Monthly Archive: March 2002

Microsoft Excel 97 does not warn the user before executing worksheet functions, which could allow attackers to execute arbitrary commands by using the CALL function to execute a malicious DLL, aka the Excel "CALL...

Buffer overflow in bash 2.0.0, 1.4.17, and other versions allows local attackers to gain privileges by creating an extremely large directory name, which is inserted into the password prompt via the w option in...

When BSDI patches for Gauntlet 5.0 BSDI are installed in a particular order, Gauntlet allows remote attackers to bypass firewall access restrictions, and does not log the activities. Date published : 2002-03-09 http://marc.info/?l=bugtraq&m=94026690521279&w=2 http://marc.info/?l=bugtraq&m=94036662326185&w=2

pnserver in RealServer 5.0 and earlier allows remote attackers to cause a denial of service by sending a short, malformed request. Date published : 2002-03-09 http://marc.info/?l=bugtraq&m=88490880523890&w=2 http://marc.info/?l=bugtraq&m=88492978527261&w=2

Vulnerability in Advanced File System Utility (advfs) in Digital UNIX 4.0 through 4.0d allows local users to gain privileges. Date published : 2002-03-09 http://ciac.llnl.gov/ciac/bulletins/i-050.shtml http://ciac.llnl.gov/ciac/bulletins/i-050.shtml

rex.satan in SATAN 1.1.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/rex.$$ file. Date published : 2002-03-09 http://marc.info/?l=bugtraq&m=90221103125976&w=2 http://marc.info/?l=bugtraq&m=90221103125986&w=2

IIS 3.0 and 4.0 on x86 and Alpha allows remote attackers to cause a denial of service (hang) via a malformed GET request, aka the IIS "GET" vulnerability. Date published : 2002-03-09 https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-019 http://support.microsoft.com/support/kb/articles/q192/2/96.asp

Vulnerability in login in AT&T System V Release 4 allows local users to gain privileges. Date published : 2002-03-09 http://www.securityfocus.com/bid/23 http://www.cert.org/advisories/CA-1991-08.html

Vulnerability in LAT/Telnet Gateway (lattelnet) on Ultrix 4.1 and 4.2 allows attackers to gain root privileges. Date published : 2002-03-09 http://www.securityfocus.com/bid/26 http://www.cert.org/advisories/CA-1991-11.html

Symantec pcAnywhere 8.0 allows remote attackers to cause a denial of service (CPU utilization) via a large amount of data to port 5631. Date published : 2002-03-09 http://www.securityfocus.com/bid/288 http://marc.info/?l=ntbugtraq&m=92807524225090&w=2

Solaris 2.6 HW3/98 installs admintool with world-writable permissions, which allows local users to gain privileges by replacing it with a Trojan horse program. Date published : 2002-03-09 http://www.securityfocus.com/bid/290 http://marc.info/?l=bugtraq&m=90221101925880&w=2

NFS on SunOS 4.1 through 4.1.2 ignores the high order 16 bits in a 32 bit UID, which allows a local user to gain root access if the lower 16 bits are set to...

SpectroSERVER in Cabletron Spectrum Enterprise Manager 5.0 installs a directory tree with insecure permissions, which allows local users to replace a privileged executable (processd) with a Trojan horse, facilitating a root or Administrator compromise....

Buffer overflow in mail command in Solaris 2.7 and 2.7 allows local users to gain privileges via a long -m argument. Date published : 2002-03-09 http://www.securityfocus.com/bid/672 http://marc.info/?l=bugtraq&m=93727925026476&w=2