote xploit for MDBMS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0274.html
Reference: XF:mdbms-bo
Reference: BID:1252
Reference: URL:http://www.securityfocus.com/bid/1252

Description:
Buffer overflow in WebShield SMTP 4.5.44 allows remote attackers to execute arbitrary commands via a long configuration parameter to the WebShield remote management service. Status: Entry
Reference: BUGTRAQ:20000525 DST2K0003 : Buffer Overrun in NAI WebShield SMTP v4.5.44 Managem ent Tool
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=6C740781F92BD411831F0090273A8AB806FD4A@exchange.servers.delphis.net
Reference: XF:nai-webshield-bo
Reference: BID:1254
Reference: URL:http://www.securityfocus.com/bid/1254
Reference: OSVDB:327
Reference: URL:http://www.osvdb.org/327

Description:
The WebShield SMTP Management Tool version 4.5.44 does not properly restrict access to the management port when an IP address does not resolve to a hostname, which allows remote attackers to access the configuration via the GET_CONFIG command. Status: Entry
Reference: BUGTRAQ:20000525 DST2K0003 : Buffer Overrun in NAI WebShield SMTP v4.5.44 Managem ent Tool
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=6C740781F92BD411831F0090273A8AB806FD4A@exchange.servers.delphis.net
Reference: XF:nai-webshield-getconfig
Reference: BID:1253
Reference: URL:http://www.securityfocus.com/bid/1253
Reference: OSVDB:326
Reference: URL:http://www.osvdb.org/326

Description:
The Intel express 8100 ISDN router allows remote attackers to cause a denial of service via oversized or fragmented ICMP packets. Status: Entry
Reference: BUGTRAQ:20000518 Remote Dos attack against Intel express 8100 router
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0229.html
Reference: XF:intel-8100-remote-dos
Reference: BID:1228
Reference: URL:http://www.securityfocus.com/bid/1228

Description:
Buffer overflow in the ESMTP service of Lotus Domino Server 5.0.1 allows remote attackers to cause a denial of service via a long MAIL FROM command. Status: Entry
Reference: BUGTRAQ:20000518 Lotus ESMTP Service (Lotus Domino Release 5.0.1 (Intl))
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0219.html
Reference: XF:lotus-domino-esmtp-bo
Reference: BID:1229
Reference: URL:http://www.securityfocus.com/bid/1229
Reference: OSVDB:321
Reference: URL:http://www.osvdb.org/321

Description:
XFree86 3.3.x and 4.0 allows a user to cause a denial of service via a negative counter value in a malformed TCP packet that is sent to port 6000. Status: Entry
Reference: BUGTRAQ:20000518 Nasty XFree Xserver DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0223.html
Reference: CALDERA:CSSA-2000-012.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2000-012.0.txt
Reference: BID:1235
Reference: URL:http://www.securityfocus.com/bid/1235

Description:
Buffer overflow in Linux cdrecord allows local users to gain privileges via the dev parameter. Status: Entry
Reference: BUGTRAQ:20000527 Mandrake 7.0: /usr/bin/cdrecord gid=80 (strike #2)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0367.html
Reference: BUGTRAQ:20000603 [Gael Duval ] [Security Announce] cdrecord
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0434.html
Reference: BUGTRAQ:20000607 Conectiva Linux Security Announcement - cdrecord
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0019.html
Reference: BID:1265
Reference: URL:http://www.securityfocus.com/bid/1265
Reference: XF:linux-cdrecord-execute

Description:
Buffer overflow in xlockmore xlock program version 4.16 and earlier allows local users to read sensitive data from memory via a long -mode option. Status: Entry
Reference: NAI:20000529 Initialized Data Overflow in Xlock
Reference: URL:http://www.nai.com/nai_labs/asp_set/advisory/41initialized.asp
Reference: NETBSD:NetBSD-SA2000-003
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-003.txt.asc
Reference: TURBO:TLSA2000012-1
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0375.html
Reference: BID:1267
Reference: URL:http://www.securityfocus.com/bid/1267
Reference: XF:xlock-bo-read-passwd

Description:
NetBSD 1.4.2 and earlier allows local users to cause a denial of service by repeatedly running certain system calls in the kernel which do not yield the CPU, aka "cpu-hog". Status: Entry
Reference: NETBSD:NetBSD-SA2000-005
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-005.txt.asc
Reference: BID:1272
Reference: URL:http://www.securityfocus.com/bid/1272
Reference: XF:bsd-syscall-cpu-dos
Reference: OSVDB:1365
Reference: URL:http://www.osvdb.org/1365

Description:
ISM.DLL in IIS 4.0 and 5.0 allows remote attackers to read file contents by requesting the file and appending a large number of encoded spaces (%20) and terminated with a .htr extension, aka the ".HTR File Fragment Reading" or "File Fragment Reading via .HTR" vulnerability. Status: Entry
Reference: BUGTRAQ:20000511 Alert: IIS ism.dll exposes file contents
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95810120719608&w=2
Reference: MS:MS00-031
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-031.mspx
Reference: BID:1193
Reference: URL:http://www.securityfocus.com/bid/1193
Reference: XF:iis-ism-file-access(4448)
Reference: URL:http://xforce.iss.net/static/4448.php

Description:
The MSWordView application in IMP creates world-readable files in the /tmp directory, which allows other local users to read potentially sensitive information. Status: Entry
Reference: BUGTRAQ:20000424 Two Problems in IMP 2
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95672120116627&w=2
Reference: BID:1360
Reference: URL:http://www.securityfocus.com/bid/1360
Reference: XF:imp-tmpfile-view

Description:
IMP does not remove files properly if the MSWordView application quits, which allows local users to cause a denial of service by filling up the disk space by requesting a large number of documents and prematurely stopping the request. Status: Entry
Reference: BUGTRAQ:20000424 Two Problems in IMP 2
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95672120116627&w=2
Reference: BID:1361
Reference: URL:http://www.securityfocus.com/bid/1361
Reference: XF:imp-wordfile-dos

