cve.mitre.orgcve.mitre.org/data/downloads/allcves.txt2018-07-07 · cve version: 20061101 =====...
If you can't read please download the document
TRANSCRIPT
CVE version: 20061101
======================================================Name: CVE-1999-0002Status: EntryReference: SGI:19981006-01-IReference: URL:ftp://patches.sgi.com/support/free/security/advisories/19981006-01-IReference: CERT:CA-98.12.mountdReference: CIAC:J-006Reference: URL:http://www.ciac.org/ciac/bulletins/j-006.shtmlReference: BID:121Reference: URL:http://www.securityfocus.com/bid/121Reference: XF:linux-mountd-bo
Buffer overflow in NFS mountd gives root access to remote attackers,mostly in Linux systems.
======================================================Name: CVE-1999-0003Status: EntryReference: NAI:NAI-29Reference: CERT:CA-98.11.tooltalkReference: SGI:19981101-01-AReference: URL:ftp://patches.sgi.com/support/free/security/advisories/19981101-01-AReference: SGI:19981101-01-PXReference: URL:ftp://patches.sgi.com/support/free/security/advisories/19981101-01-PXReference: XF:aix-ttdbserverReference: XF:tooltalkReference: BID:122Reference: URL:http://www.securityfocus.com/bid/122
Execute commands as root via buffer overflow in Tooltalk databaseserver (rpc.ttdbserverd).
======================================================Name: CVE-1999-0005Status: EntryReference: CERT:CA-98.09.imapdReference: SUN:00177Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/177Reference: BID:130Reference: URL:http://www.securityfocus.com/bid/130Reference: XF:imap-authenticate-bo
Arbitrary command execution via IMAP buffer overflow in authenticatecommand.
======================================================Name: CVE-1999-0006Status: EntryReference: CERT:CA-98.08.qpopper_vulReference: SGI:19980801-01-IReference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980801-01-IReference: AUSCERT:AA-98.01Reference: XF:qpopper-pass-overflowReference: BID:133Reference: URL:http://www.securityfocus.com/bid/133
Buffer overflow in POP servers based on BSD/Qualcomm's qpopper allowsremote attackers to gain root access using a long PASS command.
======================================================Name: CVE-1999-0007Status: EntryReference: CERT:CA-98.07.PKCSReference: MS:MS98-002Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms98-002.mspxReference: XF:nt-ssl-fix
Information from SSL-encrypted sessions via PKCS #1.
======================================================Name: CVE-1999-0008Status: EntryReference: CERT:CA-98.06.nisdReference: SUN:00170Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/170Reference: ISS:June10,1998Reference: XF:nisd-bo-check
Buffer overflow in NIS+, in Sun's rpc.nisd program.
======================================================Name: CVE-1999-0009Status: EntryReference: SGI:19980603-01-PXReference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980603-01-PXReference: HP:HPSBUX9808-083Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9808-083Reference: SUN:00180Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/180Reference: CERT:CA-98.05.bind_problemsReference: XF:bind-boReference: BID:134Reference: URL:http://www.securityfocus.com/bid/134
Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases.
======================================================Name: CVE-1999-0010Status: EntryReference: CERT:CA-98.05.bind_problemsReference: SGI:19980603-01-PXReference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980603-01-PXReference: HP:HPSBUX9808-083Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9808-083Reference: XF:bind-dos
Denial of Service vulnerability in BIND 8 Releases via maliciouslyformatted DNS messages.
======================================================Name: CVE-1999-0011Status: EntryReference: CERT:CA-98.05.bind_problemsReference: SGI:19980603-01-PXReference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980603-01-PXReference: HP:HPSBUX9808-083Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9808-083Reference: SUN:00180Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/180Reference: XF:bind-axfr-dos
Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releasesvia CNAME record and zone transfer.
======================================================Name: CVE-1999-0012Status: EntryReference: CERT:CA-98.04.Win32.WebServersReference: XF:nt-web8.3
Some web servers under Microsoft Windows allow remote attackersto bypass access restrictions for files with long file names.
======================================================Name: CVE-1999-0013Status: EntryReference: CERT:CA-98.03.ssh-agentReference: NAI:NAI-24Reference: XF:ssh-agent
Stolen credentials from SSH clients via ssh-agent program, allowingother local users to access remote accounts belonging to thessh-agent user.
======================================================Name: CVE-1999-0014Status: EntryReference: HP:HPSBUX9801-075Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9801-075Reference: SUN:00185Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/185Reference: CERT:CA-98.02.CDE
Unauthorized privileged access or denial of service via dtappgatherprogram in CDE.
======================================================Name: CVE-1999-0016Status: EntryReference: CERT:CA-97.28.Teardrop_LandReference: FREEBSD:FreeBSD-SA-98:01Reference: HP:HPSBUX9801-076Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9801-076Reference: CISCO:http://www.cisco.com/warp/public/770/land-pub.shtmlReference: XF:cisco-landReference: XF:landReference: XF:95-verv-tcpReference: XF:land-patchReference: XF:ver-tcpip-sys
Land IP denial of service.
======================================================Name: CVE-1999-0017Status: EntryReference: CERT:CA-97.27.FTP_bounceReference: XF:ftp-bounceReference: XF:ftp-privileged-port
FTP servers can allow an attacker to connect to arbitrary ports onmachines other than the FTP client, aka FTP bounce.
======================================================Name: CVE-1999-0018Status: EntryReference: CERT:CA-97.26.statdReference: AUSCERT:AA-97.29Reference: XF:statdReference: BID:127Reference: URL:http://www.securityfocus.com/bid/127
Buffer overflow in statd allows root privileges.
======================================================Name: CVE-1999-0019Status: EntryReference: CERT:CA-96.09.rpc.statdReference: XF:rpc-statReference: SUN:00135Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/135
Delete or create a file via rpc.statd, due to invalid information.
======================================================Name: CVE-1999-0021Status: EntryReference: BUGTRAQ:19971010 Security flaw in Count.cgi (wwwcount)Reference: CERT:CA-97.24.Count_cgiReference: XF:http-cgi-countReference: BID:128Reference: URL:http://www.securityfocus.com/bid/128
Arbitrary command execution via buffer overflow in Count.cgi(wwwcount) cgi-bin program.
======================================================Name: CVE-1999-0022Status: EntryReference: CERT:CA-97.23.rdistReference: SUN:00179Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/179Reference: XF:rdist-bo3Reference: XF:rdist-sept97
Local user gains root privileges via buffer overflow in rdist, viaexpstr() function.
======================================================Name: CVE-1999-0023Status: EntryReference: CERT:CA-96.14.rdist_vulReference: XF:rdist-boReference: XF:rdist-bo2
Local user gains root privileges via buffer overflow in rdist, vialookup() function.
======================================================Name: CVE-1999-0024Status: EntryReference: CERT:CA-97.22.bindReference: XF:bindReference: NAI:NAI-11
DNS cache poisoning via BIND, by predictable query IDs.
======================================================Name: CVE-1999-0025Status: EntryReference: CERT:CA-1997-21Reference: URL:http://www.cert.org/advisories/CA-1997-21.htmlReference: AUSCERT:AA-97.19.IRIX.df.buffer.overflow.vulReference: SGI:SGI:19970505-01-AReference: SGI:SGI:19970505-02-PXReference: CERT-VN:VU#20851Reference: URL:http://www.kb.cert.org/vuls/id/20851Reference: BID:346Reference: URL:http://www.securityfocus.com/bid/346Reference: XF:df-bo(440)Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/440
root privileges via buffer overflow in df command on SGI IRIXsystems.
======================================================Name: CVE-1999-0026Status: EntryReference: CERT:CA-97.21.sgi_buffer_overflowReference: AUSCERT:AA-97.20.IRIX.pset.buffer.overflow.vulReference: XF:pset-bo
root privileges via buffer overflow in pset command on SGI IRIXsystems.
======================================================Name: CVE-1999-0027Status: EntryReference: CERT:CA-97.21.sgi_buffer_overflowReference: AUSCERT:AA-97.21.IRIX.eject.buffer.overflow.vulReference: XF:eject-bo
root privileges via buffer overflow in eject command on SGI IRIXsystems.
======================================================Name: CVE-1999-0028Status: EntryReference: CERT:CA-97.21.sgi_buffer_overflowReference: AUSCERT:AA-97.22.IRIX.login.scheme.buffer.overflow.vulReference: XF:sgi-schemebo
root privileges via buffer overflow in login/scheme command on SGIIRIX systems.
======================================================Name: CVE-1999-0029Status: EntryReference: CERT:CA-97.21.sgi_buffer_overflowReference: AUSCERT:AA-97.23-IRIX.ordist.buffer.overflow.vulReference: XF:ordist-bo
root privileges via buffer overflow in ordist command on SGI IRIXsystems.
======================================================Name: CVE-1999-0031Status: EntryReference: CERT:CA-97.20.javascriptReference: HP:HPSBUX9707-065Reference: URL:http://www.codetalker.com/advisories/vendor/hp/hpsbux9707-065.html
JavaScript in Internet Explorer 3.x and 4.x, and Netscape 2.x, 3.x and4.x, allows remote attackers to monitor a user's web activities, akathe Bell Labs vulnerability.
======================================================Name: CVE-1999-0032Status: EntryReference: BUGTRAQ:19960813 Possible bufferoverflow condition in lpr, xterm and xloadReference: BUGTRAQ:19961025 Linux & BSD's lpr exploitReference: MLIST:[freebsd-security] 19961025 Vadim Kolontsov: BoS: Linux & BSD's lpr exploitReference: MLIST:[linux-security] 19961122 LSF Update#14: Vulnerability of the lpr program.Reference: CERT:CA-97.19.bsdlpReference: AUSCERT:AA-96.12Reference: CIAC:H-08Reference: CIAC:I-042Reference: URL:http://www.ciac.org/ciac/bulletins/i-042.shtmlReference: SGI:19980402-01-PXReference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980402-01-PXReference: BID:707Reference: URL:http://www.securityfocus.com/bid/707Reference: XF:bsd-lprbo2Reference: XF:bsd-lprboReference: XF:lpr-bo
Buffer overflow in lpr, as used in BSD-based systems including Linux,allows local users to execute arbitrary code as root via a long -C(classification) command line option.
