Monthly Archive: April 2000

Buffer overflow in sccw allows local users to gain root access via the HOME environmental variable. Date published : 2000-04-18 http://www.securityfocus.com/bid/656

genfilt in the AIX Packet Filtering Module does not properly filter traffic to destination ports greater than 32767. Date published : 2000-04-18

dbsnmp in Oracle Intelligent Agent allows local users to gain privileges by setting the ORACLE_HOME environmental variable, which dbsnmp uses to find the nmiconf.tcl script. Date published : 2000-04-18 http://www.securityfocus.com/bid/585

Cfingerd with ALLOW_EXECUTION enabled does not properly drop privileges when it executes a program on behalf of the user, allowing local users to gain root privileges. Date published : 2000-04-18

Buffer overflow in bootpd 2.4.3 and earlier via a long boot file location. Date published : 2000-04-18

A remote attacker can read information from a Netscape user’s cache via JavaScript. Date published : 2000-04-18 http://home.netscape.com/security/notes/jscachebrowsing.html

Buffer overflow in Solaris lpset program allows local users to gain root access. Date published : 2000-04-18 http://www.netspace.org/cgi-bin/wa?A2=ind9905B&L=bugtraq&P=R2017

Denial of service in BSDi Symmetric Multiprocessing (SMP) when an fstat call is made when the system has a high CPU load. Date published : 2000-04-18 http://www.securityfocus.com/bid/589 http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.BSI.4.10.9908170253560.19291-100000@saturn.psn.net

The pt_chown command in Linux allows local users to modify TTY terminal devices that belong to other users. Date published : 2000-04-18 http://www.securityfocus.com/bid/597 http://www.securityfocus.com/templates/archive.pike?list=1&msg=lcamtuf.4.05.9907041223290.355-300000@nimue.ids.pl

The oratclsh interpreter in Oracle 8.x Intelligent Agent for Unix allows local users to execute Tcl commands as root. Date published : 2000-04-18 http://marc.info/?t=92550157100002&w=2&r=1 http://marc.info/?l=bugtraq&m=92609807906778&w=2

sdtcm_convert in Solaris 2.6 allows a local user to overwrite sensitive files via a symlink attack. Date published : 2000-04-18 http://www.securityfocus.com/bid/575 http://www.securityfocus.com/templates/archive.pike?list=1&msg=19990809134220.A1191@hades.chaoz.org

Buffer overflow in ircII 4.4 IRC client allows remote attackers to execute commands via the DCC chat capability. Date published : 2000-04-18 http://www.securityfocus.com/bid/1046 http://archives.neohapsis.com/archives/bugtraq/2000-03/0093.html

HP Ignite-UX does not save /etc/passwd when it creates an image of a trusted system, which can set the password field to a blank and allow an attacker to gain privileges. Date published :...

Axis 700 Network Scanner does not properly restrict access to administrator URLs, which allows users to bypass the password protection via a .. (dot dot) attack. Date published : 2000-04-18 http://www.securityfocus.com/bid/971 http://archives.neohapsis.com/archives/bugtraq/2000-02/0034.html