Description:
Buffer overflow in KDE kdesud on Linux allows local uses to gain privileges via a long DISPLAY environmental variable. Status: Entry
Reference: BUGTRAQ:20000526 KDE: /usr/bin/kdesud, gid = 0 exploit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0353.html
Reference: BID:1274
Reference: URL:http://www.securityfocus.com/bid/1274
Reference: XF:kde-display-environment-overflow

Description:
The undocumented semconfig system call in BSD freezes the state of semaphores, which allows local users to cause a denial of service of the semaphore system by using the semconfig call. Status: Entry
Reference: OPENBSD:20000526
Reference: URL:http://www.openbsd.org/errata26.html#semconfig
Reference: NETBSD:NetBSD-SA2000-004
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-004.txt.asc
Reference: FREEBSD:FreeBSD-SA-00:19
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:19.semconfig.asc
Reference: XF:bsd-semaphore-dos
Reference: BID:1270
Reference: URL:http://www.securityfocus.com/bid/1270

Description:
ftpd in NetBSD 1.4.2 does not properly parse entries in /etc/ftpchroot and does not chroot the specified users, which allows those users to access other files outside of their home directory. Status: Entry
Reference: NETBSD:NetBSD-SA2000-006
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-006.txt.asc
Reference: BID:1273
Reference: URL:http://www.securityfocus.com/bid/1273
Reference: XF:netbsd-ftpchroot-parsing
Reference: OSVDB:1366
Reference: URL:http://www.osvdb.org/1366

Description:
BeOS 5.0 allows remote attackers to cause a denial of service via fragmented TCP packets. Status: Entry
Reference: BUGTRAQ:20000517 AUX Security Advisory on Be/OS 5.0 (DoS)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0197.html
Reference: XF:beos-tcp-frag-dos
Reference: BID:1222
Reference: URL:http://www.securityfocus.com/bid/1222

Description:
Internet Explorer 4.x and 5.x allows remote attackers to execute arbitrary commands via a buffer overflow in the ActiveX parameter parsing capability, aka the "Malformed Component Attribute" vulnerability. Status: Entry
Reference: MS:MS00-033
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-033.asp
Reference: MSKB:Q261257
Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=261257
Reference: XF:ie-malformed-component-attribute
Reference: BID:1223
Reference: URL:http://www.securityfocus.com/bid/1223

Description:
Internet Explorer 4.x and 5.x does properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files via the frame, aka the "Frame Domain Verification" vulnerability. Status: Entry
Reference: MS:MS00-033
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-033.asp
Reference: MSKB:Q251108
Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=251108
Reference: MSKB:Q255676
Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=255676
Reference: BID:1224
Reference: URL:http://www.securityfocus.com/bid/1224
Reference: XF:ie-frame-domain-verification

Description:
AIX cdmount allows local users to gain root privileges via shell metacharacters. Status: Entry
Reference: ISS:20000620 Insecure call of external program in AIX cdmount
Reference: URL:http://xforce.iss.net/alerts/advise55.php
Reference: XF:aix-cdmount-insecure-call
Reference: BID:1384
Reference: URL:http://www.securityfocus.com/bid/1384

Description:
Buffer overflow in Linux splitvt 1.6.3 and earlier allows local users to gain root privileges via a long password in the screen locking function. Status: Entry
Reference: BUGTRAQ:20000614 Splitvt exploit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0125.html
Reference: DEBIAN:20000605a
Reference: BID:1346
Reference: URL:http://www.securityfocus.com/bid/1346
Reference: XF:splitvt-screen-lock-bo

Description:
man in HP-UX 10.20 and 11 allows local attackers to overwrite files via a symlink attack. Status: Entry
Reference: BUGTRAQ:20000601 HP Security vulnerability in the man command
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.SOL.4.02.10006021014400.4779-100000@nofud.nwest.attws.com
Reference: BID:1302
Reference: URL:http://www.securityfocus.com/bid/1302
Reference: XF:hp-man-file-overwrite

Description:
Selena Sol WebBanner 4.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack. Status: Entry
Reference: BUGTRAQ:20000613 CGI: Selena Sol's WebBanner ( Random Banner Generator ) Vulnerability
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-06-22&msg=ILENKALMCAFBLHBGEOFKGEJCCAAA.jwesterink@jwesterink.daxis.nl
Reference: BUGTRAQ:20000620 Re: CGI: Selena Sol's WebBanner ( Random Banner Generator ) Vulnerability
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=4.2.0.58.20000620193604.00979950@mail.clark.net
Reference: BID:1347
Reference: URL:http://www.securityfocus.com/bid/1347
Reference: XF:webbanner-input-validation-exe

Description:
Allegro RomPager HTTP server allows remote attackers to cause a denial of service via a malformed authentication request. Status: Entry
Reference: BUGTRAQ:20000601 Hardware Exploit - Gets network Down
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0398.html
Reference: BID:1290
Reference: URL:http://www.securityfocus.com/bid/1290
Reference: XF:rompager-malformed-dos
Reference: URL:http://xforce.iss.net/static/4588.php

Description:
Buffer overflow in ufsrestore in Solaris 8 and earlier allows local users to gain root privileges via a long pathname. Status: Entry
Reference: BUGTRAQ:20000614 Vulnerability in Solaris ufsrestore
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0114.html
Reference: SUNBUG:4339366
Reference: SUN:00210
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/210
Reference: CERT-VN:VU#36866
Reference: URL:http://www.kb.cert.org/vuls/id/36866
Reference: BID:1348
Reference: URL:http://www.securityfocus.com/bid/1348
Reference: OSVDB:1398
Reference: URL:http://www.osvdb.org/1398
Reference: XF:sol-ufsrestore-bo
Reference: URL:http://xforce.iss.net/static/4711.php

