Monthly Archive: March 2002

BisonWare FTP Server 4.1 and earlier allows remote attackers to cause a denial of service via a malformed PORT command that contains a non-numeric character and a large number of carriage returns. Date published...

FTP service in IIS 4.0 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via many passive (PASV) connections at the same time. Date published : 2002-03-09 https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-006 http://support.microsoft.com/support/kb/articles/Q189/2/62.ASP

Buffer overflow in Platinum Policy Compliance Manager (PCM) 7.0 allows remote attackers to execute arbitrary commands via a long string to the Agent port (1827), which is handled by smaxagent.exe. Date published : 2002-03-09...

Vulnerability in Glance and gpm programs in GlancePlus for HP-UX 9.x and earlier allows local users to access arbitrary files and gain privileges. Date published : 2002-03-09 http://www.securityfocus.com/advisories/1555 https://exchange.xforce.ibmcloud.com/vulnerabilities/2060

Vulnerability in Glance programs in GlancePlus for HP-UX 10.20 and earlier allows local users to access arbitrary files and gain privileges. Date published : 2002-03-09 http://ciac.llnl.gov/ciac/bulletins/h-21.shtml http://www.securityfocus.com/templates/advisory.html?id=1514

Certain files in MPower in HP-UX 10.x are installed with insecure permissions, which allows local users to gain privileges. Date published : 2002-03-09 http://www.codetalker.com/advisories/vendor/hp/hpsbux9701-051.html https://exchange.xforce.ibmcloud.com/vulnerabilities/2056

Vulnerability in runtime linker program rld in SGI IRIX 6.x and earlier allows local users to gain privileges via setuid and setgid programs. Date published : 2002-03-09 http://ciac.llnl.gov/ciac/bulletins/h-65.shtml ftp://patches.sgi.com/support/free/security/advisories/19970504-01-PX

SunOS 4.1.2 and earlier allows local users to gain privileges via "LD_*" environmental variables to certain dynamically linked setuid or setgid programs such as (1) login, (2) su, or (3) sendmail, that change the...

Buffer overflow in CrackLib 2.5 may allow local users to gain root privileges via a long GECOS field. Date published : 2002-03-09 http://marc.info/?l=bugtraq&m=88209041500913&w=2 http://www.cert.org/vendor_bulletins/VB-97.16.CrackLib

Character-Terminal User Environment (CUE) in HP-UX 11.0 and earlier allows local users to overwrite arbitrary files and gain root privileges via a symlink attack on the IOERROR.mytty file. Date published : 2002-03-09 http://marc.info/?l=bugtraq&m=87602880019745&w=2 http://security-archive.merton.ox.ac.uk/bugtraq-199801/0122.html

SCO UNIX System V/386 Release 3.2, and other SCO products, installs the home directories (1) /tmp for the dos user, and (2) /usr/tmp for the asg user, which allows other users to gain access...

The permissions for the /dev/audio device on Solaris 2.2 and earlier, and SunOS 4.1.x, allow any local user to read from the device, which could be used by an attacker to monitor conversations happening...

Vulnerability in Predictive on HP-UX 11.0 and earlier, and MPE/iX 5.5 and earlier, allows attackers to compromise data transfer for Predictive messages (using e-mail or modem) between customer and Response Center Predictive systems. Date...

Windows NT 4.0 allows remote attackers to cause a denial of service (crash) via extra source routing data such as (1) a Routing Information Field (RIF) field with a hop count greater than 7,...