Monthly Archive: May 2001

Vulnerability in xserver in SCO UnixWare 2.1.x and OpenServer 5.05 and earlier allows an attacker to cause a denial of service which prevents access to reserved port numbers below 1024. Date published : 2001-05-07...

Buffer overflow in calserver in SCO OpenServer allows remote attackers to gain root access via a long message. Date published : 2001-05-07 http://www.securityfocus.com/templates/archive.pike?list=1&date=1998-12-29&msg=AAh6GYsGU1@leshka.chuvashia.su ftp://ftp.sco.com/SSE/security_bulletins/SB-99.02a

Microsoft Index Server allows remote attackers to view the source code of ASP files by appending a %20 to the filename in the CiWebHitsFile argument to the null.htw URL. Date published : 2001-05-07 http://www.securityfocus.com/bid/1084...

The Remote Access Service invoke.cfm template in Allaire Spectra 1.0 allows users to bypass authentication via the bAuthenticated parameter. Date published : 2001-05-07 http://www.securityfocus.com/bid/955

Oracle Java Virtual Machine (JVM ) for Oracle 8.1.7 and Oracle Application Server 9iAS Release 1.0.2.0.1 allows remote attackers to read arbitrary files via the .jsp and .sqljsp file extensions when the server is...

orderdspc.d2w macro in IBM Net.Commerce 3.x allows remote attackers to execute arbitrary SQL queries by inserting them into the order_rn option of the report capability. Date published : 2001-05-07 http://www.securityfocus.com/bid/2350 http://archives.neohapsis.com/archives/bugtraq/2001-02/0072.html

Format string vulnerability in ProFTPD 1.2.0rc2 may allow attackers to execute arbitrary commands by shutting down the FTP server while using a malformed working directory (cwd). Date published : 2001-05-07 http://marc.info/?l=bugtraq&m=97916525715657&w=2 http://archives.neohapsis.com/archives/bugtraq/2001-02/0117.html

Race condition in ptrace in Linux kernel 2.4 and 2.2 allows local users to gain privileges by using ptrace to track and modify a running setuid process. Date published : 2001-05-07 http://archives.neohapsis.com/archives/bugtraq/2001-02/0267.html http://www.caldera.com/support/security/advisories/CSSA-2001-009.0.txt

Linux kernel 2.4 and 2.2 allows local users to read kernel memory and possibly gain privileges via a negative argument to the sysctl call. Date published : 2001-05-07 http://www.securityfocus.com/bid/2364 http://archives.neohapsis.com/archives/bugtraq/2001-02/0267.html

Vulnerability in OmniBackII A.03.50 in HP 11.x and earlier allows attackers to gain unauthorized access to an OmniBack client. Date published : 2001-05-07 http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0102-142 http://archives.neohapsis.com/archives/hp/2001-q1/0022.html

sort in FreeBSD 4.1.1 and earlier, and possibly other operating systems, uses predictable temporary file names and does not properly handle when the temporary file already exists, which causes sort to crash and possibly...

inetd in Red Hat 6.2 does not properly close sockets for internal services such as chargen, daytime, echo, etc., which allows remote attackers to cause a denial of service via a series of connections...

Buffer overflow in Analog before 4.16 allows remote attackers to execute arbitrary commands by using the ALIAS command to construct large strings. Date published : 2001-05-07 http://www.securityfocus.com/bid/2377 http://archives.neohapsis.com/archives/bugtraq/2001-02/0264.html

Buffer overflow in Voyager web administration server for Nokia IP440 allows local users to cause a denial of service, and possibly execute arbitrary commands, via a long URL. Date published : 2001-05-07 http://www.securityfocus.com/bid/2054 http://marc.info/?l=bugtraq&m=97535202912588&w=2