Description:
Buffer overflow in innd 2.2.2 allows remote attackers to execute arbitrary commands via a cancel request containing a long message ID. Status: Entry
Reference: BUGTRAQ:20000106 innd 2.2.2 remote buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0003.html
Reference: CALDERA:CSSA-2000-016.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-016.0.txt
Reference: BUGTRAQ:20000707 inn update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0097.html
Reference: BUGTRAQ:20000721 [ANNOUNCE] INN 2.2.3 available
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0298.html
Reference: BUGTRAQ:20000722 MDKSA-2000:023 inn update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0330.html
Reference: BID:1316
Reference: URL:http://www.securityfocus.com/bid/1316
Reference: XF:innd-cancel-overflow
Reference: URL:http://xforce.iss.net/static/4615.php

Description:
Real Networks RealServer 7.x allows remote attackers to cause a denial of service via a malformed request for a page in the viewsource directory. Status: Entry
Reference: BUGTRAQ:20000601 Remote DoS attack in Real Networks Real Server (Strike #2) Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0410.html
Reference: BUGTRAQ:20000601 Remote DoS attack in RealServer: USSR-2000043
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0427.html
Reference: BID:1288
Reference: URL:http://www.securityfocus.com/bid/1288
Reference: XF:realserver-malformed-remote-dos
Reference: URL:http://xforce.iss.net/static/4587.php

Description:
Windows 2000 allows a local user process to access another user's desktop within the same windows station, aka the "Desktop Separation" vulnerability. Status: Entry
Reference: MS:MS00-020
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-020.asp
Reference: BID:1350
Reference: URL:http://www.securityfocus.com/bid/1350
Reference: XF:win2k-desktop-separation
Reference: URL:http://xforce.iss.net/static/4714.php

Description:
Buffer overflow in Norton Antivirus for Exchange (NavExchange) allows remote attackers to cause a denial of service via a .zip file that contains long file names. Status: Entry
Reference: BUGTRAQ:20000614 Vulnerabilities in Norton Antivirus for Exchange
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0136.html
Reference: BID:1351
Reference: URL:http://www.securityfocus.com/bid/1351
Reference: XF:antivirus-nav-zip-bo
Reference: URL:http://xforce.iss.net/static/4710.php

Description:
In some cases, Norton Antivirus for Exchange (NavExchange) enters a "fail-open" state which allows viruses to pass through the server. Status: Entry
Reference: BUGTRAQ:20000614 Vulnerabilities in Norton Antivirus for Exchange
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0136.html
Reference: BID:1351
Reference: URL:http://www.securityfocus.com/bid/1351
Reference: XF:antivirus-nav-fail-open
Reference: URL:http://xforce.iss.net/static/4709.php
Reference: OSVDB:6266
Reference: URL:http://www.osvdb.org/6266

Description:
Buffer overflow in KDE Kmail allows a remote attacker to cause a denial of service via an attachment with a long file name. Status: Entry
Reference: VULN-DEV:20000601 Kmail heap overflow
Reference: URL:http://securityfocus.com/templates/archive.pike?list=82&date=2000-06-22&msg=00060200422401.01667@lez
Reference: BID:1380
Reference: URL:http://www.securityfocus.com/bid/1380
Reference: XF:kde-kmail-attachment-dos
Reference: URL:http://xforce.iss.net/static/4993.php

Description:
Check Point Firewall-1 allows remote attackers to cause a denial of service by sending a large number of malformed fragmented IP packets. Status: Entry
Reference: BUGTRAQ:20000605 FW-1 IP Fragmentation Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0473.html
Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#IP_Fragmentation
Reference: BID:1312
Reference: URL:http://www.securityfocus.com/bid/1312
Reference: XF:fw1-packet-fragment-dos
Reference: URL:http://xforce.iss.net/static/4609.php
Reference: OSVDB:1379
Reference: URL:http://www.osvdb.org/1379

Description:
The DocumentTemplate package in Zope 2.2 and earlier allows a remote attacker to modify DTMLDocuments or DTMLMethods without authorization. Status: Entry
Reference: BUGTRAQ:20000615 [Brian@digicool.com: [Zope] Zope security alert and 2.1.7 update [*important*]]
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0144.html
Reference: CONFIRM:http://www.zope.org/Products/Zope/Hotfix_06_16_2000/security_alert
Reference: REDHAT:RHSA-2000:038
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-038.html
Reference: FREEBSD:FreeBSD-SA-00:38
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00%3A38.zope.asc
Reference: BUGTRAQ:20000728 MDKSA-2000:026 Zope update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0412.html
Reference: BUGTRAQ:2000615 Conectiva Linux Security Announcement - ZOPE
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000616103807.A3768@conectiva.com.br
Reference: BID:1354
Reference: URL:http://www.securityfocus.com/bid/1354
Reference: XF:zope-dtml-remote-modify
Reference: URL:http://xforce.iss.net/static/4716.php

Description:
Buffer overflow in Small HTTP Server allows remote attackers to cause a denial of service via a long GET request. Status: Entry
Reference: BUGTRAQ:20000616 Remote DoS Attack in Small HTTP Server ver. 1.212 Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96113651713414&w=2
Reference: NTBUGTRAQ:20000616 Remote DoS Attack in Small HTTP Server ver. 1.212 Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=96151775004229&w=2
Reference: BID:1355
Reference: URL:http://www.securityfocus.com/bid/1355
Reference: XF:small-http-get-overflow-dos
Reference: URL:http://xforce.iss.net/static/4692.php

Description:
Microsoft SQL Server allows local users to obtain database passwords via the Data Transformation Service (DTS) package Properties dialog, aka the "DTS Password" vulnerability. Status: Entry
Reference: BUGTRAQ:20000530 Fw: Steal Passwords Using SQL Server EM
Reference: URL:http://www.securityfocus.com/archive/1/62771
Reference: MS:MS00-041
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-041.asp
Reference: BID:1292
Reference: URL:http://www.securityfocus.com/bid/1292
Reference: XF:mssql-dts-reveal-passwords
Reference: URL:http://xforce.iss.net/static/4582.php

