CVE (version 20061101)

Description:
Buffer overflow in NFS mountd gives root access to remote attackers, mostly in Linux systems. Status: Entry
Reference: SGI:19981006-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19981006-01-I
Reference: CERT:CA-98.12.mountd
Reference: CIAC:J-006
Reference: URL:http://www.ciac.org/ciac/bulletins/j-006.shtml
Reference: BID:121
Reference: URL:http://www.securityfocus.com/bid/121
Reference: XF:linux-mountd-bo

Description:
Execute commands as root via buffer overflow in Tooltalk database server (rpc.ttdbserverd). Status: Entry
Reference: NAI:NAI-29
Reference: CERT:CA-98.11.tooltalk
Reference: SGI:19981101-01-A
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19981101-01-A
Reference: SGI:19981101-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19981101-01-PX
Reference: XF:aix-ttdbserver
Reference: XF:tooltalk
Reference: BID:122
Reference: URL:http://www.securityfocus.com/bid/122

Description:
Arbitrary command execution via IMAP buffer overflow in authenticate command. Status: Entry
Reference: CERT:CA-98.09.imapd
Reference: SUN:00177
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/177
Reference: BID:130
Reference: URL:http://www.securityfocus.com/bid/130
Reference: XF:imap-authenticate-bo

Description:
Buffer overflow in POP servers based on BSD/Qualcomm's qpopper allows remote attackers to gain root access using a long PASS command. Status: Entry
Reference: CERT:CA-98.08.qpopper_vul
Reference: SGI:19980801-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980801-01-I
Reference: AUSCERT:AA-98.01
Reference: XF:qpopper-pass-overflow
Reference: BID:133
Reference: URL:http://www.securityfocus.com/bid/133

Description:
Information from SSL-encrypted sessions via PKCS #1. Status: Entry
Reference: CERT:CA-98.07.PKCS
Reference: MS:MS98-002
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms98-002.mspx
Reference: XF:nt-ssl-fix

Description:
Buffer overflow in NIS+, in Sun's rpc.nisd program. Status: Entry
Reference: CERT:CA-98.06.nisd
Reference: SUN:00170
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/170
Reference: ISS:June10,1998
Reference: XF:nisd-bo-check

Description:
Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases. Status: Entry
Reference: SGI:19980603-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980603-01-PX
Reference: HP:HPSBUX9808-083
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9808-083
Reference: SUN:00180
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/180
Reference: CERT:CA-98.05.bind_problems
Reference: XF:bind-bo
Reference: BID:134
Reference: URL:http://www.securityfocus.com/bid/134

Description:
Denial of Service vulnerability in BIND 8 Releases via maliciously formatted DNS messages. Status: Entry
Reference: CERT:CA-98.05.bind_problems
Reference: SGI:19980603-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980603-01-PX
Reference: HP:HPSBUX9808-083
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9808-083
Reference: XF:bind-dos

Description:
Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases via CNAME record and zone transfer. Status: Entry
Reference: CERT:CA-98.05.bind_problems
Reference: SGI:19980603-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980603-01-PX
Reference: HP:HPSBUX9808-083
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9808-083
Reference: SUN:00180
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/180
Reference: XF:bind-axfr-dos

Description:
Some web servers under Microsoft Windows allow remote attackers to bypass access restrictions for files with long file names. Status: Entry
Reference: CERT:CA-98.04.Win32.WebServers
Reference: XF:nt-web8.3

Description:
Stolen credentials from SSH clients via ssh-agent program, allowing other local users to access remote accounts belonging to the ssh-agent user. Status: Entry
Reference: CERT:CA-98.03.ssh-agent
Reference: NAI:NAI-24
Reference: XF:ssh-agent

Description:
Unauthorized privileged access or denial of service via dtappgather program in CDE. Status: Entry
Reference: HP:HPSBUX9801-075
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9801-075
Reference: SUN:00185
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/185
Reference: CERT:CA-98.02.CDE

Description:
Land IP denial of service. Status: Entry
Reference: CERT:CA-97.28.Teardrop_Land
Reference: FREEBSD:FreeBSD-SA-98:01
Reference: HP:HPSBUX9801-076
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9801-076
Reference: CISCO:http://www.cisco.com/warp/public/770/land-pub.shtml
Reference: XF:cisco-land
Reference: XF:land
Reference: XF:95-verv-tcp
Reference: XF:land-patch
Reference: XF:ver-tcpip-sys

Description:
FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce. Status: Entry
Reference: CERT:CA-97.27.FTP_bounce
Reference: XF:ftp-bounce
Reference: XF:ftp-privileged-port

Description:
Buffer overflow in statd allows root privileges. Status: Entry
Reference: CERT:CA-97.26.statd
Reference: AUSCERT:AA-97.29
Reference: XF:statd
Reference: BID:127
Reference: URL:http://www.securityfocus.com/bid/127

Description:
Delete or create a file via rpc.statd, due to invalid information. Status: Entry
Reference: CERT:CA-96.09.rpc.statd
Reference: XF:rpc-stat
Reference: SUN:00135
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/135

Description:
Arbitrary command execution via buffer overflow in Count.cgi (wwwcount) cgi-bin program. Status: Entry
Reference: BUGTRAQ:19971010 Security flaw in Count.cgi (wwwcount)
Reference: CERT:CA-97.24.Count_cgi
Reference: XF:http-cgi-count
Reference: BID:128
Reference: URL:http://www.securityfocus.com/bid/128

Description:
Local user gains root privileges via buffer overflow in rdist, via expstr() function. Status: Entry
Reference: CERT:CA-97.23.rdist
Reference: SUN:00179
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/179
Reference: XF:rdist-bo3
Reference: XF:rdist-sept97

Description:
Local user gains root privileges via buffer overflow in rdist, via lookup() function. Status: Entry
Reference: CERT:CA-96.14.rdist_vul
Reference: XF:rdist-bo
Reference: XF:rdist-bo2

Description:
DNS cache poisoning via BIND, by predictable query IDs. Status: Entry
Reference: CERT:CA-97.22.bind
Reference: XF:bind
Reference: NAI:NAI-11

Description:
root privileges via buffer overflow in df command on SGI IRIX systems. Status: Entry
Reference: CERT:CA-1997-21
Reference: URL:http://www.cert.org/advisories/CA-1997-21.html
Reference: AUSCERT:AA-97.19.IRIX.df.buffer.overflow.vul
Reference: SGI:SGI:19970505-01-A
Reference: SGI:SGI:19970505-02-PX
Reference: CERT-VN:VU#20851
Reference: URL:http://www.kb.cert.org/vuls/id/20851
Reference: BID:346
Reference: URL:http://www.securityfocus.com/bid/346
Reference: XF:df-bo(440)
Reference: URL:http://xforce.iss.net/xforce/xfdb/440

Description:
root privileges via buffer overflow in pset command on SGI IRIX systems. Status: Entry
Reference: CERT:CA-97.21.sgi_buffer_overflow
Reference: AUSCERT:AA-97.20.IRIX.pset.buffer.overflow.vul
Reference: XF:pset-bo

Description:
root privileges via buffer overflow in eject command on SGI IRIX systems. Status: Entry
Reference: CERT:CA-97.21.sgi_buffer_overflow
Reference: AUSCERT:AA-97.21.IRIX.eject.buffer.overflow.vul
Reference: XF:eject-bo

Description:
root privileges via buffer overflow in login/scheme command on SGI IRIX systems. Status: Entry
Reference: CERT:CA-97.21.sgi_buffer_overflow
Reference: AUSCERT:AA-97.22.IRIX.login.scheme.buffer.overflow.vul
Reference: XF:sgi-schemebo

Description:
root privileges via buffer overflow in ordist command on SGI IRIX systems. Status: Entry
Reference: CERT:CA-97.21.sgi_buffer_overflow
Reference: AUSCERT:AA-97.23-IRIX.ordist.buffer.overflow.vul
Reference: XF:ordist-bo

Description:
JavaScript in Internet Explorer 3.x and 4.x, and Netscape 2.x, 3.x and 4.x, allows remote attackers to monitor a user's web activities, aka the Bell Labs vulnerability. Status: Entry
Reference: CERT:CA-97.20.javascript
Reference: HP:HPSBUX9707-065
Reference: URL:http://www.codetalker.com/advisories/vendor/hp/hpsbux9707-065.html

Description:
Buffer overflow in lpr, as used in BSD-based systems including Linux, allows local users to execute arbitrary code as root via a long -C (classification) command line option. Status: Entry
Reference: BUGTRAQ:19960813 Possible bufferoverflow condition in lpr, xterm and xload
Reference: BUGTRAQ:19961025 Linux & BSD's lpr exploit
Reference: MLIST:[freebsd-security] 19961025 Vadim Kolontsov: BoS: Linux & BSD's lpr exploit
Reference: MLIST:[linux-security] 19961122 LSF Update#14: Vulnerability of the lpr program.
Reference: CERT:CA-97.19.bsdlp
Reference: AUSCERT:AA-96.12
Reference: CIAC:H-08
Reference: CIAC:I-042
Reference: URL:http://www.ciac.org/ciac/bulletins/i-042.shtml
Reference: SGI:19980402-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980402-01-PX
Reference: BID:707
Reference: URL:http://www.securityfocus.com/bid/707
Reference: XF:bsd-lprbo2
Reference: XF:bsd-lprbo
Reference: XF:lpr-bo

Description:
Buffer overflow in suidperl (sperl), Perl 4.x and 5.x. Status: Entry
Reference: CERT:CA-97.17.sperl
Reference: XF:perl-suid

Description:
Race condition in signal handling routine in ftpd, allowing read/write arbitrary files. Status: Entry
Reference: XF:ftp-ftpd
Reference: CERT:CA-97.16.ftpd
Reference: AUSCERT:AA-97.03

Description:
IRIX login program with a nonzero LOCKOUT parameter allows creation or damage to files. Status: Entry
Reference: CERT:CA-97.15.sgi_login
Reference: AUSCERT:AA-97.12
Reference: CIAC:H-106
Reference: URL:http://www.ciac.org/ciac/bulletins/h-106.shtml
Reference: SGI:19970508-02-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19970508-02-PX
Reference: OSVDB:990
Reference: URL:http://www.osvdb.org/990
Reference: XF:sgi-lockout(557)
Reference: URL:http://xforce.iss.net/xforce/xfdb/557

Description:
Arbitrary command execution via metamail package using message headers, when user processes attacker's message using metamail. Status: Entry
Reference: CERT:CA-97.14.metamail
Reference: XF:metamail-header-commands

Description:
Buffer overflow in xlock program allows local users to execute commands as root. Status: Entry
Reference: CERT:CA-97.13.xlock
Reference: XF:xlock-bo

