Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
64 vulnerabilities by immunix
VAR-200308-0014
Vulnerability from variot - Updated: 2024-02-28 22:37Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO. A function originally derived from 4.4BSD, realpath(3), contains a vulnerability that may permit a malicious user to gain root access to the server. This function was derived from the FreeBSD 3.x tree. Other applications and operating systems that use or were derived from this code base may be affected. This problem was originally reported to affect WU-FTPd. It has been discoved to affect various BSD implementations as well. WU-FTPD is implemented in fb_realpath() In the function, the size of the buffer for handling the path is MAXPATHLEN However, the length of the path actually delivered is longer than that. (MAXPATHLEN+1) , one shift (off-by-one) A buffer overflow vulnerability exists.root Arbitrary commands may be executed with sufficient privileges. The 'realpath()' function is a C-library procedure to resolve the canonical, absolute pathname of a file based on a path that may contain values such as '/', './', '../', or symbolic links. A vulnerability that was reported to affect the implementation of 'realpath()' in WU-FTPD has lead to the discovery that at least one implementation of the C library is also vulnerable. FreeBSD has announced that the off-by-one stack- buffer-overflow vulnerability is present in their libc. Other systems are also likely vulnerable. Reportedly, this vulnerability has been successfully exploited against WU-FTPD to execute arbitrary instructions. NOTE: Patching the C library alone may not remove all instances of this vulnerability. Statically linked programs may need to be rebuilt with a patched version of the C library. Also, some applications may implement their own version of 'realpath()'. These applications would require their own patches. FreeBSD has published a large list of applications that use 'realpath()'. Administrators of FreeBSD and other systems are urged to review it. For more information, see the advisory 'FreeBSD-SA-03:08.realpath'. The realpath(3) function is used to determine the absolute path name of the rule in the given path name. The realpath(3) function is part of the FreeBSD standard C language library file. If the parsed pathname is 1024 bytes long and contains two directory separators, the buffer passed to the realpath(3) function can be overwritten with a single NUL byte. Applications that typically use the realpath(3) function can cause denial of service, or execute arbitrary code and privilege escalation attacks. sftp-server(8) is part of OpenSSH, and realpath(3) is used to process the chdir command. 1 cdparanoia-3.9. Synopsis: wu-ftpd fb_realpath() off-by-one bug Product: wu-ftpd Version: 2.5.0 <= 2.6.2 Vendor: http://www.wuftpd.org/
URL: http://isec.pl/vulnerabilities/isec-0011-wu-ftpd.txt CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0466 Author: Wojciech Purczynski cliph@isec.pl Janusz Niewiadomski funkysh@isec.pl Date: July 31, 2003
Issue:
Wu-ftpd FTP server contains remotely exploitable off-by-one bug. A local or remote attacker could exploit this vulnerability to gain root privileges on a vulnerable system.
Details:
An off-by-one bug exists in fb_realpath() function. The overflowed buffer lies on the stack.
The bug results from misuse of rootd variable in the calculation of length of a concatenated string:
------8<------cut-here------8<------ / * Join the two strings together, ensuring that the right thing * happens if the last component is empty, or the dirname is root. / if (resolved[0] == '/' && resolved[1] == '\0') rootd = 1; else rootd = 0;
if (*wbuf) {
if (strlen(resolved) + strlen(wbuf) + rootd + 1 > MAXPATHLEN) {
errno = ENAMETOOLONG;
goto err1;
}
if (rootd == 0)
(void) strcat(resolved, "/");
(void) strcat(resolved, wbuf);
}
------8<------cut-here------8<------
Since the path is constructed from current working directory and a file name specified as an parameter to various FTP commands attacker needs to create deep directory structure. This may occur for example if wu-ftpd is compiled with some versions of Linux kernel where PATH_MAX (and MAXPATHLEN accordingly) is defined to be exactly 4095 characters. In such cases, the buffer is padded with an extra byte because of variable alignment which is a result of code optimization.
Linux 2.2.x and some early 2.4.x kernel versions defines PATH_MAX to be 4095 characters, thus only wu-ftpd binaries compiled on 2.0.x or later 2.4.x kernels are affected. We believe that exploitation of other little-endian systems is also possible.
Impact:
Authenticated local user or anonymous FTP user with write-access could execute arbitrary code with root privileges.
Vendor Status:
June 1, 2003 security@wu-ftpd.org has been notified June 9, 2003 Request for confirmation of receipt sent to security@wu-ftpd.org June 11, 2003 Response received from Kent Landfield July 3, 2003 Request for status update sent July 19, 2003 vendor-sec list notified July 31, 2003 Coordinated public disclosure
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0466 to this issue.