Description:
Buffer overflow in Cisco TACACS+ tac_plus server allows remote attackers to cause a denial of service via a malformed packet with a long length field. Status: Entry
Reference: BUGTRAQ:20000530 An Analysis of the TACACS+ Protocol and its Implementations
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0369.html
Reference: CONFIRM:http://archives.neohapsis.com/archives/bugtraq/2000-05/0370.html
Reference: BID:1293
Reference: URL:http://www.securityfocus.com/bid/1293
Reference: XF:tacacsplus-packet-length-dos
Reference: URL:http://xforce.iss.net/static/4985.php

Description:
Buffer overflow in ITHouse mail server 1.04 allows remote attackers to execute arbitrary commands via a long RCPT TO mail command. Status: Entry
Reference: BUGTRAQ:20000601 DST2K0007: Buffer Overrun in ITHouse Mail Server v1.04
Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q2/0148.html
Reference: BID:1285
Reference: URL:http://www.securityfocus.com/bid/1285
Reference: XF:ithouse-rcpt-overflow(4580)
Reference: URL:http://xforce.iss.net/static/4580.php

Description:
FreeBSD, NetBSD, and OpenBSD allow an attacker to cause a denial of service by creating a large number of socket pairs using the socketpair function, setting a large buffer size via setsockopt, then writing large buffers. Status: Entry
Reference: BUGTRAQ:19990826 Local DoS in FreeBSD
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.9908270039010.16315-100000@thetis.deor.org
Reference: BUGTRAQ:20000601 Local FreeBSD, Openbsd, NetBSD, DoS Vulnerability - Mac OS X affected
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NCBBKFKDOLAGKIAPMILPCEJLCEAA.labs@ussrback.com
Reference: BID:622
Reference: URL:http://www.securityfocus.com/bid/622
Reference: XF:bsd-setsockopt-dos
Reference: URL:http://xforce.iss.net/static/3298.php

Description:
Buffer overflow in the NetWin DSMTP 2.7q in the NetWin dmail package allows remote attackers to execute arbitrary commands via a long ETRN request. Status: Entry
Reference: BUGTRAQ:20000601 Netwin's Dmail package
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0407.html
Reference: CONFIRM:http://netwinsite.com/dmail/security.htm
Reference: BID:1297
Reference: URL:http://www.securityfocus.com/bid/1297
Reference: XF:dmail-etrn-dos
Reference: URL:http://xforce.iss.net/static/4579.php

Description:
Buffer overflow in Simple Network Time Sync (SMTS) daemon allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long string. Status: Entry
Reference: VULN-DEV:20000601 Vulnerability in SNTS
Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2000-q2/0843.html
Reference: BID:1289
Reference: URL:http://www.securityfocus.com/bid/1289
Reference: XF:timesync-bo-execute
Reference: URL:http://xforce.iss.net/static/4602.php

Description:
Veritas Volume Manager creates a world writable .server_pids file, which allows local users to add arbitrary commands into the file, which is then executed by the vmsa_server script. Status: Entry
Reference: BUGTRAQ:20000616 Veritas Volume Manager 3.0.x hole
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0151.html
Reference: CONFIRM:http://seer.support.veritas.com/tnotes/volumeman/230053.htm
Reference: BID:1356
Reference: URL:http://www.securityfocus.com/bid/1356
Reference: XF:veritas-volume-manager

Description:
Microsoft Windows Media Encoder allows remote attackers to cause a denial of service via a malformed request, aka the "Malformed Windows Media Encoder Request" vulnerability. Status: Entry
Reference: MS:MS00-038
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-038.asp
Reference: BID:1282
Reference: URL:http://www.securityfocus.com/bid/1282
Reference: XF:ms-malformed-media-dos
Reference: URL:http://xforce.iss.net/static/4585.php

Description:
IBM WebSphere server 3.0.2 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case. Status: Entry
Reference: NTBUGTRAQ:20000612 IBM WebSphere JSP showcode vulnerability
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0263.html
Reference: CONFIRM:http://www-4.ibm.com/software/webservers/appserv/efix.html
Reference: BID:1328
Reference: URL:http://www.securityfocus.com/bid/1328
Reference: XF:websphere-jsp-source-read

Description:
Unify eWave ServletExec allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case. Status: Entry
Reference: NTBUGTRAQ:20000608 Potential vulnerability in Unify eWave ServletExec
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0250.html
Reference: BID:1328
Reference: URL:http://www.securityfocus.com/bid/1328
Reference: XF:ewave-servletexec-jsp-source-read(4649)
Reference: URL:http://xforce.iss.net/static/4649.php

Description:
The default configuration of BEA WebLogic 3.1.8 through 4.5.1 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case. Status: Entry
Reference: NTBUGTRAQ:20000612 BEA WebLogic JSP showcode vulnerability
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0262.htm
Reference: CONFIRM:http://developer.bea.com/alerts/security_000612.html
Reference: BID:1328
Reference: URL:http://www.securityfocus.com/bid/1328
Reference: XF:weblogic-jsp-source-read
Reference: URL:http://xforce.iss.net/static/4694.php

Description:
The default configuration of BEA WebLogic 5.1.0 allows a remote attacker to view source code of programs by requesting a URL beginning with /file/, which causes the default servlet to display the file without further processing. Status: Entry
Reference: CONFIRM:http://www.weblogic.com/docs51/admindocs/http.html#file
Reference: BUGTRAQ:20000621 BEA WebLogic /file/ showcode vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96161462915381&w=2
Reference: BID:1378
Reference: URL:http://www.securityfocus.com/bid/1378
Reference: XF:weblogic-file-source-read
Reference: URL:http://xforce.iss.net/static/4775.php

Description:
Race condition in MDaemon 2.8.5.0 POP server allows local users to cause a denial of service by entering a UIDL command and quickly exiting the server. Status: Entry
Reference: NTBUGTRAQ:20000616 mdaemon 2.8.5.0 WinNT and Win9x remote DoS
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0277.html
Reference: BID:1366
Reference: URL:http://www.securityfocus.com/bid/1366
Reference: XF:mdaemon-pass-dos
Reference: URL:http://xforce.iss.net/static/4745.php