Description:
webdist CGI program (webdist.cgi) in SGI IRIX allows remote attackers to execute arbitrary commands via shell metacharacters in the distloc parameter. Status: Entry
Reference: BUGTRAQ:19970507 Re: SGI Security Advisory 19970501-01-A - Vulnerability in
Reference: BUGTRAQ:19970507 Re: SGI Advisory: webdist.cgi
Reference: CERT:CA-1997-12
Reference: URL:http://www.cert.org/advisories/CA-1997-12.html
Reference: AUSCERT:AA-97.14
Reference: SGI:19970501-02-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19970501-02-PX
Reference: BID:374
Reference: URL:http://www.securityfocus.com/bid/374
Reference: OSVDB:235
Reference: URL:http://www.osvdb.org/235
Reference: XF:http-sgi-webdist(333)
Reference: URL:http://xforce.iss.net/xforce/xfdb/333

Description:
Buffer overflow in Xt library of X Windowing System allows local users to execute commands with root privileges. Status: Entry
Reference: CERT:CA-97.11.libXt
Reference: XF:libXt-bo

Description:
Buffer overflow in NLS (Natural Language Service). Status: Entry
Reference: CERT:CA-97.10.nls
Reference: XF:nls-bo

Description:
Buffer overflow in University of Washington's implementation of IMAP and POP servers. Status: Entry
Reference: NAI:NAI-21
Reference: CERT:CA-97.09.imap_pop
Reference: XF:popimap-bo

Description:
Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others. Status: Entry
Reference: CERT:CA-97.08.innd
Reference: XF:inn-controlmsg

Description:
fsdump command in IRIX allows local users to obtain root access by modifying sensitive files. Status: Entry
Reference: SGI:19970301-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19970301-01-P
Reference: XF:sgi-fsdump

Description:
List of arbitrary files on Web host via nph-test-cgi script. Status: Entry
Reference: CERT:CA-97.07.nph-test-cgi_script
Reference: XF:http-cgi-nph

Description:
Buffer overflow of rlogin program using TERM environmental variable. Status: Entry
Reference: CERT:CA-97.06.rlogin-term
Reference: XF:rlogin-termbo

Description:
MIME conversion buffer overflow in sendmail versions 8.8.3 and 8.8.4. Status: Entry
Reference: CERT:CA-97.05.sendmail
Reference: BID:685
Reference: URL:http://www.securityfocus.com/bid/685
Reference: XF:sendmail-mime-bo2

Description:
Talkd, when given corrupt DNS information, can be used to execute arbitrary commands with root privileges. Status: Entry
Reference: CERT:CA-97.04.talkd
Reference: FREEBSD:FreeBSD-SA-96:21
Reference: AUSCERT:AA-97.01
Reference: SUN:00147
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/147
Reference: XF:talkd-bo
Reference: XF:netkit-talkd

Description:
Csetup under IRIX allows arbitrary file creation or overwriting. Status: Entry
Reference: XF:sgi-csetup
Reference: CERT:CA-97.03.csetup

Description:
Buffer overflow in HP-UX newgrp program. Status: Entry
Reference: CERT:CA-97.02.hp_newgrp
Reference: AUSCERT:AA-96.16.HP-UX.newgrp.Buffer.Overrun.Vulnerability
Reference: XF:hp-newgrpbo

Description:
Arbitrary file creation and program execution using FLEXlm LicenseManager, from versions 4.0 to 5.0, in IRIX. Status: Entry
Reference: XF:sgi-licensemanager
Reference: CERT:CA-97.01.flex_lm
Reference: AUSCERT:AA-96.03

Description:
IP fragmentation denial of service in FreeBSD allows a remote attacker to cause a crash. Status: Entry
Reference: FREEBSD:FreeBSD-SA-98:08
Reference: OSVDB:908
Reference: URL:http://www.osvdb.org/908
Reference: XF:freebsd-ip-frag-dos(1389)
Reference: URL:http://xforce.iss.net/xforce/xfdb/1389

Description:
TCP RST denial of service in FreeBSD. Status: Entry
Reference: FREEBSD:FreeBSD-SA-98:07
Reference: OSVDB:6094
Reference: URL:http://www.osvdb.org/6094

Description:
Sun's ftpd daemon can be subjected to a denial of service. Status: Entry
Reference: SUN:00171
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/171
Reference: XF:sun-ftpd

Description:
Buffer overflows in Sun libnsl allow root access. Status: Entry
Reference: SUN:00172
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/172
Reference: AIXAPAR:IX80543
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IX80543&apar=only
Reference: RSI:RSI.0005.05-14-98.SUN.LIBNSL
Reference: XF:sun-libnsl

Description:
Buffer overflow in Sun's ping program can give root access to local users. Status: Entry
Reference: SUN:00174
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/174
Reference: XF:sun-ping

Description:
Vacation program allows command execution by remote users through a sendmail command. Status: Entry
Reference: NAI:NAI-19
Reference: XF:vacation
Reference: HP:HPSBUX9811-087
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9811-087

Description:
Buffer overflow in PHP cgi program, php.cgi allows shell access. Status: Entry
Reference: NAI:NAI-12
Reference: BID:712
Reference: URL:http://www.securityfocus.com/bid/712
Reference: XF:http-cgi-phpbo

Description:
IRIX fam service allows an attacker to obtain a list of all files on the server. Status: Entry
Reference: NAI:NAI-16
Reference: BID:353
Reference: URL:http://www.securityfocus.com/bid/353
Reference: OSVDB:164
Reference: URL:http://www.osvdb.org/164
Reference: XF:irix-fam(325)
Reference: URL:http://xforce.iss.net/xforce/xfdb/325

Description:
Attackers can cause a denial of service in Ascend MAX and Pipeline routers with a malformed packet to the discard port, which is used by the Java Configurator tool. Status: Entry
Reference: NAI:NAI-26
Reference: XF:ascend-config-kill
Reference: ASCEND:http://www.ascend.com/2695.html

Description:
The chpass command in OpenBSD allows a local user to gain root access through file descriptor leakage. Status: Entry
Reference: XF:openbsd-chpass
Reference: NAI:NAI-28
Reference: OSVDB:7559
Reference: URL:http://www.osvdb.org/7559

Description:
Cisco IOS 12.0 and other versions can be crashed by malicious UDP packets to the syslog port. Status: Entry
Reference: AUSCERT:ESB-98.197
Reference: CISCO:http://www.cisco.com/warp/public/770/iossyslog-pub.shtml
Reference: XF:cisco-syslog-crash

Description:
Buffer overflow in AIX lquerylv program gives root access to local users. Status: Entry
Reference: BUGTRAQ:May28,1997
Reference: XF:lquerylv-bo

Description:
Multiple buffer overflows in how dtmail handles attachments allows a remote attacker to execute commands. Status: Entry
Reference: SUN:00181
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/181
Reference: XF:hp-dtmail

Description:
AnyForm CGI remote execution. Status: Entry
Reference: BUGTRAQ:19950731 SECURITY HOLE: "AnyForm" CGI
Reference: BID:719
Reference: URL:http://www.securityfocus.com/bid/719
Reference: XF:http-cgi-anyform

Description:
phf CGI program allows remote command execution through shell metacharacters. Status: Entry
Reference: BUGTRAQ:19960923 PHF Attacks - Fun and games for the whole family
Reference: CERT:CA-1996-06
Reference: URL:http://www.cert.org/advisories/CA-1996-06.html
Reference: AUSCERT:AA-96.01
Reference: BID:629
Reference: URL:http://www.securityfocus.com/bid/629
Reference: OSVDB:136
Reference: URL:http://www.osvdb.org/136
Reference: XF:http-cgi-phf

Description:
CGI PHP mylog script allows an attacker to read any file on the target server. Status: Entry
Reference: BUGTRAQ:19971019 Vulnerability in PHP Example Logging Scripts
Reference: XF:http-cgi-php-mylog
Reference: BID:713
Reference: URL:http://www.securityfocus.com/bid/713
Reference: OSVDB:3396
Reference: URL:http://www.osvdb.org/3396

Description:
Solaris ufsrestore buffer overflow. Status: Entry
Reference: SUN:00169
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/169
Reference: XF:sun-ufsrestore
Reference: OSVDB:8158
Reference: URL:http://www.osvdb.org/8158

Description:
test-cgi program allows an attacker to list files on the server. Status: Entry
Reference: XF:http-cgi-test

Description:
Apache httpd cookie buffer overflow for versions 1.1.1 and earlier. Status: Entry
Reference: XF:http-apache-cookie
Reference: NAI:NAI-2

Description:
Buffer overflow in AIX xdat gives root access to local users. Status: Entry
Reference: ERS:ERS-SVA-E01-1997:004.1
Reference: XF:ibm-xdat

Description:
Telnet allows a remote client to specify environment variables including LD_LIBRARY_PATH, allowing an attacker to bypass the normal system libraries and gain root access. Status: Entry
Reference: CERT:CA-95:14.Telnetd_Environment_Vulnerability
Reference: XF:linkerbug

Description:
Listening TCP ports are sequentially allocated, allowing spoofing attacks. Status: Entry
Reference: XF:seqport

Description:
PASV core dump in wu-ftpd daemon when attacker uses a QUOTE PASV command after specifying a username and password. Status: Entry
Reference: BUGTRAQ:19961016 Re: ftpd bug? Was: bin/1805: Bug in ftpd
Reference: XF:ftp-pasvcore
Reference: OSVDB:5742
Reference: URL:http://www.osvdb.org/5742

Description:
Predictable TCP sequence numbers allow spoofing. Status: Entry
Reference: XF:tcp-seq-predict(139)
Reference: URL:http://xforce.iss.net/static/139.php

Description:
Remote attackers can cause a denial of service in FTP by issuing multiple PASV commands, causing the server to run out of available ports. Status: Entry
Reference: XF:ftp-pasv-dos
Reference: XF:ftp-pasvdos

Description:
Certain configurations of wu-ftp FTP server 2.4 use a _PATH_EXECPATH setting to a directory with dangerous commands, such as /bin, which allows remote authenticated users to gain root access via the "site exec" command. Status: Entry
Reference: BUGTRAQ:19950531 SECURITY: problem with some wu-ftpd-2.4 binaries (fwd)
Reference: CERT:CA-95:16.wu-ftpd.vul
Reference: XF:ftp-execdotdot

Description:
wu-ftp allows files to be overwritten via the rnfr command. Status: Entry
Reference: XF:ftp-rnfr

Description:
CWD ~root command in ftpd allows root access. Status: Entry
Reference: XF:ftp-cwd
Reference: FarmerVenema:Improving the Security of Your Site by Breaking Into it
Reference: URL:http://www.alw.nih.gov/Security/Docs/admin-guide-to-cracking.101.html

