NuytsTech Security

Monthly Archive: September 1999

CVE-1999-0202

The GNU tar command, when used in FTP sessions, may allow an attacker to execute arbitrary commands. Date published : 1999-09-29

CVE-1999-0201

A quote cwd command on FTP servers can reveal the full path of the home directory of the "ftp" user. Date published : 1999-09-29

CVE-1999-0196

websendmail in Webgais 1.0 allows a remote user to access arbitrary files and execute arbitrary code via the receiver parameter ($VAR_receiver variable). Date published : 1999-09-29 http://www.securityfocus.com/bid/2077

CVE-1999-0194

Denial of service in in.comsat allows attackers to generate messages. Date published : 1999-09-29

CVE-1999-0192

Buffer overflow in telnet daemon tgetent routing allows remote attackers to gain root access via the TERMCAP environmental variable. Date published : 1999-09-29

CVE-1999-0185

In SunOS or Solaris, a remote user could connect from an FTP server’s data port to an rlogin server on a host that trusts the FTP server, allowing remote command execution. Date published :...

CVE-1999-0184

When compiled with the -DALLOW_UPDATES option, bind allows dynamic updates to the DNS server, allowing for malicious modification of DNS records. Date published : 1999-09-29

CVE-1999-0183

Linux implementations of TFTP would allow access to files outside the restricted directory. Date published : 1999-09-29

CVE-1999-0181

The wall daemon can be used for denial of service, social engineering attacks, or to execute remote commands. Date published : 1999-09-29

CVE-1999-0180

in.rshd allows users to login with a NULL username and execute commands. Date published : 1999-09-29