======================================================Name: CVE-1999-0034Status: EntryReference: CERT:CA-97.17.sperlReference: XF:perl-suid
Buffer overflow in suidperl (sperl), Perl 4.x and 5.x.
======================================================Name: CVE-1999-0035Status: EntryReference: XF:ftp-ftpdReference: CERT:CA-97.16.ftpdReference: AUSCERT:AA-97.03
Race condition in signal handling routine in ftpd, allowing read/writearbitrary files.
======================================================Name: CVE-1999-0036Status: EntryReference: CERT:CA-97.15.sgi_loginReference: AUSCERT:AA-97.12Reference: CIAC:H-106Reference: URL:http://www.ciac.org/ciac/bulletins/h-106.shtmlReference: SGI:19970508-02-PXReference: URL:ftp://patches.sgi.com/support/free/security/advisories/19970508-02-PXReference: OSVDB:990Reference: URL:http://www.osvdb.org/990Reference: XF:sgi-lockout(557)Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/557
IRIX login program with a nonzero LOCKOUT parameter allows creation ordamage to files.
======================================================Name: CVE-1999-0037Status: EntryReference: CERT:CA-97.14.metamailReference: XF:metamail-header-commands
Arbitrary command execution via metamail package using messageheaders, when user processes attacker's message using metamail.
======================================================Name: CVE-1999-0038Status: EntryReference: CERT:CA-97.13.xlockReference: XF:xlock-bo
Buffer overflow in xlock program allows local users to executecommands as root.
======================================================Name: CVE-1999-0039Status: EntryReference: BUGTRAQ:19970507 Re: SGI Security Advisory 19970501-01-A - Vulnerability inReference: BUGTRAQ:19970507 Re: SGI Advisory: webdist.cgiReference: CERT:CA-1997-12Reference: URL:http://www.cert.org/advisories/CA-1997-12.htmlReference: AUSCERT:AA-97.14Reference: SGI:19970501-02-PXReference: URL:ftp://patches.sgi.com/support/free/security/advisories/19970501-02-PXReference: BID:374Reference: URL:http://www.securityfocus.com/bid/374Reference: OSVDB:235Reference: URL:http://www.osvdb.org/235Reference: XF:http-sgi-webdist(333)Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/333
webdist CGI program (webdist.cgi) in SGI IRIX allows remote attackersto execute arbitrary commands via shell metacharacters in the distlocparameter.
======================================================Name: CVE-1999-0040Status: EntryReference: CERT:CA-97.11.libXtReference: XF:libXt-bo
Buffer overflow in Xt library of X Windowing System allows localusers to execute commands with root privileges.
======================================================Name: CVE-1999-0041Status: EntryReference: CERT:CA-97.10.nlsReference: XF:nls-bo
Buffer overflow in NLS (Natural Language Service).
======================================================Name: CVE-1999-0042Status: EntryReference: NAI:NAI-21Reference: CERT:CA-97.09.imap_popReference: XF:popimap-bo
Buffer overflow in University of Washington's implementation ofIMAP and POP servers.
======================================================Name: CVE-1999-0043Status: EntryReference: CERT:CA-97.08.inndReference: XF:inn-controlmsg
Command execution via shell metachars in INN daemon (innd) 1.5using "newgroup" and "rmgroup" control messages, and others.
======================================================Name: CVE-1999-0044Status: EntryReference: SGI:19970301-01-PReference: URL:ftp://patches.sgi.com/support/free/security/advisories/19970301-01-PReference: XF:sgi-fsdump
fsdump command in IRIX allows local users to obtain root accessby modifying sensitive files.
======================================================Name: CVE-1999-0045Status: EntryReference: CERT:CA-97.07.nph-test-cgi_scriptReference: XF:http-cgi-nph
List of arbitrary files on Web host via nph-test-cgi script.
======================================================Name: CVE-1999-0046Status: EntryReference: CERT:CA-97.06.rlogin-termReference: XF:rlogin-termbo
Buffer overflow of rlogin program using TERM environmental variable.
======================================================Name: CVE-1999-0047Status: EntryReference: CERT:CA-97.05.sendmailReference: BID:685Reference: URL:http://www.securityfocus.com/bid/685Reference: XF:sendmail-mime-bo2
MIME conversion buffer overflow in sendmail versions 8.8.3 and 8.8.4.
======================================================Name: CVE-1999-0048Status: EntryReference: CERT:CA-97.04.talkdReference: FREEBSD:FreeBSD-SA-96:21Reference: AUSCERT:AA-97.01Reference: SUN:00147Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/147Reference: XF:talkd-boReference: XF:netkit-talkd
Talkd, when given corrupt DNS information, can be used to executearbitrary commands with root privileges.
======================================================Name: CVE-1999-0049Status: EntryReference: XF:sgi-csetupReference: CERT:CA-97.03.csetup
Csetup under IRIX allows arbitrary file creation or overwriting.
======================================================Name: CVE-1999-0050Status: EntryReference: CERT:CA-97.02.hp_newgrpReference: AUSCERT:AA-96.16.HP-UX.newgrp.Buffer.Overrun.VulnerabilityReference: XF:hp-newgrpbo
Buffer overflow in HP-UX newgrp program.
======================================================Name: CVE-1999-0051Status: EntryReference: XF:sgi-licensemanagerReference: CERT:CA-97.01.flex_lmReference: AUSCERT:AA-96.03
Arbitrary file creation and program execution using FLEXlmLicenseManager, from versions 4.0 to 5.0, in IRIX.
======================================================Name: CVE-1999-0052Status: EntryReference: FREEBSD:FreeBSD-SA-98:08Reference: OSVDB:908Reference: URL:http://www.osvdb.org/908Reference: XF:freebsd-ip-frag-dos(1389)Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1389
IP fragmentation denial of service in FreeBSD allows a remote attackerto cause a crash.
======================================================Name: CVE-1999-0053Status: EntryReference: FREEBSD:FreeBSD-SA-98:07Reference: OSVDB:6094Reference: URL:http://www.osvdb.org/6094
TCP RST denial of service in FreeBSD.
======================================================Name: CVE-1999-0054Status: EntryReference: SUN:00171Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/171Reference: XF:sun-ftpd
Sun's ftpd daemon can be subjected to a denial of service.
======================================================Name: CVE-1999-0055Status: EntryReference: SUN:00172Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/172Reference: AIXAPAR:IX80543Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IX80543&apar=onlyReference: RSI:RSI.0005.05-14-98.SUN.LIBNSLReference: XF:sun-libnsl
Buffer overflows in Sun libnsl allow root access.
======================================================Name: CVE-1999-0056Status: EntryReference: SUN:00174Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/174Reference: XF:sun-ping
Buffer overflow in Sun's ping program can give root access to local users.
======================================================Name: CVE-1999-0057Status: EntryReference: NAI:NAI-19Reference: XF:vacationReference: HP:HPSBUX9811-087Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9811-087
Vacation program allows command execution by remote users througha sendmail command.
======================================================Name: CVE-1999-0058Status: EntryReference: NAI:NAI-12Reference: BID:712Reference: URL:http://www.securityfocus.com/bid/712Reference: XF:http-cgi-phpbo
Buffer overflow in PHP cgi program, php.cgi allows shell access.
======================================================Name: CVE-1999-0059Status: EntryReference: NAI:NAI-16Reference: BID:353Reference: URL:http://www.securityfocus.com/bid/353Reference: OSVDB:164Reference: URL:http://www.osvdb.org/164Reference: XF:irix-fam(325)Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/325
IRIX fam service allows an attacker to obtain a list of all fileson the server.
======================================================Name: CVE-1999-0060Status: EntryReference: NAI:NAI-26Reference: XF:ascend-config-killReference: ASCEND:http://www.ascend.com/2695.html
Attackers can cause a denial of service in Ascend MAX and Pipelinerouters with a malformed packet to the discard port, which is used bythe Java Configurator tool.
======================================================Name: CVE-1999-0062Status: EntryReference: XF:openbsd-chpassReference: NAI:NAI-28Reference: OSVDB:7559Reference: URL:http://www.osvdb.org/7559
The chpass command in OpenBSD allows a local user to gain root accessthrough file descriptor leakage.
======================================================Name: CVE-1999-0063Status: EntryReference: AUSCERT:ESB-98.197Reference: CISCO:http://www.cisco.com/warp/public/770/iossyslog-pub.shtmlReference: XF:cisco-syslog-crash
Cisco IOS 12.0 and other versions can be crashed by malicious UDPpackets to the syslog port.
======================================================Name: CVE-1999-0064Status: EntryReference: BUGTRAQ:May28,1997Reference: XF:lquerylv-bo
Buffer overflow in AIX lquerylv program gives root access to local users.
======================================================Name: CVE-1999-0065Status: EntryReference: SUN:00181Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/181Reference: XF:hp-dtmail
Multiple buffer overflows in how dtmail handles attachments allows aremote attacker to execute commands.
======================================================Name: CVE-1999-0066Status: EntryReference: BUGTRAQ:19950731 SECURITY HOLE: "AnyForm" CGIReference: BID:719Reference: URL:http://www.securityfocus.com/bid/719Reference: XF:http-cgi-anyform
AnyForm CGI remote execution.