Description:
Mcafee VirusScan 4.03 does not properly restrict access to the alert text file before it is sent to the Central Alert Server, which allows local users to modify alerts in an arbitrary fashion. Status: Entry
Reference: BUGTRAQ:20000607 Mcafee Alerting DOS vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0038.html
Reference: BID:1326
Reference: URL:http://www.securityfocus.com/bid/1326
Reference: XF:mcafee-alerting-dos(4641)
Reference: URL:http://xforce.iss.net/static/4641.php
Reference: OSVDB:6287
Reference: URL:http://www.osvdb.org/6287

Description:
libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro. Status: Entry
Reference: BUGTRAQ:20000619 XFree86: libICE DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0170.html
Reference: CONFIRM:http://www.xfree86.org/security/
Reference: BID:1369
Reference: URL:http://www.securityfocus.com/bid/1369
Reference: XF:linux-libice-dos

Description:
The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters. Status: Entry
Reference: BUGTRAQ:20000603 Re: IBM HTTP SERVER / APACHE
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.BSF.4.20.0006031912360.45740-100000@alive.znep.com
Reference: BID:1284
Reference: URL:http://www.securityfocus.com/bid/1284
Reference: XF:ibm-http-file-retrieve
Reference: URL:http://xforce.iss.net/static/4575.php

Description:
The "capabilities" feature in Linux before 2.2.16 allows local users to cause a denial of service or gain privileges by setting the capabilities to prevent a setuid program from dropping privileges, aka the "Linux kernel setuid/setcap vulnerability." Status: Entry
Reference: BUGTRAQ:20000609 Sendmail & procmail local root exploits on Linux kernel up to 2.2.16pre5
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.21.0006090852340.3475-300000@alfa.elzabsoft.pl
Reference: REDHAT:RHSA-2000:037
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-037.html
Reference: TURBO:TLSA2000013-1
Reference: SGI:20000802-01-P
Reference: URL:ftp://sgigate.sgi.com/security/20000802-01-P
Reference: BUGTRAQ:20000609 Trustix Security Advisory
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0062.html
Reference: BUGTRAQ:20000608 CONECTIVA LINUX SECURITY ANNOUNCEMENT - kernel
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0063.html
Reference: BID:1322
Reference: URL:http://www.securityfocus.com/bid/1322
Reference: XF:linux-kernel-capabilities

Description:
Imate Webmail Server 2.5 allows remote attackers to cause a denial of service via a long HELO command. Status: Entry
Reference: BUGTRAQ:20000601 DST2K0006: Denial of Service Possibility in Imate WebMail Server
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95990195708509&w=2
Reference: BID:1286
Reference: URL:http://www.securityfocus.com/bid/1286
Reference: XF:nt-webmail-dos
Reference: URL:http://xforce.iss.net/static/4586.php

Description:
rpc.lockd in Red Hat Linux 6.1 and 6.2 allows remote attackers to cause a denial of service via a malformed request. Status: Entry
Reference: BUGTRAQ:20000608 Remote DOS in linux rpc.lockd
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0073.html
Reference: BID:1372
Reference: URL:http://www.securityfocus.com/bid/1372
Reference: XF:linux-lockd-remote-dos
Reference: URL:http://xforce.iss.net/static/5050.php

Description:
CUPS (Common Unix Printing System) 1.04 and earlier allows remote attackers to cause a denial of service via a malformed IPP request. Status: Entry
Reference: BUGTRAQ:20000620 CUPS DoS Bugs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0188.html
Reference: CONFIRM:ftp://ftp.easysw.com/pub/cups/1.0.5/cups-DoS.patch
Reference: BID:1373
Reference: URL:http://www.securityfocus.com/bid/1373
Reference: XF:debian-cups-malformed-ipp
Reference: URL:http://xforce.iss.net/static/4846.php

Description:
CUPS (Common Unix Printing System) 1.04 and earlier allows remote attackers to cause a denial of service via a CGI POST request. Status: Entry
Reference: BUGTRAQ:20000620 CUPS DoS Bugs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0188.html
Reference: CONFIRM:ftp://ftp.easysw.com/pub/cups/1.0.5/cups-DoS.patch
Reference: BID:1373
Reference: URL:http://www.securityfocus.com/bid/1373
Reference: XF:debian-cups-posts
Reference: URL:http://xforce.iss.net/static/4846.php

Description:
CUPS (Common Unix Printing System) 1.04 and earlier does not properly delete request files, which allows a remote attacker to cause a denial of service. Status: Entry
Reference: BUGTRAQ:20000620 CUPS DoS Bugs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0188.html
Reference: CONFIRM:ftp://ftp.easysw.com/pub/cups/1.0.5/cups-DoS.patch
Reference: BID:1373
Reference: URL:http://www.securityfocus.com/bid/1373
Reference: XF:debian-cups-posts
Reference: URL:http://xforce.iss.net/static/4846.php

Description:
CUPS (Common Unix Printing System) 1.04 and earlier allows remote attackers to cause a denial of service by authenticating with a user name that does not exist or does not have a shadow password. Status: Entry
Reference: BUGTRAQ:20000620 CUPS DoS Bugs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0188.html
Reference: CONFIRM:ftp://ftp.easysw.com/pub/cups/1.0.5/cups-DoS.patch
Reference: BID:1373
Reference: URL:http://www.securityfocus.com/bid/1373
Reference: XF:debian-cups-posts
Reference: URL:http://xforce.iss.net/static/4846.php

Description:
GSSFTP FTP daemon in Kerberos 5 1.1.x does not properly restrict access to some FTP commands, which allows remote attackers to cause a denial of service, and local users to gain root privileges. Status: Entry
Reference: BUGTRAQ:20000614 Security Advisory: REMOTE ROOT VULNERABILITY IN GSSFTP DAEMON
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=ldvsnufao18.fsf@saint-elmos-fire.mit.edu
Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/ftp.txt
Reference: BID:1374
Reference: URL:http://www.securityfocus.com/bid/1374
Reference: XF:kerberos-gssftpd-dos
Reference: URL:http://xforce.iss.net/static/4734.php
Reference: OSVDB:4885
Reference: URL:http://www.osvdb.org/4885

