CVE version: 20061101 ====================================================== Name: CVE-1999-0002 Status: Entry Reference: SGI:19981006-01-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19981006-01-I Reference: CERT:CA-98.12.mountd Reference: CIAC:J-006 Reference: URL:http://www.ciac.org/ciac/bulletins/j-006.shtml Reference: BID:121 Reference: URL:http://www.securityfocus.com/bid/121 Reference: XF:linux-mountd-bo Buffer overflow in NFS mountd gives root access to remote attackers, mostly in Linux systems. ====================================================== Name: CVE-1999-0003 Status: Entry Reference: NAI:NAI-29 Reference: CERT:CA-98.11.tooltalk Reference: SGI:19981101-01-A Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19981101-01-A Reference: SGI:19981101-01-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19981101-01-PX Reference: XF:aix-ttdbserver Reference: XF:tooltalk Reference: BID:122 Reference: URL:http://www.securityfocus.com/bid/122 Execute commands as root via buffer overflow in Tooltalk database server (rpc.ttdbserverd). ====================================================== Name: CVE-1999-0005 Status: Entry Reference: CERT:CA-98.09.imapd Reference: SUN:00177 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/177 Reference: BID:130 Reference: URL:http://www.securityfocus.com/bid/130 Reference: XF:imap-authenticate-bo Arbitrary command execution via IMAP buffer overflow in authenticate command. ====================================================== Name: CVE-1999-0006 Status: Entry Reference: CERT:CA-98.08.qpopper_vul Reference: SGI:19980801-01-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980801-01-I Reference: AUSCERT:AA-98.01 Reference: XF:qpopper-pass-overflow Reference: BID:133 Reference: URL:http://www.securityfocus.com/bid/133 Buffer overflow in POP servers based on BSD/Qualcomm's qpopper allows remote attackers to gain root access using a long PASS command. ====================================================== Name: CVE-1999-0007 Status: Entry Reference: CERT:CA-98.07.PKCS Reference: MS:MS98-002 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms98-002.mspx Reference: XF:nt-ssl-fix Information from SSL-encrypted sessions via PKCS #1. ====================================================== Name: CVE-1999-0008 Status: Entry Reference: CERT:CA-98.06.nisd Reference: SUN:00170 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/170 Reference: ISS:June10,1998 Reference: XF:nisd-bo-check Buffer overflow in NIS+, in Sun's rpc.nisd program. ====================================================== Name: CVE-1999-0009 Status: Entry Reference: SGI:19980603-01-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980603-01-PX Reference: HP:HPSBUX9808-083 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9808-083 Reference: SUN:00180 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/180 Reference: CERT:CA-98.05.bind_problems Reference: XF:bind-bo Reference: BID:134 Reference: URL:http://www.securityfocus.com/bid/134 Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases. ====================================================== Name: CVE-1999-0010 Status: Entry Reference: CERT:CA-98.05.bind_problems Reference: SGI:19980603-01-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980603-01-PX Reference: HP:HPSBUX9808-083 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9808-083 Reference: XF:bind-dos Denial of Service vulnerability in BIND 8 Releases via maliciously formatted DNS messages. ====================================================== Name: CVE-1999-0011 Status: Entry Reference: CERT:CA-98.05.bind_problems Reference: SGI:19980603-01-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980603-01-PX Reference: HP:HPSBUX9808-083 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9808-083 Reference: SUN:00180 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/180 Reference: XF:bind-axfr-dos Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases via CNAME record and zone transfer. ====================================================== Name: CVE-1999-0012 Status: Entry Reference: CERT:CA-98.04.Win32.WebServers Reference: XF:nt-web8.3 Some web servers under Microsoft Windows allow remote attackers to bypass access restrictions for files with long file names. ====================================================== Name: CVE-1999-0013 Status: Entry Reference: CERT:CA-98.03.ssh-agent Reference: NAI:NAI-24 Reference: XF:ssh-agent Stolen credentials from SSH clients via ssh-agent program, allowing other local users to access remote accounts belonging to the ssh-agent user. ====================================================== Name: CVE-1999-0014 Status: Entry Reference: HP:HPSBUX9801-075 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9801-075 Reference: SUN:00185 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/185 Reference: CERT:CA-98.02.CDE Unauthorized privileged access or denial of service via dtappgather program in CDE. ====================================================== Name: CVE-1999-0016 Status: Entry Reference: CERT:CA-97.28.Teardrop_Land Reference: FREEBSD:FreeBSD-SA-98:01 Reference: HP:HPSBUX9801-076 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9801-076 Reference: CISCO:http://www.cisco.com/warp/public/770/land-pub.shtml Reference: XF:cisco-land Reference: XF:land Reference: XF:95-verv-tcp Reference: XF:land-patch Reference: XF:ver-tcpip-sys Land IP denial of service. ====================================================== Name: CVE-1999-0017 Status: Entry Reference: CERT:CA-97.27.FTP_bounce Reference: XF:ftp-bounce Reference: XF:ftp-privileged-port FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce. ====================================================== Name: CVE-1999-0018 Status: Entry Reference: CERT:CA-97.26.statd Reference: AUSCERT:AA-97.29 Reference: XF:statd Reference: BID:127 Reference: URL:http://www.securityfocus.com/bid/127 Buffer overflow in statd allows root privileges. ====================================================== Name: CVE-1999-0019 Status: Entry Reference: CERT:CA-96.09.rpc.statd Reference: XF:rpc-stat Reference: SUN:00135 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/135 Delete or create a file via rpc.statd, due to invalid information. ====================================================== Name: CVE-1999-0021 Status: Entry Reference: BUGTRAQ:19971010 Security flaw in Count.cgi (wwwcount) Reference: CERT:CA-97.24.Count_cgi Reference: XF:http-cgi-count Reference: BID:128 Reference: URL:http://www.securityfocus.com/bid/128 Arbitrary command execution via buffer overflow in Count.cgi (wwwcount) cgi-bin program. ====================================================== Name: CVE-1999-0022 Status: Entry Reference: CERT:CA-97.23.rdist Reference: SUN:00179 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/179 Reference: XF:rdist-bo3 Reference: XF:rdist-sept97 Local user gains root privileges via buffer overflow in rdist, via expstr() function. ====================================================== Name: CVE-1999-0023 Status: Entry Reference: CERT:CA-96.14.rdist_vul Reference: XF:rdist-bo Reference: XF:rdist-bo2 Local user gains root privileges via buffer overflow in rdist, via lookup() function. ====================================================== Name: CVE-1999-0024 Status: Entry Reference: CERT:CA-97.22.bind Reference: XF:bind Reference: NAI:NAI-11 DNS cache poisoning via BIND, by predictable query IDs. ====================================================== Name: CVE-1999-0025 Status: Entry Reference: CERT:CA-1997-21 Reference: URL:http://www.cert.org/advisories/CA-1997-21.html Reference: AUSCERT:AA-97.19.IRIX.df.buffer.overflow.vul Reference: SGI:SGI:19970505-01-A Reference: SGI:SGI:19970505-02-PX Reference: CERT-VN:VU#20851 Reference: URL:http://www.kb.cert.org/vuls/id/20851 Reference: BID:346 Reference: URL:http://www.securityfocus.com/bid/346 Reference: XF:df-bo(440) Reference: URL:http://xforce.iss.net/xforce/xfdb/440 root privileges via buffer overflow in df command on SGI IRIX systems. ====================================================== Name: CVE-1999-0026 Status: Entry Reference: CERT:CA-97.21.sgi_buffer_overflow Reference: AUSCERT:AA-97.20.IRIX.pset.buffer.overflow.vul Reference: XF:pset-bo root privileges via buffer overflow in pset command on SGI IRIX systems. ====================================================== Name: CVE-1999-0027 Status: Entry Reference: CERT:CA-97.21.sgi_buffer_overflow Reference: AUSCERT:AA-97.21.IRIX.eject.buffer.overflow.vul Reference: XF:eject-bo root privileges via buffer overflow in eject command on SGI IRIX systems. ====================================================== Name: CVE-1999-0028 Status: Entry Reference: CERT:CA-97.21.sgi_buffer_overflow Reference: AUSCERT:AA-97.22.IRIX.login.scheme.buffer.overflow.vul Reference: XF:sgi-schemebo root privileges via buffer overflow in login/scheme command on SGI IRIX systems. ====================================================== Name: CVE-1999-0029 Status: Entry Reference: CERT:CA-97.21.sgi_buffer_overflow Reference: AUSCERT:AA-97.23-IRIX.ordist.buffer.overflow.vul Reference: XF:ordist-bo root privileges via buffer overflow in ordist command on SGI IRIX systems. ====================================================== Name: CVE-1999-0031 Status: Entry Reference: CERT:CA-97.20.javascript Reference: HP:HPSBUX9707-065 Reference: URL:http://www.codetalker.com/advisories/vendor/hp/hpsbux9707-065.html JavaScript in Internet Explorer 3.x and 4.x, and Netscape 2.x, 3.x and 4.x, allows remote attackers to monitor a user's web activities, aka the Bell Labs vulnerability. ====================================================== Name: CVE-1999-0032 Status: Entry Reference: BUGTRAQ:19960813 Possible bufferoverflow condition in lpr, xterm and xload Reference: BUGTRAQ:19961025 Linux & BSD's lpr exploit Reference: MLIST:[freebsd-security] 19961025 Vadim Kolontsov: BoS: Linux & BSD's lpr exploit Reference: MLIST:[linux-security] 19961122 LSF Update#14: Vulnerability of the lpr program. Reference: CERT:CA-97.19.bsdlp Reference: AUSCERT:AA-96.12 Reference: CIAC:H-08 Reference: CIAC:I-042 Reference: URL:http://www.ciac.org/ciac/bulletins/i-042.shtml Reference: SGI:19980402-01-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980402-01-PX Reference: BID:707 Reference: URL:http://www.securityfocus.com/bid/707 Reference: XF:bsd-lprbo2 Reference: XF:bsd-lprbo Reference: XF:lpr-bo Buffer overflow in lpr, as used in BSD-based systems including Linux, allows local users to execute arbitrary code as root via a long -C (classification) command line option. ====================================================== Name: CVE-1999-0034 Status: Entry Reference: CERT:CA-97.17.sperl Reference: XF:perl-suid Buffer overflow in suidperl (sperl), Perl 4.x and 5.x. ====================================================== Name: CVE-1999-0035 Status: Entry Reference: XF:ftp-ftpd Reference: CERT:CA-97.16.ftpd Reference: AUSCERT:AA-97.03 Race condition in signal handling routine in ftpd, allowing read/write arbitrary files. ====================================================== Name: CVE-1999-0036 Status: Entry Reference: CERT:CA-97.15.sgi_login Reference: AUSCERT:AA-97.12 Reference: CIAC:H-106 Reference: URL:http://www.ciac.org/ciac/bulletins/h-106.shtml Reference: SGI:19970508-02-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19970508-02-PX Reference: OSVDB:990 Reference: URL:http://www.osvdb.org/990 Reference: XF:sgi-lockout(557) Reference: URL:http://xforce.iss.net/xforce/xfdb/557 IRIX login program with a nonzero LOCKOUT parameter allows creation or damage to files. ====================================================== Name: CVE-1999-0037 Status: Entry Reference: CERT:CA-97.14.metamail Reference: XF:metamail-header-commands Arbitrary command execution via metamail package using message headers, when user processes attacker's message using metamail. ====================================================== Name: CVE-1999-0038 Status: Entry Reference: CERT:CA-97.13.xlock Reference: XF:xlock-bo Buffer overflow in xlock program allows local users to execute commands as root. ====================================================== Name: CVE-1999-0039 Status: Entry Reference: BUGTRAQ:19970507 Re: SGI Security Advisory 19970501-01-A - Vulnerability in Reference: BUGTRAQ:19970507 Re: SGI Advisory: webdist.cgi Reference: CERT:CA-1997-12 Reference: URL:http://www.cert.org/advisories/CA-1997-12.html Reference: AUSCERT:AA-97.14 Reference: SGI:19970501-02-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19970501-02-PX Reference: BID:374 Reference: URL:http://www.securityfocus.com/bid/374 Reference: OSVDB:235 Reference: URL:http://www.osvdb.org/235 Reference: XF:http-sgi-webdist(333) Reference: URL:http://xforce.iss.net/xforce/xfdb/333 webdist CGI program (webdist.cgi) in SGI IRIX allows remote attackers to execute arbitrary commands via shell metacharacters in the distloc parameter. ====================================================== Name: CVE-1999-0040 Status: Entry Reference: CERT:CA-97.11.libXt Reference: XF:libXt-bo Buffer overflow in Xt library of X Windowing System allows local users to execute commands with root privileges. ====================================================== Name: CVE-1999-0041 Status: Entry Reference: CERT:CA-97.10.nls Reference: XF:nls-bo Buffer overflow in NLS (Natural Language Service). ====================================================== Name: CVE-1999-0042 Status: Entry Reference: NAI:NAI-21 Reference: CERT:CA-97.09.imap_pop Reference: XF:popimap-bo Buffer overflow in University of Washington's implementation of IMAP and POP servers. ====================================================== Name: CVE-1999-0043 Status: Entry Reference: CERT:CA-97.08.innd Reference: XF:inn-controlmsg Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others. ====================================================== Name: CVE-1999-0044 Status: Entry Reference: SGI:19970301-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19970301-01-P Reference: XF:sgi-fsdump fsdump command in IRIX allows local users to obtain root access by modifying sensitive files. ====================================================== Name: CVE-1999-0045 Status: Entry Reference: CERT:CA-97.07.nph-test-cgi_script Reference: XF:http-cgi-nph List of arbitrary files on Web host via nph-test-cgi script. ====================================================== Name: CVE-1999-0046 Status: Entry Reference: CERT:CA-97.06.rlogin-term Reference: XF:rlogin-termbo Buffer overflow of rlogin program using TERM environmental variable. ====================================================== Name: CVE-1999-0047 Status: Entry Reference: CERT:CA-97.05.sendmail Reference: BID:685 Reference: URL:http://www.securityfocus.com/bid/685 Reference: XF:sendmail-mime-bo2 MIME conversion buffer overflow in sendmail versions 8.8.3 and 8.8.4. ====================================================== Name: CVE-1999-0048 Status: Entry Reference: CERT:CA-97.04.talkd Reference: FREEBSD:FreeBSD-SA-96:21 Reference: AUSCERT:AA-97.01 Reference: SUN:00147 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/147 Reference: XF:talkd-bo Reference: XF:netkit-talkd Talkd, when given corrupt DNS information, can be used to execute arbitrary commands with root privileges. ====================================================== Name: CVE-1999-0049 Status: Entry Reference: XF:sgi-csetup Reference: CERT:CA-97.03.csetup Csetup under IRIX allows arbitrary file creation or overwriting. ====================================================== Name: CVE-1999-0050 Status: Entry Reference: CERT:CA-97.02.hp_newgrp Reference: AUSCERT:AA-96.16.HP-UX.newgrp.Buffer.Overrun.Vulnerability Reference: XF:hp-newgrpbo Buffer overflow in HP-UX newgrp