======================================================Name: CVE-1999-0067Status: EntryReference: BUGTRAQ:19960923 PHF Attacks - Fun and games for the whole familyReference: CERT:CA-1996-06Reference: URL:http://www.cert.org/advisories/CA-1996-06.htmlReference: AUSCERT:AA-96.01Reference: BID:629Reference: URL:http://www.securityfocus.com/bid/629Reference: OSVDB:136Reference: URL:http://www.osvdb.org/136Reference: XF:http-cgi-phf
phf CGI program allows remote command execution through shellmetacharacters.
======================================================Name: CVE-1999-0068Status: EntryReference: BUGTRAQ:19971019 Vulnerability in PHP Example Logging ScriptsReference: XF:http-cgi-php-mylogReference: BID:713Reference: URL:http://www.securityfocus.com/bid/713Reference: OSVDB:3396Reference: URL:http://www.osvdb.org/3396
CGI PHP mylog script allows an attacker to read any file on thetarget server.
======================================================Name: CVE-1999-0069Status: EntryReference: SUN:00169Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/169Reference: XF:sun-ufsrestoreReference: OSVDB:8158Reference: URL:http://www.osvdb.org/8158
Solaris ufsrestore buffer overflow.
======================================================Name: CVE-1999-0070Status: EntryReference: XF:http-cgi-test
test-cgi program allows an attacker to list files on the server.
======================================================Name: CVE-1999-0071Status: EntryReference: XF:http-apache-cookieReference: NAI:NAI-2
Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
======================================================Name: CVE-1999-0072Status: EntryReference: ERS:ERS-SVA-E01-1997:004.1Reference: XF:ibm-xdat
Buffer overflow in AIX xdat gives root access to local users.
======================================================Name: CVE-1999-0073Status: EntryReference: CERT:CA-95:14.Telnetd_Environment_VulnerabilityReference: XF:linkerbug
Telnet allows a remote client to specify environment variables includingLD_LIBRARY_PATH, allowing an attacker to bypass the normal systemlibraries and gain root access.
======================================================Name: CVE-1999-0074Status: EntryReference: XF:seqport
Listening TCP ports are sequentially allocated, allowing spoofingattacks.
======================================================Name: CVE-1999-0075Status: EntryReference: BUGTRAQ:19961016 Re: ftpd bug? Was: bin/1805: Bug in ftpdReference: XF:ftp-pasvcoreReference: OSVDB:5742Reference: URL:http://www.osvdb.org/5742
PASV core dump in wu-ftpd daemon when attacker uses a QUOTE PASVcommand after specifying a username and password.
======================================================Name: CVE-1999-0077Status: EntryReference: XF:tcp-seq-predict(139)Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/139
Predictable TCP sequence numbers allow spoofing.
======================================================Name: CVE-1999-0079Status: EntryReference: XF:ftp-pasv-dosReference: XF:ftp-pasvdos
Remote attackers can cause a denial of service in FTP by issuingmultiple PASV commands, causing the server to run out of availableports.
======================================================Name: CVE-1999-0080Status: EntryReference: BUGTRAQ:19950531 SECURITY: problem with some wu-ftpd-2.4 binaries (fwd)Reference: CERT:CA-95:16.wu-ftpd.vulReference: XF:ftp-execdotdot
Certain configurations of wu-ftp FTP server 2.4 use a _PATH_EXECPATHsetting to a directory with dangerous commands, such as /bin, whichallows remote authenticated users to gain root access via the "siteexec" command.
======================================================Name: CVE-1999-0081Status: EntryReference: XF:ftp-rnfr
wu-ftp allows files to be overwritten via the rnfr command.
======================================================Name: CVE-1999-0082Status: EntryReference: XF:ftp-cwdReference: FarmerVenema:Improving the Security of Your Site by Breaking Into itReference: URL:http://www.alw.nih.gov/Security/Docs/admin-guide-to-cracking.101.html
CWD ~root command in ftpd allows root access.
======================================================Name: CVE-1999-0083Status: EntryReference: XF:cwdleak
getcwd() file descriptor leak in FTP.
======================================================Name: CVE-1999-0084Status: EntryReference: XF:nfs-mknod(78)Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/78
Certain NFS servers allow users to use mknod to gain privileges bycreating a writable kmem device and setting the UID to 0.
======================================================Name: CVE-1999-0085Status: EntryReference: BUGTRAQ:19960821 rwhod buffer overflowReference: XF:rwhod(119)Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/119Reference: XF:rwhod-vuln(118)Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/118
Buffer overflow in rwhod on AIX and other operating systems allowsremote attackers to execute arbitrary code via a UDP packet with along hostname.
======================================================Name: CVE-1999-0087Status: EntryReference: XF:ibm-telnetdosReference: ERS:ERS-SVA-E01-1998:003.1Reference: OSVDB:7992Reference: URL:http://www.osvdb.org/7992
Denial of service in AIX telnet can freeze a system and preventusers from accessing the server.
======================================================Name: CVE-1999-0090Status: EntryReference: ERS:ERS-SVA-E01-1997:005.1Reference: XF:ibm-rcp
Buffer overflow in AIX rcp command allows local users to obtainroot access.
======================================================Name: CVE-1999-0091Status: EntryReference: ERS:ERS-SVA-E01-1997:005.1Reference: XF:ibm-writesrv
Buffer overflow in AIX writesrv command allows local users to obtainroot access.
======================================================Name: CVE-1999-0093Status: EntryReference: ERS:ERS-SVA-E01-1997:008.1Reference: XF:ibm-nslookup
AIX nslookup command allows local users to obtain root access by notdropping privileges correctly.
======================================================Name: CVE-1999-0094Status: EntryReference: ERS:ERS-SVA-E01-1997:007.1Reference: XF:ibm-piodmgrsu
AIX piodmgrsu command allows local users to gain additionalgroup privileges.
======================================================Name: CVE-1999-0095Status: EntryReference: CERT:CA-88.01Reference: CERT:CA-93.14Reference: BID:1Reference: URL:http://www.securityfocus.com/bid/1Reference: OSVDB:195Reference: URL:http://www.osvdb.org/195Reference: XF:smtp-debug
The debug command in Sendmail is enabled, allowing attackers toexecute commands as root.
======================================================Name: CVE-1999-0096Status: EntryReference: CERT:CA-93.16Reference: CERT:CA-95.05Reference: CIAC:A-13Reference: CIAC:A-14Reference: SUN:00122Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/122&type=0&nav=sec.sbaReference: XF:smtp-dcod
Sendmail decode alias can be used to overwrite sensitive files.
======================================================Name: CVE-1999-0097Status: EntryReference: ERS:ERS-SVA-E01-1997:009.1Reference: XF:ibm-ftp
The AIX FTP client can be forced to execute commands from a maliciousserver through shell metacharacters (e.g. a pipe character).
======================================================Name: CVE-1999-0099Status: EntryReference: CERT:CA-95.13.syslog.vulReference: XF:smtp-syslog
Buffer overflow in syslog utility allows local or remote attackers togain root privileges.
======================================================Name: CVE-1999-0100Status: EntryReference: ERS:ERS-SVA-E01-1997:002.1Reference: XF:inn-controlmsg
Remote access in AIX innd 1.5.1, using control messages.
======================================================Name: CVE-1999-0101Status: EntryReference: ERS:ERS-SVA-E01-1997:001.1Reference: ERS:ERS-SVA-E01-1996:007.1Reference: SUN:00137aReference: CIAC:H-13Reference: URL:http://ciac.llnl.gov/ciac/bulletins/h-13.shtmlReference: NAI:NAI-1Reference: XF:ghbn-bo
Buffer overflow in AIX and Solaris "gethostbyname" library call allowsroot access through corrupt DNS host names.
======================================================Name: CVE-1999-0102Status: EntryReference: XF:slmail-fromheader-overflow
Buffer overflow in SLmail 3.x allows attackers to execute commandsusing a large FROM line.
======================================================Name: CVE-1999-0103Status: EntryReference: CERT:CA-96.01.UDP_service_denialReference: XF:echoReference: XF:chargenReference: XF:chargen-patch
Echo and chargen, or other combinations of UDP services, can be usedin tandem to flood the server, a.k.a. UDP bomb or UDP packet storm.
======================================================Name: CVE-1999-0108Status: EntryReference: BUGTRAQ:19970527 another day, another buffer overflow....Reference: URL:http://seclists.org/bugtraq/1997/May/191Reference: XF:printers-bo
The printers program in IRIX has a buffer overflow that gives rootaccess to local users.
======================================================Name: CVE-1999-0109Status: EntryReference: SUN:00140Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/140Reference: AUSCERT:AA-97.06Reference: XF:ffbconfig-bo
Buffer overflow in ffbconfig in Solaris 2.5.1.
======================================================Name: CVE-1999-0111Status: EntryReference: XF:rip
RIP v1 is susceptible to spoofing.
======================================================Name: CVE-1999-0112Status: EntryReference: BUGTRAQ:19970520 AIX 4.2 dtterm exploitReference: XF:dtterm-bo(878)Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/878
Buffer overflow in AIX dtterm program for the CDE.
======================================================Name: CVE-1999-0113Status: EntryReference: BUGTRAQ:19940729 -froot??? (AIX rlogin bug)Reference: CERT:CA-94.09.bin.login.vulnerabilityReference: CIAC:E-26Reference: BID:458Reference: URL:http://www.securityfocus.com/bid/458Reference: XF:rlogin-froot
Some implementations of rlogin allow root access if given a-froot parameter.
======================================================Name: CVE-1999-0115Status: EntryReference: BUGTRAQ:19970909 AIX bugfilerReference: XF:ibm-bugfilerReference: BID:1800Reference: URL:http://www.securityfocus.com/bid/1800
AIX bugfiler program allows local users to gain root access.
======================================================Name: CVE-1999-0116Status: EntryReference: CERT:CA-96.21.tcp_syn.floodingReference: SGI:19961202-01-PXReference: URL:ftp://patches.sgi.com/support/free/security/advisories/19961202-01-PXReference: SUN:00136Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/136
Denial of service when an attacker sends many SYN packets to createmultiple connections without ever sending an ACK to complete theconnection, aka SYN flood.