Description:
getcwd() file descriptor leak in FTP. Status: Entry
Reference: XF:cwdleak

Description:
Certain NFS servers allow users to use mknod to gain privileges by creating a writable kmem device and setting the UID to 0. Status: Entry
Reference: XF:nfs-mknod(78)
Reference: URL:http://xforce.iss.net/xforce/xfdb/78

Description:
Buffer overflow in rwhod on AIX and other operating systems allows remote attackers to execute arbitrary code via a UDP packet with a long hostname. Status: Entry
Reference: BUGTRAQ:19960821 rwhod buffer overflow
Reference: XF:rwhod(119)
Reference: URL:http://xforce.iss.net/xforce/xfdb/119
Reference: XF:rwhod-vuln(118)
Reference: URL:http://xforce.iss.net/xforce/xfdb/118

Description:
Denial of service in AIX telnet can freeze a system and prevent users from accessing the server. Status: Entry
Reference: XF:ibm-telnetdos
Reference: ERS:ERS-SVA-E01-1998:003.1
Reference: OSVDB:7992
Reference: URL:http://www.osvdb.org/7992

Description:
Buffer overflow in AIX rcp command allows local users to obtain root access. Status: Entry
Reference: ERS:ERS-SVA-E01-1997:005.1
Reference: XF:ibm-rcp

Description:
Buffer overflow in AIX writesrv command allows local users to obtain root access. Status: Entry
Reference: ERS:ERS-SVA-E01-1997:005.1
Reference: XF:ibm-writesrv

Description:
AIX nslookup command allows local users to obtain root access by not dropping privileges correctly. Status: Entry
Reference: ERS:ERS-SVA-E01-1997:008.1
Reference: XF:ibm-nslookup

Description:
AIX piodmgrsu command allows local users to gain additional group privileges. Status: Entry
Reference: ERS:ERS-SVA-E01-1997:007.1
Reference: XF:ibm-piodmgrsu

Description:
The debug command in Sendmail is enabled, allowing attackers to execute commands as root. Status: Entry
Reference: CERT:CA-88.01
Reference: CERT:CA-93.14
Reference: BID:1
Reference: URL:http://www.securityfocus.com/bid/1
Reference: OSVDB:195
Reference: URL:http://www.osvdb.org/195
Reference: XF:smtp-debug

Description:
Sendmail decode alias can be used to overwrite sensitive files. Status: Entry
Reference: CERT:CA-93.16
Reference: CERT:CA-95.05
Reference: CIAC:A-13
Reference: CIAC:A-14
Reference: SUN:00122
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/122&type=0&nav=sec.sba
Reference: XF:smtp-dcod

Description:
The AIX FTP client can be forced to execute commands from a malicious server through shell metacharacters (e.g. a pipe character). Status: Entry
Reference: ERS:ERS-SVA-E01-1997:009.1
Reference: XF:ibm-ftp

Description:
Buffer overflow in syslog utility allows local or remote attackers to gain root privileges. Status: Entry
Reference: CERT:CA-95.13.syslog.vul
Reference: XF:smtp-syslog

Description:
Remote access in AIX innd 1.5.1, using control messages. Status: Entry
Reference: ERS:ERS-SVA-E01-1997:002.1
Reference: XF:inn-controlmsg

Description:
Buffer overflow in AIX and Solaris "gethostbyname" library call allows root access through corrupt DNS host names. Status: Entry
Reference: ERS:ERS-SVA-E01-1997:001.1
Reference: ERS:ERS-SVA-E01-1996:007.1
Reference: SUN:00137a
Reference: CIAC:H-13
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/h-13.shtml
Reference: NAI:NAI-1
Reference: XF:ghbn-bo

Description:
Buffer overflow in SLmail 3.x allows attackers to execute commands using a large FROM line. Status: Entry
Reference: XF:slmail-fromheader-overflow

Description:
Echo and chargen, or other combinations of UDP services, can be used in tandem to flood the server, a.k.a. UDP bomb or UDP packet storm. Status: Entry
Reference: CERT:CA-96.01.UDP_service_denial
Reference: XF:echo
Reference: XF:chargen
Reference: XF:chargen-patch

Description:
The printers program in IRIX has a buffer overflow that gives root access to local users. Status: Entry
Reference: BUGTRAQ:another day, another buffer overflow...
Reference: XF:printers-bo

Description:
Buffer overflow in ffbconfig in Solaris 2.5.1. Status: Entry
Reference: SUN:00140
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/140
Reference: AUSCERT:AA-97.06
Reference: XF:ffbconfig-bo

Description:
RIP v1 is susceptible to spoofing. Status: Entry
Reference: XF:rip

Description:
Buffer overflow in AIX dtterm program for the CDE. Status: Entry
Reference: BUGTRAQ:19970520 AIX 4.2 dtterm exploit
Reference: XF:dtterm-bo(878)
Reference: URL:http://xforce.iss.net/xforce/xfdb/878

Description:
Some implementations of rlogin allow root access if given a -froot parameter. Status: Entry
Reference: BUGTRAQ:19940729 -froot??? (AIX rlogin bug)
Reference: CERT:CA-94.09.bin.login.vulnerability
Reference: CIAC:E-26
Reference: BID:458
Reference: URL:http://www.securityfocus.com/bid/458
Reference: XF:rlogin-froot

Description:
AIX bugfiler program allows local users to gain root access. Status: Entry
Reference: BUGTRAQ:19970909 AIX bugfiler
Reference: XF:ibm-bugfiler
Reference: BID:1800
Reference: URL:http://www.securityfocus.com/bid/1800

Description:
Denial of service when an attacker sends many SYN packets to create multiple connections without ever sending an ACK to complete the connection, aka SYN flood. Status: Entry
Reference: CERT:CA-96.21.tcp_syn.flooding
Reference: SGI:19961202-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19961202-01-PX
Reference: SUN:00136
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/136

Description:
AIX passwd allows local users to gain root access. Status: Entry
Reference: XF:ibm-passwd
Reference: CERT:CA-92:07.AIX.passwd.vulnerability

Description:
AIX infod allows local users to gain root access through an X display. Status: Entry
Reference: BUGTRAQ:19981119 RSI.0011.11-09-98.AIX.INFOD
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91158980826979&w=2
Reference: XF:aix-infod

Description:
Sun/Solaris utmp file allows local users to gain root access if it is writable by users other than root. Status: Entry
Reference: SUN:00126
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/126
Reference: CERT:CA-94.06.utmp.vulnerability
Reference: XF:utmp-write

Description:
Buffer overflow in AIX lchangelv gives root access. Status: Entry
Reference: BUGTRAQ:Jul21,1999
Reference: XF:lchangelv-bo

Description:
Vulnerabilities in UMN gopher and gopher+ versions 1.12 and 2.0x allow an intruder to read any files that can be accessed by the gopher daemon. Status: Entry
Reference: CERT:CA-93:11.UMN.UNIX.gopher.vulnerability
Reference: XF:gopher-vuln

Description:
Buffer overflow in SGI IRIX mailx program. Status: Entry
Reference: XF:sgi-mailx-bo
Reference: SGI:19980605-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980605-01-PX

Description:
SGI IRIX buffer overflow in xterm and Xaw allows root access. Status: Entry
Reference: CERT:VB-98.04.xterm.Xaw
Reference: CIAC:J-010
Reference: URL:http://www.ciac.org/ciac/bulletins/j-010.shtml
Reference: XF:xfree86-xterm-xaw
Reference: XF:xfree86-xaw

Description:
Oversized ICMP ping packets can result in a denial of service, aka Ping o' Death. Status: Entry
Reference: XF:ping-death
Reference: CERT:CA-96.26.ping

Description:
Sendmail allows local users to write to a file and gain group permissions via a .forward or :include: file. Status: Entry
Reference: CERT:CA-96.25.sendmail_groups

Description:
Local users can start Sendmail in daemon mode and gain root privileges. Status: Entry
Reference: CERT:CA-96.24.sendmail.daemon.mode
Reference: BID:716
Reference: URL:http://www.securityfocus.com/bid/716
Reference: XF:sendmail-daemon-mode

Description:
Buffer overflow and denial of service in Sendmail 8.7.5 and earlier through GECOS field gives root access to local users. Status: Entry
Reference: CERT:CA-96.20.sendmail_vul
Reference: XF:smtp-875bo
Reference: BID:717
Reference: URL:http://www.securityfocus.com/bid/717

Description:
Expreserve, as used in vi and ex, allows local users to overwrite arbitrary files and gain root access. Status: Entry
Reference: CERT:CA-1996-19
Reference: URL:http://www.cert.org/advisories/CA-1996-19.html
Reference: OSVDB:11723
Reference: URL:http://www.osvdb.org/11723
Reference: XF:expreserve(401)
Reference: URL:http://xforce.iss.net/xforce/xfdb/401

Description:
fm_fls license server for Adobe Framemaker allows local users to overwrite arbitrary files and gain root access. Status: Entry
Reference: CERT:CA-96.18.fm_fls
Reference: XF:fmaker-logfile

Description:
vold in Solaris 2.x allows local users to gain root access. Status: Entry
Reference: XF:sol-voldtmp
Reference: CERT:CA-96.17.Solaris_vold_vul
Reference: AUSCERT:AL-96.04
Reference: OSVDB:8159
Reference: URL:http://www.osvdb.org/8159

Description:
admintool in Solaris allows a local user to write to arbitrary files and gain root access. Status: Entry
Reference: XF:sun-admintool
Reference: CERT:CA-96.16.Solaris_admintool_vul
Reference: AUSCERT:AL-96.03

Description:
Kodak Color Management System (KCMS) on Solaris allows a local user to write to arbitrary files and gain root access. Status: Entry
Reference: XF:sol-KCMSvuln
Reference: AUSCERT:AL-96.02
Reference: CERT:CA-96.15.Solaris_KCMS_vul

Description:
The dip program on many Linux systems allows local users to gain root access via a buffer overflow. Status: Entry
Reference: XF:linux-dipbo
Reference: CERT:CA-96.13.dip_vul
Reference: XF:dip-bo

Description:
The suidperl and sperl program do not give up root privileges when changing UIDs back to the original users, allowing root access. Status: Entry
Reference: CERT:CA-96.12.suidperl_vul
Reference: XF:sperl-suid

Description:
Buffer overflow in Solaris x86 mkcookie allows local users to obtain root access. Status: Entry
Reference: XF:sol-mkcookie
Reference: RSI:RSI.0012.12-03-98.SOLARIS.MKCOOKIE
Reference: OSVDB:8205
Reference: URL:http://www.osvdb.org/8205

Description:
Java Bytecode Verifier allows malicious applets to execute arbitrary commands as the user of the applet. Status: Entry
Reference: XF:http-java-applet
Reference: CERT:CA-96.07.java_bytecode_verifier
Reference: SUN:00134
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/134

