NuytsTech Security

Monthly Archive: January 2000

CVE-1999-0421

During a reboot after an installation of Linux Slackware 3.6, a remote attacker can obtain root access by logging in to the root account without a password. Date published : 2000-01-04 http://www.securityfocus.com/bid/338

CVE-1999-0408

Files created from interactive shell sessions in Cobalt RaQ microservers (e.g. .bash_history) are world readable, and thus are accessible from the web server. Date published : 2000-01-04 http://www.securityfocus.com/bid/337

CVE-1999-0343

A malicious Palace server can force a client to execute arbitrary programs. Date published : 2000-01-04

CVE-1999-0318

Buffer overflow in xmcd 2.0p12 allows local users to gain access through an environmental variable. Date published : 2000-01-04

CVE-1999-0304

mmap function in BSD allows local attackers in the kmem group to modify memory through devices. Date published : 2000-01-04

CVE-1999-0297

Buffer overflow in Vixie Cron library up to version 3.0 allows local users to obtain root access via a long environmental variable. Date published : 2000-01-04

CVE-1999-0291

The WinGate proxy is installed without a password, which allows remote attackers to redirect connections without authentication. Date published : 2000-01-04

CVE-1999-0290

The WinGate telnet proxy allows remote attackers to cause a denial of service via a large number of connections to localhost. Date published : 2000-01-04

CVE-1999-0280

Remote command execution in Microsoft Internet Explorer using .lnk and .url files. Date published : 2000-01-04

CVE-1999-0275

Denial of service in Windows NT DNS servers by flooding port 53 with too many characters. Date published : 2000-01-04

CVE-1999-0151

The SATAN session key may be disclosed if the user points the web browser to other sites, possibly allowing root access. Date published : 2000-01-04