Monthly Archive: February 2000

UnityMail allows remote attackers to conduct a denial of service via a large number of MIME headers. Date published : 2000-02-04 http://marc.info/?l=bugtraq&m=90486243124867&w=2

A memory leak in a Motorola CableRouter allows remote attackers to conduct a denial of service via a large number of telnet connections. Date published : 2000-02-04 http://www.netspace.org/cgi-bin/wa?A2=ind9805B&L=bugtraq&P=R1621 https://exchange.xforce.ibmcloud.com/vulnerabilities/2004

dfire.cgi script in Dragon-Fire IDS allows remote users to execute commands via shell metacharacters. Date published : 2000-02-04 http://www.securityfocus.com/bid/564 http://marc.info/?l=bugtraq&m=93383593909438&w=2

Buffer overflow in ProFTPD, wu-ftpd, and beroftpd allows remote attackers to gain root access via a series of MKD and CWD commands that create nested directories. Date published : 2000-02-04 http://www.securityfocus.com/bid/612

Microsoft Site Server and Commercial Internet System (MCIS) do not set an expiration for a cookie, which could then be cached by a proxy and inadvertently used by a different user. Date published :...

Alibaba web server allows remote attackers to execute commands via a pipe character in a malformed URL. Date published : 2000-02-04 http://www.securityfocus.com/bid/770 http://www.securityfocus.com/templates/archive.pike?list=1&date=1999-11-01&msg=01BF261F.928821E0.kerb@fnusa.com

Falcon web server allows remote attackers to determine the absolute path of the web root via long file names. Date published : 2000-02-04

Buffer overflow in Vixie cron allows local users to gain root access via a long MAILTO environment variable in a crontab file. Date published : 2000-02-04 http://www.securityfocus.com/bid/611 http://www.securityfocus.com/bid/759

Buffer overflow in FreeBSD seyon via HOME environmental variable, -emulator argument, -modems argument, or the GUI. Date published : 2000-02-04

Insecure directory permissions in RPM distribution for PostgreSQL allows local users to gain privileges by reading a plaintext password file. Date published : 2000-02-04

Solaris chkperm allows local users to read files owned by bin via the VMSYS environmental variable and a symlink attack. Date published : 2000-02-04 http://www.securityfocus.com/bid/837

FreeBSD gdc program allows local users to modify files via a symlink attack. Date published : 2000-02-04 http://www.securityfocus.com/bid/835

Buffer overflow in FreeBSD gdc program. Date published : 2000-02-04 http://www.securityfocus.com/bid/834

IBM WebSphere sets permissions that allow a local user to modify a deinstallation script or its data files stored in /usr/bin. Date published : 2000-02-04 http://www.securityfocus.com/bid/844