Monthly Archive: February 2000

A router’s configuration service or management interface (such as a web server or telnet) is configured to allow connections from arbitrary hosts. Date published : 2000-02-04

Windows NT is not using a password filter utility, e.g. PASSFILT.DLL. Date published : 2000-02-04

A URL for a WWW directory allows auto-indexing, which provides a list of all files in that directory if it does not contain an index.html file. Date published : 2000-02-04

rpc.admind in Solaris is not running in a secure mode. Date published : 2000-02-04

A Sendmail alias allows input to be piped to a program. Date published : 2000-02-04

An attacker can force a printer to print arbitrary documents (e.g. if the printer doesn’t require a password) or to become disabled. Date published : 2000-02-04

The registry in Windows NT can be accessed remotely by users who are not administrators. Date published : 2000-02-04 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1023

IIS has the #exec function enabled for Server Side Include (SSI) files. Date published : 2000-02-04

A system-critical Windows NT file or directory has inappropriate permissions. Date published : 2000-02-04

A system-critical Unix file or directory has inappropriate permissions. Date published : 2000-02-04

Two or more Unix accounts have the same UID. Date published : 2000-02-04

A Unix account with a name other than "root" has UID 0, i.e. root privileges. Date published : 2000-02-04

NFS exports system-critical data to the world, e.g. / or a password file. Date published : 2000-02-04

A router’s routing tables can be obtained from arbitrary hosts. Date published : 2000-02-04