Monthly Archive: February 2000

When the Microsoft SMTP service attempts to send a message to a server and receives a 4xx error code, it quickly and repeatedly attempts to redeliver the message, causing a denial of service. Date...

Several startup scripts in SCO OpenServer Enterprise System v 5.0.4p, including S84rpcinit, S95nis, S85tcp, and S89nfs, are vulnerable to a symlink attack, allowing a local user to gain root access. Date published : 2000-02-04

Digital Unix Networker program nsralist has a buffer overflow which allows local users to obtain root privilege. Date published : 2000-02-04

A race condition in Linux 2.2.1 allows local users to read arbitrary memory from /proc files. Date published : 2000-02-04

Denial of service in Linux 2.2.0 running the ldd command on a core file. Date published : 2000-02-04 http://www.securityfocus.com/bid/344

The DCC server command in the Mirc 5.5 client doesn’t filter characters from file names properly, allowing remote attackers to place a malicious file in a different location, possibly allowing the attacker to execute...

In some instances of SSH 1.2.27 and 2.0.11 on Linux systems, SSH will allow users with expired accounts to login. Date published : 2000-02-04

The demo version of the Quakenbush NT Password Appraiser sends passwords across the network in plaintext. Date published : 2000-02-04

DPEC Online Courseware allows an attacker to change another user’s password without knowing the original password. Date published : 2000-02-04

Buffer overflow in the bootp server in the Debian Linux netstd package. Date published : 2000-02-04 http://www.securityfocus.com/bid/324

super 3.11.6 and other versions have a buffer overflow in the syslog utility which allows a local user to gain root access. Date published : 2000-02-04 http://www.securityfocus.com/bid/342 http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.3.96.990225011801.12757A-100000@eleet

In Sun Solaris and SunOS, man and catman contain vulnerabilities that allow overwriting arbitrary files. Date published : 2000-02-04 http://www.securityfocus.com/bid/165

Microsoft Access 97 stores a database password as plaintext in a foreign mdb, allowing access to data. Date published : 2000-02-04 http://marc.info/?l=bugtraq&m=91816470220259&w=2

NetWare version of LaserFiche stores usernames and passwords unencrypted, and allows administrative changes without logging. Date published : 2000-02-04