Monthly Archive: February 2000

The default permissions for Endymion MailMan allow local users to read email or modify files. Date published : 2000-02-04 http://www.securityfocus.com/bid/845

Denial of service in MDaemon 2.7 via a large number of connection attempts. Date published : 2000-02-04

Buffer overflow in SCO su program allows local users to gain root access via a long username. Date published : 2000-02-04

Denial of service in MDaemon WorldClient and WebConfig services via a long URL. Date published : 2000-02-04 http://www.securityfocus.com/bid/820 http://www.securityfocus.com/bid/823

Denial of service in Cisco routers running NAT via a PORT command from an FTP client to a Telnet port. Date published : 2000-02-04

Buffer overflow in CDE mailtool allows local users to gain root privileges via a long MIME Content-Type. Date published : 2000-02-04 http://www.securityfocus.com/bid/832 http://www.security-express.com/archives/bugtraq/1999-q4/0122.html

Buffer overflow in CDE dtmail and dtmailpr programs allows local users to gain privileges via a long -f option. Date published : 2000-02-04 http://www.securityfocus.com/bid/832 http://www.security-express.com/archives/bugtraq/1999-q4/0122.html

Buffer overflow in SCO UnixWare Xsco command via a long argument. Date published : 2000-02-04

HP Secure Web Console uses weak encryption. Date published : 2000-02-04

UnixWare pkg commands such as pkginfo, pkgcat, and pkgparam allow local users to read arbitrary files via the dacread permission. Date published : 2000-02-04 http://www.securityfocus.com/bid/853

By default, Internet Explorer 5.0 and other versions enables the "Navigate sub-frames across different domains" option, which allows frame spoofing. Date published : 2000-02-04

The default permissions for UnixWare /var/mail allow local users to read and modify other users’ mail. Date published : 2000-02-04 http://www.securityfocus.com/bid/849

Buffer overflow in Qpopper (qpop) 3.0 allows remote root access via AUTH command. Date published : 2000-02-04 http://www.securityfocus.com/bid/830

FreeBSD seyon allows local users to gain privileges by providing a malicious program in the -emulator argument. Date published : 2000-02-04 http://www.securityfocus.com/bid/838