======================================================Name: CVE-1999-0117Status: EntryReference: XF:ibm-passwdReference: CERT:CA-92:07.AIX.passwd.vulnerability
AIX passwd allows local users to gain root access.
======================================================Name: CVE-1999-0118Status: EntryReference: BUGTRAQ:19981119 RSI.0011.11-09-98.AIX.INFODReference: URL:http://marc.info/?l=bugtraq&m=91158980826979&w=2Reference: XF:aix-infod
AIX infod allows local users to gain root access through an X display.
======================================================Name: CVE-1999-0120Status: EntryReference: SUN:00126Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/126Reference: CERT:CA-94.06.utmp.vulnerabilityReference: XF:utmp-write
Sun/Solaris utmp file allows local users to gain root access if itis writable by users other than root.
======================================================Name: CVE-1999-0122Status: EntryReference: BUGTRAQ:Jul21,1999Reference: XF:lchangelv-bo
Buffer overflow in AIX lchangelv gives root access.
======================================================Name: CVE-1999-0124Status: EntryReference: CERT:CA-93:11.UMN.UNIX.gopher.vulnerabilityReference: XF:gopher-vuln
Vulnerabilities in UMN gopher and gopher+ versions 1.12 and 2.0x allowan intruder to read any files that can be accessed by the gopherdaemon.
======================================================Name: CVE-1999-0125Status: EntryReference: XF:sgi-mailx-boReference: SGI:19980605-01-PXReference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980605-01-PX
Buffer overflow in SGI IRIX mailx program.
======================================================Name: CVE-1999-0126Status: EntryReference: CERT:VB-98.04.xterm.XawReference: CIAC:J-010Reference: URL:http://www.ciac.org/ciac/bulletins/j-010.shtmlReference: XF:xfree86-xterm-xawReference: XF:xfree86-xaw
SGI IRIX buffer overflow in xterm and Xaw allows root access.
======================================================Name: CVE-1999-0128Status: EntryReference: XF:ping-deathReference: CERT:CA-96.26.ping
Oversized ICMP ping packets can result in a denial of service,aka Ping o' Death.
======================================================Name: CVE-1999-0129Status: EntryReference: CERT:CA-96.25.sendmail_groups
Sendmail allows local users to write to a file and gain grouppermissions via a .forward or :include: file.
======================================================Name: CVE-1999-0130Status: EntryReference: CERT:CA-96.24.sendmail.daemon.modeReference: BID:716Reference: URL:http://www.securityfocus.com/bid/716Reference: XF:sendmail-daemon-mode
Local users can start Sendmail in daemon mode and gain root privileges.
======================================================Name: CVE-1999-0131Status: EntryReference: CERT:CA-96.20.sendmail_vulReference: XF:smtp-875boReference: BID:717Reference: URL:http://www.securityfocus.com/bid/717
Buffer overflow and denial of service in Sendmail 8.7.5 andearlier through GECOS field gives root access to local users.
======================================================Name: CVE-1999-0132Status: EntryReference: CERT:CA-1996-19Reference: URL:http://www.cert.org/advisories/CA-1996-19.htmlReference: OSVDB:11723Reference: URL:http://www.osvdb.org/11723Reference: XF:expreserve(401)Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/401
Expreserve, as used in vi and ex, allows local users to overwritearbitrary files and gain root access.
======================================================Name: CVE-1999-0133Status: EntryReference: CERT:CA-96.18.fm_flsReference: XF:fmaker-logfile
fm_fls license server for Adobe Framemaker allows local users tooverwrite arbitrary files and gain root access.
======================================================Name: CVE-1999-0134Status: EntryReference: XF:sol-voldtmpReference: CERT:CA-96.17.Solaris_vold_vulReference: AUSCERT:AL-96.04Reference: OSVDB:8159Reference: URL:http://www.osvdb.org/8159
vold in Solaris 2.x allows local users to gain root access.
======================================================Name: CVE-1999-0135Status: EntryReference: XF:sun-admintoolReference: CERT:CA-96.16.Solaris_admintool_vulReference: AUSCERT:AL-96.03
admintool in Solaris allows a local user to write to arbitrary filesand gain root access.
======================================================Name: CVE-1999-0136Status: EntryReference: XF:sol-KCMSvulnReference: AUSCERT:AL-96.02Reference: CERT:CA-96.15.Solaris_KCMS_vul
Kodak Color Management System (KCMS) on Solaris allows a local user towrite to arbitrary files and gain root access.
======================================================Name: CVE-1999-0137Status: EntryReference: XF:linux-dipboReference: CERT:CA-96.13.dip_vulReference: XF:dip-bo
The dip program on many Linux systems allows local users to gain rootaccess via a buffer overflow.
======================================================Name: CVE-1999-0138Status: EntryReference: CERT:CA-96.12.suidperl_vulReference: XF:sperl-suid
The suidperl and sperl program do not give up root privileges whenchanging UIDs back to the original users, allowing root access.
======================================================Name: CVE-1999-0139Status: EntryReference: XF:sol-mkcookieReference: RSI:RSI.0012.12-03-98.SOLARIS.MKCOOKIEReference: OSVDB:8205Reference: URL:http://www.osvdb.org/8205
Buffer overflow in Solaris x86 mkcookie allows local users toobtain root access.
======================================================Name: CVE-1999-0141Status: EntryReference: XF:http-java-appletReference: CERT:CA-96.07.java_bytecode_verifierReference: SUN:00134Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/134
Java Bytecode Verifier allows malicious applets to executearbitrary commands as the user of the applet.
======================================================Name: CVE-1999-0142Status: EntryReference: CERT:CA-96.05.java_applet_security_mgrReference: XF:http-java-appletsecmgr
The Java Applet Security Manager implementation in Netscape Navigator2.0 and Java Developer's Kit 1.0 allows an applet to connect toarbitrary hosts.
======================================================Name: CVE-1999-0143Status: EntryReference: CERT:CA-96.03.kerberos_4_key_serverReference: XF:kerberos-bf
Kerberos 4 key servers allow a user to masquerade as another bybreaking and generating session keys.
======================================================Name: CVE-1999-0145Status: EntryReference: CERT:CA-1990-11Reference: URL:http://www.cert.org/advisories/CA-1990-11.htmlReference: CERT:CA-1993-14Reference: URL:http://www.cert.org/advisories/CA-1993-14.htmlReference: BUGTRAQ:19950206 sendmail wizard thing...Reference: URL:http://www2.dataguard.no/bugtraq/1995_1/0332.htmlReference: FarmerVenema:Improving the Security of Your Site by Breaking Into itReference: URL:http://www.alw.nih.gov/Security/Docs/admin-guide-to-cracking.101.html
Sendmail WIZ command enabled, allowing root access.
======================================================Name: CVE-1999-0146Status: EntryReference: BUGTRAQ:19970715 Bug CGI campasReference: BID:1975Reference: URL:http://www.securityfocus.com/bid/1975Reference: XF:http-cgi-campas(298)Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/298
The campas CGI program provided with some NCSA web servers allows anattacker to execute arbitrary commands via encoded carriage returncharacters in the query string, as demonstrated by reading thepassword file.
======================================================Name: CVE-1999-0147Status: EntryReference: XF:http-cgi-glimpseReference: AUSCERT:AA-97.28
The aglimpse CGI program of the Glimpse package allows remoteexecution of arbitrary commands.
======================================================Name: CVE-1999-0148Status: EntryReference: SGI:19970501-02-PXReference: URL:ftp://patches.sgi.com/support/free/security/advisories/19970501-02-PXReference: BID:380Reference: URL:http://www.securityfocus.com/bid/380Reference: XF:http-sgi-handler
The handler CGI program in IRIX allows arbitrary command execution.
======================================================Name: CVE-1999-0149Status: EntryReference: BUGTRAQ:19970420 IRIX 6.x /cgi-bin/wrap bugReference: SGI:19970501-02-PXReference: URL:ftp://patches.sgi.com/support/free/security/advisories/19970501-02-PXReference: BID:373Reference: URL:http://www.securityfocus.com/bid/373Reference: OSVDB:247Reference: URL:http://www.osvdb.org/247Reference: XF:http-sgi-wrap(290)Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/290
The wrap CGI program in IRIX allows remote attackers to viewarbitrary directory listings via a .. (dot dot) attack.
======================================================Name: CVE-1999-0150Status: EntryReference: XF:perl-fingerd
The Perl fingerd program allows arbitrary command execution fromremote users.
======================================================Name: CVE-1999-0151Status: EntryReference: CERT:CA-95.07a.REVISED.satan.vulReference: CERT:CA-95.06.satan.vul
The SATAN session key may be disclosed if the user points the webbrowser to other sites, possibly allowing root access.
======================================================Name: CVE-1999-0152Status: EntryReference: BUGTRAQ:19970811 dgux in.fingerd vulnerabilityReference: XF:dgux-fingerd
The DG/UX finger daemon allows remote command execution through shellmetacharacters.
======================================================Name: CVE-1999-0153Status: EntryReference: XF:win-oobReference: OSVDB:1666Reference: URL:http://www.osvdb.org/1666
Windows 95/NT out of band (OOB) data denial of service through NETBIOSport, aka WinNuke.
======================================================Name: CVE-1999-0155Status: EntryReference: XF:gscript-dsaferReference: CERT:CA-95.10.ghostscript
The ghostscript command with the -dSAFER option allows remoteattackers to execute commands.
======================================================Name: CVE-1999-0157Status: EntryReference: CISCO:http://www.cisco.com/warp/public/770/nifrag.shtmlReference: XF:cisco-fragmented-attacksReference: OSVDB:1097Reference: URL:http://www.osvdb.org/1097
Cisco PIX firewall and CBAC IP fragmentation attack results in adenial of service.