program. ====================================================== Name: CVE-1999-0051 Status: Entry Reference: XF:sgi-licensemanager Reference: CERT:CA-97.01.flex_lm Reference: AUSCERT:AA-96.03 Arbitrary file creation and program execution using FLEXlm LicenseManager, from versions 4.0 to 5.0, in IRIX. ====================================================== Name: CVE-1999-0052 Status: Entry Reference: FREEBSD:FreeBSD-SA-98:08 Reference: OSVDB:908 Reference: URL:http://www.osvdb.org/908 Reference: XF:freebsd-ip-frag-dos(1389) Reference: URL:http://xforce.iss.net/xforce/xfdb/1389 IP fragmentation denial of service in FreeBSD allows a remote attacker to cause a crash. ====================================================== Name: CVE-1999-0053 Status: Entry Reference: FREEBSD:FreeBSD-SA-98:07 Reference: OSVDB:6094 Reference: URL:http://www.osvdb.org/6094 TCP RST denial of service in FreeBSD. ====================================================== Name: CVE-1999-0054 Status: Entry Reference: SUN:00171 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/171 Reference: XF:sun-ftpd Sun's ftpd daemon can be subjected to a denial of service. ====================================================== Name: CVE-1999-0055 Status: Entry Reference: SUN:00172 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/172 Reference: AIXAPAR:IX80543 Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IX80543&apar=only Reference: RSI:RSI.0005.05-14-98.SUN.LIBNSL Reference: XF:sun-libnsl Buffer overflows in Sun libnsl allow root access. ====================================================== Name: CVE-1999-0056 Status: Entry Reference: SUN:00174 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/174 Reference: XF:sun-ping Buffer overflow in Sun's ping program can give root access to local users. ====================================================== Name: CVE-1999-0057 Status: Entry Reference: NAI:NAI-19 Reference: XF:vacation Reference: HP:HPSBUX9811-087 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9811-087 Vacation program allows command execution by remote users through a sendmail command. ====================================================== Name: CVE-1999-0058 Status: Entry Reference: NAI:NAI-12 Reference: BID:712 Reference: URL:http://www.securityfocus.com/bid/712 Reference: XF:http-cgi-phpbo Buffer overflow in PHP cgi program, php.cgi allows shell access. ====================================================== Name: CVE-1999-0059 Status: Entry Reference: NAI:NAI-16 Reference: BID:353 Reference: URL:http://www.securityfocus.com/bid/353 Reference: OSVDB:164 Reference: URL:http://www.osvdb.org/164 Reference: XF:irix-fam(325) Reference: URL:http://xforce.iss.net/xforce/xfdb/325 IRIX fam service allows an attacker to obtain a list of all files on the server. ====================================================== Name: CVE-1999-0060 Status: Entry Reference: NAI:NAI-26 Reference: XF:ascend-config-kill Reference: ASCEND:http://www.ascend.com/2695.html Attackers can cause a denial of service in Ascend MAX and Pipeline routers with a malformed packet to the discard port, which is used by the Java Configurator tool. ====================================================== Name: CVE-1999-0062 Status: Entry Reference: XF:openbsd-chpass Reference: NAI:NAI-28 Reference: OSVDB:7559 Reference: URL:http://www.osvdb.org/7559 The chpass command in OpenBSD allows a local user to gain root access through file descriptor leakage. ====================================================== Name: CVE-1999-0063 Status: Entry Reference: AUSCERT:ESB-98.197 Reference: CISCO:http://www.cisco.com/warp/public/770/iossyslog-pub.shtml Reference: XF:cisco-syslog-crash Cisco IOS 12.0 and other versions can be crashed by malicious UDP packets to the syslog port. ====================================================== Name: CVE-1999-0064 Status: Entry Reference: BUGTRAQ:May28,1997 Reference: XF:lquerylv-bo Buffer overflow in AIX lquerylv program gives root access to local users. ====================================================== Name: CVE-1999-0065 Status: Entry Reference: SUN:00181 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/181 Reference: XF:hp-dtmail Multiple buffer overflows in how dtmail handles attachments allows a remote attacker to execute commands. ====================================================== Name: CVE-1999-0066 Status: Entry Reference: BUGTRAQ:19950731 SECURITY HOLE: "AnyForm" CGI Reference: BID:719 Reference: URL:http://www.securityfocus.com/bid/719 Reference: XF:http-cgi-anyform AnyForm CGI remote execution. ====================================================== Name: CVE-1999-0067 Status: Entry Reference: BUGTRAQ:19960923 PHF Attacks - Fun and games for the whole family Reference: CERT:CA-1996-06 Reference: URL:http://www.cert.org/advisories/CA-1996-06.html Reference: AUSCERT:AA-96.01 Reference: BID:629 Reference: URL:http://www.securityfocus.com/bid/629 Reference: OSVDB:136 Reference: URL:http://www.osvdb.org/136 Reference: XF:http-cgi-phf phf CGI program allows remote command execution through shell metacharacters. ====================================================== Name: CVE-1999-0068 Status: Entry Reference: BUGTRAQ:19971019 Vulnerability in PHP Example Logging Scripts Reference: XF:http-cgi-php-mylog Reference: BID:713 Reference: URL:http://www.securityfocus.com/bid/713 Reference: OSVDB:3396 Reference: URL:http://www.osvdb.org/3396 CGI PHP mylog script allows an attacker to read any file on the target server. ====================================================== Name: CVE-1999-0069 Status: Entry Reference: SUN:00169 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/169 Reference: XF:sun-ufsrestore Reference: OSVDB:8158 Reference: URL:http://www.osvdb.org/8158 Solaris ufsrestore buffer overflow. ====================================================== Name: CVE-1999-0070 Status: Entry Reference: XF:http-cgi-test test-cgi program allows an attacker to list files on the server. ====================================================== Name: CVE-1999-0071 Status: Entry Reference: XF:http-apache-cookie Reference: NAI:NAI-2 Apache httpd cookie buffer overflow for versions 1.1.1 and earlier. ====================================================== Name: CVE-1999-0072 Status: Entry Reference: ERS:ERS-SVA-E01-1997:004.1 Reference: XF:ibm-xdat Buffer overflow in AIX xdat gives root access to local users. ====================================================== Name: CVE-1999-0073 Status: Entry Reference: CERT:CA-95:14.Telnetd_Environment_Vulnerability Reference: XF:linkerbug Telnet allows a remote client to specify environment variables including LD_LIBRARY_PATH, allowing an attacker to bypass the normal system libraries and gain root access. ====================================================== Name: CVE-1999-0074 Status: Entry Reference: XF:seqport Listening TCP ports are sequentially allocated, allowing spoofing attacks. ====================================================== Name: CVE-1999-0075 Status: Entry Reference: BUGTRAQ:19961016 Re: ftpd bug? Was: bin/1805: Bug in ftpd Reference: XF:ftp-pasvcore Reference: OSVDB:5742 Reference: URL:http://www.osvdb.org/5742 PASV core dump in wu-ftpd daemon when attacker uses a QUOTE PASV command after specifying a username and password. ====================================================== Name: CVE-1999-0077 Status: Entry Reference: XF:tcp-seq-predict(139) Reference: URL:http://xforce.iss.net/static/139.php Predictable TCP sequence numbers allow spoofing. ====================================================== Name: CVE-1999-0079 Status: Entry Reference: XF:ftp-pasv-dos Reference: XF:ftp-pasvdos Remote attackers can cause a denial of service in FTP by issuing multiple PASV commands, causing the server to run out of available ports. ====================================================== Name: CVE-1999-0080 Status: Entry Reference: BUGTRAQ:19950531 SECURITY: problem with some wu-ftpd-2.4 binaries (fwd) Reference: CERT:CA-95:16.wu-ftpd.vul Reference: XF:ftp-execdotdot Certain configurations of wu-ftp FTP server 2.4 use a _PATH_EXECPATH setting to a directory with dangerous commands, such as /bin, which allows remote authenticated users to gain root access via the "site exec" command. ====================================================== Name: CVE-1999-0081 Status: Entry Reference: XF:ftp-rnfr wu-ftp allows files to be overwritten via the rnfr command. ====================================================== Name: CVE-1999-0082 Status: Entry Reference: XF:ftp-cwd Reference: FarmerVenema:Improving the Security of Your Site by Breaking Into it Reference: URL:http://www.alw.nih.gov/Security/Docs/admin-guide-to-cracking.101.html CWD ~root command in ftpd allows root access. ====================================================== Name: CVE-1999-0083 Status: Entry Reference: XF:cwdleak getcwd() file descriptor leak in FTP. ====================================================== Name: CVE-1999-0084 Status: Entry Reference: XF:nfs-mknod(78) Reference: URL:http://xforce.iss.net/xforce/xfdb/78 Certain NFS servers allow users to use mknod to gain privileges by creating a writable kmem device and setting the UID to 0. ====================================================== Name: CVE-1999-0085 Status: Entry Reference: BUGTRAQ:19960821 rwhod buffer overflow Reference: XF:rwhod(119) Reference: URL:http://xforce.iss.net/xforce/xfdb/119 Reference: XF:rwhod-vuln(118) Reference: URL:http://xforce.iss.net/xforce/xfdb/118 Buffer overflow in rwhod on AIX and other operating systems allows remote attackers to execute arbitrary code via a UDP packet with a long hostname. ====================================================== Name: CVE-1999-0087 Status: Entry Reference: XF:ibm-telnetdos Reference: ERS:ERS-SVA-E01-1998:003.1 Reference: OSVDB:7992 Reference: URL:http://www.osvdb.org/7992 Denial of service in AIX telnet can freeze a system and prevent users from accessing the server. ====================================================== Name: CVE-1999-0090 Status: Entry Reference: ERS:ERS-SVA-E01-1997:005.1 Reference: XF:ibm-rcp Buffer overflow in AIX rcp command allows local users to obtain root access. ====================================================== Name: CVE-1999-0091 Status: Entry Reference: ERS:ERS-SVA-E01-1997:005.1 Reference: XF:ibm-writesrv Buffer overflow in AIX writesrv command allows local users to obtain root access. ====================================================== Name: CVE-1999-0093 Status: Entry Reference: ERS:ERS-SVA-E01-1997:008.1 Reference: XF:ibm-nslookup AIX nslookup command allows local users to obtain root access by not dropping privileges correctly. ====================================================== Name: CVE-1999-0094 Status: Entry Reference: ERS:ERS-SVA-E01-1997:007.1 Reference: XF:ibm-piodmgrsu AIX piodmgrsu command allows local users to gain additional group privileges. ====================================================== Name: CVE-1999-0095 Status: Entry Reference: CERT:CA-88.01 Reference: CERT:CA-93.14 Reference: BID:1 Reference: URL:http://www.securityfocus.com/bid/1 Reference: OSVDB:195 Reference: URL:http://www.osvdb.org/195 Reference: XF:smtp-debug The debug command in Sendmail is enabled, allowing attackers to execute commands as root. ====================================================== Name: CVE-1999-0096 Status: Entry Reference: CERT:CA-93.16 Reference: CERT:CA-95.05 Reference: CIAC:A-13 Reference: CIAC:A-14 Reference: SUN:00122 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/122&type=0&nav=sec.sba Reference: XF:smtp-dcod Sendmail decode alias can be used to overwrite sensitive files. ====================================================== Name: CVE-1999-0097 Status: Entry Reference: ERS:ERS-SVA-E01-1997:009.1 Reference: XF:ibm-ftp The AIX FTP client can be forced to execute commands from a malicious server through shell metacharacters (e.g. a pipe character). ====================================================== Name: CVE-1999-0099 Status: Entry Reference: CERT:CA-95.13.syslog.vul Reference: XF:smtp-syslog Buffer overflow in syslog utility allows local or remote attackers to gain root privileges. ====================================================== Name: CVE-1999-0100 Status: Entry Reference: ERS:ERS-SVA-E01-1997:002.1 Reference: XF:inn-controlmsg Remote access in AIX innd 1.5.1, using control messages. ====================================================== Name: CVE-1999-0101 Status: Entry Reference: ERS:ERS-SVA-E01-1997:001.1 Reference: ERS:ERS-SVA-E01-1996:007.1 Reference: SUN:00137a Reference: CIAC:H-13 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/h-13.shtml Reference: NAI:NAI-1 Reference: XF:ghbn-bo Buffer overflow in AIX and Solaris "gethostbyname" library call allows root access through corrupt DNS host names. ====================================================== Name: CVE-1999-0102 Status: Entry Reference: XF:slmail-fromheader-overflow Buffer overflow in SLmail 3.x allows attackers to execute commands using a large FROM line. ====================================================== Name: CVE-1999-0103 Status: Entry Reference: CERT:CA-96.01.UDP_service_denial Reference: XF:echo Reference: XF:chargen Reference: XF:chargen-patch Echo and chargen, or other combinations of UDP services, can be used in tandem to flood the server, a.k.a. UDP bomb or UDP packet storm. ====================================================== Name: CVE-1999-0108 Status: Entry Reference: BUGTRAQ:another day, another buffer overflow... Reference: XF:printers-bo The printers program in IRIX has a buffer overflow that gives root access to local users. ====================================================== Name: CVE-1999-0109 Status: Entry Reference: SUN:00140 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/140 Reference: AUSCERT:AA-97.06 Reference: XF:ffbconfig-bo Buffer overflow in ffbconfig in Solaris 2.5.1. ====================================================== Name: CVE-1999-0111 Status: Entry Reference: XF:rip RIP v1 is susceptible to spoofing. ====================================================== Name: CVE-1999-0112 Status: Entry Reference: BUGTRAQ:19970520 AIX 4.2 dtterm exploit Reference: XF:dtterm-bo(878) Reference: URL:http://xforce.iss.net/xforce/xfdb/878 Buffer overflow in AIX dtterm program for the CDE. ====================================================== Name: CVE-1999-0113 Status: Entry Reference: BUGTRAQ:19940729 -froot??? (AIX rlogin bug) Reference: CERT:CA-94.09.bin.login.vulnerability Reference: CIAC:E-26 Reference: BID:458 Reference: URL:http://www.securityfocus.com/bid/458 Reference: XF:rlogin-froot Some implementations of rlogin allow root access if given a -froot parameter. ====================================================== Name: CVE-1999-0115 Status: Entry Reference: BUGTRAQ:19970909 AIX bugfiler Reference: XF:ibm-bugfiler Reference: BID:1800 Reference: URL:http://www.securityfocus.com/bid/1800 AIX bugfiler program allows local users to gain root access. ====================================================== Name: CVE-1999-0116 Status: Entry Reference: CERT:CA-96.21.tcp_syn.flooding Reference: SGI:19961202-01-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19961202-01-PX Reference: SUN:00136 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/136 Denial of service when an attacker sends many SYN packets to create multiple connections without ever sending an ACK to complete the connection, aka SYN flood. ====================================================== Name: CVE-1999-0117 Status: Entry Reference: XF:ibm-passwd Reference: CERT:CA-92:07.AIX.passwd.vulnerability AIX passwd allows local users to gain root access. ====================================================== Name: CVE-1999-0118 Status: Entry Reference: BUGTRAQ:19981119 