Monthly Archive: January 2000

Vulnerability in Compaq Tru64 UNIX edauth command. Date published : 2000-01-04

The dtlogin program in Compaq Tru64 UNIX allows local users to gain root privileges. Date published : 2000-01-04 http://www.ciac.org/ciac/bulletins/j-044.shtml

The Squid package in Red Hat Linux 5.2 and 6.0, and other distributions, installs cachemgr.cgi in a public web directory, which allows remote attackers to use it as an intermediary to connect to other...

The default FTP configuration in HP Visualize Conference allows conference users to send a file to other participants without authorization. Date published : 2000-01-04 http://www.securityfocus.com/bid/493 http://www.ciac.org/ciac/bulletins/j-050.shtml

Linux xmonisdn package allows local users to gain root privileges by modifying the IFS or PATH environmental variables. Date published : 2000-01-04 http://www.securityfocus.com/bid/583

Buffer overflow in INN inews program. Date published : 2000-01-04 http://www.securityfocus.com/bid/616

Buffer overflow in Berkeley automounter daemon (amd) logging facility provided in the Linux am-utils package and others. Date published : 2000-01-04 http://www.securityfocus.com/bid/614

OpenBSD, BSDI, and other Unix operating systems allow users to set chflags and fchflags on character and block devices. Date published : 2000-01-04 http://www.ciac.org/ciac/bulletins/j-066.shtml

Internet Explorer 5.0 and 5.01 allows remote attackers to modify or execute files via the Import/Export Favorites feature, aka the "ImportExportFavorites" vulnerability. Date published : 2000-01-04 http://www.securityfocus.com/bid/627

After an unattended installation of Windows NT 4.0, an installation file could include sensitive information such as the local Administrator password. Date published : 2000-01-04 http://www.securityfocus.com/bid/626 https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-036

Buffer overflow in Microsoft Phone Dialer (dialer.exe), via a malformed dialer entry in the dialer.ini file. Date published : 2000-01-04 https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-026 http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;Q237185

The Bluestone Sapphire web server allows session hijacking via easily guessable session IDs. Date published : 2000-01-04 http://www.securityfocus.com/bid/623

The Sybase PowerDynamo personal web server allows attackers to read arbitrary files through a .. (dot dot) attack. Date published : 2000-01-04 http://www.securityfocus.com/bid/620

Buffer overflow in TT_SESSION environment variable in ToolTalk shared library allows local users to gain root privileges. Date published : 2000-01-04 http://www.securityfocus.com/bid/641