======================================================Name: CVE-1999-0158Status: EntryReference: CISCO:20010913 Cisco PIX Firewall Manager File ExposureReference: URL:http://www.cisco.com/warp/public/770/pixmgrfile-pub.shtmlReference: XF:cisco-pix-file-exposureReference: OSVDB:685Reference: URL:http://www.osvdb.org/685
Cisco PIX firewall manager (PFM) on Windows NT allows attackers toconnect to port 8080 on the PFM server and retrieve any file whosename and location is known.
======================================================Name: CVE-1999-0159Status: EntryReference: CISCO:http://www.cisco.com/warp/public/770/ioslogin-pub.shtmlReference: XF:cisco-ios-crash
Attackers can crash a Cisco IOS router or device, provided they canget to an interactive prompt (such as a login). This applies to someIOS 9.x, 10.x, and 11.x releases.
======================================================Name: CVE-1999-0160Status: EntryReference: CISCO:19971001 Vulnerabilities in Cisco CHAP AuthenticationReference: CIAC:I-002AReference: OSVDB:1099Reference: URL:http://www.osvdb.org/1099Reference: XF:cisco-chap
Some classic Cisco IOS devices have a vulnerability in the PPP CHAPauthentication to establish unauthorized PPP connections.
======================================================Name: CVE-1999-0161Status: EntryReference: CISCO:http://www.cisco.com/warp/public/707/1.htmlReference: XF:cisco-acl-tacacsReference: OSVDB:797Reference: URL:http://www.osvdb.org/797
In Cisco IOS 10.3, with the tacacs-ds or tacacs keyword, an extendedIP access control list could bypass filtering.
======================================================Name: CVE-1999-0162Status: EntryReference: CISCO:19950601 "Established" Keyword May Allow Packets to Bypass FilterReference: XF:cisco-acl-established
The "established" keyword in some Cisco IOS software allowedan attacker to bypass filtering.
======================================================Name: CVE-1999-0164Status: EntryReference: XF:sol-pstmpraceReference: AUSCERT:AA-95.07Reference: CERT:CA-95.09.Solaris.ps.vulReference: OSVDB:8346Reference: URL:http://www.osvdb.org/8346
A race condition in the Solaris ps command allows an attacker tooverwrite critical files.
======================================================Name: CVE-1999-0166Status: EntryReference: XF:nfs-cd
NFS allows users to use a "cd .." command to access other directoriesbesides the exported file system.
======================================================Name: CVE-1999-0167Status: EntryReference: XF:nfs-guessReference: CERT:CA-91.21.SunOS.NFS.Jumbo.and.fsirand
In SunOS, NFS file handles could be guessed, giving unauthorizedaccess to the exported file system.
======================================================Name: CVE-1999-0168Status: EntryReference: XF:nfs-portmap
The portmapper may act as a proxy and redirect service requests froman attacker, making the request appear to come from the local host,possibly bypassing authentication that would otherwise have takenplace. For example, NFS file systems could be mounted through theportmapper despite export restrictions.
======================================================Name: CVE-1999-0170Status: EntryReference: XF:nfs-ultrix
Remote attackers can mount an NFS file system in Ultrix or OSF, evenif it is denied on the access list.
======================================================Name: CVE-1999-0172Status: EntryReference: XF:http-cgi-formmail-exeReference: BUGTRAQ:Aug02,1995
FormMail CGI program allows remote execution of commands.
======================================================Name: CVE-1999-0173Status: EntryReference: XF:http-cgi-formmail-use
FormMail CGI program can be used by web servers other than thehost server that the program resides on.
======================================================Name: CVE-1999-0174Status: EntryReference: BUGTRAQ:19970208 view-sourceReference: XF:http-cgi-viewsrc
The view-source CGI program allows remote attackers to read arbitraryfiles via a .. (dot dot) attack.
======================================================Name: CVE-1999-0175Status: EntryReference: XF:http-nov-convert
The convert.bas program in the Novell web server allows a remoteattackers to read any file on the system that is internally accessibleby the web server.
======================================================Name: CVE-1999-0176Status: EntryReference: BUGTRAQ:Jul10,1997Reference: XF:http-webgais-query
The Webgais program allows a remote user to execute arbitrarycommands.
======================================================Name: CVE-1999-0177Status: EntryReference: NTBUGTRAQ:19970904 [Alert] Website's uploader.exe (from demo) vulnerableReference: NTBUGTRAQ:19970905 Re: FW: [Alert] Website's uploader.exe (from demo) vulnerableReference: BUGTRAQ:19970904 [Alert] Website's uploader.exe (from demo) vulnerableReference: XF:http-website-uploader
The uploader program in the WebSite web server allows a remoteattacker to execute arbitrary programs.
======================================================Name: CVE-1999-0178Status: EntryReference: BUGTRAQ:19970106 Re: signal handlingReference: URL:http://archives.neohapsis.com/archives/bugtraq/1997_1/0021.htmlReference: BID:2078Reference: URL:http://www.securityfocus.com/bid/2078Reference: OSVDB:8Reference: URL:http://www.osvdb.org/8Reference: XF:http-website-winsample(295)Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/295
Buffer overflow in the win-c-sample program (win-c-sample.exe) in theWebSite web server 1.1e allows remote attackers to execute arbitrarycode via a long query string.
======================================================Name: CVE-1999-0179Status: EntryReference: MSKB:Q140818Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q140818Reference: XF:nt-samba-dotdotReference: XF:nt-351Reference: XF:nt-35
Windows NT crashes or locks up when a Samba client executes a "cd .."command on a file share.
======================================================Name: CVE-1999-0180Status: EntryReference: XF:rsh-null
in.rshd allows users to login with a NULL username and execute commands.
======================================================Name: CVE-1999-0181Status: EntryReference: XF:walld
The wall daemon can be used for denial of service, social engineeringattacks, or to execute remote commands.
======================================================Name: CVE-1999-0182Status: EntryReference: CIAC:H-110Reference: URL:http://www.ciac.org/ciac/bulletins/h-110.shtmlReference: CERT:VB-97.10.sambaReference: XF:nt-samba-bo
Samba has a buffer overflow which allows a remote attacker to obtainroot access by specifying a long password.
======================================================Name: CVE-1999-0183Status: EntryReference: XF:linux-tftp
Linux implementations of TFTP would allow access to files outside therestricted directory.
======================================================Name: CVE-1999-0184Status: EntryReference: XF:dns-updates
When compiled with the -DALLOW_UPDATES option, bind allows dynamicupdates to the DNS server, allowing for malicious modification of DNSrecords.
======================================================Name: CVE-1999-0185Status: EntryReference: SUN:00156Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/156Reference: XF:sun-ftpd/logind
In SunOS or Solaris, a remote user could connect from an FTP server'sdata port to an rlogin server on a host that trusts the FTP server,allowing remote command execution.
======================================================Name: CVE-1999-0188Status: EntryReference: SUN:00182Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/182Reference: XF:sun-passwd-dos
The passwd command in Solaris can be subjected to a denial of service.
======================================================Name: CVE-1999-0189Status: EntryReference: NAI:NAI-15Reference: SUN:00142Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/142Reference: XF:rpc-32771
Solaris rpcbind listens on a high numbered UDP port, which may not befiltered since the standard port number is 111.
======================================================Name: CVE-1999-0190Status: EntryReference: SUN:00167Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/167Reference: XF:sun-rpcbind
Solaris rpcbind can be exploited to overwrite arbitrary files and gainroot access.
======================================================Name: CVE-1999-0191Status: EntryReference: XF:http-cgi-newdsnReference: OSVDB:275Reference: URL:http://www.osvdb.org/275
IIS newdsn.exe CGI script allows remote users to overwrite files.
======================================================Name: CVE-1999-0192Status: EntryReference: SNI:SNI-20Reference: XF:bsd-tel-tgetent
Buffer overflow in telnet daemon tgetent routing allows remoteattackers to gain root access via the TERMCAP environmental variable.
======================================================Name: CVE-1999-0194Status: EntryReference: XF:comsat
Denial of service in in.comsat allows attackers to generate messages.
======================================================Name: CVE-1999-0196Status: EntryReference: BUGTRAQ:19970704 Vulnerability in websendmailReference: BID:2077Reference: URL:http://www.securityfocus.com/bid/2077Reference: OSVDB:237Reference: URL:http://www.osvdb.org/237Reference: XF:http-webgais-smail
websendmail in Webgais 1.0 allows a remote user to access arbitraryfiles and execute arbitrary code via the receiver parameter($VAR_receiver variable).
======================================================Name: CVE-1999-0201Status: EntryReference: XF:ftp-home
A quote cwd command on FTP servers can reveal the full path of thehome directory of the "ftp" user.
======================================================Name: CVE-1999-0202Status: EntryReference: XF:ftp-exectar
The GNU tar command, when used in FTP sessions, may allow an attackerto execute arbitrary commands.
======================================================Name: CVE-1999-0203Status: EntryReference: CERT:CA-95.08Reference: CIAC:E-03Reference: XF:smtp-sendmail-version5
In Sendmail, attackers can gain root privileges via SMTP by specifyingan improper "mail from" address and an invalid "rcpt to" address that wouldcause the mail to bounce to a program.
======================================================Name: CVE-1999-0204Status: EntryReference: XF:ident-boReference: CIAC:F-13
Sendmail 8.6.9 allows remote attackers to execute root commands, usingident.
======================================================Name: CVE-1999-0206Status: EntryReference: XF:sendmail-mime-boReference: AUSCERT:AA-96.06a
MIME buffer overflow in Sendmail 8.8.0 and 8.8.1 gives root access.