RSI.0011.11-09-98.AIX.INFOD Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91158980826979&w=2 Reference: XF:aix-infod AIX infod allows local users to gain root access through an X display. ====================================================== Name: CVE-1999-0120 Status: Entry Reference: SUN:00126 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/126 Reference: CERT:CA-94.06.utmp.vulnerability Reference: XF:utmp-write Sun/Solaris utmp file allows local users to gain root access if it is writable by users other than root. ====================================================== Name: CVE-1999-0122 Status: Entry Reference: BUGTRAQ:Jul21,1999 Reference: XF:lchangelv-bo Buffer overflow in AIX lchangelv gives root access. ====================================================== Name: CVE-1999-0124 Status: Entry Reference: CERT:CA-93:11.UMN.UNIX.gopher.vulnerability Reference: XF:gopher-vuln Vulnerabilities in UMN gopher and gopher+ versions 1.12 and 2.0x allow an intruder to read any files that can be accessed by the gopher daemon. ====================================================== Name: CVE-1999-0125 Status: Entry Reference: XF:sgi-mailx-bo Reference: SGI:19980605-01-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980605-01-PX Buffer overflow in SGI IRIX mailx program. ====================================================== Name: CVE-1999-0126 Status: Entry Reference: CERT:VB-98.04.xterm.Xaw Reference: CIAC:J-010 Reference: URL:http://www.ciac.org/ciac/bulletins/j-010.shtml Reference: XF:xfree86-xterm-xaw Reference: XF:xfree86-xaw SGI IRIX buffer overflow in xterm and Xaw allows root access. ====================================================== Name: CVE-1999-0128 Status: Entry Reference: XF:ping-death Reference: CERT:CA-96.26.ping Oversized ICMP ping packets can result in a denial of service, aka Ping o' Death. ====================================================== Name: CVE-1999-0129 Status: Entry Reference: CERT:CA-96.25.sendmail_groups Sendmail allows local users to write to a file and gain group permissions via a .forward or :include: file. ====================================================== Name: CVE-1999-0130 Status: Entry Reference: CERT:CA-96.24.sendmail.daemon.mode Reference: BID:716 Reference: URL:http://www.securityfocus.com/bid/716 Reference: XF:sendmail-daemon-mode Local users can start Sendmail in daemon mode and gain root privileges. ====================================================== Name: CVE-1999-0131 Status: Entry Reference: CERT:CA-96.20.sendmail_vul Reference: XF:smtp-875bo Reference: BID:717 Reference: URL:http://www.securityfocus.com/bid/717 Buffer overflow and denial of service in Sendmail 8.7.5 and earlier through GECOS field gives root access to local users. ====================================================== Name: CVE-1999-0132 Status: Entry Reference: CERT:CA-1996-19 Reference: URL:http://www.cert.org/advisories/CA-1996-19.html Reference: OSVDB:11723 Reference: URL:http://www.osvdb.org/11723 Reference: XF:expreserve(401) Reference: URL:http://xforce.iss.net/xforce/xfdb/401 Expreserve, as used in vi and ex, allows local users to overwrite arbitrary files and gain root access. ====================================================== Name: CVE-1999-0133 Status: Entry Reference: CERT:CA-96.18.fm_fls Reference: XF:fmaker-logfile fm_fls license server for Adobe Framemaker allows local users to overwrite arbitrary files and gain root access. ====================================================== Name: CVE-1999-0134 Status: Entry Reference: XF:sol-voldtmp Reference: CERT:CA-96.17.Solaris_vold_vul Reference: AUSCERT:AL-96.04 Reference: OSVDB:8159 Reference: URL:http://www.osvdb.org/8159 vold in Solaris 2.x allows local users to gain root access. ====================================================== Name: CVE-1999-0135 Status: Entry Reference: XF:sun-admintool Reference: CERT:CA-96.16.Solaris_admintool_vul Reference: AUSCERT:AL-96.03 admintool in Solaris allows a local user to write to arbitrary files and gain root access. ====================================================== Name: CVE-1999-0136 Status: Entry Reference: XF:sol-KCMSvuln Reference: AUSCERT:AL-96.02 Reference: CERT:CA-96.15.Solaris_KCMS_vul Kodak Color Management System (KCMS) on Solaris allows a local user to write to arbitrary files and gain root access. ====================================================== Name: CVE-1999-0137 Status: Entry Reference: XF:linux-dipbo Reference: CERT:CA-96.13.dip_vul Reference: XF:dip-bo The dip program on many Linux systems allows local users to gain root access via a buffer overflow. ====================================================== Name: CVE-1999-0138 Status: Entry Reference: CERT:CA-96.12.suidperl_vul Reference: XF:sperl-suid The suidperl and sperl program do not give up root privileges when changing UIDs back to the original users, allowing root access. ====================================================== Name: CVE-1999-0139 Status: Entry Reference: XF:sol-mkcookie Reference: RSI:RSI.0012.12-03-98.SOLARIS.MKCOOKIE Reference: OSVDB:8205 Reference: URL:http://www.osvdb.org/8205 Buffer overflow in Solaris x86 mkcookie allows local users to obtain root access. ====================================================== Name: CVE-1999-0141 Status: Entry Reference: XF:http-java-applet Reference: CERT:CA-96.07.java_bytecode_verifier Reference: SUN:00134 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/134 Java Bytecode Verifier allows malicious applets to execute arbitrary commands as the user of the applet. ====================================================== Name: CVE-1999-0142 Status: Entry Reference: CERT:CA-96.05.java_applet_security_mgr Reference: XF:http-java-appletsecmgr The Java Applet Security Manager implementation in Netscape Navigator 2.0 and Java Developer's Kit 1.0 allows an applet to connect to arbitrary hosts. ====================================================== Name: CVE-1999-0143 Status: Entry Reference: CERT:CA-96.03.kerberos_4_key_server Reference: XF:kerberos-bf Kerberos 4 key servers allow a user to masquerade as another by breaking and generating session keys. ====================================================== Name: CVE-1999-0145 Status: Entry Reference: CERT:CA-1990-11 Reference: URL:http://www.cert.org/advisories/CA-1990-11.html Reference: CERT:CA-1993-14 Reference: URL:http://www.cert.org/advisories/CA-1993-14.html Reference: BUGTRAQ:19950206 sendmail wizard thing... Reference: URL:http://www2.dataguard.no/bugtraq/1995_1/0332.html Reference: FarmerVenema:Improving the Security of Your Site by Breaking Into it Reference: URL:http://www.alw.nih.gov/Security/Docs/admin-guide-to-cracking.101.html Sendmail WIZ command enabled, allowing root access. ====================================================== Name: CVE-1999-0146 Status: Entry Reference: BUGTRAQ:19970715 Bug CGI campas Reference: BID:1975 Reference: URL:http://www.securityfocus.com/bid/1975 Reference: XF:http-cgi-campas(298) Reference: URL:http://xforce.iss.net/xforce/xfdb/298 The campas CGI program provided with some NCSA web servers allows an attacker to execute arbitrary commands via encoded carriage return characters in the query string, as demonstrated by reading the password file. ====================================================== Name: CVE-1999-0147 Status: Entry Reference: XF:http-cgi-glimpse Reference: AUSCERT:AA-97.28 The aglimpse CGI program of the Glimpse package allows remote execution of arbitrary commands. ====================================================== Name: CVE-1999-0148 Status: Entry Reference: SGI:19970501-02-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19970501-02-PX Reference: BID:380 Reference: URL:http://www.securityfocus.com/bid/380 Reference: XF:http-sgi-handler The handler CGI program in IRIX allows arbitrary command execution. ====================================================== Name: CVE-1999-0149 Status: Entry Reference: BUGTRAQ:19970420 IRIX 6.x /cgi-bin/wrap bug Reference: SGI:19970501-02-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19970501-02-PX Reference: BID:373 Reference: URL:http://www.securityfocus.com/bid/373 Reference: OSVDB:247 Reference: URL:http://www.osvdb.org/247 Reference: XF:http-sgi-wrap(290) Reference: URL:http://xforce.iss.net/xforce/xfdb/290 The wrap CGI program in IRIX allows remote attackers to view arbitrary directory listings via a .. (dot dot) attack. ====================================================== Name: CVE-1999-0150 Status: Entry Reference: XF:perl-fingerd The Perl fingerd program allows arbitrary command execution from remote users. ====================================================== Name: CVE-1999-0151 Status: Entry Reference: CERT:CA-95.07a.REVISED.satan.vul Reference: CERT:CA-95.06.satan.vul The SATAN session key may be disclosed if the user points the web browser to other sites, possibly allowing root access. ====================================================== Name: CVE-1999-0152 Status: Entry Reference: BUGTRAQ:19970811 dgux in.fingerd vulnerability Reference: XF:dgux-fingerd The DG/UX finger daemon allows remote command execution through shell metacharacters. ====================================================== Name: CVE-1999-0153 Status: Entry Reference: XF:win-oob Reference: OSVDB:1666 Reference: URL:http://www.osvdb.org/1666 Windows 95/NT out of band (OOB) data denial of service through NETBIOS port, aka WinNuke. ====================================================== Name: CVE-1999-0155 Status: Entry Reference: XF:gscript-dsafer Reference: CERT:CA-95.10.ghostscript The ghostscript command with the -dSAFER option allows remote attackers to execute commands. ====================================================== Name: CVE-1999-0157 Status: Entry Reference: CISCO:http://www.cisco.com/warp/public/770/nifrag.shtml Reference: XF:cisco-fragmented-attacks Reference: OSVDB:1097 Reference: URL:http://www.osvdb.org/1097 Cisco PIX firewall and CBAC IP fragmentation attack results in a denial of service. ====================================================== Name: CVE-1999-0158 Status: Entry Reference: CISCO:20010913 Cisco PIX Firewall Manager File Exposure Reference: URL:http://www.cisco.com/warp/public/770/pixmgrfile-pub.shtml Reference: XF:cisco-pix-file-exposure Reference: OSVDB:685 Reference: URL:http://www.osvdb.org/685 Cisco PIX firewall manager (PFM) on Windows NT allows attackers to connect to port 8080 on the PFM server and retrieve any file whose name and location is known. ====================================================== Name: CVE-1999-0159 Status: Entry Reference: CISCO:http://www.cisco.com/warp/public/770/ioslogin-pub.shtml Reference: XF:cisco-ios-crash Attackers can crash a Cisco IOS router or device, provided they can get to an interactive prompt (such as a login). This applies to some IOS 9.x, 10.x, and 11.x releases. ====================================================== Name: CVE-1999-0160 Status: Entry Reference: CISCO:19971001 Vulnerabilities in Cisco CHAP Authentication Reference: CIAC:I-002A Reference: OSVDB:1099 Reference: URL:http://www.osvdb.org/1099 Reference: XF:cisco-chap Some classic Cisco IOS devices have a vulnerability in the PPP CHAP authentication to establish unauthorized PPP connections. ====================================================== Name: CVE-1999-0161 Status: Entry Reference: CISCO:http://www.cisco.com/warp/public/707/1.html Reference: XF:cisco-acl-tacacs Reference: OSVDB:797 Reference: URL:http://www.osvdb.org/797 In Cisco IOS 10.3, with the tacacs-ds or tacacs keyword, an extended IP access control list could bypass filtering. ====================================================== Name: CVE-1999-0162 Status: Entry Reference: CISCO:19950601 "Established" Keyword May Allow Packets to Bypass Filter Reference: XF:cisco-acl-established The "established" keyword in some Cisco IOS software allowed an attacker to bypass filtering. ====================================================== Name: CVE-1999-0164 Status: Entry Reference: XF:sol-pstmprace Reference: AUSCERT:AA-95.07 Reference: CERT:CA-95.09.Solaris.ps.vul Reference: OSVDB:8346 Reference: URL:http://www.osvdb.org/8346 A race condition in the Solaris ps command allows an attacker to overwrite critical files. ====================================================== Name: CVE-1999-0166 Status: Entry Reference: XF:nfs-cd NFS allows users to use a "cd .." command to access other directories besides the exported file system. ====================================================== Name: CVE-1999-0167 Status: Entry Reference: XF:nfs-guess Reference: CERT:CA-91.21.SunOS.NFS.Jumbo.and.fsirand In SunOS, NFS file handles could be guessed, giving unauthorized access to the exported file system. ====================================================== Name: CVE-1999-0168 Status: Entry Reference: XF:nfs-portmap The portmapper may act as a proxy and redirect service requests from an attacker, making the request appear to come from the local host, possibly bypassing authentication that would otherwise have taken place. For example, NFS file systems could be mounted through the portmapper despite export restrictions. ====================================================== Name: CVE-1999-0170 Status: Entry Reference: XF:nfs-ultrix Remote attackers can mount an NFS file system in Ultrix or OSF, even if it is denied on the access list. ====================================================== Name: CVE-1999-0172 Status: Entry Reference: XF:http-cgi-formmail-exe Reference: BUGTRAQ:Aug02,1995 FormMail CGI program allows remote execution of commands. ====================================================== Name: CVE-1999-0173 Status: Entry Reference: XF:http-cgi-formmail-use FormMail CGI program can be used by web servers other than the host server that the program resides on. ====================================================== Name: CVE-1999-0174 Status: Entry Reference: BUGTRAQ:19970208 view-source Reference: XF:http-cgi-viewsrc The view-source CGI program allows remote attackers to read arbitrary files via a .. (dot dot) attack. ====================================================== Name: CVE-1999-0175 Status: Entry Reference: XF:http-nov-convert The convert.bas program in the Novell web server allows a remote attackers to read any file on the system that is internally accessible by the web server. ====================================================== Name: CVE-1999-0176 Status: Entry Reference: BUGTRAQ:Jul10,1997 Reference: XF:http-webgais-query The Webgais program allows a remote user to execute arbitrary commands. ====================================================== Name: CVE-1999-0177 Status: Entry Reference: NTBUGTRAQ:19970904 [Alert] Website's uploader.exe (from demo) vulnerable Reference: NTBUGTRAQ:19970905 Re: FW: [Alert] Website's uploader.exe (from demo) vulnerable Reference: BUGTRAQ:19970904 [Alert] Website's uploader.exe (from demo) vulnerable Reference: XF:http-website-uploader The uploader program in the WebSite web server allows a remote attacker to execute arbitrary programs. ====================================================== Name: CVE-1999-0178 Status: Entry Reference: BUGTRAQ:19970106 Re: signal handling Reference: URL:http://archives.neohapsis.com/archives/bugtraq/1997_1/0021.html Reference: BID:2078 Reference: URL:http://www.securityfocus.com/bid/2078 Reference: OSVDB:8 Reference: URL:http://www.osvdb.org/8 Reference: XF:http-website-winsample(295) Reference: URL:http://xforce.iss.net/xforce/xfdb/295 Buffer overflow in the win-c-sample program (win-c-sample.exe) in the WebSite web server 1.1e allows remote attackers to execute arbitrary code via a long query string. ====================================================== Name: CVE-1999-0179 Status: Entry Reference: MSKB:Q140818 