Monthly Archive: October 2001

Buffer overflow in iPlanet Web Server (iWS) Enterprise Edition 4.1, service packs 3 through 7, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long method name...

Buffer overflow in Web Publisher in iPlanet Web Server Enterprise Edition 4.1 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a request for a long...

Horde IMP 2.2.4 and earlier allows local users to overwrite files via a symlink attack on a temporary file. Date published : 2001-10-12 http://archives.neohapsis.com/archives/bugtraq/2001-05/0303.html ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2001-025.0.txt

Paging function in O’Reilly WebBoard Pager 4.10 allows remote attackers to cause a denial of service via a message with an escaped ‘ character followed by JavaScript commands. Date published : 2001-10-12 http://www.securityfocus.com/bid/2814 http://archives.neohapsis.com/archives/bugtraq/2001-05/0326.html

Buffer overflow in Computalynx CMail POP3 mail server 2.4.9 allows remote attackers to run arbitrary code via a long HELO command. Date published : 2001-10-12 http://www.securiteam.com/windowsntfocus/5UP0B204AY.html

A long ‘synch’ delay in Logitech wireless mice and keyboard receivers allows a remote attacker to hijack connections via a man-in-the-middle attack. Date published : 2001-10-12 http://www.securityfocus.com/bid/2738 http://www.securityfocus.com/archive/1/185003

Vulnerability in (1) pine before 4.33 and (2) the pico editor, included with pine, allows local users local users to overwrite arbitrary files via a symlink attack. Date published : 2001-10-12 http://marc.info/?l=bugtraq&m=98749102621604&w=2 http://marc.info/?l=bugtraq&m=99106787825229&w=2

Buffer overflow in cfingerd 1.4.3 and earlier with the ALLOW_LINE_PARSING option enabled allows local users to execute arbitrary code via a long line in the .nofinger file. Date published : 2001-10-12 http://www.securityfocus.com/bid/2914 http://www.securityfocus.com/archive/1/192844

Hitachi Super-H architecture in NetBSD 1.5 and 1.4.1 allows a local user to gain privileges via modified Status Register contents, which are not properly handled by (1) the sigreturn system call or (2) the...

Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters. Date published : 2001-10-12 http://www.securityfocus.com/bid/22083...

Sendmail before 8.12.1, without the RestrictQueueRun option enabled, allows local users to obtain potentially sensitive information about the mail queue by setting debugging flags to enable debug mode. Date published : 2001-10-12 http://razor.bindview.com/publish/advisories/adv_sm812.html ftp://patches.sgi.com/support/free/security/advisories/20011101-01-I

Sendmail before 8.12.1, without the RestrictQueueRun option enabled, allows local users to cause a denial of service (data loss) by (1) setting a high initial message hop count option (-h), which causes Sendmail to...

Sendmail before 8.12.1 does not properly drop privileges when the -C option is used to load custom configuration files, which allows local users to gain privileges via malformed arguments in the configuration file whose...

The rendering engine in Internet Explorer determines the MIME type independently of the type that is specified by the server, which allows remote servers to automatically execute script which is placed in a file...