======================================================Name: CVE-1999-0207Status: EntryReference: XF:majordomo-exeReference: CERT:CA-94.11.majordomo.vulnerabilities
Remote attacker can execute commands through Majordomo using theReply-To field and a "lists" command.
======================================================Name: CVE-1999-0208Status: EntryReference: XF:rpc-updateReference: CERT:CA-95.17.rpc.ypupdated.vul
rpc.ypupdated (NIS) allows remote users to execute arbitrary commands.
======================================================Name: CVE-1999-0209Status: EntryReference: CERT:CA-90.05.sunselection.vulnerabilityReference: BID:8Reference: URL:http://www.securityfocus.com/bid/8Reference: XF:selsvc
The SunView (SunTools) selection_svc facility allows remote users toread files.
======================================================Name: CVE-1999-0210Status: EntryReference: BUGTRAQ:19971126 Solaris 2.5.1 automountd exploit (fwd)Reference: URL:http://marc.info/?l=bugtraq&m=88053459921223&w=2Reference: BUGTRAQ:19990103 SUN almost has a clue! (automountd)Reference: URL:http://marc.info/?l=bugtraq&m=91547759121289&w=2Reference: HP:HPSBUX9910-104Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9910-104Reference: CERT:CA-99-05Reference: URL:http://www.cert.org/advisories/CA-99-05-statd-automountd.htmlReference: BID:235Reference: URL:http://www.securityfocus.com/bid/235
Automount daemon automountd allows local or remote users to gainprivileges via shell metacharacters.
======================================================Name: CVE-1999-0211Status: EntryReference: CERT:CA-94.02.REVISED.SunOS.rpc.mountd.vulnerabilityReference: BID:24Reference: URL:http://www.securityfocus.com/bid/24
Extra long export lists over 256 characters in some mount daemonsallows NFS directories to be mounted by anyone.
======================================================Name: CVE-1999-0212Status: EntryReference: SUN:00168Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/168Reference: CIAC:I-048Reference: URL:http://www.ciac.org/ciac/bulletins/i-048.shtmlReference: XF:sun-mountd
Solaris rpc.mountd generates error messages that allow a remoteattacker to determine what files are on the server.
======================================================Name: CVE-1999-0214Status: EntryReference: XF:icmp-unreachable
Denial of service by sending forged ICMP unreachable packets.
======================================================Name: CVE-1999-0215Status: EntryReference: SGI:19981004-01-PXReference: URL:ftp://patches.sgi.com/support/free/security/advisories/19981004-01-PXReference: CIAC:J-012Reference: URL:http://www.ciac.org/ciac/bulletins/j-012.shtmlReference: XF:ripapp
Routed allows attackers to append data to files.
======================================================Name: CVE-1999-0217Status: EntryReference: XF:udp-bomb
Malicious option settings in UDP packets could force a reboot in SunOS4.1.3 systems.
======================================================Name: CVE-1999-0218Status: EntryReference: XF:portmaster-reboot
Livingston portmaster machines could be rebooted via a seriesof commands.
======================================================Name: CVE-1999-0219Status: EntryReference: NTBUGTRAQ:19990503 Buffer overflows in FTP Serv-U 2.5Reference: URL:http://marc.info/?l=ntbugtraq&m=92574916930144&w=2Reference: NTBUGTRAQ:19990504 Re: Buffer overflows in FTP Serv-U 2.5Reference: URL:http://marc.info/?l=ntbugtraq&m=92582581330282&w=2Reference: BUGTRAQ:19990909 Exploit: Serv-U Ver2.5 FTPd Win9x/NTReference: BID:269Reference: URL:http://www.securityfocus.com/bid/269Reference: XF:ftp-servu(205)Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/205
Buffer overflow in FTP Serv-U 2.5 allows remote authenticated users tocause a denial of service (crash) via a long (1) CWD or (2) LS (list)command.
======================================================Name: CVE-1999-0221Status: EntryReference: XF:ascend-150-kill
Denial of service of Ascend routers through port 150 (remoteadministration).
======================================================Name: CVE-1999-0223Status: EntryReference: BUGTRAQ:19961109 Syslogd and Solaris 2.4Reference: SUNBUG:1249320Reference: CONFIRM:http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?patchid=103291&collection=fpatchesReference: XF:sol-syslogd-crashReference: BID:1878Reference: URL:http://www.securityfocus.com/bid/1878
Solaris syslogd crashes when receiving a message from a host thatdoesn't have an inverse DNS entry.
======================================================Name: CVE-1999-0224Status: EntryReference: XF:nt-messenger
Denial of service in Windows NT messenger service through a longusername.
======================================================Name: CVE-1999-0225Status: EntryReference: NAI:19980214 Windows NT Logon Denial of ServiceReference: URL:http://www.nai.com/nai_labs/asp_set/advisory/25_windows_nt_dos_adv.aspReference: MSKB:Q180963Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=180963Reference: XF:nt-logondos
Windows NT 4.0 allows remote attackers to cause a denial of servicevia a malformed SMB logon request in which the actual data size doesnot match the specified size.
======================================================Name: CVE-1999-0227Status: EntryReference: MSKB:Q154087Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q154087Reference: XF:nt-lsass-crash
Access violation in LSASS.EXE (LSA/LSARPC) program in Windows NTallows a denial of service.
======================================================Name: CVE-1999-0228Status: EntryReference: XF:nt-rpc-verReference: MSKB:Q162567Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q162567
Denial of service in RPCSS.EXE program (RPC Locator) in Windows NT.
======================================================Name: CVE-1999-0230Status: EntryReference: CISCO:http://www.cisco.com/warp/public/770/pwbuf-pub.shtmlReference: OSVDB:1102Reference: URL:http://www.osvdb.org/1102
Buffer overflow in Cisco 7xx routers through the telnet service.
======================================================Name: CVE-1999-0233Status: EntryReference: MSKB:Q148188Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q148188Reference: MSKB:Q155056Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q155056Reference: XF:http-iis-cmd
IIS 1.0 allows users to execute arbitrary commands using .bat or .cmdfiles.
======================================================Name: CVE-1999-0234Status: EntryReference: XF:bash-cmdReference: CERT:CA-96.22.bash_vuls
Bash treats any character with a value of 255 as a command separator.
======================================================Name: CVE-1999-0236Status: EntryReference: XF:http-scriptalias
ScriptAlias directory in NCSA and Apache httpd allowed attackers toread CGI programs.
======================================================Name: CVE-1999-0237Status: EntryReference: XF:http-cgi-guestbookReference: CERT:VB-97.02
Remote execution of arbitrary commands through Guestbook CGI program.
======================================================Name: CVE-1999-0239Status: EntryReference: XF:fastrack-get-directory-listReference: OSVDB:122Reference: URL:http://www.osvdb.org/122
Netscape FastTrack Web server lists files when a lowercase "get"command is used instead of an uppercase GET.
======================================================Name: CVE-1999-0244Status: EntryReference: NAI:NAI-23Reference: XF:radius-accounting-overflow
Livingston RADIUS code has a buffer overflow which can allow remoteexecution of commands as root.
======================================================Name: CVE-1999-0245Status: EntryReference: BUGTRAQ:19950907 Linux NIS security problem hole and fixReference: XF:linux-plus
Some configurations of NIS+ in Linux allowed attackersto log in as the user "+".
======================================================Name: CVE-1999-0247Status: EntryReference: NAI:19970721 INN news server vulnerabilitiesReference: URL:http://www.nai.com/nai_labs/asp_set/advisory/17_inn_avd.aspReference: BID:1443Reference: URL:http://www.securityfocus.com/bid/1443Reference: XF:inn-bo
Buffer overflow in nnrpd program in INN up to version 1.6 allowsremote users to execute arbitrary commands.
======================================================Name: CVE-1999-0248Status: EntryReference: MISC:http://oliver.efri.hr/~crv/security/bugs/mUNIXes/ssh2.htmlReference: CONFIRM:http://www.uni-karlsruhe.de/~ig25/ssh-faq/ssh-faq-6.html#ss6.1
A race condition in the authentication agent mechanism of sshd 1.2.17allows an attacker to steal another user's credentials.
======================================================Name: CVE-1999-0251Status: EntryReference: XF:talkd-flash
Denial of service in talk program allows remote attackers todisrupt a user's display.
======================================================Name: CVE-1999-0252Status: EntryReference: XF:smtp-listserv
Buffer overflow in listserv allows arbitrary command execution.
======================================================Name: CVE-1999-0256Status: EntryReference: XF:war-ftpdReference: OSVDB:875Reference: URL:http://www.osvdb.org/875
Buffer overflow in War FTP allows remote execution of commands.
======================================================Name: CVE-1999-0259Status: EntryReference: BUGTRAQ:19970523 cfingerd vulnerabilityReference: XF:cfinger-user-enumeration
cfingerd lists all users on a system via search.**@target.
======================================================Name: CVE-1999-0260Status: EntryReference: BUGTRAQ:19961224 jj cgiReference: XF:http-cgi-jj
The jj CGI program allows command execution via shell metacharacters.
======================================================Name: CVE-1999-0262Status: EntryReference: BUGTRAQ:19980804 remote exploit in faxsurvey cgi-scriptReference: BUGTRAQ:19980804 PATCH: faxsurveyReference: BID:2056Reference: URL:http://www.securityfocus.com/bid/2056Reference: XF:http-cgi-faxsurvey(1532)Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1532
Hylafax faxsurvey CGI script on Linux allows remote attackers toexecute arbitrary commands via shell metacharacters in the querystring.
======================================================Name: CVE-1999-0263Status: EntryReference: SUN:00173Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/173Reference: XF:sun-sunwadmap
Solaris SUNWadmap can be exploited to obtain root access.
======================================================Name: CVE-1999-0264Status: EntryReference: XF:http-htmlscript-file-accessReference: BUGTRAQ:Jan27,1998
htmlscript CGI program allows remote read access to files.
