Monthly Archive: September 1999

Solaris SUNWadmap can be exploited to obtain root access. Date published : 1999-09-29 http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/173

Hylafax faxsurvey CGI script on Linux allows remote attackers to execute arbitrary commands via shell metacharacters in the query string. Date published : 1999-09-29 http://www.securityfocus.com/bid/2056

The jj CGI program allows command execution via shell metacharacters. Date published : 1999-09-29

Buffer overflow in War FTP allows remote execution of commands. Date published : 1999-09-29 http://www.osvdb.org/875

Buffer overflow in listserv allows arbitrary command execution. Date published : 1999-09-29

Denial of service in talk program allows remote attackers to disrupt a user’s display. Date published : 1999-09-29

Some configurations of NIS+ in Linux allowed attackers to log in as the user "+". Date published : 1999-09-29

Livingston RADIUS code has a buffer overflow which can allow remote execution of commands as root. Date published : 1999-09-29

Netscape FastTrack Web server lists files when a lowercase "get" command is used instead of an uppercase GET. Date published : 1999-09-29 http://www.osvdb.org/122

Remote execution of arbitrary commands through Guestbook CGI program. Date published : 1999-09-29

ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs. Date published : 1999-09-29

Bash treats any character with a value of 255 as a command separator. Date published : 1999-09-29

Buffer overflow in Cisco 7xx routers through the telnet service. Date published : 1999-09-29 http://www.osvdb.org/1102

Denial of service in RPCSS.EXE program (RPC Locator) in Windows NT. Date published : 1999-09-29 http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;Q162567