NuytsTech Security

Monthly Archive: February 2000

CVE-1999-0459

Local users can perform a denial of service in Alpha Linux, using MILO to force a reboot. Date published : 2000-02-04

CVE-1999-0455

The Expression Evaluator sample application in ColdFusion allows remote attackers to read or delete files on the server via exprcalc.cfm, which does not restrict access to the server properly. Date published : 2000-02-04 http://www.securityfocus.com/bid/115

CVE-1999-0454

A remote attacker can sometimes identify the operating system of a host based on how it reacts to some IP or ICMP packets, using a tool such as nmap or queso. Date published :...

CVE-1999-0453

An attacker can identify a CISCO device by sending a SYN packet to port 1999, which is for the Cisco Discovery Protocol (CDP). Date published : 2000-02-04

CVE-1999-0452

A service or application has a backdoor password that was placed there by the developer. Date published : 2000-02-04

CVE-1999-0444

Remote attackers can perform a denial of service in Windows machines using malicious ARP packets, forcing a message box display for each packet or filling up log files. Date published : 2000-02-04

CVE-1999-0435

MC/ServiceGuard and MC/LockManager in HP-UX allows local users to gain privileges through SAM. Date published : 2000-02-04

CVE-1999-0434

XFree86 xfs command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service. Date published : 2000-02-04...

CVE-1999-0431

Linux 2.2.3 and earlier allow a remote attacker to perform an IP fragmentation attack, causing a denial of service. Date published : 2000-02-04

CVE-1999-0427

Eudora 4.1 allows remote attackers to perform a denial of service by sending attachments with long file names. Date published : 2000-02-04

CVE-1999-0426

The default permissions of /dev/kmem in Linux versions before 2.0.36 allows IP spoofing. Date published : 2000-02-04