======================================================Name: CVE-1999-0265Status: EntryReference: MSKB:Q154174Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q154174Reference: ISS:ICMP Redirects Against Embedded ControllersReference: XF:icmp-redirect
ICMP redirect messages may crash or lock up a host.
======================================================Name: CVE-1999-0266Status: EntryReference: BUGTRAQ:19980303 Vulnerabilites in some versions of info2www CGIReference: BID:1995Reference: URL:http://www.securityfocus.com/bid/1995Reference: XF:http-cgi-info2www
The info2www CGI script allows remote file access or remotecommand execution.
======================================================Name: CVE-1999-0267Status: EntryReference: XF:http-portReference: CERT:CA-95.04.NCSA.http.daemon.for.unix.vulnerability
Buffer overflow in NCSA HTTP daemon v1.3 allows remote command execution.
======================================================Name: CVE-1999-0268Status: EntryReference: BUGTRAQ:19980630 Security vulnerabilities in MetaInfo productsReference: BUGTRAQ:19980703 Followup to MetaInfo vulnerabilitiesReference: OSVDB:110Reference: URL:http://www.osvdb.org/110Reference: OSVDB:3969Reference: URL:http://www.osvdb.org/3969Reference: XF:metaweb-server-dot-attack
MetaInfo MetaWeb web server allows users to upload, execute, and readscripts.
======================================================Name: CVE-1999-0269Status: EntryReference: XF:netscape-server-pageservices
Netscape Enterprise servers may list files through the PageServices query.
======================================================Name: CVE-1999-0270Status: EntryReference: BUGTRAQ:19980317 IRIX performer_tools bugReference: SGI:19980401-01-PReference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980401-01-PReference: CIAC:I-041Reference: URL:http://www.ciac.org/ciac/bulletins/i-041.shtmlReference: BID:64Reference: URL:http://www.securityfocus.com/bid/64Reference: OSVDB:134Reference: URL:http://www.osvdb.org/134Reference: XF:sgi-pfdispaly(810)Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/810
Directory traversal vulnerability in pfdispaly.cgi program (sometimesreferred to as "pfdisplay") for SGI's Performer API Search Tool(performer_tools) allows remote attackers to read arbitrary files.
======================================================Name: CVE-1999-0272Status: EntryReference: XF:slmail-username-bo
Denial of service in Slmail v2.5 through the POP3 port.
======================================================Name: CVE-1999-0273Status: EntryReference: XF:sun-telnet-kill
Denial of service through Solaris 2.5.1 telnet by sending ^D characters.
======================================================Name: CVE-1999-0274Status: EntryReference: NAI:NAI-5Reference: XF:nt-dns-dos
Denial of service in Windows NT DNS servers through malicious packetwhich contains a response to a query that wasn't made.
======================================================Name: CVE-1999-0275Status: EntryReference: XF:nt-dnscrashReference: XF:nt-dnsverReference: MS:Q169461
Denial of service in Windows NT DNS servers by flooding port 53 withtoo many characters.
======================================================Name: CVE-1999-0276Status: EntryReference: XF:msql-debug-boReference: SEKURE:sekure.01-99.msql
mSQL v2.0.1 and below allows remote execution through a buffer overflow.
======================================================Name: CVE-1999-0277Status: EntryReference: XF:workmanReference: CERT:CA-96.23.workman_vul
The WorkMan program can be used to overwrite any file to get root access.
======================================================Name: CVE-1999-0278Status: EntryReference: MS:MS98-003Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms98-003.mspxReference: XF:iis-asp-data-checkReference: OVAL:oval:org.mitre.oval:def:913Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A913
In IIS, remote attackers can obtain source code for ASP files by appending"::$DATA" to the URL.
======================================================Name: CVE-1999-0279Status: EntryReference: BUGTRAQ:19971217 CGI security hole in EWS (Excite for Web Servers)Reference: BUGTRAQ:19980115 Excite announcementReference: CERT:VB-98.01.exciteReference: XF:excite-cgi-search-vuln
Excite for Web Servers (EWS) allows remote command execution viashell metacharacters.
======================================================Name: CVE-1999-0280Status: EntryReference: NTBUGTRAQ:19970317 Internet Explorer Bug #4Reference: CIAC:H-38Reference: XF:http-ie-lnkurl
Remote command execution in Microsoft Internet Explorer using .lnk and.url files.
======================================================Name: CVE-1999-0281Status: EntryReference: XF:http-iis-longurl
Denial of service in IIS using long URLs.
======================================================Name: CVE-1999-0288Status: EntryReference: NTBUGTRAQ:19970801 WINS floodingReference: BUGTRAQ:19970801 WINS floodingReference: BUGTRAQ:19970815 Re: WINS floodingReference: MISC:http://safenetworks.com/Windows/wins.htmlReference: MSKB:155701Reference: XF:nt-winsupd-fix(1233)Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1233
The WINS server in Microsoft Windows NT 4.0 before SP4 allows remoteattackers to cause a denial of service (process termination) viainvalid UDP frames to port 137 (NETBIOS Name Service), as demonstratedvia a flood of random packets.
======================================================Name: CVE-1999-0289Status: Entry
The Apache web server for Win32 may provide access to restrictedfiles when a . (dot) is appended to a requested URL.
======================================================Name: CVE-1999-0290Status: EntryReference: BUGTRAQ:19980221 WinGate DoSReference: BUGTRAQ:19980326 WinGate Intermediary Fix/UpdateReference: XF:wingate-dos
The WinGate telnet proxy allows remote attackers to cause a denial ofservice via a large number of connections to localhost.
======================================================Name: CVE-1999-0291Status: EntryReference: XF:wingate-unpassworded
The WinGate proxy is installed without a password, which allowsremote attackers to redirect connections without authentication.
======================================================Name: CVE-1999-0292Status: EntryReference: XF:nt-winpopup
Denial of service through Winpopup using large user names.
======================================================Name: CVE-1999-0293Status: EntryReference: CISCO:http://www.cisco.com/warp/public/770/aaapair-pub.shtmlReference: XF:cisco-ios-aaa-auth
AAA authentication on Cisco systems allows attackers to executecommands without authorization.
======================================================Name: CVE-1999-0294Status: EntryReference: XF:nt-wins-snmp2
All records in a WINS database can be deleted through SNMP fora denial of service.
======================================================Name: CVE-1999-0295Status: EntryReference: XF:sun-sysdefReference: SUN:00157Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/157
Solaris sysdef command allows local users to read kernel memory,potentially leading to root privileges.
======================================================Name: CVE-1999-0296Status: EntryReference: SUN:00162Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/162Reference: XF:sun-volrmmount
Solaris volrmmount program allows attackers to read any file.
======================================================Name: CVE-1999-0297Status: EntryReference: NAI:NAI-3Reference: AUSCERT:AA-96.21Reference: CIAC:H-17Reference: XF:vixie-cron
Buffer overflow in Vixie Cron library up to version 3.0 allows localusers to obtain root access via a long environmental variable.
======================================================Name: CVE-1999-0299Status: EntryReference: NAI:NAI-9Reference: OSVDB:6093Reference: URL:http://www.osvdb.org/6093
Buffer overflow in FreeBSD lpd through long DNS hostnames.
======================================================Name: CVE-1999-0300Status: EntryReference: SUN:00155Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/155Reference: XF:sun-niscache
nis_cachemgr for Solaris NIS+ allows attackers to add maliciousNIS+ servers.
======================================================Name: CVE-1999-0301Status: EntryReference: SUN:00149Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/149Reference: AUSCERT:AUSCERT-97.17Reference: XF:sun-ps2bo
Buffer overflow in SunOS/Solaris ps command.
======================================================Name: CVE-1999-0302Status: EntryReference: SUN:00176Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/176Reference: XF:sun-ftp-server
SunOS/Solaris FTP clients can be forced to execute arbitrary commandsfrom a malicious FTP server.
======================================================Name: CVE-1999-0303Status: EntryReference: XF:bnu-uucpd-boReference: RSI:RSI.0002.05-18-98.BNU.UUCPD
Buffer overflow in BNU UUCP daemon (uucpd) through long hostnames.
======================================================Name: CVE-1999-0304Status: EntryReference: XF:bsd-mmapReference: FREEBSD:FreeBSD-SA-98:02
mmap function in BSD allows local attackers in the kmem group tomodify memory through devices.
======================================================Name: CVE-1999-0305Status: EntryReference: OPENBSD:Feb15,1998 "IP Source Routing Problem"Reference: MISC:http://www.openbsd.org/advisories/sourceroute.txtReference: OSVDB:11502Reference: URL:http://www.osvdb.org/11502Reference: XF:bsd-sourceroute(736)Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/736
The system configuration control (sysctl) facility in BSD basedoperating systems OpenBSD 2.2 and earlier, and FreeBSD 2.2.5 andearlier, does not properly restrict source routed packets even whenthe (1) dosourceroute or (2) forwarding variables are set, whichallows remote attackers to spoof TCP connections.
======================================================Name: CVE-1999-0308Status: EntryReference: HP:HPSBUX9410-018Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9410-018Reference: XF:hpux-gwind-overwriteReference: CIAC:H-03: HP-UX suid Vulnerabilities
HP-UX gwind program allows users to modify arbitrary files.
======================================================Name: CVE-1999-0309Status: EntryReference: HP:HPSBUX9702-056Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9702-056Reference: XF:hpux-vgdisplayReference: CIAC:H-27: HP-UX vgdisplay Buffer Overrun Vulnerability
HP-UX vgdisplay program gives root access to local users.
======================================================Name: CVE-1999-0310Status: EntryReference: XF:ssh-1225
SSH 1.2.25 on HP-UX allows access to new user accounts.
======================================================Name: CVE-1999-0311Status: EntryReference: XF:hpux-fpkg2swpkReference: HP:HPSBUX9612-042Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9612-042
fpkg2swpk in HP-UX allows local users to gain root access.
