Monthly Archive: March 2002

Buffer overflow in OSF Distributed Computing Environment (DCE) security demon (secd) in IRIX 6.4 and earlier allows attackers to cause a denial of service via a long principal, group, or organization. Date published :...

Windows NT 4.0 does not properly shut down invalid named pipe RPC connections, which allows remote attackers to cause a denial of service (resource exhaustion) via a series of connections containing malformed data, aka...

Vulnerability in restore in SunOS 4.0.3 and earlier allows local users to gain privileges. Date published : 2002-03-09 http://www.securityfocus.com/bid/3 http://www.cert.org/advisories/CA-1989-02.html

The default configuration for UUCP in AIX before 3.2 allows local users to gain root privileges. Date published : 2002-03-09 http://www.securityfocus.com/bid/38 http://www.cert.org/advisories/CA-1992-06.html

netprint in SGI IRIX 6.4 and earlier trusts the PATH environmental variable for finding and executing the disable program, which allows local users to gain privileges. Date published : 2002-03-09 http://www.securityfocus.com/bid/395 http://marc.info/?l=bugtraq&m=87602167420403&w=2

FTP installation script anon.ftp in AIX insecurely configures anonymous FTP, which allows remote attackers to execute arbitrary commands. Date published : 2002-03-09 http://www.securityfocus.com/bid/41 http://www.cert.org/advisories/CA-1992-09.html

ndd in Solaris 2.6 allows local users to cause a denial of service by modifying certain TCP/IP parameters. Date published : 2002-03-09 http://www.securityfocus.com/bid/433 http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/165&type=0&nav=sec.sba

lquerypv in AIX 4.1 and 4.2 allows local users to read arbitrary files by specifying the file in the -h command line parameter. Date published : 2002-03-09 http://www.securityfocus.com/bid/455 http://marc.info/?l=bugtraq&w=2&r=1&s=lquerypv&q=b

Vulnerability in runpriv in Indigo Magic System Administration subsystem of SGI IRIX 6.3 and 6.4 allows local users to gain root privileges. Date published : 2002-03-09 http://www.securityfocus.com/bid/462 http://www.osvdb.org/1009

Vulnerability in the /etc/suid_exec program in HP Apollo Domain/OS sr10.2 and sr10.3 beta, related to the Korn Shell (ksh). Date published : 2002-03-09 http://www.securityfocus.com/bid/7 http://www.cert.org/advisories/CA-1990-04.html

Buffer overflow in Korn Shell (ksh) suid_exec program on IRIX 6.x and earlier, and possibly other operating systems, allows local users to gain root privileges. Date published : 2002-03-09 ftp://ftp.auscert.org.au/pub/auscert/advisory/AA-96.17.suid_exec.vul http://www.securityfocus.com/bid/467

Vulnerability in StackGuard before 1.21 allows remote attackers to bypass the Random and Terminator Canary security mechanisms by using a non-linear attack which directly modifies a pointer to a return address instead of using...

Sendmail before 8.10.0 allows remote attackers to cause a denial of service by sending a series of ETRN commands then disconnecting from the server, while Sendmail continues to process the commands after the connection...

Windows 95, when Remote Administration and File Sharing for NetWare Networks is enabled, creates a share (C$) when an administrator logs in remotely, which allows remote attackers to read arbitrary files by mapping the...