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q140818 Reference: XF:nt-samba-dotdot Reference: XF:nt-351 Reference: XF:nt-35 Windows NT crashes or locks up when a Samba client executes a "cd .." command on a file share. ====================================================== Name: CVE-1999-0180 Status: Entry Reference: XF:rsh-null in.rshd allows users to login with a NULL username and execute commands. ====================================================== Name: CVE-1999-0181 Status: Entry Reference: XF:walld The wall daemon can be used for denial of service, social engineering attacks, or to execute remote commands. ====================================================== Name: CVE-1999-0182 Status: Entry Reference: CIAC:H-110 Reference: URL:http://www.ciac.org/ciac/bulletins/h-110.shtml Reference: CERT:VB-97.10.samba Reference: XF:nt-samba-bo Samba has a buffer overflow which allows a remote attacker to obtain root access by specifying a long password. ====================================================== Name: CVE-1999-0183 Status: Entry Reference: XF:linux-tftp Linux implementations of TFTP would allow access to files outside the restricted directory. ====================================================== Name: CVE-1999-0184 Status: Entry Reference: XF:dns-updates When compiled with the -DALLOW_UPDATES option, bind allows dynamic updates to the DNS server, allowing for malicious modification of DNS records. ====================================================== Name: CVE-1999-0185 Status: Entry Reference: SUN:00156 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/156 Reference: XF:sun-ftpd/logind In SunOS or Solaris, a remote user could connect from an FTP server's data port to an rlogin server on a host that trusts the FTP server, allowing remote command execution. ====================================================== Name: CVE-1999-0188 Status: Entry Reference: SUN:00182 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/182 Reference: XF:sun-passwd-dos The passwd command in Solaris can be subjected to a denial of service. ====================================================== Name: CVE-1999-0189 Status: Entry Reference: NAI:NAI-15 Reference: SUN:00142 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/142 Reference: XF:rpc-32771 Solaris rpcbind listens on a high numbered UDP port, which may not be filtered since the standard port number is 111. ====================================================== Name: CVE-1999-0190 Status: Entry Reference: SUN:00167 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/167 Reference: XF:sun-rpcbind Solaris rpcbind can be exploited to overwrite arbitrary files and gain root access. ====================================================== Name: CVE-1999-0191 Status: Entry Reference: XF:http-cgi-newdsn Reference: OSVDB:275 Reference: URL:http://www.osvdb.org/275 IIS newdsn.exe CGI script allows remote users to overwrite files. ====================================================== Name: CVE-1999-0192 Status: Entry Reference: SNI:SNI-20 Reference: XF:bsd-tel-tgetent Buffer overflow in telnet daemon tgetent routing allows remote attackers to gain root access via the TERMCAP environmental variable. ====================================================== Name: CVE-1999-0194 Status: Entry Reference: XF:comsat Denial of service in in.comsat allows attackers to generate messages. ====================================================== Name: CVE-1999-0196 Status: Entry Reference: BUGTRAQ:19970704 Vulnerability in websendmail Reference: BID:2077 Reference: URL:http://www.securityfocus.com/bid/2077 Reference: OSVDB:237 Reference: URL:http://www.osvdb.org/237 Reference: XF:http-webgais-smail websendmail in Webgais 1.0 allows a remote user to access arbitrary files and execute arbitrary code via the receiver parameter ($VAR_receiver variable). ====================================================== Name: CVE-1999-0201 Status: Entry Reference: XF:ftp-home A quote cwd command on FTP servers can reveal the full path of the home directory of the "ftp" user. ====================================================== Name: CVE-1999-0202 Status: Entry Reference: XF:ftp-exectar The GNU tar command, when used in FTP sessions, may allow an attacker to execute arbitrary commands. ====================================================== Name: CVE-1999-0203 Status: Entry Reference: CERT:CA-95.08 Reference: CIAC:E-03 Reference: XF:smtp-sendmail-version5 In Sendmail, attackers can gain root privileges via SMTP by specifying an improper "mail from" address and an invalid "rcpt to" address that would cause the mail to bounce to a program. ====================================================== Name: CVE-1999-0204 Status: Entry Reference: XF:ident-bo Reference: CIAC:F-13 Sendmail 8.6.9 allows remote attackers to execute root commands, using ident. ====================================================== Name: CVE-1999-0206 Status: Entry Reference: XF:sendmail-mime-bo Reference: AUSCERT:AA-96.06a MIME buffer overflow in Sendmail 8.8.0 and 8.8.1 gives root access. ====================================================== Name: CVE-1999-0207 Status: Entry Reference: XF:majordomo-exe Reference: CERT:CA-94.11.majordomo.vulnerabilities Remote attacker can execute commands through Majordomo using the Reply-To field and a "lists" command. ====================================================== Name: CVE-1999-0208 Status: Entry Reference: XF:rpc-update Reference: CERT:CA-95.17.rpc.ypupdated.vul rpc.ypupdated (NIS) allows remote users to execute arbitrary commands. ====================================================== Name: CVE-1999-0209 Status: Entry Reference: CERT:CA-90.05.sunselection.vulnerability Reference: BID:8 Reference: URL:http://www.securityfocus.com/bid/8 Reference: XF:selsvc The SunView (SunTools) selection_svc facility allows remote users to read files. ====================================================== Name: CVE-1999-0210 Status: Entry Reference: BUGTRAQ:19971126 Solaris 2.5.1 automountd exploit (fwd) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88053459921223&w=2 Reference: BUGTRAQ:19990103 SUN almost has a clue! (automountd) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91547759121289&w=2 Reference: HP:HPSBUX9910-104 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9910-104 Reference: CERT:CA-99-05 Reference: URL:http://www.cert.org/advisories/CA-99-05-statd-automountd.html Reference: BID:235 Reference: URL:http://www.securityfocus.com/bid/235 Automount daemon automountd allows local or remote users to gain privileges via shell metacharacters. ====================================================== Name: CVE-1999-0211 Status: Entry Reference: CERT:CA-94.02.REVISED.SunOS.rpc.mountd.vulnerability Reference: BID:24 Reference: URL:http://www.securityfocus.com/bid/24 Extra long export lists over 256 characters in some mount daemons allows NFS directories to be mounted by anyone. ====================================================== Name: CVE-1999-0212 Status: Entry Reference: SUN:00168 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/168 Reference: CIAC:I-048 Reference: URL:http://www.ciac.org/ciac/bulletins/i-048.shtml Reference: XF:sun-mountd Solaris rpc.mountd generates error messages that allow a remote attacker to determine what files are on the server. ====================================================== Name: CVE-1999-0214 Status: Entry Reference: XF:icmp-unreachable Denial of service by sending forged ICMP unreachable packets. ====================================================== Name: CVE-1999-0215 Status: Entry Reference: SGI:19981004-01-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19981004-01-PX Reference: CIAC:J-012 Reference: URL:http://www.ciac.org/ciac/bulletins/j-012.shtml Reference: XF:ripapp Routed allows attackers to append data to files. ====================================================== Name: CVE-1999-0217 Status: Entry Reference: XF:udp-bomb Malicious option settings in UDP packets could force a reboot in SunOS 4.1.3 systems. ====================================================== Name: CVE-1999-0218 Status: Entry Reference: XF:portmaster-reboot Livingston portmaster machines could be rebooted via a series of commands. ====================================================== Name: CVE-1999-0219 Status: Entry Reference: NTBUGTRAQ:19990503 Buffer overflows in FTP Serv-U 2.5 Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92574916930144&w=2 Reference: NTBUGTRAQ:19990504 Re: Buffer overflows in FTP Serv-U 2.5 Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92582581330282&w=2 Reference: BUGTRAQ:19990909 Exploit: Serv-U Ver2.5 FTPd Win9x/NT Reference: BID:269 Reference: URL:http://www.securityfocus.com/bid/269 Reference: XF:ftp-servu(205) Reference: URL:http://xforce.iss.net/xforce/xfdb/205 Buffer overflow in FTP Serv-U 2.5 allows remote authenticated users to cause a denial of service (crash) via a long (1) CWD or (2) LS (list) command. ====================================================== Name: CVE-1999-0221 Status: Entry Reference: XF:ascend-150-kill Denial of service of Ascend routers through port 150 (remote administration). ====================================================== Name: CVE-1999-0223 Status: Entry Reference: BUGTRAQ:19961109 Syslogd and Solaris 2.4 Reference: SUNBUG:1249320 Reference: CONFIRM:http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?patchid=103291&collection=fpatches Reference: XF:sol-syslogd-crash Reference: BID:1878 Reference: URL:http://www.securityfocus.com/bid/1878 Solaris syslogd crashes when receiving a message from a host that doesn't have an inverse DNS entry. ====================================================== Name: CVE-1999-0224 Status: Entry Reference: XF:nt-messenger Denial of service in Windows NT messenger service through a long username. ====================================================== Name: CVE-1999-0225 Status: Entry Reference: NAI:19980214 Windows NT Logon Denial of Service Reference: URL:http://www.nai.com/nai_labs/asp_set/advisory/25_windows_nt_dos_adv.asp Reference: MSKB:Q180963 Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=180963 Reference: XF:nt-logondos Windows NT 4.0 allows remote attackers to cause a denial of service via a malformed SMB logon request in which the actual data size does not match the specified size. ====================================================== Name: CVE-1999-0227 Status: Entry Reference: MSKB:Q154087 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q154087 Reference: XF:nt-lsass-crash Access violation in LSASS.EXE (LSA/LSARPC) program in Windows NT allows a denial of service. ====================================================== Name: CVE-1999-0228 Status: Entry Reference: XF:nt-rpc-ver Reference: MSKB:Q162567 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q162567 Denial of service in RPCSS.EXE program (RPC Locator) in Windows NT. ====================================================== Name: CVE-1999-0230 Status: Entry Reference: CISCO:http://www.cisco.com/warp/public/770/pwbuf-pub.shtml Reference: OSVDB:1102 Reference: URL:http://www.osvdb.org/1102 Buffer overflow in Cisco 7xx routers through the telnet service. ====================================================== Name: CVE-1999-0233 Status: Entry Reference: MSKB:Q148188 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q148188 Reference: MSKB:Q155056 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q155056 Reference: XF:http-iis-cmd IIS 1.0 allows users to execute arbitrary commands using .bat or .cmd files. ====================================================== Name: CVE-1999-0234 Status: Entry Reference: XF:bash-cmd Reference: CERT:CA-96.22.bash_vuls Bash treats any character with a value of 255 as a command separator. ====================================================== Name: CVE-1999-0236 Status: Entry Reference: XF:http-scriptalias ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs. ====================================================== Name: CVE-1999-0237 Status: Entry Reference: XF:http-cgi-guestbook Reference: CERT:VB-97.02 Remote execution of arbitrary commands through Guestbook CGI program. ====================================================== Name: CVE-1999-0239 Status: Entry Reference: XF:fastrack-get-directory-list Reference: OSVDB:122 Reference: URL:http://www.osvdb.org/122 Netscape FastTrack Web server lists files when a lowercase "get" command is used instead of an uppercase GET. ====================================================== Name: CVE-1999-0244 Status: Entry Reference: NAI:NAI-23 Reference: XF:radius-accounting-overflow Livingston RADIUS code has a buffer overflow which can allow remote execution of commands as root. ====================================================== Name: CVE-1999-0245 Status: Entry Reference: BUGTRAQ:19950907 Linux NIS security problem hole and fix Reference: XF:linux-plus Some configurations of NIS+ in Linux allowed attackers to log in as the user "+". ====================================================== Name: CVE-1999-0247 Status: Entry Reference: NAI:19970721 INN news server vulnerabilities Reference: URL:http://www.nai.com/nai_labs/asp_set/advisory/17_inn_avd.asp Reference: BID:1443 Reference: URL:http://www.securityfocus.com/bid/1443 Reference: XF:inn-bo Buffer overflow in nnrpd program in INN up to version 1.6 allows remote users to execute arbitrary commands. ====================================================== Name: CVE-1999-0248 Status: Entry Reference: MISC:http://oliver.efri.hr/~crv/security/bugs/mUNIXes/ssh2.html Reference: CONFIRM:http://www.uni-karlsruhe.de/~ig25/ssh-faq/ssh-faq-6.html#ss6.1 A race condition in the authentication agent mechanism of sshd 1.2.17 allows an attacker to steal another user's credentials. ====================================================== Name: CVE-1999-0251 Status: Entry Reference: XF:talkd-flash Denial of service in talk program allows remote attackers to disrupt a user's display. ====================================================== Name: CVE-1999-0252 Status: Entry Reference: XF:smtp-listserv Buffer overflow in listserv allows arbitrary command execution. ====================================================== Name: CVE-1999-0256 Status: Entry Reference: XF:war-ftpd Reference: OSVDB:875 Reference: URL:http://www.osvdb.org/875 Buffer overflow in War FTP allows remote execution of commands. ====================================================== Name: CVE-1999-0259 Status: Entry Reference: BUGTRAQ:19970523 cfingerd vulnerability Reference: XF:cfinger-user-enumeration cfingerd lists all users on a system via search.