======================================================Name: CVE-1999-0312Status: EntryReference: XF:nis-ypbindReference: CERT:CA-93:01.REVISED.HP.NIS.ypbind.vulnerability
HP ypbind allows attackers with root privileges to modify NIS data.
======================================================Name: CVE-1999-0313Status: EntryReference: MISC:http://www.securityfocus.com/bid/213/exploitReference: SGI:19980701-01-PReference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980701-01-PReference: BID:214Reference: URL:http://www.securityfocus.com/bid/214Reference: OSVDB:936Reference: URL:http://www.osvdb.org/936Reference: XF:sgi-disk-bandwidth(1441)Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1441
disk_bandwidth on SGI IRIX 6.4 S2MP for Origin/Onyx2 allows localusers to gain root access using relative pathnames.
======================================================Name: CVE-1999-0314Status: EntryReference: MISC:http://www.securityfocus.com/bid/213/exploitReference: SGI:19980701-01-PReference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980701-01-PReference: BID:213Reference: URL:http://www.securityfocus.com/bid/213Reference: OSVDB:6788Reference: URL:http://www.osvdb.org/6788Reference: XF:sgi-ioconfig(1199)Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1199
ioconfig on SGI IRIX 6.4 S2MP for Origin/Onyx2 allows local users togain root access using relative pathnames.
======================================================Name: CVE-1999-0315Status: EntryReference: XF:fdformat-boReference: SUN:00138Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/138
Buffer overflow in Solaris fdformat command gives root access to localusers.
======================================================Name: CVE-1999-0316Status: EntryReference: XF:linux-splitvtReference: CIAC:G-08
Buffer overflow in Linux splitvt command gives root access to localusers.
======================================================Name: CVE-1999-0318Status: EntryReference: BUGTRAQ:19961125 Security Problems in XMCDReference: BUGTRAQ:19961125 XMCD v2.1 released (was: Security Problems in XMCD)Reference: XF:xmcd-envbo
Buffer overflow in xmcd 2.0p12 allows local users to gain accessthrough an environmental variable.
======================================================Name: CVE-1999-0320Status: EntryReference: SUN:00166Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/166Reference: XF:sun-rpc.cmsd
SunOS rpc.cmsd allows attackers to obtain root access by overwritingarbitrary files.
======================================================Name: CVE-1999-0321Status: EntryReference: XF:sun-kcms-configure-bo
Buffer overflow in Solaris kcms_configure command allows local usersto gain root access.
======================================================Name: CVE-1999-0322Status: EntryReference: FREEBSD:FreeBSD-SA-97:05Reference: XF:freebsd-openReference: OSVDB:6092Reference: URL:http://www.osvdb.org/6092
The open() function in FreeBSD allows local attackers to writeto arbitrary files.
======================================================Name: CVE-1999-0323Status: EntryReference: FREEBSD:FreeBSD-SA-98:04Reference: NETBSD:1998-003Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA1998-003.txt.ascReference: XF:bsd-mmap
FreeBSD mmap function allows users to modify append-only or immutablefiles.
======================================================Name: CVE-1999-0324Status: EntryReference: HP:HPSBUX9702-053Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9702-053Reference: CIAC:H-31Reference: XF:hp-ppllog
ppl program in HP-UX allows local users to create root files throughsymlinks.
======================================================Name: CVE-1999-0325Status: EntryReference: XF:hp-vheReference: HP:HPSBUX9406-013Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9406-013
vhe_u_mnt program in HP-UX allows local users to create root files throughsymlinks.
======================================================Name: CVE-1999-0326Status: EntryReference: HP:HPSBUX9710-071Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9710-071Reference: XF:hp-mediainit
Vulnerability in HP-UX mediainit program.
======================================================Name: CVE-1999-0327Status: EntryReference: SGI:19971103-01-PXReference: URL:ftp://patches.sgi.com/support/free/security/advisories/19971103-01-PXReference: XF:sgi-syserr
SGI syserr program allows local users to corrupt files.
======================================================Name: CVE-1999-0328Status: EntryReference: SGI:19971103-01-PXReference: URL:ftp://patches.sgi.com/support/free/security/advisories/19971103-01-PXReference: XF:sgi-permtool
SGI permissions program allows local users to gain root privileges.
======================================================Name: CVE-1999-0329Status: EntryReference: SGI:19980602-01-PXReference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980602-01-PXReference: XF:sgi-mediad
SGI mediad program allows local users to gain root access.
======================================================Name: CVE-1999-0332Status: EntryReference: XF:nt-netmeetingReference: MSKB:Q184346Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q184346
Buffer overflow in NetMeeting allows denial of service and remotecommand execution.
======================================================Name: CVE-1999-0334Status: EntryReference: XF:sol-startupReference: CERT:CA-93.19.Solaris.Startup.vulnerability
In Solaris 2.2 and 2.3, when fsck fails on startup, it allows a localuser with physical access to obtain root access.
======================================================Name: CVE-1999-0335Status: Entry
DEPRECATED. This entry has been deprecated. It is a duplicate ofCVE-1999-0032.
======================================================Name: CVE-1999-0337Status: EntryReference: CERT:CA-94.10.IBM.AIX.bsh.vulnerability.htmlReference: XF:ibm-bsh
AIX batch queue (bsh) allows local and remote users to gain additionalprivileges when network printing is enabled.
======================================================Name: CVE-1999-0338Status: EntryReference: XF:ibm-perf-toolsReference: CERT:CA-94.03.AIX.performance.tools
AIX Licensed Program Product performance tools allow local users togain root access.
======================================================Name: CVE-1999-0339Status: EntryReference: XF:sol-sun-libauthReference: RSI:RSI.0007.05-26-98
Buffer overflow in the libauth library in Solaris allows local usersto gain additional privileges, possibly root access.
======================================================Name: CVE-1999-0340Status: EntryReference: KSRT:005Reference: XF:linux-crond
Buffer overflow in Linux Slackware crond program allows local usersto gain root access.
======================================================Name: CVE-1999-0341Status: EntryReference: KSRT:006Reference: XF:linux-deliver
Buffer overflow in the Linux mail program "deliver" allows local usersto gain root access.
======================================================Name: CVE-1999-0342Status: EntryReference: REDHAT:http://www.redhat.com/corp/support/errata/rh42-errata-general.html#pamReference: XF:linux-pam-passwd-tmprace
Linux PAM modules allow local users to gain root access usingtemporary files.
======================================================Name: CVE-1999-0343Status: EntryReference: BUGTRAQ:19981002 Announcements from The Palace (fwd)Reference: XF:palace-malicious-servers-vuln
A malicious Palace server can force a client to execute arbitraryprograms.
======================================================Name: CVE-1999-0344Status: EntryReference: MS:MS98-009Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms98-009.mspxReference: MSKB:Q190288Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q190288Reference: XF:nt-priv-fix
NT users can gain debug-level access on a system process using theSechole exploit.
======================================================Name: CVE-1999-0346Status: EntryReference: BUGTRAQ:19971019 Vulnerability in PHP Example Logging ScriptsReference: BID:713Reference: URL:http://www.securityfocus.com/bid/713Reference: XF:http-cgi-php-mlogReference: OSVDB:3397Reference: URL:http://www.osvdb.org/3397
CGI PHP mlog script allows an attacker to read any file on the targetserver.
======================================================Name: CVE-1999-0348Status: EntryReference: NTBUGTRAQ:Jan27,1999Reference: MSKB:Q197003Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q197003Reference: OSVDB:930Reference: URL:http://www.osvdb.org/930
IIS ASP caching problem releases sensitive information when twovirtual servers share the same physical directory.
======================================================Name: CVE-1999-0349Status: EntryReference: EEYE:IIS Remote FTP Exploit/DoS AttackReference: URL:http://www.eeye.com/html/Research/Advisories/IIS%20Remote%20FTP%20Exploit/DoS%20Attack.htmlReference: MS:MS99-003Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-003.mspxReference: MSKB:Q188348Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q188348Reference: BUGTRAQ:Jan27,1999Reference: XF:iis-remote-ftp
A buffer overflow in the FTP list (ls) command in IIS allows remoteattackers to conduct a denial of service and, in some cases, executearbitrary commands.
======================================================Name: CVE-1999-0350Status: EntryReference: L0PHT:Feb8,1999Reference: XF:clearcase-temp-race
Race condition in the db_loader program in ClearCase gives localusers root access by setting SUID bits.
======================================================Name: CVE-1999-0351Status: EntryReference: INFOWAR:01Reference: MISC:http://attrition.org/security/advisory/misc/infowar/iw_sec_01.txtReference: XF:pasv-pizza-thief-dos(3389)Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/3389
FTP PASV "Pizza Thief" denial of service and unauthorized dataaccess. Attackers can steal data by connecting to a port that wasintended for use by a client.
======================================================Name: CVE-1999-0353Status: EntryReference: HP:HPSBUX9902-091Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9902-091Reference: CIAC:J-026Reference: URL:http://www.ciac.org/ciac/bulletins/j-026.shtmlReference: XF:pcnfsd-world-write
rpc.pcnfsd in HP gives remote root access by changing the permissionson the main printer spool directory.
======================================================Name: CVE-1999-0355Status: EntryReference: ISS:Multiple vulnerabilities in ControlIT(tm) (formerly Remotely Possible/32) enterprise management softwareReference: XF:controlit-reboot
Local or remote users can force ControlIT 4.5 to reboot or force auser to log out, resulting in a denial of service.
======================================================Name: CVE-1999-0357Status: EntryReference: BUGTRAQ:19990125 Win98 crash?Reference: XF:win98-oshare-dos
Windows 98 and other operating systems allows remote attackers tocause a denial of service via crafted "oshare" packets, possiblyinvolving invalid