Monthly Archive: March 2002

lsfs in AIX 4.x allows a local user to gain additional privileges by creating Trojan horse programs named (1) grep or (2) lslv in a certain directory that is under the user’s control, which...

Digital Creations Zope 2.3.2 and earlier allows a local attacker to gain additional privileges via the changing of ZClass permission mappings for objects and methods in the ZClass. Date published : 2002-03-09 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000407 http://www.zope.org/Products/Zope/Hotfix_2001-05-01/security_alert

Buffer overflow in mailx in Solaris 8 and earlier allows a local attacker to gain additional privileges via a long ‘-F’ command line option. Date published : 2002-03-09 http://www.securityfocus.com/bid/2610 http://archives.neohapsis.com/archives/bugtraq/2001-05/0016.html

APC Web/SNMP Management Card prior to Firmware 310 only supports one telnet connection, which allows a remote attacker to create a denial of service via repeated failed logon attempts which temporarily locks the card....

ElectroSystems Engineering Inc. ElectroComm 2.0 and earlier allows a remote attacker to create a denial of service via large (> 160000 character) strings sent to port 23. Date published : 2002-03-09 http://www.securityfocus.com/bid/2706 http://archives.neohapsis.com/archives/bugtraq/2001-05/0049.html

Buffer overflow in Vixie cron 3.0.1-56 and earlier could allow a local attacker to gain additional privileges via a long username (> 20 characters). Date published : 2002-03-09 http://www-1.ibm.com/support/search.wss?rs=0&q=IY17048&apar=only http://www-1.ibm.com/support/search.wss?rs=0&q=IY17261&apar=only

crontab in Vixie cron 3.0.1 and earlier does not properly drop privileges after the failed parsing of a modification operation, which could allow a local attacker to gain additional privileges when an editor is...

T. Hauck Jana Webserver 2.01 beta 1 and earlier allows a remote attacker to create a denial of service via a URL request which includes a MS-DOS device name (i.e. GET /aux HTTP/1.0). Date...

Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by...

Symantec LiveUpdate 1.5 stores proxy passwords in cleartext in a registry key, which could allow local users to obtain the passwords. Date published : 2002-03-09 http://www.kb.cert.org/vuls/id/814187 http://www.sarc.com/avcenter/security/Content/2001_07_20.html

Memory leak in the proxy service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows local attackers to cause a denial of service (resource exhaustion). Date published : 2002-03-09 http://www.securityfocus.com/bid/3197 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-045

Memory leak in H.323 Gatekeeper Service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (resource exhaustion) via a large amount of malformed H.323 data....

IIS 4.0 with URL redirection enabled allows remote attackers to cause a denial of service (crash) via a malformed request that specifies a length that is different than the actual length. Date published :...

IIS 5.0 allows local users to cause a denial of service (hang) via by installing content that produces a certain invalid MIME Content-Type header, which corrupts the File Type table. Date published : 2002-03-09...