Monthly Archive: September 1999

Buffer overflow in suidperl (sperl), Perl 4.x and 5.x. Date published : 1999-09-29

Buffer overflow in lpr, as used in BSD-based systems including Linux, allows local users to execute arbitrary code as root via a long -C (classification) command line option. Date published : 1999-09-29 http://www.securityfocus.com/bid/707

root privileges via buffer overflow in ordist command on SGI IRIX systems. Date published : 1999-09-29

root privileges via buffer overflow in login/scheme command on SGI IRIX systems. Date published : 1999-09-29

root privileges via buffer overflow in eject command on SGI IRIX systems. Date published : 1999-09-29

root privileges via buffer overflow in pset command on SGI IRIX systems. Date published : 1999-09-29

root privileges via buffer overflow in df command on SGI IRIX systems. Date published : 1999-09-29 http://www.securityfocus.com/bid/346

DNS cache poisoning via BIND, by predictable query IDs. Date published : 1999-09-29

Local user gains root privileges via buffer overflow in rdist, via lookup() function. Date published : 1999-09-29

Local user gains root privileges via buffer overflow in rdist, via expstr() function. Date published : 1999-09-29 http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/179

Arbitrary command execution via buffer overflow in Count.cgi (wwwcount) cgi-bin program. Date published : 1999-09-29 http://www.securityfocus.com/bid/128

Delete or create a file via rpc.statd, due to invalid information. Date published : 1999-09-29 http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/135

Buffer overflow in statd allows root privileges. Date published : 1999-09-29 http://www.securityfocus.com/bid/127

FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce. Date published : 1999-09-29