Description:
The Java Applet Security Manager implementation in Netscape Navigator 2.0 and Java Developer's Kit 1.0 allows an applet to connect to arbitrary hosts. Status: Entry
Reference: CERT:CA-96.05.java_applet_security_mgr
Reference: XF:http-java-appletsecmgr

Description:
Kerberos 4 key servers allow a user to masquerade as another by breaking and generating session keys. Status: Entry
Reference: CERT:CA-96.03.kerberos_4_key_server
Reference: XF:kerberos-bf

Description:
Sendmail WIZ command enabled, allowing root access. Status: Entry
Reference: CERT:CA-1990-11
Reference: URL:http://www.cert.org/advisories/CA-1990-11.html
Reference: CERT:CA-1993-14
Reference: URL:http://www.cert.org/advisories/CA-1993-14.html
Reference: BUGTRAQ:19950206 sendmail wizard thing...
Reference: URL:http://www2.dataguard.no/bugtraq/1995_1/0332.html
Reference: FarmerVenema:Improving the Security of Your Site by Breaking Into it
Reference: URL:http://www.alw.nih.gov/Security/Docs/admin-guide-to-cracking.101.html

Description:
The campas CGI program provided with some NCSA web servers allows an attacker to execute arbitrary commands via encoded carriage return characters in the query string, as demonstrated by reading the password file. Status: Entry
Reference: BUGTRAQ:19970715 Bug CGI campas
Reference: BID:1975
Reference: URL:http://www.securityfocus.com/bid/1975
Reference: XF:http-cgi-campas(298)
Reference: URL:http://xforce.iss.net/xforce/xfdb/298

Description:
The aglimpse CGI program of the Glimpse package allows remote execution of arbitrary commands. Status: Entry
Reference: XF:http-cgi-glimpse
Reference: AUSCERT:AA-97.28

Description:
The handler CGI program in IRIX allows arbitrary command execution. Status: Entry
Reference: SGI:19970501-02-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19970501-02-PX
Reference: BID:380
Reference: URL:http://www.securityfocus.com/bid/380
Reference: XF:http-sgi-handler

Description:
The wrap CGI program in IRIX allows remote attackers to view arbitrary directory listings via a .. (dot dot) attack. Status: Entry
Reference: BUGTRAQ:19970420 IRIX 6.x /cgi-bin/wrap bug
Reference: SGI:19970501-02-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19970501-02-PX
Reference: BID:373
Reference: URL:http://www.securityfocus.com/bid/373
Reference: OSVDB:247
Reference: URL:http://www.osvdb.org/247
Reference: XF:http-sgi-wrap(290)
Reference: URL:http://xforce.iss.net/xforce/xfdb/290

Description:
The Perl fingerd program allows arbitrary command execution from remote users. Status: Entry
Reference: XF:perl-fingerd

Description:
The SATAN session key may be disclosed if the user points the web browser to other sites, possibly allowing root access. Status: Entry
Reference: CERT:CA-95.07a.REVISED.satan.vul
Reference: CERT:CA-95.06.satan.vul

Description:
The DG/UX finger daemon allows remote command execution through shell metacharacters. Status: Entry
Reference: BUGTRAQ:19970811 dgux in.fingerd vulnerability
Reference: XF:dgux-fingerd

Description:
Windows 95/NT out of band (OOB) data denial of service through NETBIOS port, aka WinNuke. Status: Entry
Reference: XF:win-oob
Reference: OSVDB:1666
Reference: URL:http://www.osvdb.org/1666

Description:
The ghostscript command with the -dSAFER option allows remote attackers to execute commands. Status: Entry
Reference: XF:gscript-dsafer
Reference: CERT:CA-95.10.ghostscript

Description:
Cisco PIX firewall and CBAC IP fragmentation attack results in a denial of service. Status: Entry
Reference: CISCO:http://www.cisco.com/warp/public/770/nifrag.shtml
Reference: XF:cisco-fragmented-attacks
Reference: OSVDB:1097
Reference: URL:http://www.osvdb.org/1097

Description:
Cisco PIX firewall manager (PFM) on Windows NT allows attackers to connect to port 8080 on the PFM server and retrieve any file whose name and location is known. Status: Entry
Reference: CISCO:20010913 Cisco PIX Firewall Manager File Exposure
Reference: URL:http://www.cisco.com/warp/public/770/pixmgrfile-pub.shtml
Reference: XF:cisco-pix-file-exposure
Reference: OSVDB:685
Reference: URL:http://www.osvdb.org/685

Description:
Attackers can crash a Cisco IOS router or device, provided they can get to an interactive prompt (such as a login). This applies to some IOS 9.x, 10.x, and 11.x releases. Status: Entry
Reference: CISCO:http://www.cisco.com/warp/public/770/ioslogin-pub.shtml
Reference: XF:cisco-ios-crash

Description:
Some classic Cisco IOS devices have a vulnerability in the PPP CHAP authentication to establish unauthorized PPP connections. Status: Entry
Reference: CISCO:19971001 Vulnerabilities in Cisco CHAP Authentication
Reference: CIAC:I-002A
Reference: OSVDB:1099
Reference: URL:http://www.osvdb.org/1099
Reference: XF:cisco-chap

Description:
In Cisco IOS 10.3, with the tacacs-ds or tacacs keyword, an extended IP access control list could bypass filtering. Status: Entry
Reference: CISCO:http://www.cisco.com/warp/public/707/1.html
Reference: XF:cisco-acl-tacacs
Reference: OSVDB:797
Reference: URL:http://www.osvdb.org/797

Description:
The "established" keyword in some Cisco IOS software allowed an attacker to bypass filtering. Status: Entry
Reference: CISCO:19950601 "Established" Keyword May Allow Packets to Bypass Filter
Reference: XF:cisco-acl-established

Description:
A race condition in the Solaris ps command allows an attacker to overwrite critical files. Status: Entry
Reference: XF:sol-pstmprace
Reference: AUSCERT:AA-95.07
Reference: CERT:CA-95.09.Solaris.ps.vul
Reference: OSVDB:8346
Reference: URL:http://www.osvdb.org/8346

Description:
NFS allows users to use a "cd .." command to access other directories besides the exported file system. Status: Entry
Reference: XF:nfs-cd

Description:
In SunOS, NFS file handles could be guessed, giving unauthorized access to the exported file system. Status: Entry
Reference: XF:nfs-guess
Reference: CERT:CA-91.21.SunOS.NFS.Jumbo.and.fsirand

Description:
The portmapper may act as a proxy and redirect service requests from an attacker, making the request appear to come from the local host, possibly bypassing authentication that would otherwise have taken place. For example, NFS file systems could be mounted through the portmapper despite export restrictions. Status: Entry
Reference: XF:nfs-portmap

Description:
Remote attackers can mount an NFS file system in Ultrix or OSF, even if it is denied on the access list. Status: Entry
Reference: XF:nfs-ultrix

Description:
FormMail CGI program allows remote execution of commands. Status: Entry
Reference: XF:http-cgi-formmail-exe
Reference: BUGTRAQ:Aug02,1995

Description:
FormMail CGI program can be used by web servers other than the host server that the program resides on. Status: Entry
Reference: XF:http-cgi-formmail-use

Description:
The view-source CGI program allows remote attackers to read arbitrary files via a .. (dot dot) attack. Status: Entry
Reference: BUGTRAQ:19970208 view-source
Reference: XF:http-cgi-viewsrc

Description:
The convert.bas program in the Novell web server allows a remote attackers to read any file on the system that is internally accessible by the web server. Status: Entry
Reference: XF:http-nov-convert

Description:
The Webgais program allows a remote user to execute arbitrary commands. Status: Entry
Reference: BUGTRAQ:Jul10,1997
Reference: XF:http-webgais-query

Description:
The uploader program in the WebSite web server allows a remote attacker to execute arbitrary programs. Status: Entry
Reference: NTBUGTRAQ:19970904 [Alert] Website's uploader.exe (from demo) vulnerable
Reference: NTBUGTRAQ:19970905 Re: FW: [Alert] Website's uploader.exe (from demo) vulnerable
Reference: BUGTRAQ:19970904 [Alert] Website's uploader.exe (from demo) vulnerable
Reference: XF:http-website-uploader

Description:
Buffer overflow in the win-c-sample program (win-c-sample.exe) in the WebSite web server 1.1e allows remote attackers to execute arbitrary code via a long query string. Status: Entry
Reference: BUGTRAQ:19970106 Re: signal handling
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/1997_1/0021.html
Reference: BID:2078
Reference: URL:http://www.securityfocus.com/bid/2078
Reference: OSVDB:8
Reference: URL:http://www.osvdb.org/8
Reference: XF:http-website-winsample(295)
Reference: URL:http://xforce.iss.net/xforce/xfdb/295

Description:
Windows NT crashes or locks up when a Samba client executes a "cd .." command on a file share. Status: Entry
Reference: MSKB:Q140818
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q140818
Reference: XF:nt-samba-dotdot
Reference: XF:nt-351
Reference: XF:nt-35

Description:
in.rshd allows users to login with a NULL username and execute commands. Status: Entry
Reference: XF:rsh-null

Description:
The wall daemon can be used for denial of service, social engineering attacks, or to execute remote commands. Status: Entry
Reference: XF:walld

Description:
Samba has a buffer overflow which allows a remote attacker to obtain root access by specifying a long password. Status: Entry
Reference: CIAC:H-110
Reference: URL:http://www.ciac.org/ciac/bulletins/h-110.shtml
Reference: CERT:VB-97.10.samba
Reference: XF:nt-samba-bo

Description:
Linux implementations of TFTP would allow access to files outside the restricted directory. Status: Entry
Reference: XF:linux-tftp

Description:
When compiled with the -DALLOW_UPDATES option, bind allows dynamic updates to the DNS server, allowing for malicious modification of DNS records. Status: Entry
Reference: XF:dns-updates

Description:
In SunOS or Solaris, a remote user could connect from an FTP server's data port to an rlogin server on a host that trusts the FTP server, allowing remote command execution. Status: Entry
Reference: SUN:00156
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/156
Reference: XF:sun-ftpd/logind

Description:
The passwd command in Solaris can be subjected to a denial of service. Status: Entry
Reference: SUN:00182
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/182
Reference: XF:sun-passwd-dos

Description:
Solaris rpcbind listens on a high numbered UDP port, which may not be filtered since the standard port number is 111. Status: Entry
Reference: NAI:NAI-15
Reference: SUN:00142
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/142
Reference: XF:rpc-32771

Description:
Solaris rpcbind can be exploited to overwrite arbitrary files and gain root access. Status: Entry
Reference: SUN:00167
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/167
Reference: XF:sun-rpcbind

