Monthly Archive: October 2000

Buffer overflow in Fujitsu Chocoa IRC client via IRC channel topics. Date published : 2000-10-13 http://www.securityfocus.com/bid/573

Buffer overflow in ToxSoft NextFTP client through CWD command. Date published : 2000-10-13 http://www.securityfocus.com/bid/572

The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages. Date published : 2000-10-13 http://www.securityfocus.com/bid/1939 http://marc.info/?l=bugtraq&m=92333596624452&w=2

The Lotus Notes 4.5 client may send a copy of encrypted mail in the clear across the network if the user does not set the "Encrypt Saved Mail" preference. Date published : 2000-10-13 http://marc.info/?l=bugtraq&m=92221437025743&w=2...

A bug in Cyrix CPUs on Linux allows local users to perform a denial of service. Date published : 2000-10-13 http://marc.info/?l=bugtraq&m=91821080015725&w=2

A race condition in the BackWeb Polite Agent Protocol allows an attacker to spoof a BackWeb server. Date published : 2000-10-13 http://xforce.iss.net/alerts/advise17.php

Remote attackers can cause a denial of service in Sendmail 8.8.x and 8.9.2 by sending messages with a large number of headers. Date published : 2000-10-13 http://marc.info/?l=bugtraq&m=91694391227372&w=2

Digital Unix 4.0 has a buffer overflow in the inc program of the mh package. Date published : 2000-10-13 http://www.securityfocus.com/archive/1/12121 http://www.ciac.org/ciac/bulletins/j-027.shtml

A race condition in the authentication agent mechanism of sshd 1.2.17 allows an attacker to steal another user’s credentials. Date published : 2000-10-13 http://www.uni-karlsruhe.de/~ig25/ssh-faq/ssh-faq-6.html#ss6.1 http://oliver.efri.hr/~crv/security/bugs/mUNIXes/ssh2.html

Buffer overflow in nnrpd program in INN up to version 1.6 allows remote users to execute arbitrary commands. Date published : 2000-10-13 http://www.securityfocus.com/bid/1443 http://www.nai.com/nai_labs/asp_set/advisory/17_inn_avd.asp

Sendmail WIZ command enabled, allowing root access. Date published : 2000-10-13 http://www2.dataguard.no/bugtraq/1995_1/0332.html http://www.cert.org/advisories/CA-1990-11.html

Gnome Lokkit firewall package before 0.41 does not properly restrict access to some ports, even if a user does not make any services available. Date published : 2000-10-13 http://www.securityfocus.com/bid/1590 http://archives.neohapsis.com/archives/bugtraq/2000-08/0252.html

IRC Xchat client versions 1.4.2 and earlier allows remote attackers to execute arbitrary commands by encoding shell metacharacters into a URL which XChat uses to launch a web browser. Date published : 2000-10-13 http://www.securityfocus.com/bid/1601...

GNU userv 1.0.0 and earlier does not properly perform file descriptor swapping, which can corrupt the USERV_GROUPS and USERV_GIDS environmental variables and allow local users to bypass some access restrictions. Date published : 2000-10-13...