Description:
The snmpd.conf configuration file for the SNMP daemon (snmpd) in HP-UX 11.0 is world writable, which allows local users to modify SNMP configuration or gain privileges. Status: Entry
Reference: BUGTRAQ:20000607 [ Hackerslab bug_paper ] HP-UX SNMP daemon vulnerability
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200006070511.OAA05492@dogfoot.hackerslab.org
Reference: BUGTRAQ:20000608 Re: HP-UX SNMP daemon vulnerability
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200006090640.XAA00779@hpchs.cup.hp.com
Reference: BID:1327
Reference: URL:http://www.securityfocus.com/bid/1327
Reference: XF:hpux-snmp-daemon
Reference: URL:http://xforce.iss.net/static/4643.php

Description:
When configured to store configuration information in an LDAP directory, Shiva Access Manager 5.0.0 stores the root DN (Distinguished Name) name and password in cleartext in a file that is world readable, which allows local users to compromise the LDAP server. Status: Entry
Reference: BUGTRAQ:20000606 Shiva Access Manager 5.0.0 Plaintext LDAP root password.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0008.html
Reference: BID:1329
Reference: URL:http://www.securityfocus.com/bid/1329
Reference: XF:shiva-plaintext-ldap-password
Reference: URL:http://xforce.iss.net/static/4612.php

Description:
Netscape 4.73 and earlier does not properly warn users about a potentially invalid certificate if the user has previously accepted the certificate for a different web site, which could allow remote attackers to spoof a legitimate web site by compromising that site's DNS information. Status: Entry
Reference: CERT:CA-2000-08
Reference: URL:http://www.cert.org/advisories/CA-2000-08.html
Reference: BID:1260
Reference: URL:http://www.securityfocus.com/bid/1260
Reference: XF:netscape-ssl-certificate
Reference: URL:http://xforce.iss.net/static/4550.php

Description:
Internet Explorer 4.x and 5.x does not properly verify all contents of an SSL certificate if a connection is made to the server via an image or a frame, aka one of two different "SSL Certificate Validation" vulnerabilities. Status: Entry
Reference: MISC:http://www.acrossecurity.com/aspr/ASPR-1999-12-15-1-PUB.txt
Reference: MS:MS00-039
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-039.asp
Reference: CERT:CA-2000-10
Reference: URL:http://www.cert.org/advisories/CA-2000-10.html
Reference: BID:1309
Reference: URL:http://www.securityfocus.com/bid/1309
Reference: XF:ie-invalid-frame-image-certificate
Reference: URL:http://xforce.iss.net/static/4624.php

Description:
Internet Explorer 4.x and 5.x does not properly re-validate an SSL certificate if the user establishes a new SSL session with the same server during the same Internet Explorer session, aka one of two different "SSL Certificate Validation" vulnerabilities. Status: Entry
Reference: MISC:http://www.acrossecurity.com/aspr/ASPR-1999-12-15-1-PUB.txt
Reference: MS:MS00-039
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-039.asp
Reference: CERT:CA-2000-10
Reference: URL:http://www.cert.org/advisories/CA-2000-10.html
Reference: BID:1309
Reference: URL:http://www.securityfocus.com/bid/1309
Reference: XF:ie-revalidate-certificate
Reference: URL:http://xforce.iss.net/static/4627.php

Description:
Savant web server allows remote attackers to read source code of CGI scripts via a GET request that does not include the HTTP version number. Status: Entry
Reference: BUGTRAQ:20000605 MDMA Advisory #5: Reading of CGI Scripts under Savant Webserver
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0469.html
Reference: BID:1313
Reference: URL:http://www.securityfocus.com/bid/1313
Reference: XF:savant-source-read
Reference: URL:http://xforce.iss.net/static/4616.php

Description:
RSA ACE/Server allows remote attackers to cause a denial of service by flooding the server's authentication request port with UDP packets, which causes the server to crash. Status: Entry
Reference: BUGTRAQ:20000608 Potential DoS Attack on RSA's ACE/Server
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=011a01bfd14c$3c206960$050010ac@xtranet.co.uk
Reference: CONFIRM:ftp://ftp.securid.com/support/outgoing/dos/readme.txt
Reference: BUGTRAQ:20000714 Re: RSA Aceserver UDP Flood Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0197.html
Reference: BID:1332
Reference: URL:http://www.securityfocus.com/bid/1332
Reference: XF:aceserver-udp-packet-dos
Reference: URL:http://xforce.iss.net/static/5053.php

Description:
Buffer overflow in the logging feature of EServ 2.9.2 and earlier allows an attacker to execute arbitrary commands via a long MKD command. Status: Entry
Reference: BUGTRAQ:20000606 MDMA Advisory #6: EServ Logging Heap Overflow Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0009.html
Reference: BID:1315
Reference: URL:http://www.securityfocus.com/bid/1315
Reference: XF:eserv-logging-overflow
Reference: URL:http://xforce.iss.net/static/4614.php

Description:
OpenSSH does not properly drop privileges when the UseLogin option is enabled, which allows local users to execute arbitrary commands by providing the command to the ssh daemon. Status: Entry
Reference: BUGTRAQ:20000609 OpenSSH's UseLogin option allows remote access with root privilege.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0065.html
Reference: OPENBSD:20000606 The non-default UseLogin feature in /etc/sshd_config is broken and should not be used.
Reference: URL:http://www.openbsd.org/errata.html#uselogin
Reference: BID:1334
Reference: URL:http://www.securityfocus.com/bid/1334
Reference: XF:openssh-uselogin-remote-exec
Reference: URL:http://xforce.iss.net/static/4646.php
Reference: OSVDB:341
Reference: URL:http://www.osvdb.org/341