**@target. ====================================================== Name: CVE-1999-0260 Status: Entry Reference: BUGTRAQ:19961224 jj cgi Reference: XF:http-cgi-jj The jj CGI program allows command execution via shell metacharacters. ====================================================== Name: CVE-1999-0262 Status: Entry Reference: BUGTRAQ:19980804 remote exploit in faxsurvey cgi-script Reference: BUGTRAQ:19980804 PATCH: faxsurvey Reference: BID:2056 Reference: URL:http://www.securityfocus.com/bid/2056 Reference: XF:http-cgi-faxsurvey(1532) Reference: URL:http://xforce.iss.net/xforce/xfdb/1532 Hylafax faxsurvey CGI script on Linux allows remote attackers to execute arbitrary commands via shell metacharacters in the query string. ====================================================== Name: CVE-1999-0263 Status: Entry Reference: SUN:00173 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/173 Reference: XF:sun-sunwadmap Solaris SUNWadmap can be exploited to obtain root access. ====================================================== Name: CVE-1999-0264 Status: Entry Reference: XF:http-htmlscript-file-access Reference: BUGTRAQ:Jan27,1998 htmlscript CGI program allows remote read access to files. ====================================================== Name: CVE-1999-0265 Status: Entry Reference: MSKB:Q154174 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q154174 Reference: ISS:ICMP Redirects Against Embedded Controllers Reference: XF:icmp-redirect ICMP redirect messages may crash or lock up a host. ====================================================== Name: CVE-1999-0266 Status: Entry Reference: BUGTRAQ:19980303 Vulnerabilites in some versions of info2www CGI Reference: BID:1995 Reference: URL:http://www.securityfocus.com/bid/1995 Reference: XF:http-cgi-info2www The info2www CGI script allows remote file access or remote command execution. ====================================================== Name: CVE-1999-0267 Status: Entry Reference: XF:http-port Reference: CERT:CA-95.04.NCSA.http.daemon.for.unix.vulnerability Buffer overflow in NCSA HTTP daemon v1.3 allows remote command execution. ====================================================== Name: CVE-1999-0268 Status: Entry Reference: BUGTRAQ:19980630 Security vulnerabilities in MetaInfo products Reference: BUGTRAQ:19980703 Followup to MetaInfo vulnerabilities Reference: OSVDB:110 Reference: URL:http://www.osvdb.org/110 Reference: OSVDB:3969 Reference: URL:http://www.osvdb.org/3969 Reference: XF:metaweb-server-dot-attack MetaInfo MetaWeb web server allows users to upload, execute, and read scripts. ====================================================== Name: CVE-1999-0269 Status: Entry Reference: XF:netscape-server-pageservices Netscape Enterprise servers may list files through the PageServices query. ====================================================== Name: CVE-1999-0270 Status: Entry Reference: BUGTRAQ:19980317 IRIX performer_tools bug Reference: SGI:19980401-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980401-01-P Reference: CIAC:I-041 Reference: URL:http://www.ciac.org/ciac/bulletins/i-041.shtml Reference: BID:64 Reference: URL:http://www.securityfocus.com/bid/64 Reference: OSVDB:134 Reference: URL:http://www.osvdb.org/134 Reference: XF:sgi-pfdispaly(810) Reference: URL:http://xforce.iss.net/xforce/xfdb/810 Directory traversal vulnerability in pfdispaly.cgi program (sometimes referred to as "pfdisplay") for SGI's Performer API Search Tool (performer_tools) allows remote attackers to read arbitrary files. ====================================================== Name: CVE-1999-0272 Status: Entry Reference: XF:slmail-username-bo Denial of service in Slmail v2.5 through the POP3 port. ====================================================== Name: CVE-1999-0273 Status: Entry Reference: XF:sun-telnet-kill Denial of service through Solaris 2.5.1 telnet by sending ^D characters. ====================================================== Name: CVE-1999-0274 Status: Entry Reference: NAI:NAI-5 Reference: XF:nt-dns-dos Denial of service in Windows NT DNS servers through malicious packet which contains a response to a query that wasn't made. ====================================================== Name: CVE-1999-0275 Status: Entry Reference: XF:nt-dnscrash Reference: XF:nt-dnsver Reference: MS:Q169461 Denial of service in Windows NT DNS servers by flooding port 53 with too many characters. ====================================================== Name: CVE-1999-0276 Status: Entry Reference: XF:msql-debug-bo Reference: SEKURE:sekure.01-99.msql mSQL v2.0.1 and below allows remote execution through a buffer overflow. ====================================================== Name: CVE-1999-0277 Status: Entry Reference: XF:workman Reference: CERT:CA-96.23.workman_vul The WorkMan program can be used to overwrite any file to get root access. ====================================================== Name: CVE-1999-0278 Status: Entry Reference: MS:MS98-003 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms98-003.mspx Reference: XF:iis-asp-data-check Reference: OVAL:oval:org.mitre.oval:def:913 Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:913 In IIS, remote attackers can obtain source code for ASP files by appending "::$DATA" to the URL. ====================================================== Name: CVE-1999-0279 Status: Entry Reference: BUGTRAQ:19971217 CGI security hole in EWS (Excite for Web Servers) Reference: BUGTRAQ:19980115 Excite announcement Reference: CERT:VB-98.01.excite Reference: XF:excite-cgi-search-vuln Excite for Web Servers (EWS) allows remote command execution via shell metacharacters. ====================================================== Name: CVE-1999-0280 Status: Entry Reference: NTBUGTRAQ:19970317 Internet Explorer Bug #4 Reference: CIAC:H-38 Reference: XF:http-ie-lnkurl Remote command execution in Microsoft Internet Explorer using .lnk and .url files. ====================================================== Name: CVE-1999-0281 Status: Entry Reference: XF:http-iis-longurl Denial of service in IIS using long URLs. ====================================================== Name: CVE-1999-0288 Status: Entry Reference: NTBUGTRAQ:19970801 WINS flooding Reference: BUGTRAQ:19970801 WINS flooding Reference: BUGTRAQ:19970815 Re: WINS flooding Reference: MISC:http://safenetworks.com/Windows/wins.html Reference: MSKB:155701 Reference: XF:nt-winsupd-fix(1233) Reference: URL:http://xforce.iss.net/xforce/xfdb/1233 The WINS server in Microsoft Windows NT 4.0 before SP4 allows remote attackers to cause a denial of service (process termination) via invalid UDP frames to port 137 (NETBIOS Name Service), as demonstrated via a flood of random packets. ====================================================== Name: CVE-1999-0289 Status: Entry The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL. ====================================================== Name: CVE-1999-0290 Status: Entry Reference: BUGTRAQ:19980221 WinGate DoS Reference: BUGTRAQ:19980326 WinGate Intermediary Fix/Update Reference: XF:wingate-dos The WinGate telnet proxy allows remote attackers to cause a denial of service via a large number of connections to localhost. ====================================================== Name: CVE-1999-0291 Status: Entry Reference: XF:wingate-unpassworded The WinGate proxy is installed without a password, which allows remote attackers to redirect connections without authentication. ====================================================== Name: CVE-1999-0292 Status: Entry Reference: XF:nt-winpopup Denial of service through Winpopup using large user names. ====================================================== Name: CVE-1999-0293 Status: Entry Reference: CISCO:http://www.cisco.com/warp/public/770/aaapair-pub.shtml Reference: XF:cisco-ios-aaa-auth AAA authentication on Cisco systems allows attackers to execute commands without authorization. ====================================================== Name: CVE-1999-0294 Status: Entry Reference: XF:nt-wins-snmp2 All records in a WINS database can be deleted through SNMP for a denial of service. ====================================================== Name: CVE-1999-0295 Status: Entry Reference: XF:sun-sysdef Reference: SUN:00157 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/157 Solaris sysdef command allows local users to read kernel memory, potentially leading to root privileges. ====================================================== Name: CVE-1999-0296 Status: Entry Reference: SUN:00162 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/162 Reference: XF:sun-volrmmount Solaris volrmmount program allows attackers to read any file. ====================================================== Name: CVE-1999-0297 Status: Entry Reference: NAI:NAI-3 Reference: AUSCERT:AA-96.21 Reference: CIAC:H-17 Reference: XF:vixie-cron Buffer overflow in Vixie Cron library up to version 3.0 allows local users to obtain root access via a long environmental variable. ====================================================== Name: CVE-1999-0299 Status: Entry Reference: NAI:NAI-9 Reference: OSVDB:6093 Reference: URL:http://www.osvdb.org/6093 Buffer overflow in FreeBSD lpd through long DNS hostnames. ====================================================== Name: CVE-1999-0300 Status: Entry Reference: SUN:00155 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/155 Reference: XF:sun-niscache nis_cachemgr for Solaris NIS+ allows attackers to add malicious NIS+ servers. ====================================================== Name: CVE-1999-0301 Status: Entry Reference: SUN:00149 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/149 Reference: AUSCERT:AUSCERT-97.17 Reference: XF:sun-ps2bo Buffer overflow in SunOS/Solaris ps command. ====================================================== Name: CVE-1999-0302 Status: Entry Reference: SUN:00176 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/176 Reference: XF:sun-ftp-server SunOS/Solaris FTP clients can be forced to execute arbitrary commands from a malicious FTP server. ====================================================== Name: CVE-1999-0303 Status: Entry Reference: XF:bnu-uucpd-bo Reference: RSI:RSI.0002.05-18-98.BNU.UUCPD Buffer overflow in BNU UUCP daemon (uucpd) through long hostnames. ====================================================== Name: CVE-1999-0304 Status: Entry Reference: XF:bsd-mmap Reference: FREEBSD:FreeBSD-SA-98:02 mmap function in BSD allows local attackers in the kmem group to modify memory through devices. ====================================================== Name: CVE-1999-0305 Status: Entry Reference: OPENBSD:Feb15,1998 "IP Source Routing Problem" Reference: MISC:http://www.openbsd.org/advisories/sourceroute.txt Reference: OSVDB:11502 Reference: URL:http://www.osvdb.org/11502 Reference: XF:bsd-sourceroute(736) Reference: URL:http://xforce.iss.net/xforce/xfdb/736 The system configuration control (sysctl) facility in BSD based operating systems OpenBSD 2.2 and earlier, and FreeBSD 2.2.5 and earlier, does not properly restrict source routed packets even when the (1) dosourceroute or (2) forwarding variables are set, which allows remote attackers to spoof TCP connections. ====================================================== Name: CVE-1999-0308 Status: Entry Reference: HP:HPSBUX9410-018 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9410-018 Reference: XF:hpux-gwind-overwrite Reference: CIAC:H-03: HP-UX suid Vulnerabilities HP-UX gwind program allows users to modify arbitrary files. ====================================================== Name: CVE-1999-0309 Status: Entry Reference: HP:HPSBUX9702-056 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9702-056 Reference: XF:hpux-vgdisplay Reference: CIAC:H-27: HP-UX vgdisplay Buffer Overrun Vulnerability HP-UX vgdisplay program gives root access to local users. ====================================================== Name: CVE-1999-0310 Status: Entry Reference: XF:ssh-1225 SSH 1.2.25 on HP-UX allows access to new user accounts. ====================================================== Name: CVE-1999-0311 Status: Entry Reference: XF:hpux-fpkg2swpk Reference: HP:HPSBUX9612-042 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9612-042 fpkg2swpk in HP-UX allows local users to gain root access. ====================================================== Name: CVE-1999-0312 Status: Entry Reference: XF:nis-ypbind Reference: CERT:CA-93:01.REVISED.HP.NIS.ypbind.vulnerability HP ypbind allows attackers with root privileges to modify NIS data. ====================================================== Name: CVE-1999-0313 Status: Entry Reference: MISC:http://www.securityfocus.com/bid/213/exploit Reference: SGI:19980701-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980701-01-P Reference: BID:214 Reference: URL:http://www.securityfocus.com/bid/214 Reference: OSVDB:936 Reference: URL:http://www.osvdb.org/936 Reference: XF:sgi-disk-bandwidth(1441) Reference: URL:http://xforce.iss.net/xforce/xfdb/1441 disk_bandwidth on SGI IRIX 6.4 S2MP for Origin/Onyx2 allows local users to gain root access using relative pathnames. ====================================================== Name: CVE-1999-0314 Status: Entry Reference: MISC:http://www.securityfocus.com/bid/213/exploit Reference: SGI:19980701-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980701-01-P Reference: BID:213 Reference: URL:http://www.securityfocus.com/bid/213 Reference: OSVDB:6788 Reference: URL:http://www.osvdb.org/6788 Reference: XF:sgi-ioconfig(1199) Reference: URL:http://xforce.iss.net/xforce/xfdb/1199 ioconfig on SGI IRIX 6.4 S2MP for Origin/Onyx2 allows local users to gain root access using relative pathnames. ====================================================== Name: CVE-1999-0315 Status: Entry Reference: XF:fdformat-bo Reference: SUN:00138 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/138 Buffer overflow in Solaris fdformat command gives root access to local users. ====================================================== Name: CVE-1999-0316 Status: Entry Reference: XF:linux-splitvt Reference: CIAC:G-08 Buffer overflow in Linux splitvt command gives root access to local users. ====================================================== Name: CVE-1999-0318 Status: Entry Reference: BUGTRAQ:19961125 Security Problems in XMCD Reference: BUGTRAQ:19961125 XMCD v2.1 released (was: Security Problems in XMCD) Reference: XF:xmcd-envbo Buffer overflow in xmcd 2.0p12 allows local users to gain access through an environmental variable. ====================================================== Name: CVE-1999-0320 Status: Entry Reference: SUN:00166 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/166 Reference: XF:sun-rpc.cmsd SunOS rpc.cmsd allows attackers to obtain root access by overwriting arbitrary files. ====================================================== Name: CVE-1999-0321 Status: Entry Reference: XF:sun-kcms-configure-bo Buffer overflow in Solaris kcms_configure command allows local users to gain root access. ====================================================== Name: CVE-1999-0322 Status: Entry Reference: FREEBSD:FreeBSD-SA-97:05 Reference: XF:freebsd-open Reference: OSVDB:6092 Reference: URL:http://www.osvdb.org/6092 The open() function in FreeBSD allows local attackers to write to arbitrary files. ====================================================== Name: CVE-1999-0323 Status: Entry Reference: FREEBSD:FreeBSD-SA-98:04 Reference: NETBSD:1998-003 Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA1998-003.txt.asc Reference: XF:bsd-mmap FreeBSD mmap function allows users to modify append-only or immutable files. ====================================================== Name: CVE-1999-0324 Status: Entry Reference: HP:HPSBUX9702-053 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9702-053 Reference: CIAC:H-31 Reference: XF:hp-ppllog ppl program in HP-UX allows local users to create root files through symlinks. ====================================================== Name: CVE-1999-0325 Status: Entry Reference: XF:hp-vhe Reference: HP:HPSBUX9406-013 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9406-013 vhe_u_mnt program in HP-UX allows local users to create root files through symlinks. ====================================================== Name: CVE-1999-0326 Status: Entry Reference: HP:HPSBUX9710-071 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9710-071 Reference: XF:hp-mediainit Vulnerability in HP-UX mediainit program. ====================================================== Name: CVE-1999-0327 Status: Entry Reference: SGI:19971103-01-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19971103-01-PX Reference: XF:sgi-syserr SGI syserr program allows local users to corrupt files. ====================================================== Name: CVE-1999-0328 Status: Entry Reference: SGI:19971103-01-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19971103-01-PX Reference: XF:sgi-permtool SGI permissions program