Description:
IIS newdsn.exe CGI script allows remote users to overwrite files. Status: Entry
Reference: XF:http-cgi-newdsn
Reference: OSVDB:275
Reference: URL:http://www.osvdb.org/275

Description:
Buffer overflow in telnet daemon tgetent routing allows remote attackers to gain root access via the TERMCAP environmental variable. Status: Entry
Reference: SNI:SNI-20
Reference: XF:bsd-tel-tgetent

Description:
Denial of service in in.comsat allows attackers to generate messages. Status: Entry
Reference: XF:comsat

Description:
websendmail in Webgais 1.0 allows a remote user to access arbitrary files and execute arbitrary code via the receiver parameter ($VAR_receiver variable). Status: Entry
Reference: BUGTRAQ:19970704 Vulnerability in websendmail
Reference: BID:2077
Reference: URL:http://www.securityfocus.com/bid/2077
Reference: OSVDB:237
Reference: URL:http://www.osvdb.org/237
Reference: XF:http-webgais-smail

Description:
A quote cwd command on FTP servers can reveal the full path of the home directory of the "ftp" user. Status: Entry
Reference: XF:ftp-home

Description:
The GNU tar command, when used in FTP sessions, may allow an attacker to execute arbitrary commands. Status: Entry
Reference: XF:ftp-exectar

Description:
In Sendmail, attackers can gain root privileges via SMTP by specifying an improper "mail from" address and an invalid "rcpt to" address that would cause the mail to bounce to a program. Status: Entry
Reference: CERT:CA-95.08
Reference: CIAC:E-03
Reference: XF:smtp-sendmail-version5

Description:
Sendmail 8.6.9 allows remote attackers to execute root commands, using ident. Status: Entry
Reference: XF:ident-bo
Reference: CIAC:F-13

Description:
MIME buffer overflow in Sendmail 8.8.0 and 8.8.1 gives root access. Status: Entry
Reference: XF:sendmail-mime-bo
Reference: AUSCERT:AA-96.06a

Description:
Remote attacker can execute commands through Majordomo using the Reply-To field and a "lists" command. Status: Entry
Reference: XF:majordomo-exe
Reference: CERT:CA-94.11.majordomo.vulnerabilities

Description:
rpc.ypupdated (NIS) allows remote users to execute arbitrary commands. Status: Entry
Reference: XF:rpc-update
Reference: CERT:CA-95.17.rpc.ypupdated.vul

Description:
The SunView (SunTools) selection_svc facility allows remote users to read files. Status: Entry
Reference: CERT:CA-90.05.sunselection.vulnerability
Reference: BID:8
Reference: URL:http://www.securityfocus.com/bid/8
Reference: XF:selsvc

Description:
Automount daemon automountd allows local or remote users to gain privileges via shell metacharacters. Status: Entry
Reference: BUGTRAQ:19971126 Solaris 2.5.1 automountd exploit (fwd)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88053459921223&w=2
Reference: BUGTRAQ:19990103 SUN almost has a clue! (automountd)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91547759121289&w=2
Reference: HP:HPSBUX9910-104
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9910-104
Reference: CERT:CA-99-05
Reference: URL:http://www.cert.org/advisories/CA-99-05-statd-automountd.html
Reference: BID:235
Reference: URL:http://www.securityfocus.com/bid/235

Description:
Extra long export lists over 256 characters in some mount daemons allows NFS directories to be mounted by anyone. Status: Entry
Reference: CERT:CA-94.02.REVISED.SunOS.rpc.mountd.vulnerability
Reference: BID:24
Reference: URL:http://www.securityfocus.com/bid/24

Description:
Solaris rpc.mountd generates error messages that allow a remote attacker to determine what files are on the server. Status: Entry
Reference: SUN:00168
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/168
Reference: CIAC:I-048
Reference: URL:http://www.ciac.org/ciac/bulletins/i-048.shtml
Reference: XF:sun-mountd

Description:
Denial of service by sending forged ICMP unreachable packets. Status: Entry
Reference: XF:icmp-unreachable

Description:
Routed allows attackers to append data to files. Status: Entry
Reference: SGI:19981004-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19981004-01-PX
Reference: CIAC:J-012
Reference: URL:http://www.ciac.org/ciac/bulletins/j-012.shtml
Reference: XF:ripapp

Description:
Malicious option settings in UDP packets could force a reboot in SunOS 4.1.3 systems. Status: Entry
Reference: XF:udp-bomb

Description:
Livingston portmaster machines could be rebooted via a series of commands. Status: Entry
Reference: XF:portmaster-reboot

Description:
Buffer overflow in FTP Serv-U 2.5 allows remote authenticated users to cause a denial of service (crash) via a long (1) CWD or (2) LS (list) command. Status: Entry
Reference: NTBUGTRAQ:19990503 Buffer overflows in FTP Serv-U 2.5
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92574916930144&w=2
Reference: NTBUGTRAQ:19990504 Re: Buffer overflows in FTP Serv-U 2.5
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92582581330282&w=2
Reference: BUGTRAQ:19990909 Exploit: Serv-U Ver2.5 FTPd Win9x/NT
Reference: BID:269
Reference: URL:http://www.securityfocus.com/bid/269
Reference: XF:ftp-servu(205)
Reference: URL:http://xforce.iss.net/xforce/xfdb/205

Description:
Denial of service of Ascend routers through port 150 (remote administration). Status: Entry
Reference: XF:ascend-150-kill

Description:
Solaris syslogd crashes when receiving a message from a host that doesn't have an inverse DNS entry. Status: Entry
Reference: BUGTRAQ:19961109 Syslogd and Solaris 2.4
Reference: SUNBUG:1249320
Reference: CONFIRM:http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?patchid=103291&collection=fpatches
Reference: XF:sol-syslogd-crash
Reference: BID:1878
Reference: URL:http://www.securityfocus.com/bid/1878

Description:
Denial of service in Windows NT messenger service through a long username. Status: Entry
Reference: XF:nt-messenger

Description:
Windows NT 4.0 allows remote attackers to cause a denial of service via a malformed SMB logon request in which the actual data size does not match the specified size. Status: Entry
Reference: NAI:19980214 Windows NT Logon Denial of Service
Reference: URL:http://www.nai.com/nai_labs/asp_set/advisory/25_windows_nt_dos_adv.asp
Reference: MSKB:Q180963
Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=180963
Reference: XF:nt-logondos

Description:
Access violation in LSASS.EXE (LSA/LSARPC) program in Windows NT allows a denial of service. Status: Entry
Reference: MSKB:Q154087
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q154087
Reference: XF:nt-lsass-crash

Description:
Denial of service in RPCSS.EXE program (RPC Locator) in Windows NT. Status: Entry
Reference: XF:nt-rpc-ver
Reference: MSKB:Q162567
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q162567

Description:
Buffer overflow in Cisco 7xx routers through the telnet service. Status: Entry
Reference: CISCO:http://www.cisco.com/warp/public/770/pwbuf-pub.shtml
Reference: OSVDB:1102
Reference: URL:http://www.osvdb.org/1102

Description:
IIS 1.0 allows users to execute arbitrary commands using .bat or .cmd files. Status: Entry
Reference: MSKB:Q148188
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q148188
Reference: MSKB:Q155056
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q155056
Reference: XF:http-iis-cmd

Description:
Bash treats any character with a value of 255 as a command separator. Status: Entry
Reference: XF:bash-cmd
Reference: CERT:CA-96.22.bash_vuls

Description:
ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs. Status: Entry
Reference: XF:http-scriptalias

Description:
Remote execution of arbitrary commands through Guestbook CGI program. Status: Entry
Reference: XF:http-cgi-guestbook
Reference: CERT:VB-97.02

Description:
Netscape FastTrack Web server lists files when a lowercase "get" command is used instead of an uppercase GET. Status: Entry
Reference: XF:fastrack-get-directory-list
Reference: OSVDB:122
Reference: URL:http://www.osvdb.org/122

Description:
Livingston RADIUS code has a buffer overflow which can allow remote execution of commands as root. Status: Entry
Reference: NAI:NAI-23
Reference: XF:radius-accounting-overflow

Description:
Some configurations of NIS+ in Linux allowed attackers to log in as the user "+". Status: Entry
Reference: BUGTRAQ:19950907 Linux NIS security problem hole and fix
Reference: XF:linux-plus

Description:
Buffer overflow in nnrpd program in INN up to version 1.6 allows remote users to execute arbitrary commands. Status: Entry
Reference: NAI:19970721 INN news server vulnerabilities
Reference: URL:http://www.nai.com/nai_labs/asp_set/advisory/17_inn_avd.asp
Reference: BID:1443
Reference: URL:http://www.securityfocus.com/bid/1443
Reference: XF:inn-bo

Description:
A race condition in the authentication agent mechanism of sshd 1.2.17 allows an attacker to steal another user's credentials. Status: Entry
Reference: MISC:http://oliver.efri.hr/~crv/security/bugs/mUNIXes/ssh2.html
Reference: CONFIRM:http://www.uni-karlsruhe.de/~ig25/ssh-faq/ssh-faq-6.html#ss6.1

Description:
Denial of service in talk program allows remote attackers to disrupt a user's display. Status: Entry
Reference: XF:talkd-flash

Description:
Buffer overflow in listserv allows arbitrary command execution. Status: Entry
Reference: XF:smtp-listserv

Description:
Buffer overflow in War FTP allows remote execution of commands. Status: Entry
Reference: XF:war-ftpd
Reference: OSVDB:875
Reference: URL:http://www.osvdb.org/875

Description:
cfingerd lists all users on a system via search.**@target. Status: Entry
Reference: BUGTRAQ:19970523 cfingerd vulnerability
Reference: XF:cfinger-user-enumeration

Description:
The jj CGI program allows command execution via shell metacharacters. Status: Entry
Reference: BUGTRAQ:19961224 jj cgi
Reference: XF:http-cgi-jj

Description:
Hylafax faxsurvey CGI script on Linux allows remote attackers to execute arbitrary commands via shell metacharacters in the query string. Status: Entry
Reference: BUGTRAQ:19980804 remote exploit in faxsurvey cgi-script
Reference: BUGTRAQ:19980804 PATCH: faxsurvey
Reference: BID:2056
Reference: URL:http://www.securityfocus.com/bid/2056
Reference: XF:http-cgi-faxsurvey(1532)
Reference: URL:http://xforce.iss.net/xforce/xfdb/1532

Description:
Solaris SUNWadmap can be exploited to obtain root access. Status: Entry
Reference: SUN:00173
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/173
Reference: XF:sun-sunwadmap

Description:
htmlscript CGI program allows remote read access to files. Status: Entry
Reference: XF:http-htmlscript-file-access
Reference: BUGTRAQ:Jan27,1998

