Monthly Archive: August 2002

Buffer overflow in sar for OpenServer 5.0.5 allows local users to gain root privileges via a long -o parameter. Date published : 2002-08-31 http://www.securityfocus.com/bid/4089 http://online.securityfocus.com/archive/1/27074

Quake 1 and NetQuake servers allow remote attackers to cause a denial of service (resource exhaustion or forced disconnection) via a flood of spoofed UDP connection packets, which exceeds the server’s player limit. Date...

Buffer overflows in the (1) outpack or (2) buf variables of ping in iputils before 20001010, as distributed on Red Hat Linux 6.2 through 7J and other operating systems, may allow local users to...

ping in iputils before 20001010, as distributed on Red Hat Linux 6.2 through 7J and other operating systems, does not drop privileges after acquiring a raw socket, which increases ping’s exposure to bugs that...

Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files. Date published : 2002-08-31 http://www.apacheweek.com/issues/00-01-07#status https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E

Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages...

Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root. Date...

Directory traversal vulnerability in readmsg.php in WebMail 2.0.1 in Cobalt Qube 3 allows remote attackers to read arbitrary files via a .. (dot dot) in the mailbox parameter. Date published : 2002-08-31 http://archives.neohapsis.com/archives/bugtraq/2001-07/0092.html http://archives.neohapsis.com/archives/bugtraq/2001-08/0245.html

Bugzilla before 2.14 does not restrict access to sanitycheck.cgi, which allows local users to cause a denial of service (CPU consumption) via a flood of requests to sanitycheck.cgi. Date published : 2002-08-31 http://marc.info/?l=bugtraq&m=99912899900567 http://bugzilla.mozilla.org/show_bug.cgi?id=54556

Bugzilla before 2.14 stores user passwords in plaintext and sends password requests in an email message, which could allow attackers to gain privileges. Date published : 2002-08-31 http://marc.info/?l=bugtraq&m=99912899900567 http://bugzilla.mozilla.org/show_bug.cgi?id=74032

Bugzilla before 2.14 includes the username and password in URLs, which could allow attackers to gain privileges by reading the information from the web server logs, or by "shoulder-surfing" and observing the web browser’s...

Bugzilla before 2.14 does not properly escape untrusted parameters, which could allow remote attackers to conduct unauthorized activities via cross-site scripting (CSS) and possibly SQL injection attacks on (1) the product or output form...

Bugzilla before 2.14 does not properly restrict access to confidential bugs, which could allow Bugzilla users to bypass viewing permissions via modified bug id parameters in (1) process_bug.cgi, (2) show_activity.cgi, (3) showvotes.cgi, (4) showdependencytree.cgi,...

Unknown vulnerabilities in the UDP port allocation for Linux kernel before 2.2.19 could allow local users to cause a denial of service (deadlock). Date published : 2002-08-31 http://marc.info/?l=bugtraq&m=98653252326445&w=2 http://marc.info/?l=bugtraq&m=98684172109474&w=2