-- Janusz Niewiadomski iSEC Security Research http://isec.pl/
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200308-0014",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "solaris",
"scope": "eq",
"trust": 1.6,
"vendor": "sun",
"version": "9.0"
},
{
"model": "wu ftpd",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "2.6.1-16"
},
{
"model": "freebsd",
"scope": "lte",
"trust": 1.0,
"vendor": "freebsd",
"version": "5.0"
},
{
"model": "netbsd",
"scope": "gte",
"trust": 1.0,
"vendor": "netbsd",
"version": "1.5"
},
{
"model": "openbsd",
"scope": "gte",
"trust": 1.0,
"vendor": "openbsd",
"version": "2.0"
},
{
"model": "netbsd",
"scope": "lte",
"trust": 1.0,
"vendor": "netbsd",
"version": "1.6.1"
},
{
"model": "freebsd",
"scope": "gte",
"trust": 1.0,
"vendor": "freebsd",
"version": "4.0"
},
{
"model": "wu-ftpd",
"scope": "lte",
"trust": 1.0,
"vendor": "wuftpd",
"version": "2.6.2"
},
{
"model": "wu-ftpd",
"scope": "gte",
"trust": 1.0,
"vendor": "wuftpd",
"version": "2.5.0"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.2.6"
},
{
"model": "openbsd",
"scope": "lte",
"trust": 1.0,
"vendor": "openbsd",
"version": "3.3"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.2.6"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple computer",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "conectiva",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "freebsd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "immunix",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mandrakesoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "netbsd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "openbsd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "suse",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "turbolinux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "wu ftpd group",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "wind river",
"version": null
},
{
"model": "red hat linux",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
"version": "7.2"
},
{
"model": "red hat linux",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
"version": "7.3"
},
{
"model": "red hat linux",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
"version": "7.1"
},
{
"model": "red hat linux",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
"version": "8.0"
},
{
"model": "wu-ftpd",
"scope": null,
"trust": 0.8,
"vendor": "university of washington",
"version": null
},
{
"model": "hp-ux",
"scope": null,
"trust": 0.8,
"vendor": "\u30d2\u30e5\u30fc\u30ec\u30c3\u30c8 \u30d1\u30c3\u30ab\u30fc\u30c9",
"version": null
},
{
"model": "asianux server",
"scope": null,
"trust": 0.8,
"vendor": "\u30b5\u30a4\u30d0\u30fc\u30c8\u30e9\u30b9\u30c8\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "university wu-ftpd",
"scope": "eq",
"trust": 0.3,
"vendor": "washington",
"version": "2.6.2"
},
{
"model": "university wu-ftpd",
"scope": "eq",
"trust": 0.3,
"vendor": "washington",
"version": "2.6.1"
},
{
"model": "university wu-ftpd",
"scope": "eq",
"trust": 0.3,
"vendor": "washington",
"version": "2.6.0"
},
{
"model": "university wu-ftpd",
"scope": "eq",
"trust": 0.3,
"vendor": "washington",
"version": "2.5.0"
},
{
"model": "solaris 9 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "9"
},
{
"model": "communications security ssh2",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "3.2.9.1"
},
{
"model": "wu-ftpd-2.6.2-8.i386.rpm",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "wu-ftpd-2.6.2-5.i386.rpm",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "wu-ftpd-2.6.1-18.ia64.rpm",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "wu-ftpd-2.6.1-18.i386.rpm",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "wu-ftpd-2.6.1-16.ppc.rpm",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "wu-ftpd-2.6.1-16.i386.rpm",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "openbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "openbsd",
"version": "2.9"
},
{
"model": "openbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "openbsd",
"version": "2.8"
},
{
"model": "openbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "openbsd",
"version": "2.7"
},
{
"model": "openbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "openbsd",
"version": "2.6"
},
{
"model": "openbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "openbsd",
"version": "2.5"
},
{
"model": "openbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "openbsd",
"version": "2.4"
},
{
"model": "openbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "openbsd",
"version": "2.3"
},
{
"model": "openbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "openbsd",
"version": "2.2"
},
{
"model": "openbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "openbsd",
"version": "2.1"
},
{
"model": "openbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "openbsd",
"version": "2.0"
},
{
"model": "openbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "openbsd",
"version": "3.3"
},
{
"model": "openbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "openbsd",
"version": "3.2"
},
{
"model": "openbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "openbsd",
"version": "3.1"
},
{
"model": "openbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "openbsd",
"version": "3.0"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "netbsd",
"version": "1.6.1"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "netbsd",
"version": "1.6"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "netbsd",
"version": "1.5.3"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "netbsd",
"version": "1.5.2"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "netbsd",
"version": "1.5.1"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "netbsd",
"version": "1.5"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.22"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.11"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.0"
},
{
"model": "alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "5.0"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "5.0"
},
{
"model": "-prerelease",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.8"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.8"
},
{
"model": "-stable",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.7"
},
{
"model": "-release",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.7"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.7"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.6.2"
},
{
"model": "-stable",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.6"
},
{