Description:
ICMP redirect messages may crash or lock up a host. Status: Entry
Reference: MSKB:Q154174
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q154174
Reference: ISS:ICMP Redirects Against Embedded Controllers
Reference: XF:icmp-redirect

Description:
The info2www CGI script allows remote file access or remote command execution. Status: Entry
Reference: BUGTRAQ:19980303 Vulnerabilites in some versions of info2www CGI
Reference: BID:1995
Reference: URL:http://www.securityfocus.com/bid/1995
Reference: XF:http-cgi-info2www

Description:
Buffer overflow in NCSA HTTP daemon v1.3 allows remote command execution. Status: Entry
Reference: XF:http-port
Reference: CERT:CA-95.04.NCSA.http.daemon.for.unix.vulnerability

Description:
MetaInfo MetaWeb web server allows users to upload, execute, and read scripts. Status: Entry
Reference: BUGTRAQ:19980630 Security vulnerabilities in MetaInfo products
Reference: BUGTRAQ:19980703 Followup to MetaInfo vulnerabilities
Reference: OSVDB:110
Reference: URL:http://www.osvdb.org/110
Reference: OSVDB:3969
Reference: URL:http://www.osvdb.org/3969
Reference: XF:metaweb-server-dot-attack

Description:
Netscape Enterprise servers may list files through the PageServices query. Status: Entry
Reference: XF:netscape-server-pageservices

Description:
Directory traversal vulnerability in pfdispaly.cgi program (sometimes referred to as "pfdisplay") for SGI's Performer API Search Tool (performer_tools) allows remote attackers to read arbitrary files. Status: Entry
Reference: BUGTRAQ:19980317 IRIX performer_tools bug
Reference: SGI:19980401-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980401-01-P
Reference: CIAC:I-041
Reference: URL:http://www.ciac.org/ciac/bulletins/i-041.shtml
Reference: BID:64
Reference: URL:http://www.securityfocus.com/bid/64
Reference: OSVDB:134
Reference: URL:http://www.osvdb.org/134
Reference: XF:sgi-pfdispaly(810)
Reference: URL:http://xforce.iss.net/xforce/xfdb/810

Description:
Denial of service in Slmail v2.5 through the POP3 port. Status: Entry
Reference: XF:slmail-username-bo

Description:
Denial of service through Solaris 2.5.1 telnet by sending ^D characters. Status: Entry
Reference: XF:sun-telnet-kill

Description:
Denial of service in Windows NT DNS servers through malicious packet which contains a response to a query that wasn't made. Status: Entry
Reference: NAI:NAI-5
Reference: XF:nt-dns-dos

Description:
Denial of service in Windows NT DNS servers by flooding port 53 with too many characters. Status: Entry
Reference: XF:nt-dnscrash
Reference: XF:nt-dnsver
Reference: MS:Q169461

Description:
mSQL v2.0.1 and below allows remote execution through a buffer overflow. Status: Entry
Reference: XF:msql-debug-bo
Reference: SEKURE:sekure.01-99.msql

Description:
The WorkMan program can be used to overwrite any file to get root access. Status: Entry
Reference: XF:workman
Reference: CERT:CA-96.23.workman_vul

Description:
In IIS, remote attackers can obtain source code for ASP files by appending "::$DATA" to the URL. Status: Entry
Reference: MS:MS98-003
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms98-003.mspx
Reference: XF:iis-asp-data-check
Reference: OVAL:oval:org.mitre.oval:def:913
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:913

Description:
Excite for Web Servers (EWS) allows remote command execution via shell metacharacters. Status: Entry
Reference: BUGTRAQ:19971217 CGI security hole in EWS (Excite for Web Servers)
Reference: BUGTRAQ:19980115 Excite announcement
Reference: CERT:VB-98.01.excite
Reference: XF:excite-cgi-search-vuln

Description:
Remote command execution in Microsoft Internet Explorer using .lnk and .url files. Status: Entry
Reference: NTBUGTRAQ:19970317 Internet Explorer Bug #4
Reference: CIAC:H-38
Reference: XF:http-ie-lnkurl

Description:
Denial of service in IIS using long URLs. Status: Entry
Reference: XF:http-iis-longurl

Description:
The WINS server in Microsoft Windows NT 4.0 before SP4 allows remote attackers to cause a denial of service (process termination) via invalid UDP frames to port 137 (NETBIOS Name Service), as demonstrated via a flood of random packets. Status: Entry
Reference: NTBUGTRAQ:19970801 WINS flooding
Reference: BUGTRAQ:19970801 WINS flooding
Reference: BUGTRAQ:19970815 Re: WINS flooding
Reference: MISC:http://safenetworks.com/Windows/wins.html
Reference: MSKB:155701
Reference: XF:nt-winsupd-fix(1233)
Reference: URL:http://xforce.iss.net/xforce/xfdb/1233

Description:
The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL. Status: Entry

Description:
The WinGate telnet proxy allows remote attackers to cause a denial of service via a large number of connections to localhost. Status: Entry
Reference: BUGTRAQ:19980221 WinGate DoS
Reference: BUGTRAQ:19980326 WinGate Intermediary Fix/Update
Reference: XF:wingate-dos

Description:
The WinGate proxy is installed without a password, which allows remote attackers to redirect connections without authentication. Status: Entry
Reference: XF:wingate-unpassworded

Description:
Denial of service through Winpopup using large user names. Status: Entry
Reference: XF:nt-winpopup

Description:
AAA authentication on Cisco systems allows attackers to execute commands without authorization. Status: Entry
Reference: CISCO:http://www.cisco.com/warp/public/770/aaapair-pub.shtml
Reference: XF:cisco-ios-aaa-auth

Description:
All records in a WINS database can be deleted through SNMP for a denial of service. Status: Entry
Reference: XF:nt-wins-snmp2

Description:
Solaris sysdef command allows local users to read kernel memory, potentially leading to root privileges. Status: Entry
Reference: XF:sun-sysdef
Reference: SUN:00157
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/157

Description:
Solaris volrmmount program allows attackers to read any file. Status: Entry
Reference: SUN:00162
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/162
Reference: XF:sun-volrmmount

Description:
Buffer overflow in Vixie Cron library up to version 3.0 allows local users to obtain root access via a long environmental variable. Status: Entry
Reference: NAI:NAI-3
Reference: AUSCERT:AA-96.21
Reference: CIAC:H-17
Reference: XF:vixie-cron

Description:
Buffer overflow in FreeBSD lpd through long DNS hostnames. Status: Entry
Reference: NAI:NAI-9
Reference: OSVDB:6093
Reference: URL:http://www.osvdb.org/6093

Description:
nis_cachemgr for Solaris NIS+ allows attackers to add malicious NIS+ servers. Status: Entry
Reference: SUN:00155
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/155
Reference: XF:sun-niscache

Description:
Buffer overflow in SunOS/Solaris ps command. Status: Entry
Reference: SUN:00149
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/149
Reference: AUSCERT:AUSCERT-97.17
Reference: XF:sun-ps2bo

Description:
SunOS/Solaris FTP clients can be forced to execute arbitrary commands from a malicious FTP server. Status: Entry
Reference: SUN:00176
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/176
Reference: XF:sun-ftp-server

Description:
Buffer overflow in BNU UUCP daemon (uucpd) through long hostnames. Status: Entry
Reference: XF:bnu-uucpd-bo
Reference: RSI:RSI.0002.05-18-98.BNU.UUCPD

Description:
mmap function in BSD allows local attackers in the kmem group to modify memory through devices. Status: Entry
Reference: XF:bsd-mmap
Reference: FREEBSD:FreeBSD-SA-98:02

Description:
The system configuration control (sysctl) facility in BSD based operating systems OpenBSD 2.2 and earlier, and FreeBSD 2.2.5 and earlier, does not properly restrict source routed packets even when the (1) dosourceroute or (2) forwarding variables are set, which allows remote attackers to spoof TCP connections. Status: Entry
Reference: OPENBSD:Feb15,1998 "IP Source Routing Problem"
Reference: MISC:http://www.openbsd.org/advisories/sourceroute.txt
Reference: OSVDB:11502
Reference: URL:http://www.osvdb.org/11502
Reference: XF:bsd-sourceroute(736)
Reference: URL:http://xforce.iss.net/xforce/xfdb/736

Description:
HP-UX gwind program allows users to modify arbitrary files. Status: Entry
Reference: HP:HPSBUX9410-018
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9410-018
Reference: XF:hpux-gwind-overwrite
Reference: CIAC:H-03: HP-UX suid Vulnerabilities

Description:
HP-UX vgdisplay program gives root access to local users. Status: Entry
Reference: HP:HPSBUX9702-056
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9702-056
Reference: XF:hpux-vgdisplay
Reference: CIAC:H-27: HP-UX vgdisplay Buffer Overrun Vulnerability

Description:
SSH 1.2.25 on HP-UX allows access to new user accounts. Status: Entry
Reference: XF:ssh-1225

Description:
fpkg2swpk in HP-UX allows local users to gain root access. Status: Entry
Reference: XF:hpux-fpkg2swpk
Reference: HP:HPSBUX9612-042
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9612-042

Description:
HP ypbind allows attackers with root privileges to modify NIS data. Status: Entry
Reference: XF:nis-ypbind
Reference: CERT:CA-93:01.REVISED.HP.NIS.ypbind.vulnerability

Description:
disk_bandwidth on SGI IRIX 6.4 S2MP for Origin/Onyx2 allows local users to gain root access using relative pathnames. Status: Entry
Reference: MISC:http://www.securityfocus.com/bid/213/exploit
Reference: SGI:19980701-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980701-01-P
Reference: BID:214
Reference: URL:http://www.securityfocus.com/bid/214
Reference: OSVDB:936
Reference: URL:http://www.osvdb.org/936
Reference: XF:sgi-disk-bandwidth(1441)
Reference: URL:http://xforce.iss.net/xforce/xfdb/1441

Description:
ioconfig on SGI IRIX 6.4 S2MP for Origin/Onyx2 allows local users to gain root access using relative pathnames. Status: Entry
Reference: MISC:http://www.securityfocus.com/bid/213/exploit
Reference: SGI:19980701-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980701-01-P
Reference: BID:213
Reference: URL:http://www.securityfocus.com/bid/213
Reference: OSVDB:6788
Reference: URL:http://www.osvdb.org/6788
Reference: XF:sgi-ioconfig(1199)
Reference: URL:http://xforce.iss.net/xforce/xfdb/1199

Description:
Buffer overflow in Solaris fdformat command gives root access to local users. Status: Entry
Reference: XF:fdformat-bo
Reference: SUN:00138
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/138

Description:
Buffer overflow in Linux splitvt command gives root access to local users. Status: Entry
Reference: XF:linux-splitvt
Reference: CIAC:G-08