Description:
Net Tools PKI Server does not properly restrict access to remote attackers when the XUDA template files do not contain absolute pathnames for other files. Status: Entry
Reference: BUGTRAQ:20000619 Net Tools PKI server exploits
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0166.html
Reference: CONFIRM:ftp://ftp.tis.com/gauntlet/hide/pki/hotfix.txt
Reference: BID:1364
Reference: URL:http://www.securityfocus.com/bid/1364
Reference: XF:nettools-pki-unauthenticated-access
Reference: URL:http://xforce.iss.net/static/4743.php
Reference: OSVDB:4353
Reference: URL:http://www.osvdb.org/4353

Description:
Net Tools PKI Server allows remote attackers to cause a denial of service via a long HTTP request. Status: Entry
Reference: BUGTRAQ:20000619 Net Tools PKI server exploits
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0166.html
Reference: CONFIRM:ftp://ftp.tis.com/gauntlet/hide/pki/hotfix.txt
Reference: BID:1363
Reference: URL:http://www.securityfocus.com/bid/1363
Reference: XF:nettools-pki-http-bo
Reference: URL:http://xforce.iss.net/static/4744.php
Reference: OSVDB:4352
Reference: URL:http://www.osvdb.org/4352

Description:
The KApplication class in the KDE 1.1.2 configuration file management capability allows local users to overwrite arbitrary files. Status: Entry
Reference: BUGTRAQ:20000531 KDE::KApplication feature?
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0387.html
Reference: CALDERA:CSSA-2000-015.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-015.0.txt
Reference: REDHAT:RHSA-2000:032
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-032.html
Reference: BID:1291
Reference: URL:http://www.securityfocus.com/bid/1291
Reference: XF:kde-configuration-file-creation
Reference: URL:http://xforce.iss.net/static/4583.php

Description:
A FreeBSD patch for SSH on 2000-01-14 configures ssh to listen on port 722 as well as port 22, which might allow remote attackers to access SSH through port 722 even if port 22 is otherwise filtered. Status: Entry
Reference: FREEBSD:FreeBSD-SA-00:21
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-06/0031.html
Reference: BID:1323
Reference: URL:http://www.securityfocus.com/bid/1323
Reference: XF:freebsd-ssh-ports
Reference: URL:http://xforce.iss.net/static/4638.php
Reference: OSVDB:1387
Reference: URL:http://www.osvdb.org/1387

Description:
Vulnerability in cvconnect in SGI IRIX WorkShop allows local users to overwrite arbitrary files. Status: Entry
Reference: SGI:20000601-01-P
Reference: URL:ftp://sgigate.sgi.com/security/20000601-01-P
Reference: BID:1379
Reference: URL:http://www.securityfocus.com/bid/1379
Reference: XF:irix-workshop-cvconnect-overwrite
Reference: URL:http://xforce.iss.net/static/4725.php

Description:
The apsfilter software in the FreeBSD ports package does not properly read user filter configurations, which allows local users to execute commands as the lpd user. Status: Entry
Reference: FREEBSD:FreeBSD-SA-00:22
Reference: BID:1325
Reference: URL:http://www.securityfocus.com/bid/1325
Reference: XF:apsfilter-elevate-privileges
Reference: URL:http://xforce.iss.net/static/4617.php
Reference: OSVDB:1389
Reference: URL:http://www.osvdb.org/1389

Description:
xinetd 2.1.8.x does not properly restrict connections if hostnames are used for access control and the connecting host does not have a reverse DNS entry. Status: Entry
Reference: CONFIRM:http://www.synack.net/xinetd/
Reference: DEBIAN:20000619 xinetd: bug in access control mechanism
Reference: URL:http://www.debian.org/security/2000/20000619
Reference: BID:1381
Reference: URL:http://www.securityfocus.com/bid/1381
Reference: XF:xinetd-improper-restrictions
Reference: URL:http://xforce.iss.net/static/4986.php

Description:
BRU backup software allows local users to append data to arbitrary files by specifying an alternate configuration file with the BRUEXECLOG environmental variable. Status: Entry
Reference: BUGTRAQ:20000606 BRU Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0013.html
Reference: CALDERA:CSSA-2000-018.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-018.0.txt
Reference: BID:1321
Reference: URL:http://www.securityfocus.com/bid/1321
Reference: XF:bru-execlog-env-variable
Reference: URL:http://xforce.iss.net/static/4644.php

Description:
ColdFusion Administrator for ColdFusion 4.5.1 and earlier allows remote attackers to cause a denial of service via a long login password. Status: Entry
Reference: BUGTRAQ:20000607 New Allaire ColdFusion DoS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96045469627806&w=2
Reference: ALLAIRE:ASB00-14
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=16122&Method=Full
Reference: BID:1314
Reference: URL:http://www.securityfocus.com/bid/1314
Reference: XF:coldfusion-parse-dos
Reference: URL:http://xforce.iss.net/static/4611.php
Reference: OSVDB:3399
Reference: URL:http://www.osvdb.org/3399

Description:
Servlet examples in Allaire JRun 2.3.x allow remote attackers to obtain sensitive information, e.g. listing HttpSession ID's via the SessionServlet servlet. Status: Entry
Reference: ALLAIRE:ASB00-015
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=16290&Method=Full
Reference: BID:1386
Reference: URL:http://www.securityfocus.com/bid/1386
Reference: XF:jrun-read-sample-files
Reference: URL:http://xforce.iss.net/static/4774.php
Reference: OSVDB:818
Reference: URL:http://www.osvdb.org/818

Description:
JSP sample files in Allaire JRun 2.3.x allow remote attackers to access arbitrary files (e.g. via viewsource.jsp) or obtain configuration information. Status: Entry
Reference: ALLAIRE:ASB00-015
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=16290&Method=Full
Reference: BID:1386
Reference: URL:http://www.securityfocus.com/bid/1386
Reference: XF:jrun-read-sample-files
Reference: URL:http://xforce.iss.net/static/4774.php
Reference: OSVDB:2713
Reference: URL:http://www.osvdb.org/2713