"model": "-release",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.6"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.6"
},
{
"model": "-stablepre2002-03-07",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.5"
},
{
"model": "-stable",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.5"
},
{
"model": "-release",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.5"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.5"
},
{
"model": "-stable",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.4"
},
{
"model": "-releng",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.4"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.4"
},
{
"model": "-stable",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.3"
},
{
"model": "-releng",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.3"
},
{
"model": "-release",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.3"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.3"
},
{
"model": "-stablepre122300",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.2"
},
{
"model": "-stablepre050201",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.2"
},
{
"model": "-stable",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.2"
},
{
"model": "-release",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.2"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.2"
},
{
"model": "-stable",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.1.1"
},
{
"model": "-release",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.1.1"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.1.1"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.1"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.0.x"
},
{
"model": "alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.0"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.0"
},
{
"model": "-stablepre2001-07-20",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "3.5.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.6"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#743092"
},
{
"db": "BID",
"id": "8315"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000237"
},
{
"db": "CNNVD",
"id": "CNNVD-200308-136"
},
{
"db": "NVD",
"id": "CVE-2003-0466"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:wu_ftpd:2.6.1-16:*:i386:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:wu_ftpd:2.6.1-16:*:powerpc:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:washington_university:wu-ftpd:2.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:washington_university:wu-ftpd:2.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:wu_ftpd:2.6.1-18:*:i386:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:wu_ftpd:2.6.1-18:*:ia64:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:washington_university:wu-ftpd:2.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:washington_university:wu-ftpd:2.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:wu_ftpd:2.6.2-5:*:i386:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:wu_ftpd:2.6.2-8:*:i386:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.1.1:release:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.1.1:stable:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.4:releng:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.6:stable:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:openbsd:openbsd:2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:openbsd:openbsd:2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:openbsd:openbsd:3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:openbsd:openbsd:3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.2.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.2.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.2:stable:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.4:stable:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.7:release:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.7:stable:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:1.5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:1.5.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:openbsd:openbsd:2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:openbsd:openbsd:2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:openbsd:openbsd:3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.3:releng:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.3:stable:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.6:release:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:5.0:alpha:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:openbsd:openbsd:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:openbsd:openbsd:2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:openbsd:openbsd:2.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:openbsd:openbsd:2.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:openbsd:openbsd:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.0:alpha:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.3:release:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.5:release:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.5:stable:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.8:pre-release:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:1.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:1.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:openbsd:openbsd:2.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:openbsd:openbsd:2.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0466"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Janusz Niewiadomski\u203b funkysh@isec.pl\u203bWojciech Purczynski\u203b cliph@isec.pl",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200308-136"
}
],
"trust": 0.6
},
"cve": "CVE-2003-0466",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2003-0466",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-7294",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2003-0466",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2003-0466",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#743092",
"trust": 0.8,
"value": "6.75"
},
{
"author": "CNNVD",
"id": "CNNVD-200308-136",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-7294",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#743092"
},
{
"db": "VULHUB",
"id": "VHN-7294"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000237"
},
{
"db": "CNNVD",
"id": "CNNVD-200308-136"
},
{
"db": "NVD",