allows local users to gain root privileges. ====================================================== Name: CVE-1999-0329 Status: Entry Reference: SGI:19980602-01-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980602-01-PX Reference: XF:sgi-mediad SGI mediad program allows local users to gain root access. ====================================================== Name: CVE-1999-0332 Status: Entry Reference: XF:nt-netmeeting Reference: MSKB:Q184346 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q184346 Buffer overflow in NetMeeting allows denial of service and remote command execution. ====================================================== Name: CVE-1999-0334 Status: Entry Reference: XF:sol-startup Reference: CERT:CA-93.19.Solaris.Startup.vulnerability In Solaris 2.2 and 2.3, when fsck fails on startup, it allows a local user with physical access to obtain root access. ====================================================== Name: CVE-1999-0335 Status: Entry DEPRECATED. This entry has been deprecated. It is a duplicate of CVE-1999-0032. ====================================================== Name: CVE-1999-0337 Status: Entry Reference: CERT:CA-94.10.IBM.AIX.bsh.vulnerability.html Reference: XF:ibm-bsh AIX batch queue (bsh) allows local and remote users to gain additional privileges when network printing is enabled. ====================================================== Name: CVE-1999-0338 Status: Entry Reference: XF:ibm-perf-tools Reference: CERT:CA-94.03.AIX.performance.tools AIX Licensed Program Product performance tools allow local users to gain root access. ====================================================== Name: CVE-1999-0339 Status: Entry Reference: XF:sol-sun-libauth Reference: RSI:RSI.0007.05-26-98 Buffer overflow in the libauth library in Solaris allows local users to gain additional privileges, possibly root access. ====================================================== Name: CVE-1999-0340 Status: Entry Reference: KSRT:005 Reference: XF:linux-crond Buffer overflow in Linux Slackware crond program allows local users to gain root access. ====================================================== Name: CVE-1999-0341 Status: Entry Reference: KSRT:006 Reference: XF:linux-deliver Buffer overflow in the Linux mail program "deliver" allows local users to gain root access. ====================================================== Name: CVE-1999-0342 Status: Entry Reference: REDHAT:http://www.redhat.com/corp/support/errata/rh42-errata-general.html#pam Reference: XF:linux-pam-passwd-tmprace Linux PAM modules allow local users to gain root access using temporary files. ====================================================== Name: CVE-1999-0343 Status: Entry Reference: BUGTRAQ:19981002 Announcements from The Palace (fwd) Reference: XF:palace-malicious-servers-vuln A malicious Palace server can force a client to execute arbitrary programs. ====================================================== Name: CVE-1999-0344 Status: Entry Reference: MS:MS98-009 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms98-009.mspx Reference: MSKB:Q190288 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q190288 Reference: XF:nt-priv-fix NT users can gain debug-level access on a system process using the Sechole exploit. ====================================================== Name: CVE-1999-0346 Status: Entry Reference: BUGTRAQ:19971019 Vulnerability in PHP Example Logging Scripts Reference: BID:713 Reference: URL:http://www.securityfocus.com/bid/713 Reference: XF:http-cgi-php-mlog Reference: OSVDB:3397 Reference: URL:http://www.osvdb.org/3397 CGI PHP mlog script allows an attacker to read any file on the target server. ====================================================== Name: CVE-1999-0348 Status: Entry Reference: NTBUGTRAQ:Jan27,1999 Reference: MSKB:Q197003 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q197003 Reference: OSVDB:930 Reference: URL:http://www.osvdb.org/930 IIS ASP caching problem releases sensitive information when two virtual servers share the same physical directory. ====================================================== Name: CVE-1999-0349 Status: Entry Reference: EEYE:IIS Remote FTP Exploit/DoS Attack Reference: URL:http://www.eeye.com/html/Research/Advisories/IIS Remote FTP Exploit/DoS Attack.html Reference: MS:MS99-003 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-003.mspx Reference: MSKB:Q188348 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q188348 Reference: BUGTRAQ:Jan27,1999 Reference: XF:iis-remote-ftp A buffer overflow in the FTP list (ls) command in IIS allows remote attackers to conduct a denial of service and, in some cases, execute arbitrary commands. ====================================================== Name: CVE-1999-0350 Status: Entry Reference: L0PHT:Feb8,1999 Reference: XF:clearcase-temp-race Race condition in the db_loader program in ClearCase gives local users root access by setting SUID bits. ====================================================== Name: CVE-1999-0351 Status: Entry Reference: INFOWAR:01 Reference: MISC:http://attrition.org/security/advisory/misc/infowar/iw_sec_01.txt Reference: XF:pasv-pizza-thief-dos(3389) Reference: URL:http://xforce.iss.net/xforce/xfdb/3389 FTP PASV "Pizza Thief" denial of service and unauthorized data access. Attackers can steal data by connecting to a port that was intended for use by a client. ====================================================== Name: CVE-1999-0353 Status: Entry Reference: HP:HPSBUX9902-091 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9902-091 Reference: CIAC:J-026 Reference: URL:http://www.ciac.org/ciac/bulletins/j-026.shtml Reference: XF:pcnfsd-world-write rpc.pcnfsd in HP gives remote root access by changing the permissions on the main printer spool directory. ====================================================== Name: CVE-1999-0355 Status: Entry Reference: ISS:Multiple vulnerabilities in ControlIT(tm) (formerly Remotely Possible/32) enterprise management software Reference: XF:controlit-reboot Local or remote users can force ControlIT 4.5 to reboot or force a user to log out, resulting in a denial of service. ====================================================== Name: CVE-1999-0357 Status: Entry Reference: BUGTRAQ:19990125 Win98 crash? Reference: XF:win98-oshare-dos Windows 98 and other operating systems allows remote attackers to cause a denial of service via crafted "oshare" packets, possibly involving invalid fragmentation offsets. ====================================================== Name: CVE-1999-0358 Status: Entry Reference: BUGTRAQ:19990125 Digital Unix 4.0 exploitable buffer overflows Reference: URL:http://www.securityfocus.com/archive/1/12121 Reference: COMPAQ:SSRT0583U Reference: XF:du-inc Reference: CIAC:J-027 Reference: URL:http://www.ciac.org/ciac/bulletins/j-027.shtml Digital Unix 4.0 has a buffer overflow in the inc program of the mh package. ====================================================== Name: CVE-1999-0362 Status: Entry Reference: EEYE:AD02021999 Reference: URL:http://www.eeye.com/html/Research/Advisories/AD02021999.html Reference: XF:wsftp-remote-dos Reference: BID:217 Reference: URL:http://www.securityfocus.com/bid/217 WS_FTP server remote denial of service through cwd command. ====================================================== Name: CVE-1999-0363 Status: Entry Reference: BUGTRAQ:Feb02,1999 Reference: XF:plp-lpc-bo Reference: BID:328 Reference: URL:http://www.securityfocus.com/bid/328 SuSE 5.2 PLP lpc program has a buffer overflow that leads to root compromise. ====================================================== Name: CVE-1999-0365 Status: Entry Reference: BUGTRAQ:Feb04,1999 Reference: XF:metamail-header-commands The metamail package allows remote command execution using shell metacharacters that are not quoted in a mailcap entry. ====================================================== Name: CVE-1999-0366 Status: Entry Reference: MS:MS99-004 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-004.mspx Reference: MSKB:Q214840 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q214840 Reference: XF:nt-sp4-auth-error In some cases, Service Pack 4 for Windows NT 4.0 can allow access to network shares using a blank password, through a problem with a null NT hash value. ====================================================== Name: CVE-1999-0367 Status: Entry Reference: NETBSD:1999-002 Reference: OSVDB:7571 Reference: URL:http://www.osvdb.org/7571 NetBSD netstat command allows local users to access kernel memory. ====================================================== Name: CVE-1999-0368 Status: Entry Reference: NETECT:palmetto.ftpd Reference: CERT:CA-99.03 Reference: XF:palmetto-ftpd-bo Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto. ====================================================== Name: CVE-1999-0369 Status: Entry Reference: SUN:00183 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/183 Reference: XF:sun-sdtcm-convert-bo The Sun sdtcm_convert calendar utility for OpenWindows has a buffer overflow which can gain root access. ====================================================== Name: CVE-1999-0371 Status: Entry Reference: BUGTRAQ:19990211 Lynx /tmp problem Reference: CERT:VB-97.05.lynx Reference: XF:lynx-temp-files-race Lynx allows a local user to overwrite sensitive files through /tmp symlinks. ====================================================== Name: CVE-1999-0372 Status: Entry Reference: MS:MS99-005 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-005.mspx Reference: XF:nt-backoffice-setup Reference: MSKB:Q217004 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q217004 The installer for BackOffice Server includes account names and passwords in a setup file (reboot.ini) which is not deleted. ====================================================== Name: CVE-1999-0373 Status: Entry Reference: ISS:Buffer Overflow in "Super" package in Debian Linux Reference: XF:linux-super-bo Reference: XF:linux-super-logging-bo Buffer overflow in the "Super" utility in Debian GNU/Linux, and other operating systems, allows local users to execute commands as root. ====================================================== Name: CVE-1999-0374 Status: Entry Reference: DEBIAN:19990215 Reference: BUGTRAQ:Feb16,1999 Reference: XF:linux-cfengine-symlinks Debian GNU/Linux cfengine package is susceptible to a symlink attack. ====================================================== Name: CVE-1999-0375 Status: Entry Reference: NAI:February 16, 1999 Reference: BUGTRAQ:Feb16,1999 Reference: XF:nfr-webd-overflow Buffer overflow in webd in Network Flight Recorder (NFR) 2.0.2-Research allows remote attackers to execute commands. ====================================================== Name: CVE-1999-0376 Status: Entry Reference: MS:MS99-006 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-006.mspx Reference: BUGTRAQ:Feb20,1999 Reference: L0PHT:Feb18,1999 Reference: XF:nt-knowndlls-list Local users in Windows NT can obtain administrator privileges by changing the KnownDLLs list to reference malicious programs. ====================================================== Name: CVE-1999-0377 Status: Entry Reference: BUGTRAQ:Feb22,1999 Process table attack in Unix systems allows a remote attacker to perform a denial of service by filling a machine's process tables through multiple connections to network services. ====================================================== Name: CVE-1999-0378 Status: Entry Reference: BUGTRAQ:19990222 BlackHats Advisory -- InterScan VirusWall Reference: BUGTRAQ:19990225 Patch for InterScan VirusWall for Unix now available Reference: XF:viruswall-http-request Reference: OSVDB:6167 Reference: URL:http://www.osvdb.org/6167 InterScan VirusWall for Solaris doesn't scan files for viruses when a single HTTP request includes two GET commands. ====================================================== Name: CVE-1999-0379 Status: Entry Reference: MS:MS99-007 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-007.mspx Reference: BUGTRAQ:19990223 Microsoft Security Bulletin (MS99-007) Reference: BID:498 Reference: URL:http://www.securityfocus.com/bid/498 Reference: OSVDB:1019 Reference: URL:http://www.osvdb.org/1019 Reference: XF:win-resourcekit-taskpads Microsoft Taskpads allows remote web sites to execute commands on the visiting user's machine via certain methods that are marked as Safe for Scripting. ====================================================== Name: CVE-1999-0380 Status: Entry Reference: NTBUGTRAQ:199902225 ALERT: SLMail 3.2 (and 3.1) with the Remote Administration Service Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=91999015212415&w=2 Reference: BUGTRAQ:19990225 ALERT: SLMail 3.2 (and 3.1) with the Remote Administration Service Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91996412724720&w=2 Reference: NTBUGTRAQ:SLmail 3.2 Build 3113 (Web Administration Security Fix) Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92110501504997&w=2 Reference: BID:497 Reference: URL:http://www.securityfocus.com/bid/497 Reference: XF:slmail-ras-ntfs-bypass(5392) Reference: URL:http://xforce.iss.net/static/5392.php SLMail 3.1 and 3.2 allows local users to access any file in the NTFS file system when the Remote Administration Service (RAS) is enabled by setting a user's Finger File to point to the target file, then running finger on the user. ====================================================== Name: CVE-1999-0382 Status: Entry Reference: MS:MS99-008 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-008.mspx Reference: XF:nt-screen-saver The screen saver in Windows NT does not verify that its security context has been changed properly, allowing attackers to run programs with elevated privileges. ====================================================== Name: CVE-1999-0383 Status: Entry Reference: BUGTRAQ:19990103 Tigris vulnerability Reference: BID:183 Reference: URL:http://www.securityfocus.com/bid/183 Reference: OSVDB:267 Reference: URL:http://www.osvdb.org/267 Reference: XF:acc-tigris-login ACC Tigris allows public access without a login. ====================================================== Name: CVE-1999-0384 Status: Entry Reference: XF:forms-vuln-patch Reference: MS:MS99-001 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-001.mspx The Forms 2.0 ActiveX control (included with Visual Basic for Applications 5.0) can be used to read text from a user's clipboard when the user accesses documents with ActiveX content. ====================================================== Name: CVE-1999-0385 Status: Entry Reference: MS:MS99-009 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-009.mspx Reference: ISS:LDAP Buffer overflow against Microsoft Directory Services Reference: XF:ldap-exchange-overflow Reference: XF:ldap-mds-dos The LDAP bind function in Exchange 5.5 has a buffer overflow that allows a remote attacker to conduct a denial of service or execute commands. ====================================================== Name: CVE-1999-0386 Status: Entry Reference: MS:MS99-010 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-010.mspx Reference: XF:pws-file-access Reference: OSVDB:111 Reference: URL:http://www.osvdb.org/111 Microsoft Personal Web Server and FrontPage Personal Web Server in some Windows systems allows a remote attacker to read files on the server by using a nonstandard URL. ====================================================== Name: CVE-1999-0387 Status: Entry Reference: MS:MS99-052 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-052.asp Reference: MSKB:Q168115 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q168115 Reference: BID:829 Reference: URL:http://www.securityfocus.com/bid/829 Reference: XF:9x-plaintext-pwd A legacy credential caching mechanism used in Windows 95 and Windows 98 systems allows attackers to