Description:
The Panda Antivirus console on port 2001 allows local users to execute arbitrary commands without authentication via the CMD command. Status: Entry
Reference: BUGTRAQ:20000617 Infosec.20000617.panda.a
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0164.html
Reference: XF:panda-antivirus-remote-admin(4707)
Reference: URL:http://xforce.iss.net/xforce/xfdb/4707
Reference: BID:1359
Reference: URL:http://www.securityfocus.com/bid/1359

Description:
Tigris remote access server before 11.5.4.22 does not properly record Radius accounting information when a user fails the initial login authentication but subsequently succeeds. Status: Entry
Reference: BUGTRAQ:20000612 ACC/Ericsson Tigris Accounting Failure
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0104.html
Reference: BID:1345
Reference: URL:http://www.securityfocus.com/bid/1345
Reference: XF:tigris-radius-login-failure
Reference: URL:http://xforce.iss.net/static/4705.php

Description:
Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the e_msg variable in the kerb_err_reply function. Status: Entry
Reference: BUGTRAQ:20000609 Security Advisory: MULTIPLE DENIAL OF SERVICE VULNERABILITIES IN KRB4 KDC
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html
Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt
Reference: REDHAT:RHSA-2000:031
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-031.html
Reference: CERT:CA-2000-11
Reference: URL:http://www.cert.org/advisories/CA-2000-11.html
Reference: CIAC:K-051
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/k-051.shtml
Reference: XF:kerberos-emsg-bo
Reference: OSVDB:4875
Reference: URL:http://www.osvdb.org/4875

Description:
Kerberos 4 KDC program does not properly check for null termination of AUTH_MSG_KDC_REQUEST requests, which allows remote attackers to cause a denial of service via a malformed request. Status: Entry
Reference: BUGTRAQ:20000609 Security Advisory: MULTIPLE DENIAL OF SERVICE VULNERABILITIES IN KRB4 KDC
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html
Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt
Reference: REDHAT:RHSA-2000:031
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-031.html
Reference: CERT:CA-2000-11
Reference: URL:http://www.cert.org/advisories/CA-2000-11.html
Reference: CIAC:K-051
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/k-051.shtml

Description:
Kerberos 4 KDC program improperly frees memory twice (aka "double-free"), which allows remote attackers to cause a denial of service. Status: Entry
Reference: BUGTRAQ:20000609 Security Advisory: MULTIPLE DENIAL OF SERVICE VULNERABILITIES IN KRB4 KDC
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html
Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt
Reference: REDHAT:RHSA-2000:031
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-031.html
Reference: CERT:CA-2000-11
Reference: URL:http://www.cert.org/advisories/CA-2000-11.html
Reference: CIAC:K-051
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/k-051.shtml
Reference: XF:kerberos-free-memory
Reference: BID:1465
Reference: URL:http://www.securityfocus.com/bid/1465

Description:
The file transfer mechanism in Danware NetOp 6.0 does not provide authentication, which allows remote attackers to access and modify arbitrary files. Status: Entry
Reference: BUGTRAQ:20000523 I think
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0339.html
Reference: BID:1263
Reference: URL:http://www.securityfocus.com/bid/1263
Reference: XF:danware-netop-bypass-security(4569)
Reference: URL:http://xforce.iss.net/static/4569.php

Description:
ICQwebmail client for ICQ 2000A creates a world readable temporary file during login and does not delete it, which allows local users to obtain sensitive information. Status: Entry
Reference: NTBUGTRAQ:20000606 ICQ2000A ICQmail temparary internet link vulnearbility
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0237.html
Reference: BID:1307
Reference: URL:http://www.securityfocus.com/bid/1307
Reference: XF:icq-temp-link
Reference: URL:http://xforce.iss.net/static/4607.php

Description:
Race condition in IPFilter firewall 3.4.3 and earlier, when configured with overlapping "return-rst" and "keep state" rules, allows remote attackers to bypass access restrictions. Status: Entry
Reference: BUGTRAQ:20000525 Security Vulnerability in IPFilter 3.3.15 and 3.4.3
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0326.html
Reference: BID:1308
Reference: URL:http://www.securityfocus.com/bid/1308
Reference: XF:ipfilter-firewall-race-condition
Reference: URL:http://xforce.iss.net/static/4994.php
Reference: OSVDB:1377
Reference: URL:http://www.osvdb.org/1377

Description:
Ceilidh allows remote attackers to cause a denial of service via a large number of POST requests. Status: Entry
Reference: NTBUGTRAQ:20000608 DST2K0010: DoS & Path Revealing Vulnerability in Ceilidh v2.60a
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0246.html
Reference: BID:1320
Reference: URL:http://www.securityfocus.com/bid/1320
Reference: XF:ceilidh-post-dos
Reference: URL:http://xforce.iss.net/static/4622.php

Description:
Buffer overflow in the web interface for Cmail 2.4.7 allows remote attackers to cause a denial of service by sending a large user name to the user dialog running on port 8002. Status: Entry
Reference: NTBUGTRAQ:20000608 DST2K0011: DoS & BufferOverrun in CMail v2.4.7 WebMail
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0248.html
Reference: CONFIRM:http://www.computalynx.net/news/Jun2000/news0806200001.html
Reference: BID:1319
Reference: URL:http://www.securityfocus.com/bid/1319
Reference: XF:cmail-long-username-dos
Reference: URL:http://xforce.iss.net/static/4625.php

Description:
Buffer overflow in the web interface for Cmail 2.4.7 allows remote attackers to execute arbitrary commands via a long GET request. Status: Entry
Reference: NTBUGTRAQ:20000608 DST2K0011: DoS & BufferOverrun in CMail v2.4.7 WebMail
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0248.html
Reference: BID:1318
Reference: URL:http://www.securityfocus.com/bid/1318
Reference: XF:cmail-get-overflow-execute
Reference: URL:http://xforce.iss.net/static/4626.php