Description:
Buffer overflow in xmcd 2.0p12 allows local users to gain access through an environmental variable. Status: Entry
Reference: BUGTRAQ:19961125 Security Problems in XMCD
Reference: BUGTRAQ:19961125 XMCD v2.1 released (was: Security Problems in XMCD)
Reference: XF:xmcd-envbo

Description:
SunOS rpc.cmsd allows attackers to obtain root access by overwriting arbitrary files. Status: Entry
Reference: SUN:00166
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/166
Reference: XF:sun-rpc.cmsd

Description:
Buffer overflow in Solaris kcms_configure command allows local users to gain root access. Status: Entry
Reference: XF:sun-kcms-configure-bo

Description:
The open() function in FreeBSD allows local attackers to write to arbitrary files. Status: Entry
Reference: FREEBSD:FreeBSD-SA-97:05
Reference: XF:freebsd-open
Reference: OSVDB:6092
Reference: URL:http://www.osvdb.org/6092

Description:
FreeBSD mmap function allows users to modify append-only or immutable files. Status: Entry
Reference: FREEBSD:FreeBSD-SA-98:04
Reference: NETBSD:1998-003
Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA1998-003.txt.asc
Reference: XF:bsd-mmap

Description:
ppl program in HP-UX allows local users to create root files through symlinks. Status: Entry
Reference: HP:HPSBUX9702-053
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9702-053
Reference: CIAC:H-31
Reference: XF:hp-ppllog

Description:
vhe_u_mnt program in HP-UX allows local users to create root files through symlinks. Status: Entry
Reference: XF:hp-vhe
Reference: HP:HPSBUX9406-013
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9406-013

Description:
Vulnerability in HP-UX mediainit program. Status: Entry
Reference: HP:HPSBUX9710-071
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9710-071
Reference: XF:hp-mediainit

Description:
SGI syserr program allows local users to corrupt files. Status: Entry
Reference: SGI:19971103-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19971103-01-PX
Reference: XF:sgi-syserr

Description:
SGI permissions program allows local users to gain root privileges. Status: Entry
Reference: SGI:19971103-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19971103-01-PX
Reference: XF:sgi-permtool

Description:
SGI mediad program allows local users to gain root access. Status: Entry
Reference: SGI:19980602-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980602-01-PX
Reference: XF:sgi-mediad

Description:
Buffer overflow in NetMeeting allows denial of service and remote command execution. Status: Entry
Reference: XF:nt-netmeeting
Reference: MSKB:Q184346
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q184346

Description:
In Solaris 2.2 and 2.3, when fsck fails on startup, it allows a local user with physical access to obtain root access. Status: Entry
Reference: XF:sol-startup
Reference: CERT:CA-93.19.Solaris.Startup.vulnerability

Description:
DEPRECATED. This entry has been deprecated. It is a duplicate of CVE-1999-0032. Status: Entry

Description:
AIX batch queue (bsh) allows local and remote users to gain additional privileges when network printing is enabled. Status: Entry
Reference: CERT:CA-94.10.IBM.AIX.bsh.vulnerability.html
Reference: XF:ibm-bsh

Description:
AIX Licensed Program Product performance tools allow local users to gain root access. Status: Entry
Reference: XF:ibm-perf-tools
Reference: CERT:CA-94.03.AIX.performance.tools

Description:
Buffer overflow in the libauth library in Solaris allows local users to gain additional privileges, possibly root access. Status: Entry
Reference: XF:sol-sun-libauth
Reference: RSI:RSI.0007.05-26-98

Description:
Buffer overflow in Linux Slackware crond program allows local users to gain root access. Status: Entry
Reference: KSRT:005
Reference: XF:linux-crond

Description:
Buffer overflow in the Linux mail program "deliver" allows local users to gain root access. Status: Entry
Reference: KSRT:006
Reference: XF:linux-deliver

Description:
Linux PAM modules allow local users to gain root access using temporary files. Status: Entry
Reference: REDHAT:http://www.redhat.com/corp/support/errata/rh42-errata-general.html#pam
Reference: XF:linux-pam-passwd-tmprace

Description:
A malicious Palace server can force a client to execute arbitrary programs. Status: Entry
Reference: BUGTRAQ:19981002 Announcements from The Palace (fwd)
Reference: XF:palace-malicious-servers-vuln

Description:
NT users can gain debug-level access on a system process using the Sechole exploit. Status: Entry
Reference: MS:MS98-009
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms98-009.mspx
Reference: MSKB:Q190288
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q190288
Reference: XF:nt-priv-fix

Description:
CGI PHP mlog script allows an attacker to read any file on the target server. Status: Entry
Reference: BUGTRAQ:19971019 Vulnerability in PHP Example Logging Scripts
Reference: BID:713
Reference: URL:http://www.securityfocus.com/bid/713
Reference: XF:http-cgi-php-mlog
Reference: OSVDB:3397
Reference: URL:http://www.osvdb.org/3397

Description:
IIS ASP caching problem releases sensitive information when two virtual servers share the same physical directory. Status: Entry
Reference: NTBUGTRAQ:Jan27,1999
Reference: MSKB:Q197003
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q197003
Reference: OSVDB:930
Reference: URL:http://www.osvdb.org/930

Description:
A buffer overflow in the FTP list (ls) command in IIS allows remote attackers to conduct a denial of service and, in some cases, execute arbitrary commands. Status: Entry
Reference: EEYE:IIS Remote FTP Exploit/DoS Attack
Reference: URL:http://www.eeye.com/html/Research/Advisories/IIS Remote FTP Exploit/DoS Attack.html
Reference: MS:MS99-003
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-003.mspx
Reference: MSKB:Q188348
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q188348
Reference: BUGTRAQ:Jan27,1999
Reference: XF:iis-remote-ftp

Description:
Race condition in the db_loader program in ClearCase gives local users root access by setting SUID bits. Status: Entry
Reference: L0PHT:Feb8,1999
Reference: XF:clearcase-temp-race

Description:
FTP PASV "Pizza Thief" denial of service and unauthorized data access. Attackers can steal data by connecting to a port that was intended for use by a client. Status: Entry
Reference: INFOWAR:01
Reference: MISC:http://attrition.org/security/advisory/misc/infowar/iw_sec_01.txt
Reference: XF:pasv-pizza-thief-dos(3389)
Reference: URL:http://xforce.iss.net/xforce/xfdb/3389

Description:
rpc.pcnfsd in HP gives remote root access by changing the permissions on the main printer spool directory. Status: Entry
Reference: HP:HPSBUX9902-091
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9902-091
Reference: CIAC:J-026
Reference: URL:http://www.ciac.org/ciac/bulletins/j-026.shtml
Reference: XF:pcnfsd-world-write

Description:
Local or remote users can force ControlIT 4.5 to reboot or force a user to log out, resulting in a denial of service. Status: Entry
Reference: ISS:Multiple vulnerabilities in ControlIT(tm) (formerly Remotely Possible/32) enterprise management software
Reference: XF:controlit-reboot

Description:
Windows 98 and other operating systems allows remote attackers to cause a denial of service via crafted "oshare" packets, possibly involving invalid fragmentation offsets. Status: Entry
Reference: BUGTRAQ:19990125 Win98 crash?
Reference: XF:win98-oshare-dos

Description:
Digital Unix 4.0 has a buffer overflow in the inc program of the mh package. Status: Entry
Reference: BUGTRAQ:19990125 Digital Unix 4.0 exploitable buffer overflows
Reference: URL:http://www.securityfocus.com/archive/1/12121
Reference: COMPAQ:SSRT0583U
Reference: XF:du-inc
Reference: CIAC:J-027
Reference: URL:http://www.ciac.org/ciac/bulletins/j-027.shtml

Description:
WS_FTP server remote denial of service through cwd command. Status: Entry
Reference: EEYE:AD02021999
Reference: URL:http://www.eeye.com/html/Research/Advisories/AD02021999.html
Reference: XF:wsftp-remote-dos
Reference: BID:217
Reference: URL:http://www.securityfocus.com/bid/217

Description:
SuSE 5.2 PLP lpc program has a buffer overflow that leads to root compromise. Status: Entry
Reference: BUGTRAQ:Feb02,1999
Reference: XF:plp-lpc-bo
Reference: BID:328
Reference: URL:http://www.securityfocus.com/bid/328

Description:
The metamail package allows remote command execution using shell metacharacters that are not quoted in a mailcap entry. Status: Entry
Reference: BUGTRAQ:Feb04,1999
Reference: XF:metamail-header-commands

Description:
In some cases, Service Pack 4 for Windows NT 4.0 can allow access to network shares using a blank password, through a problem with a null NT hash value. Status: Entry
Reference: MS:MS99-004
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-004.mspx
Reference: MSKB:Q214840
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q214840
Reference: XF:nt-sp4-auth-error

Description:
NetBSD netstat command allows local users to access kernel memory. Status: Entry
Reference: NETBSD:1999-002
Reference: OSVDB:7571
Reference: URL:http://www.osvdb.org/7571

Description:
Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto. Status: Entry
Reference: NETECT:palmetto.ftpd
Reference: CERT:CA-99.03
Reference: XF:palmetto-ftpd-bo

Description:
The Sun sdtcm_convert calendar utility for OpenWindows has a buffer overflow which can gain root access. Status: Entry
Reference: SUN:00183
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/183
Reference: XF:sun-sdtcm-convert-bo

Description:
Lynx allows a local user to overwrite sensitive files through /tmp symlinks. Status: Entry
Reference: BUGTRAQ:19990211 Lynx /tmp problem
Reference: CERT:VB-97.05.lynx
Reference: XF:lynx-temp-files-race

Description:
The installer for BackOffice Server includes account names and passwords in a setup file (reboot.ini) which is not deleted. Status: Entry
Reference: MS:MS99-005
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-005.mspx
Reference: XF:nt-backoffice-setup
Reference: MSKB:Q217004
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q217004

Description:
Buffer overflow in the "Super" utility in Debian GNU/Linux, and other operating systems, allows local users to execute commands as root. Status: Entry
Reference: ISS:Buffer Overflow in "Super" package in Debian Linux
Reference: XF:linux-super-bo
Reference: XF:linux-super-logging-bo

Description:
Debian GNU/Linux cfengine package is susceptible to a symlink attack. Status: Entry
Reference: DEBIAN:19990215
Reference: BUGTRAQ:Feb16,1999
Reference: XF:linux-cfengine-symlinks

Description:
Buffer overflow in webd in Network Flight Recorder (NFR) 2.0.2-Research allows remote attackers to execute commands. Status: Entry
Reference: NAI:February 16, 1999
Reference: BUGTRAQ:Feb16,1999
Reference: XF:nfr-webd-overflow