read plaintext network passwords. ====================================================== Name: CVE-1999-0388 Status: Entry Reference: XF:datalynx-suguard-relative-paths Reference: L0PHT:Jan3,1999 Reference: OSVDB:3186 Reference: URL:http://www.osvdb.org/3186 DataLynx suGuard trusts the PATH environment variable to execute the ps command, allowing local users to execute commands as root. ====================================================== Name: CVE-1999-0390 Status: Entry Reference: BUGTRAQ:19990104 Dosemu/S-Lang Overflow + sploit Reference: CALDERA:CSSA-1999-006.1 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-1999-006.1.txt Reference: BID:187 Reference: URL:http://www.securityfocus.com/bid/187 Buffer overflow in Dosemu Slang library in Linux. ====================================================== Name: CVE-1999-0391 Status: Entry Reference: L0PHT:Jan. 5, 1999 The cryptographic challenge of SMB authentication in Windows 95 and Windows 98 can be reused, allowing an attacker to replay the response and impersonate a user. ====================================================== Name: CVE-1999-0392 Status: Entry Reference: BUGTRAQ:Jan10,1999 Reference: XF:http-cgic-library-bo Buffer overflow in Thomas Boutell's cgic library version up to 1.05. ====================================================== Name: CVE-1999-0393 Status: Entry Reference: BUGTRAQ:19981212 ** Sendmail 8.9.2 DoS - exploit ** get what you want! Reference: BUGTRAQ:19990121 Sendmail 8.8.x/8.9.x bugware Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91694391227372&w=2 Reference: XF:sendmail-parsing-redirection Remote attackers can cause a denial of service in Sendmail 8.8.x and 8.9.2 by sending messages with a large number of headers. ====================================================== Name: CVE-1999-0395 Status: Entry Reference: ISS:19990118 Vulnerability in the BackWeb Polite Agent Protocol Reference: URL:http://xforce.iss.net/alerts/advise17.php Reference: XF:backweb-polite-agent-protocol A race condition in the BackWeb Polite Agent Protocol allows an attacker to spoof a BackWeb server. ====================================================== Name: CVE-1999-0396 Status: Entry Reference: NETBSD:1999-001 Reference: OPENBSD:Feb17,1999 Reference: XF:netbsd-tcp-race A race condition between the select() and accept() calls in NetBSD TCP servers allows remote attackers to cause a denial of service. ====================================================== Name: CVE-1999-0402 Status: Entry Reference: BUGTRAQ:Feb2,1999 Reference: XF:wget-permissions Reference: DEBIAN:19990220 wget 1.5.3 follows symlinks to change permissions of the target file instead of the symlink itself. ====================================================== Name: CVE-1999-0403 Status: Entry Reference: BUGTRAQ:19990204 Cyrix bug: freeze in hell, badboy Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91821080015725&w=2 Reference: XF:cyrix-hang A bug in Cyrix CPUs on Linux allows local users to perform a denial of service. ====================================================== Name: CVE-1999-0404 Status: Entry Reference: BUGTRAQ:Feb14,1999 Reference: XF:mailmax-bo Buffer overflow in the Mail-Max SMTP server for Windows systems allows remote command execution. ====================================================== Name: CVE-1999-0405 Status: Entry Reference: HERT:002 Reference: BUGTRAQ:Feb18,1999 Reference: DEBIAN:19990220a Reference: XF:lsof-bo Reference: OSVDB:3163 Reference: URL:http://www.osvdb.org/3163 A buffer overflow in lsof allows local users to obtain root privilege. ====================================================== Name: CVE-1999-0407 Status: Entry Reference: BUGTRAQ:19990209 ALERT: IIS4 allows proxied password attacks over NetBIOS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91983486431506&w=2 Reference: BUGTRAQ:19990209 Re: IIS4 allows proxied password attacks over NetBIOS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92000623021036&w=2 Reference: XF:iis-iisadmpwd By default, IIS 4.0 has a virtual directory /IISADMPWD which contains files that can be used as proxies for brute force password attacks, or to identify valid users on the system. ====================================================== Name: CVE-1999-0408 Status: Entry Reference: BUGTRAQ:19990225 Cobalt root exploit Reference: XF:cobalt-raq-history-exposure Reference: BID:337 Reference: URL:http://www.securityfocus.com/bid/337 Files created from interactive shell sessions in Cobalt RaQ microservers (e.g. .bash_history) are world readable, and thus are accessible from the web server. ====================================================== Name: CVE-1999-0409 Status: Entry Reference: BUGTRAQ:19990304 Linux /usr/bin/gnuplot overflow Reference: XF:gnuplot-home-overflow Reference: BID:319 Reference: URL:http://www.securityfocus.com/bid/319 Buffer overflow in gnuplot in Linux version 3.5 allows local users to obtain root access. ====================================================== Name: CVE-1999-0410 Status: Entry Reference: BUGTRAQ:Mar5,1999 Reference: XF:sol-cancel Reference: BID:293 Reference: URL:http://www.securityfocus.com/bid/293 The cancel command in Solaris 2.6 (i386) has a buffer overflow that allows local users to obtain root access. ====================================================== Name: CVE-1999-0412 Status: Entry Reference: BUGTRAQ:Feb19,1999 Reference: XF:iis-isapi-execute Reference: BID:501 Reference: URL:http://www.securityfocus.com/bid/501 In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension. ====================================================== Name: CVE-1999-0413 Status: Entry Reference: SGI:19990301-01-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19990301-01-PX Reference: XF:irix-font-path-overflow A buffer overflow in the SGI X server allows local users to gain root access through the X server font path. ====================================================== Name: CVE-1999-0414 Status: Entry Reference: NAI:Linux Blind TCP Spoofing Reference: XF:linux-blind-spoof In Linux before version 2.0.36, remote attackers can spoof a TCP connection and pass data to the application layer before fully establishing the connection. ====================================================== Name: CVE-1999-0415 Status: Entry Reference: ISS:19990311 Remote Reconfiguration and Denial of Service Vulnerabilities in Cisco 700 ISDN Routers Reference: CISCO:19990311 Cisco 7xx TCP and HTTP Vulnerabilities Reference: URL:http://www.cisco.com/warp/public/770/7xxconn-pub.shtml Reference: CIAC:J-034 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/j-034.shtml Reference: XF:cisco-router-commands Reference: XF:cisco-web-config The HTTP server in Cisco 7xx series routers 3.2 through 4.2 is enabled by default, which allows remote attackers to change the router's configuration. ====================================================== Name: CVE-1999-0416 Status: Entry Reference: ISS:19990311 Remote Reconfiguration and Denial of Service Vulnerabilities in Cisco 700 ISDN Routers Reference: CISCO:19990311 Cisco 7xx TCP and HTTP Vulnerabilities Reference: URL:http://www.cisco.com/warp/public/770/7xxconn-pub.shtml Reference: CIAC:J-034 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/j-034.shtml Reference: XF:cisco-web-crash Vulnerability in Cisco 7xx series routers allows a remote attacker to cause a system reload via a TCP connection to the router's TELNET port. ====================================================== Name: CVE-1999-0417 Status: Entry Reference: BUGTRAQ:Mar9,1999 Reference: XF:solaris-psinfo-crash Reference: BID:448 Reference: URL:http://www.securityfocus.com/bid/448 Reference: OSVDB:1001 Reference: URL:http://www.osvdb.org/1001 64 bit Solaris 7 procfs allows local users to perform a denial of service. ====================================================== Name: CVE-1999-0420 Status: Entry Reference: NETBSD:1999-006 umapfs allows local users to gain root privileges by changing their uid through a malicious mount_umap program. ====================================================== Name: CVE-1999-0421 Status: Entry Reference: ISS:Short-Term High-Risk Vulnerability During Slackware 3.6 Network Installations Reference: XF:linux-slackware-install Reference: BID:338 Reference: URL:http://www.securityfocus.com/bid/338 Reference: OSVDB:981 Reference: URL:http://www.osvdb.org/981 During a reboot after an installation of Linux Slackware 3.6, a remote attacker can obtain root access by logging in to the root account without a password. ====================================================== Name: CVE-1999-0422 Status: Entry Reference: NETBSD:1999-007 In some cases, NetBSD 1.3.3 mount allows local users to execute programs in some file systems that have the "noexec" flag set. ====================================================== Name: CVE-1999-0423 Status: Entry Reference: HP:HPSBUX9903-093 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9903-093 Reference: XF:hp-hpterm-files Vulnerability in hpterm on HP-UX 10.20 allows local users to gain additional privileges. ====================================================== Name: CVE-1999-0424 Status: Entry Reference: SUSE:Mar18,1999 Reference: XF:netscape-talkback-overwrite talkback in Netscape 4.5 allows a local user to overwrite arbitrary files of another user whose Netscape crashes. ====================================================== Name: CVE-1999-0425 Status: Entry Reference: SUSE:Mar18,1999 Reference: XF:netscape-talkback-kill talkback in Netscape 4.5 allows a local user to kill an arbitrary process of another user whose Netscape crashes. ====================================================== Name: CVE-1999-0428 Status: Entry Reference: BUGTRAQ:19990322 OpenSSL/SSLeay Security Alert Reference: XF:ssl-session-reuse Reference: OSVDB:3936 Reference: URL:http://www.osvdb.org/3936 OpenSSL and SSLeay allow remote attackers to reuse SSL sessions and bypass access controls. ====================================================== Name: CVE-1999-0429 Status: Entry Reference: BUGTRAQ:19990323 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92221437025743&w=2 Reference: BUGTRAQ:19990324 Re: LNotes encryption Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92241547418689&w=2 Reference: BUGTRAQ:19990326 Lotus Notes Encryption Bug Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92246997917866&w=2 Reference: BUGTRAQ:19990326 Re: Lotus Notes security advisory Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92249282302994&w=2 Reference: XF:lotus-client-encryption The Lotus Notes 4.5 client may send a copy of encrypted mail in the clear across the network if the user does not set the "Encrypt Saved Mail" preference. ====================================================== Name: CVE-1999-0430 Status: Entry Reference: ISS:Remote Denial of Service Vulnerability in Cisco Catalyst Series Ethernet Switches Reference: CISCO:Cisco Catalyst Supervisor Remote Reload Reference: XF:cisco-catalyst-crash Reference: OSVDB:1103 Reference: URL:http://www.osvdb.org/1103 Cisco Catalyst LAN switches running Catalyst 5000 supervisor software allows remote attackers to perform a denial of service by forcing the supervisor module to reload. ====================================================== Name: CVE-1999-0432 Status: Entry Reference: HP:HPSBUX9903-094 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9903-094 Reference: XF:hp-ftp ftp on HP-UX 11.00 allows local users to gain privileges. ====================================================== Name: CVE-1999-0433 Status: Entry Reference: SUSE:Mar28,1999 Reference: BUGTRAQ:19990321 X11R6 NetBSD Security Problem Reference: XF:xfree86-temp-directories XFree86 startx command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service. ====================================================== Name: CVE-1999-0436 Status: Entry Reference: HP:HPSBUX9903-095 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9903-095 Reference: XF:hp-desms-servers Domain Enterprise Server Management System (DESMS) in HP-UX allows local users to gain privileges. ====================================================== Name: CVE-1999-0437 Status: Entry Reference: ISS:WebRamp Denial of Service Attacks Reference: XF:webramp-device-crash Remote attackers can perform a denial of service in WebRamp systems by sending a malicious string to the HTTP port. ====================================================== Name: CVE-1999-0438 Status: Entry Reference: ISS:WebRamp Denial of Service Attacks Reference: XF:webramp-ipchange Remote attackers can perform a denial of service in WebRamp systems by sending a malicious UDP packet to port 5353, changing its IP address. ====================================================== Name: CVE-1999-0439 Status: Entry Reference: BUGTRAQ:19990405 Re: [SECURITY] new version of procmail with security fixes Reference: DEBIAN:19990422 Reference: CALDERA:CSSA-1999:007 Reference: XF:procmail-overflow Buffer overflow in procmail before version 3.12 allows remote or local attackers to execute commands via expansions in the procmailrc configuration file. ====================================================== Name: CVE-1999-0440 Status: Entry Reference: BUGTRAQ:19990405 Security Hole in Java 2 (and JDK 1.1.x) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92333596624452&w=2 Reference: CONFIRM:http://java.sun.com/pr/1999/03/pr990329-01.html Reference: BID:1939 Reference: URL:http://www.securityfocus.com/bid/1939 Reference: XF:java-unverified-code The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages. ====================================================== Name: CVE-1999-0441 Status: Entry Reference: EEYE:AD02221999 Reference: URL:http://www.eeye.com/html/Research/Advisories/AD02221999.html Reference: XF:wingate-redirector-dos Reference: BID:509 Reference: URL:http://www.securityfocus.com/bid/509 Remote attackers can perform a denial of service in WinGate machines using a buffer overflow in the Winsock Redirector Service. ====================================================== Name: CVE-1999-0442 Status: Entry Reference: BUGTRAQ:19990107 really silly ff.core exploit for Solaris Reference: BUGTRAQ:19990108 ff.core exploit on Solaris (2.)7 Reference: BUGTRAQ:19990408 Solaris7 and ff.core Reference: BID:327 Reference: URL:http://www.securityfocus.com/bid/327 Solaris ff.core allows local users to modify files. ====================================================== Name: CVE-1999-0445 Status: Entry Reference: CISCO:Cisco IOS(R) Software Input Access List Leakage with NAT Reference: XF:cisco-natacl-leakage Reference: OSVDB:1104 Reference: URL:http://www.osvdb.org/1104 In Cisco routers under some versions of IOS 12.0 running NAT, some packets may not be filtered by input access list filters. ====================================================== Name: CVE-1999-0446 Status: Entry Reference: NETBSD:1999-008 Reference: XF:netbsd-vfslocking-panic Reference: OSVDB:7051 Reference: URL:http://www.osvdb.org/7051 Local users can perform a denial of service in NetBSD 1.3.3 and earlier versions by creating an unusual symbolic link with the ln command, triggering a bug in VFS. ====================================================== Name: CVE-1999-0447 Status: Entry Reference: HP:HPSBMP9904-006 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBMP9904-006 Reference: XF:mpeix-debug Local users can gain privileges using the debug utility in the MPE/iX operating system. ====================================================== Name: CVE-1999-0448 Status: Entry Reference: BUGTRAQ:19990121 IIS 4 Request Logging Security Advisory Reference: XF:iis-http-request-logging IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request. ====================================================== Name: CVE-1999-0449 Status: Entry Reference: BUGTRAQ:19990126 IIS 4 Advisory - ExAir sample site DoS Reference: NTBUGTRAQ:19990126 IIS 4 Advisory - ExAir sample site DoS Reference: BUGTRAQ:19990125 Re: [NTSEC] IIS 4 Advisory - ExAir sample site DoS Reference: BID:193 Reference: URL:http://www.securityfocus.com/bid/193 Reference: OSVDB:2 Reference: URL:http://www.osvdb.org/2 Reference: OSVDB:3 Reference: URL:http://www.osvdb.org/3 Reference: OSVDB:4 Reference: URL:http://www.osvdb.org/4 Reference: XF:iis-exair-dos The ExAir sample site in IIS 4 allows remote attackers to cause a denial of service (CPU consumption) via a direct request to the (1) advsearch.asp, (2) query.asp, or (3) search.asp scripts. ====================================================== Name: CVE-1999-0457 Status: Entry Reference: BUGTRAQ:Jan17,1999 Reference: DEBIAN:19990117 Reference: XF:ftpwatch-vuln Reference: BID:317 Reference: URL:http://www.securityfocus.com/bid/317 Linux ftpwatch program allows local users to gain root privileges. ====================================================== Name: CVE-1999-0458 Status: Entry Reference: BUGTRAQ:Jan6,1999 Reference: XF:l0phtcrack-temp-files Reference: OSVDB:915 Reference: URL:http://www.osvdb.org/915 L0phtcrack 2.5 used temporary files in the system TEMP directory which could contain password information. ====================================================== Name: CVE-1999-0463 Status: Entry Reference: SGI:19981201-01-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19981201-01-PX Reference: XF:sgi-fcagent-dos Remote attackers can perform a denial of service using IRIX fcagent. ====================================================== Name: CVE-1999-0464 Status: Entry Reference: BUGTRAQ:19990104 Tripwire mess.. