Monthly Archive: April 2000

A Windows NT user can use SUBST to map a drive letter to a folder, which is not unmapped after the user logs off, potentially allowing that user to modify the location of folders...

The fwluser script in AIX eNetwork Firewall allows local users to write to arbitrary files via a symlink attack. Date published : 2000-04-25 http://marc.info/?l=bugtraq&m=92765973207648&w=2 http://www.osvdb.org/962

KDE kppp allows local users to create a directory in an arbitrary location via the HOME environmental variable. Date published : 2000-04-25 http://marc.info/?l=bugtraq&m=91141486301691&w=2

KDE allows local users to execute arbitrary commands by setting the KDEDIR environmental variable to modify the search path that KDE uses to locate its executables. Date published : 2000-04-25 http://marc.info/?l=bugtraq&m=91141486301691&w=2

KDE klock allows local users to kill arbitrary processes by specifying an arbitrary PID in the .kss.pid file. Date published : 2000-04-25 http://marc.info/?l=bugtraq&m=91141486301691&w=2

In Sendmail, attackers can gain root privileges via SMTP by specifying an improper "mail from" address and an invalid "rcpt to" address that would cause the mail to bounce to a program. Date published...

Buffer overflow in the wmcdplay CD player program for the WindowMaker desktop allows local users to gain root privileges via a long parameter. Date published : 2000-04-25 http://www.securityfocus.com/bid/1047 http://archives.neohapsis.com/archives/bugtraq/2000-03/0107.html

The installation of Oracle 8.1.5.x on Linux follows symlinks and creates the orainstRoot.sh file with world-writeable permissions, which allows local users to gain privileges. Date published : 2000-04-25 http://www.securityfocus.com/bid/1035 http://archives.neohapsis.com/archives/bugtraq/2000-03/0023.html

The default installation of Caldera OpenLinux 2.3 includes the CGI program rpm_query, which allows remote attackers to determine what packages are installed on the system. Date published : 2000-04-25 http://www.securityfocus.com/bid/1036 http://archives.neohapsis.com/archives/bugtraq/2000-03/0029.html

RealMedia RealServer reveals the real IP address of a Real Server, even if the address is supposed to be private. Date published : 2000-04-25 http://www.securityfocus.com/bid/1049 http://archives.neohapsis.com/archives/bugtraq/2000-03/0069.html

Linux printtool sets the permissions of printer configuration files to be world-readable, which allows local attackers to obtain printer share passwords. Date published : 2000-04-25 http://www.securityfocus.com/bid/1037 http://archives.neohapsis.com/archives/bugtraq/2000-03/0082.html

Firewall-1 3.0 and 4.0 leaks packets with private IP address information, which could allow remote attackers to determine the real IP address of the host that is making the connection. Date published : 2000-04-25...

The Delegate application proxy has several buffer overflows which allow a remote attacker to execute commands. Date published : 2000-04-25 http://www.ciac.org/ciac/bulletins/k-023.shtml

The default installation of Debian GNU/Linux uses an insecure Master Boot Record (MBR) which allows a local user to boot from a floppy disk during the installation. Date published : 2000-04-25 http://www.securityfocus.com/bid/960 http://marc.info/?l=bugtraq&m=94973075614088&w=2