Description:
Local users in Windows NT can obtain administrator privileges by changing the KnownDLLs list to reference malicious programs. Status: Entry
Reference: MS:MS99-006
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-006.mspx
Reference: BUGTRAQ:Feb20,1999
Reference: L0PHT:Feb18,1999
Reference: XF:nt-knowndlls-list

Description:
Process table attack in Unix systems allows a remote attacker to perform a denial of service by filling a machine's process tables through multiple connections to network services. Status: Entry
Reference: BUGTRAQ:Feb22,1999

Description:
InterScan VirusWall for Solaris doesn't scan files for viruses when a single HTTP request includes two GET commands. Status: Entry
Reference: BUGTRAQ:19990222 BlackHats Advisory -- InterScan VirusWall
Reference: BUGTRAQ:19990225 Patch for InterScan VirusWall for Unix now available
Reference: XF:viruswall-http-request
Reference: OSVDB:6167
Reference: URL:http://www.osvdb.org/6167

Description:
Microsoft Taskpads allows remote web sites to execute commands on the visiting user's machine via certain methods that are marked as Safe for Scripting. Status: Entry
Reference: MS:MS99-007
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-007.mspx
Reference: BUGTRAQ:19990223 Microsoft Security Bulletin (MS99-007)
Reference: BID:498
Reference: URL:http://www.securityfocus.com/bid/498
Reference: OSVDB:1019
Reference: URL:http://www.osvdb.org/1019
Reference: XF:win-resourcekit-taskpads

Description:
SLMail 3.1 and 3.2 allows local users to access any file in the NTFS file system when the Remote Administration Service (RAS) is enabled by setting a user's Finger File to point to the target file, then running finger on the user. Status: Entry
Reference: NTBUGTRAQ:199902225 ALERT: SLMail 3.2 (and 3.1) with the Remote Administration Service
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=91999015212415&w=2
Reference: BUGTRAQ:19990225 ALERT: SLMail 3.2 (and 3.1) with the Remote Administration Service
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91996412724720&w=2
Reference: NTBUGTRAQ:SLmail 3.2 Build 3113 (Web Administration Security Fix)
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92110501504997&w=2
Reference: BID:497
Reference: URL:http://www.securityfocus.com/bid/497
Reference: XF:slmail-ras-ntfs-bypass(5392)
Reference: URL:http://xforce.iss.net/static/5392.php

Description:
The screen saver in Windows NT does not verify that its security context has been changed properly, allowing attackers to run programs with elevated privileges. Status: Entry
Reference: MS:MS99-008
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-008.mspx
Reference: XF:nt-screen-saver

Description:
ACC Tigris allows public access without a login. Status: Entry
Reference: BUGTRAQ:19990103 Tigris vulnerability
Reference: BID:183
Reference: URL:http://www.securityfocus.com/bid/183
Reference: OSVDB:267
Reference: URL:http://www.osvdb.org/267
Reference: XF:acc-tigris-login

Description:
The Forms 2.0 ActiveX control (included with Visual Basic for Applications 5.0) can be used to read text from a user's clipboard when the user accesses documents with ActiveX content. Status: Entry
Reference: XF:forms-vuln-patch
Reference: MS:MS99-001
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-001.mspx

Description:
The LDAP bind function in Exchange 5.5 has a buffer overflow that allows a remote attacker to conduct a denial of service or execute commands. Status: Entry
Reference: MS:MS99-009
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-009.mspx
Reference: ISS:LDAP Buffer overflow against Microsoft Directory Services
Reference: XF:ldap-exchange-overflow
Reference: XF:ldap-mds-dos

Description:
Microsoft Personal Web Server and FrontPage Personal Web Server in some Windows systems allows a remote attacker to read files on the server by using a nonstandard URL. Status: Entry
Reference: MS:MS99-010
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-010.mspx
Reference: XF:pws-file-access
Reference: OSVDB:111
Reference: URL:http://www.osvdb.org/111

Description:
A legacy credential caching mechanism used in Windows 95 and Windows 98 systems allows attackers to read plaintext network passwords. Status: Entry
Reference: MS:MS99-052
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-052.asp
Reference: MSKB:Q168115
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q168115
Reference: BID:829
Reference: URL:http://www.securityfocus.com/bid/829
Reference: XF:9x-plaintext-pwd

Description:
DataLynx suGuard trusts the PATH environment variable to execute the ps command, allowing local users to execute commands as root. Status: Entry
Reference: XF:datalynx-suguard-relative-paths
Reference: L0PHT:Jan3,1999
Reference: OSVDB:3186
Reference: URL:http://www.osvdb.org/3186

Description:
Buffer overflow in Dosemu Slang library in Linux. Status: Entry
Reference: BUGTRAQ:19990104 Dosemu/S-Lang Overflow + sploit
Reference: CALDERA:CSSA-1999-006.1
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-1999-006.1.txt
Reference: BID:187
Reference: URL:http://www.securityfocus.com/bid/187

Description:
The cryptographic challenge of SMB authentication in Windows 95 and Windows 98 can be reused, allowing an attacker to replay the response and impersonate a user. Status: Entry
Reference: L0PHT:Jan. 5, 1999

Description:
Buffer overflow in Thomas Boutell's cgic library version up to 1.05. Status: Entry
Reference: BUGTRAQ:Jan10,1999
Reference: XF:http-cgic-library-bo

Description:
Remote attackers can cause a denial of service in Sendmail 8.8.x and 8.9.2 by sending messages with a large number of headers. Status: Entry
Reference: BUGTRAQ:19981212 ** Sendmail 8.9.2 DoS - exploit ** get what you want!
Reference: BUGTRAQ:19990121 Sendmail 8.8.x/8.9.x bugware
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91694391227372&w=2
Reference: XF:sendmail-parsing-redirection

Description:
A race condition in the BackWeb Polite Agent Protocol allows an attacker to spoof a BackWeb server. Status: Entry
Reference: ISS:19990118 Vulnerability in the BackWeb Polite Agent Protocol
Reference: URL:http://xforce.iss.net/alerts/advise17.php
Reference: XF:backweb-polite-agent-protocol

Description:
A race condition between the select() and accept() calls in NetBSD TCP servers allows remote attackers to cause a denial of service. Status: Entry
Reference: NETBSD:1999-001
Reference: OPENBSD:Feb17,1999
Reference: XF:netbsd-tcp-race

Description:
wget 1.5.3 follows symlinks to change permissions of the target file instead of the symlink itself. Status: Entry
Reference: BUGTRAQ:Feb2,1999
Reference: XF:wget-permissions
Reference: DEBIAN:19990220

Description:
A bug in Cyrix CPUs on Linux allows local users to perform a denial of service. Status: Entry
Reference: BUGTRAQ:19990204 Cyrix bug: freeze in hell, badboy
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91821080015725&w=2
Reference: XF:cyrix-hang

Description:
Buffer overflow in the Mail-Max SMTP server for Windows systems allows remote command execution. Status: Entry
Reference: BUGTRAQ:Feb14,1999
Reference: XF:mailmax-bo

Description:
A buffer overflow in lsof allows local users to obtain root privilege. Status: Entry
Reference: HERT:002
Reference: BUGTRAQ:Feb18,1999
Reference: DEBIAN:19990220a
Reference: XF:lsof-bo
Reference: OSVDB:3163
Reference: URL:http://www.osvdb.org/3163

Description:
By default, IIS 4.0 has a virtual directory /IISADMPWD which contains files that can be used as proxies for brute force password attacks, or to identify valid users on the system. Status: Entry
Reference: BUGTRAQ:19990209 ALERT: IIS4 allows proxied password attacks over NetBIOS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91983486431506&w=2
Reference: BUGTRAQ:19990209 Re: IIS4 allows proxied password attacks over NetBIOS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92000623021036&w=2
Reference: XF:iis-iisadmpwd

Description:
Files created from interactive shell sessions in Cobalt RaQ microservers (e.g. .bash_history) are world readable, and thus are accessible from the web server. Status: Entry
Reference: BUGTRAQ:19990225 Cobalt root exploit
Reference: XF:cobalt-raq-history-exposure
Reference: BID:337
Reference: URL:http://www.securityfocus.com/bid/337

Description:
Buffer overflow in gnuplot in Linux version 3.5 allows local users to obtain root access. Status: Entry
Reference: BUGTRAQ:19990304 Linux /usr/bin/gnuplot overflow
Reference: XF:gnuplot-home-overflow
Reference: BID:319
Reference: URL:http://www.securityfocus.com/bid/319

Description:
The cancel command in Solaris 2.6 (i386) has a buffer overflow that allows local users to obtain root access. Status: Entry
Reference: BUGTRAQ:Mar5,1999
Reference: XF:sol-cancel
Reference: BID:293
Reference: URL:http://www.securityfocus.com/bid/293

Description:
In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension. Status: Entry
Reference: BUGTRAQ:Feb19,1999
Reference: XF:iis-isapi-execute
Reference: BID:501
Reference: URL:http://www.securityfocus.com/bid/501

Description:
A buffer overflow in the SGI X server allows local users to gain root access through the X server font path. Status: Entry
Reference: SGI:19990301-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19990301-01-PX
Reference: XF:irix-font-path-overflow

Description:
In Linux before version 2.0.36, remote attackers can spoof a TCP connection and pass data to the application layer before fully establishing the connection. Status: Entry
Reference: NAI:Linux Blind TCP Spoofing
Reference: XF:linux-blind-spoof

Description:
The HTTP server in Cisco 7xx series routers 3.2 through 4.2 is enabled by default, which allows remote attackers to change the router's configuration. Status: Entry
Reference: ISS:19990311 Remote Reconfiguration and Denial of Service Vulnerabilities in Cisco 700 ISDN Routers
Reference: CISCO:19990311 Cisco 7xx TCP and HTTP Vulnerabilities
Reference: URL:http://www.cisco.com/warp/public/770/7xxconn-pub.shtml
Reference: CIAC:J-034
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/j-034.shtml
Reference: XF:cisco-router-commands
Reference: XF:cisco-web-config

Description:
Vulnerability in Cisco 7xx series routers allows a remote attacker to cause a system reload via a TCP connection to the router's TELNET port. Status: Entry
Reference: ISS:19990311 Remote Reconfiguration and Denial of Service Vulnerabilities in Cisco 700 ISDN Routers
Reference: CISCO:19990311 Cisco 7xx TCP and HTTP Vulnerabilities
Reference: URL:http://www.cisco.com/warp/public/770/7xxconn-pub.shtml
Reference: CIAC:J-034
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/j-034.shtml
Reference: XF:cisco-web-crash

Description:
64 bit Solaris 7 procfs allows local users to perform a denial of service. Status: Entry
Reference: BUGTRAQ:Mar9,1999
Reference: XF:solaris-psinfo-crash
Reference: BID:448