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91553066310826&w=2 Reference: CONFIRM:http://marc.theaimsgroup.com/?l=bugtraq&m=91592136122066&w=2 Reference: OSVDB:6609 Reference: URL:http://www.osvdb.org/6609 Local users can perform a denial of service in Tripwire 1.2 and earlier using long filenames. ====================================================== Name: CVE-1999-0466 Status: Entry Reference: NETBSD:1999-009 Reference: OSVDB:905 Reference: URL:http://www.osvdb.org/905 The SVR4 /dev/wabi special device file in NetBSD 1.3.3 and earlier allows a local user to read or write arbitrary files on the disk associated with that device. ====================================================== Name: CVE-1999-0468 Status: Entry Reference: MS:MS99-012 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-012.asp Reference: XF:ie-scriplet-fileread Reference: BUGTRAQ:Apr9,1999 Internet Explorer 5.0 allows a remote server to read arbitrary files on the client's file system using the Microsoft Scriptlet Component. ====================================================== Name: CVE-1999-0470 Status: Entry Reference: BUGTRAQ:19990409 New Novell Remote.NLM Password Decryption Algorithm with Exploit Reference: BID:482 Reference: URL:http://www.securityfocus.com/bid/482 Reference: XF:netware-remotenlm-passwords A weak encryption algorithm is used for passwords in Novell Remote.NLM, allowing them to be easily decrypted. ====================================================== Name: CVE-1999-0471 Status: Entry Reference: XF:winroute-config Reference: BUGTRAQ:Apr9,1999 The remote proxy server in Winroute allows a remote attacker to reconfigure the proxy without authentication through the "cancel" button. ====================================================== Name: CVE-1999-0472 Status: Entry Reference: XF:netcache-snmp Reference: BUGTRAQ:Apr7,1999 The SNMP default community name "public" is not properly removed in NetApps C630 Netcache, even if the administrator tries to disable it. ====================================================== Name: CVE-1999-0473 Status: Entry Reference: BUGTRAQ:19990407 rsync 2.3.1 release - security fix Reference: CALDERA:CSSA-1999:010.0 Reference: DEBIAN:19990823 Reference: BID:145 Reference: URL:http://www.securityfocus.com/bid/145 Reference: XF:rsync-permissions The rsync command before rsync 2.3.1 may inadvertently change the permissions of the client's working directory to the permissions of the directory being transferred. ====================================================== Name: CVE-1999-0474 Status: Entry Reference: XF:icq-webserver-read Reference: BUGTRAQ:Apr5,1999 The ICQ Webserver allows remote attackers to use .. to access arbitrary files outside of the user's personal directory. ====================================================== Name: CVE-1999-0475 Status: Entry Reference: XF:procmail-race Reference: BUGTRAQ:Apr5,1999 A race condition in how procmail handles .procmailrc files allows a local user to read arbitrary files available to the user who is running procmail. ====================================================== Name: CVE-1999-0478 Status: Entry Reference: HP:HPSBUX9904-097 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9904-097 Reference: XF:sendmail-headers-dos Denial of service in HP-UX sendmail 8.8.6 related to accepting connections. ====================================================== Name: CVE-1999-0479 Status: Entry Reference: HP:HPSBUX9903-092 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9903-092 Reference: XF:netscape-server-dos Denial of service Netscape Enterprise Server with VirtualVault on HP-UX VVOS systems. ====================================================== Name: CVE-1999-0481 Status: Entry Reference: OPENBSD:Mar22,1999 Reference: OSVDB:7556 Reference: URL:http://www.osvdb.org/7556 Denial of service in "poll" in OpenBSD. ====================================================== Name: CVE-1999-0482 Status: Entry Reference: OPENBSD:Mar21,1999 Reference: OSVDB:7557 Reference: URL:http://www.osvdb.org/7557 OpenBSD kernel crash through TSS handling, as caused by the crashme program. ====================================================== Name: CVE-1999-0483 Status: Entry Reference: OPENBSD:Feb25,1999 Reference: OSVDB:6129 Reference: URL:http://www.osvdb.org/6129 OpenBSD crash using nlink value in FFS and EXT2FS filesystems. ====================================================== Name: CVE-1999-0484 Status: Entry Reference: OPENBSD:Feb23,1999 Reference: OSVDB:6130 Reference: URL:http://www.osvdb.org/6130 Buffer overflow in OpenBSD ping. ====================================================== Name: CVE-1999-0485 Status: Entry Reference: OPENBSD:Feb19,1999 Reference: XF:openbsd-ipintr-race Reference: OSVDB:7558 Reference: URL:http://www.osvdb.org/7558 Remote attackers can cause a system crash through ipintr() in ipq in OpenBSD. ====================================================== Name: CVE-1999-0487 Status: Entry Reference: MS:MS99-011 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-011.mspx Reference: XF:ie-dhtml-control The DHTML Edit ActiveX control in Internet Explorer allows remote attackers to read arbitrary files. ====================================================== Name: CVE-1999-0491 Status: Entry Reference: BUGTRAQ:19990420 Bash Bug Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.9904202114070.6623-100000@smooth.Operator.org Reference: CALDERA:CSSA-1999-008.0 Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-008.0.txt Reference: BID:119 Reference: URL:http://www.securityfocus.com/bid/119 The prompt parsing in bash allows a local user to execute commands as another user by creating a directory with the name of the command to execute. ====================================================== Name: CVE-1999-0493 Status: Entry Reference: CERT:CA-99-05 Reference: URL:http://www.cert.org/advisories/CA-99-05-statd-automountd.html Reference: SUN:00186 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/186&type=0&nav=sec.sba Reference: CIAC:J-045 Reference: URL:http://www.ciac.org/ciac/bulletins/j-045.shtml Reference: BUGTRAQ:19990103 SUN almost has a clue! (automountd) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91547759121289&w=2 Reference: BID:450 Reference: URL:http://www.securityfocus.com/bid/450 rpc.statd allows remote attackers to forward RPC calls to the local operating system via the SM_MON and SM_NOTIFY commands, which in turn could be used to remotely exploit other bugs such as in automountd. ====================================================== Name: CVE-1999-0494 Status: Entry Reference: XF:wingate-pop3-user-bo Denial of service in WinGate proxy through a buffer overflow in POP3. ====================================================== Name: CVE-1999-0496 Status: Entry Reference: MSKB:Q146965 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q146965 Reference: XF:nt-getadmin Reference: XF:nt-getadmin-present A Windows NT 4.0 user can gain administrative rights by forcing NtOpenProcessToken to succeed regardless of the user's permissions, aka GetAdmin. ====================================================== Name: CVE-1999-0513 Status: Entry Reference: CERT:CA-98.01.smurf Reference: FREEBSD:FreeBSD-SA-98:06 Reference: XF:smurf ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack that can cause a denial of service. ====================================================== Name: CVE-1999-0514 Status: Entry Reference: XF:fraggle UDP messages to broadcast addresses are allowed, allowing for a Fraggle attack that can cause a denial of service by flooding the target. ====================================================== Name: CVE-1999-0526 Status: Entry Reference: XF:xcheck-keystroke Reference: CERT-VN:VU#704969 Reference: URL:http://www.kb.cert.org/vuls/id/704969 An X server's access control is disabled (e.g. through an "xhost +" command) and allows anyone to connect to the server. ====================================================== Name: CVE-1999-0551 Status: Entry Reference: HP:HPSBUX9804-078 Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9804-078 Reference: XF:hp-openmail HP OpenMail can be misconfigured to allow users to run arbitrary commands using malicious print requests. ====================================================== Name: CVE-1999-0566 Status: Entry Reference: XF:ibm-syslogd Reference: XF:syslog-flood An attacker can write to syslog files from any location, causing a denial of service by filling up the logs, and hiding activities. ====================================================== Name: CVE-1999-0608 Status: Entry Reference: BUGTRAQ:19990420 Shopping Carts exposing CC data Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92462991805485&w=2 Reference: CONFIRM:http://www.pdgsoft.com/Security/security.html. Reference: XF:pdgsoftcart-misconfig(3857) Reference: URL:http://xforce.iss.net/xforce/xfdb/3857 An incorrect configuration of the PDG Shopping Cart CGI program "shopper.cgi" could disclose private information. ====================================================== Name: CVE-1999-0612 Status: Entry Reference: XF:finger-out Reference: XF:finger-running A version of finger is running that exposes valid user information to any entity on the network. ====================================================== Name: CVE-1999-0626 Status: Entry Reference: XF:rusersd Reference: XF:ruser A version of rusers is running that exposes valid user information to any entity on the network. ====================================================== Name: CVE-1999-0627 Status: Entry Reference: XF:rexd The rexd service is running, which uses weak authentication that can allow an attacker to execute commands. ====================================================== Name: CVE-1999-0628 Status: Entry Reference: XF:rwhod The rwho/rwhod service is running, which exposes machine status and user information. ====================================================== Name: CVE-1999-0668 Status: Entry Reference: BUGTRAQ:19990821 IE 5.0 allows executing programs Reference: MS:MS99-032 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-032.asp Reference: CIAC:J-064 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/j-064.shtml Reference: BID:598 Reference: URL:http://www.securityfocus.com/bid/598 Reference: XF:ms-scriptlet-eyedog-unsafe Reference: MSKB:Q240308 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q240308 The scriptlet.typelib ActiveX control is marked as "safe for scripting" for Internet Explorer, which allows a remote attacker to execute arbitrary commands as demonstrated by Bubbleboy. ====================================================== Name: CVE-1999-0671 Status: Entry Reference: BID:572 Reference: URL:http://www.securityfocus.com/bid/572 Reference: XF:toxsoft-nextftp-cwd-bo Buffer overflow in ToxSoft NextFTP client through CWD command. ====================================================== Name: CVE-1999-0672 Status: Entry Reference: XF:fujitsu-topic-bo Reference: BID:573 Reference: URL:http://www.securityfocus.com/bid/573 Buffer overflow in Fujitsu Chocoa IRC client via IRC channel topics. ====================================================== Name: CVE-1999-0674 Status: Entry Reference: NETBSD:1999-011 Reference: OPENBSD:Aug 9,1999 Reference: FREEBSD:FreeBSD-SA-99:02 Reference: BUGTRAQ:19990809 profil(2) bug, a simple test program Reference: BID:570 Reference: URL:http://www.securityfocus.com/bid/570 Reference: CIAC:J-067 Reference: URL:http://www.ciac.org/ciac/bulletins/j-067.shtml Reference: XF:netbsd-profil The BSD profil system call allows a local user to modify the internal data space of a program via profiling and execve. ====================================================== Name: CVE-1999-0675 Status: Entry Reference: BUGTRAQ:19990809 FW1 UDP Port 0 DoS Reference: URL:http://www.securityfocus.com/archive/1/23615 Reference: BID:576 Reference: URL:http://www.securityfocus.com/bid/576 Reference: XF:checkpoint-port Reference: OSVDB:1038 Reference: URL:http://www.osvdb.org/1038 Check Point FireWall-1 can be subjected to a denial of service via UDP packets that are sent through VPN-1 to port 0 of a host. ====================================================== Name: CVE-1999-0676 Status: Entry Reference: BUGTRAQ:19990808 sdtcm_convert Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=19990809134220.A1191@hades.chaoz.org Reference: XF:sun-sdtcm-convert Reference: BID:575 Reference: URL:http://www.securityfocus.com/bid/575 sdtcm_convert in Solaris 2.6 allows a local user to overwrite sensitive files via a symlink attack. ====================================================== Name: CVE-1999-0678 Status: Entry Reference: XF:apache-debian-usrdoc Reference: BUGTRAQ:19990405 An issue with Apache on Debian Reference: BID:318 Reference: URL:http://www.securityfocus.com/bid/318 A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server. ====================================================== Name: CVE-1999-0679 Status: Entry Reference: BUGTRAQ:19990813 w00w00's efnet ircd advisory (exploit included) Reference: CONFIRM:http://www.efnet.org/archive/servers/hybrid/ChangeLog Reference: BID:581 Reference: URL:http://www.securityfocus.com/bid/581 Reference: XF:hybrid-ircd-minvite-bo Buffer overflow in hybrid-6 IRC server commonly used on EFnet allows remote attackers to execute commands via m_invite invite option. ====================================================== Name: CVE-1999-0680 Status: Entry Reference: MS:MS99-028 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-028.mspx Reference: MSKB:Q238600 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q238600 Reference: CIAC:J-057 Reference: URL:http://www.ciac.org/ciac/bulletins/j-057.shtml Reference: BID:571 Reference: URL:http://www.securityfocus.com/bid/571 Reference: XF:nt-terminal-dos Windows NT Terminal Server performs extra work when a client opens a new connection but before it is authenticated, allowing for a denial of service. ====================================================== Name: CVE-1999-0681 Status: Entry Reference: BUGTRAQ:19990807 Crash FrontPage Remot