Monthly Archive: September 1999

Talkd, when given corrupt DNS information, can be used to execute arbitrary commands with root privileges. Date published : 1999-09-29

MIME conversion buffer overflow in sendmail versions 8.8.3 and 8.8.4. Date published : 1999-09-29 http://www.securityfocus.com/bid/685

Buffer overflow of rlogin program using TERM environmental variable. Date published : 1999-09-29

List of arbitrary files on Web host via nph-test-cgi script. Date published : 1999-09-29

fsdump command in IRIX allows local users to obtain root access by modifying sensitive files. Date published : 1999-09-29 ftp://patches.sgi.com/support/free/security/advisories/19970301-01-P

Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others. Date published : 1999-09-29

Buffer overflow in University of Washington’s implementation of IMAP and POP servers. Date published : 1999-09-29

Buffer overflow in NLS (Natural Language Service). Date published : 1999-09-29

Buffer overflow in Xt library of X Windowing System allows local users to execute commands with root privileges. Date published : 1999-09-29

webdist CGI program (webdist.cgi) in SGI IRIX allows remote attackers to execute arbitrary commands via shell metacharacters in the distloc parameter. Date published : 1999-09-29 http://www.securityfocus.com/bid/374

Buffer overflow in xlock program allows local users to execute commands as root. Date published : 1999-09-29

Arbitrary command execution via metamail package using message headers, when user processes attacker’s message using metamail. Date published : 1999-09-29

IRIX login program with a nonzero LOCKOUT parameter allows creation or damage to files. Date published : 1999-09-29

Race condition in signal handling routine in ftpd, allowing read/write arbitrary files. Date published : 1999-09-29