Monthly Archive: January 2000

Lynx WWW client allows a remote attacker to specify command-line parameters which Lynx uses when calling external programs to handle certain protocols, e.g. telnet. Date published : 2000-01-04

Red Hat pump DHCP client allows remote attackers to gain root access in some configurations. Date published : 2000-01-04 http://www.redhat.com/support/errata/RHSA-1999-027.html

Race condition in Samba smbmnt allows local users to mount file systems in arbitrary locations. Date published : 2000-01-04

Denial of service in Samba NETBIOS name service daemon (nmbd). Date published : 2000-01-04

Netscape Communicator 4.x with Javascript enabled does not warn a user of cookie settings, even if they have selected the option to "Only accept cookies originating from the same server as the page being...

The Netscape Directory Server installation procedure leaves sensitive information in a file that is accessible to local users. Date published : 2000-01-04

Denial of service in Linux 2.2.x kernels via malformed ICMP packets containing unusual types, codes, and IP header lengths. Date published : 2000-01-04 http://www.securityfocus.com/bid/302

Buffer overflow in Internet Explorer 5 allows remote attackers to execute commands via a malformed Favorites icon. Date published : 2000-01-04 https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-018

Microsoft Excel does not warn a user when a macro is present in a Symbolic Link (SYLK) format file. Date published : 2000-01-04 https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-044 http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;Q241900

Internet Explorer allows remote attackers to read files by redirecting data to a Javascript applet. Date published : 2000-01-04 https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-043

Denial of service in HP-UX SharedX recserv program. Date published : 2000-01-04 http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9810-086

IIS FTP servers may allow a remote attacker to read or delete files on the server, even if they have "No Access" permissions. Date published : 2000-01-04 http://www.securityfocus.com/bid/658 https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-039

Buffer overflows in Mars NetWare Emulation (NWE, mars_nwe) package via long directory names. Date published : 2000-01-04 http://www.securityfocus.com/bid/617

Denial of service in Compaq Management Agents and the Compaq Survey Utility via a long string sent to port 2301. Date published : 2000-01-04