Monthly Archive: July 2000

The PPP wvdial.lxdialog script in wvdial 1.4 and earlier creates a .config file with world readable permissions, which allows a local attacker in the dialout group to access login and password information. Date published...

Buffer overflow in INN 2.2.1 and earlier allows remote attackers to cause a denial of service via a maliciously formatted article. Date published : 2000-07-12 http://www.securityfocus.com/bid/1249 ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-038.0.txt

Buffer overflow in Trivial HTTP (THTTPd) allows remote attackers to cause a denial of service or execute arbitrary commands via a long If-Modified-Since header. Date published : 2000-07-12 http://www.securityfocus.com/bid/1248 http://archives.neohapsis.com/archives/bugtraq/1626.html

Pluggable Authentication Modules (PAM) in Red Hat Linux 6.1 does not properly lock access to disabled NIS accounts. Date published : 2000-07-12 http://www.securityfocus.com/bid/697 http://www.securityfocus.com/templates/advisory.html?id=1789

mirror 2.8.x in Linux systems allows remote attackers to create files one level above the local target directory. Date published : 2000-07-12 http://www.securityfocus.com/bid/681 http://www.securityfocus.com/templates/archive.pike?list=1&msg=15769.990928@tomcat.ru

Pine 4.x allows a remote attacker to execute arbitrary commands via an index.html file which executes lynx and obtains a uudecoded file from a malicious web server, which is then executed by Pine. Date...

Pine before version 4.21 does not properly filter shell metacharacters from URLs, which allows remote attackers to execute arbitrary commands via a malformed URL. Date published : 2000-07-12 http://www.securityfocus.com/bid/810 http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.9911171818220.12375-100000@ray.compu-aid.com

A debugging feature in NetworkICE ICEcap 2.0.23 and earlier is enabled, which allows a remote attacker to bypass the weak authentication and post unencrypted events. Date published : 2000-07-12 http://www.securityfocus.com/bid/1216 http://advice.networkice.com/advice/Support/KB/q000166/

AppleShare IP 6.1 and later allows a remote attacker to read potentially sensitive information via an invalid range request to the web server. Date published : 2000-07-12 http://www.securityfocus.com/bid/1162 http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000502133240.21807.qmail@securityfocus.com

Eudora 4.x allows remote attackers to bypass the user warning for executable attachments such as .exe, .com, and .bat by using a .lnk file that refers to the attachment, aka "Stealth Attachment." Date published...

ZoneAlarm 2.1.10 and earlier does not filter UDP packets with a source port of 67, which allows remote attackers to bypass the firewall rules. Date published : 2000-07-12 http://www.securityfocus.com/bid/1137 http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000421044123.2353.qmail@securityfocus.com

Buffer overflow in Xsun X server in Solaris 7 allows local users to gain root privileges via a long -dev parameter. Date published : 2000-07-12 http://www.securityfocus.com/bid/1140 http://archives.neohapsis.com/archives/bugtraq/2000-04/0188.html

Linux OpenLDAP server allows local users to modify arbitrary files via a symlink attack. Date published : 2000-07-12 http://www.securityfocus.com/bid/1232 ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-009.0.txt

The Allaire Spectra container editor preview tool does not properly enforce object security, which allows an attacker to conduct unauthorized activities via an object-method that is added to the container object with a publishing...