"id": "CVE-2003-0466"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO. A function originally derived from 4.4BSD,\u00a0realpath(3), contains a vulnerability that may permit a malicious user to gain root access to the server. This function was derived from the FreeBSD 3.x tree. Other applications and operating systems that use or were derived from this code base may be affected. This problem was originally reported to affect WU-FTPd. It has been discoved to affect various BSD implementations as well. WU-FTPD is implemented in fb_realpath() In the function, the size of the buffer for handling the path is MAXPATHLEN However, the length of the path actually delivered is longer than that. (MAXPATHLEN+1) , one shift (off-by-one) A buffer overflow vulnerability exists.root Arbitrary commands may be executed with sufficient privileges. The \u0027realpath()\u0027 function is a C-library procedure to resolve the canonical, absolute pathname of a file based on a path that may contain values such as \u0027/\u0027, \u0027./\u0027, \u0027../\u0027, or symbolic links. A vulnerability that was reported to affect the implementation of \u0027realpath()\u0027 in WU-FTPD has lead to the discovery that at least one implementation of the C library is also vulnerable. FreeBSD has announced that the off-by-one stack- buffer-overflow vulnerability is present in their libc. Other systems are also likely vulnerable. \nReportedly, this vulnerability has been successfully exploited against WU-FTPD to execute arbitrary instructions. \nNOTE: Patching the C library alone may not remove all instances of this vulnerability. Statically linked programs may need to be rebuilt with a patched version of the C library. Also, some applications may implement their own version of \u0027realpath()\u0027. These applications would require their own patches. FreeBSD has published a large list of applications that use \u0027realpath()\u0027. Administrators of FreeBSD and other systems are urged to review it. For more information, see the advisory \u0027FreeBSD-SA-03:08.realpath\u0027. The realpath(3) function is used to determine the absolute path name of the rule in the given path name. The realpath(3) function is part of the FreeBSD standard C language library file. If the parsed pathname is 1024 bytes long and contains two directory separators, the buffer passed to the realpath(3) function can be overwritten with a single NUL byte. Applications that typically use the realpath(3) function can cause denial of service, or execute arbitrary code and privilege escalation attacks. sftp-server(8) is part of OpenSSH, and realpath(3) is used to process the chdir command. 1 cdparanoia-3.9. \nSynopsis:\twu-ftpd fb_realpath() off-by-one bug\nProduct:\twu-ftpd\nVersion: \t2.5.0 \u003c= 2.6.2\nVendor:\t\thttp://www.wuftpd.org/\n\nURL:\t\thttp://isec.pl/vulnerabilities/isec-0011-wu-ftpd.txt\nCVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0466\nAuthor:\t\tWojciech Purczynski \u003ccliph@isec.pl\u003e\n\t\tJanusz Niewiadomski \u003cfunkysh@isec.pl\u003e\nDate:\t\tJuly 31, 2003 \n\n\nIssue:\n======\n\nWu-ftpd FTP server contains remotely exploitable off-by-one bug. A local\nor remote attacker could exploit this vulnerability to gain root\nprivileges on a vulnerable system. \n\n\nDetails:\n========\n\nAn off-by-one bug exists in fb_realpath() function. \nThe overflowed buffer lies on the stack. \n\nThe bug results from misuse of rootd variable in the calculation of\nlength of a concatenated string:\n\n------8\u003c------cut-here------8\u003c------\n /*\n * Join the two strings together, ensuring that the right thing\n * happens if the last component is empty, or the dirname is root. \n */\n if (resolved[0] == \u0027/\u0027 \u0026\u0026 resolved[1] == \u0027\\0\u0027)\n rootd = 1;\n else\n rootd = 0;\n\n if (*wbuf) {\n if (strlen(resolved) + strlen(wbuf) + rootd + 1 \u003e MAXPATHLEN) {\n errno = ENAMETOOLONG;\n goto err1;\n }\n if (rootd == 0)\n (void) strcat(resolved, \"/\");\n (void) strcat(resolved, wbuf);\n }\n------8\u003c------cut-here------8\u003c------\n\nSince the path is constructed from current working directory and a file\nname specified as an parameter to various FTP commands attacker needs to\ncreate deep directory structure. This may occur for example if wu-ftpd is compiled\nwith some versions of Linux kernel where PATH_MAX (and MAXPATHLEN \naccordingly) is defined to be exactly 4095 characters. In such cases,\nthe buffer is padded with an extra byte because of variable alignment \nwhich is a result of code optimization. \n\nLinux 2.2.x and some early 2.4.x kernel versions defines PATH_MAX to be \n4095 characters, thus only wu-ftpd binaries compiled on 2.0.x or later 2.4.x\nkernels are affected. We believe that exploitation of other\nlittle-endian systems is also possible. \n \n\nImpact:\n=======\n\nAuthenticated local user or anonymous FTP user with write-access could\nexecute arbitrary code with root privileges. \n\n\nVendor Status:\n==============\n\nJune 1, 2003\tsecurity@wu-ftpd.org has been notified\nJune 9, 2003\tRequest for confirmation of receipt sent to security@wu-ftpd.org\nJune 11, 2003\tResponse received from Kent Landfield\nJuly 3, 2003 Request for status update sent\nJuly 19, 2003\tvendor-sec list notified\nJuly 31, 2003\tCoordinated public disclosure\n\n\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2003-0466 to this issue. \n\n-- \nJanusz Niewiadomski\niSEC Security Research\nhttp://isec.pl/\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0466"
},
{
"db": "CERT/CC",
"id": "VU#743092"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000237"
},
{
"db": "BID",
"id": "8315"
},
{
"db": "VULHUB",
"id": "VHN-7294"
},
{
"db": "PACKETSTORM",
"id": "31479"
}
],
"trust": 2.79
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-7294",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-7294"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2003-0466",
"trust": 3.7
},
{
"db": "CERT/CC",
"id": "VU#743092",
"trust": 3.3
},
{
"db": "BID",
"id": "8315",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "9423",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "9447",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "9446",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "9535",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1007380",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "6602",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "9406",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000237",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200308-136",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20030731 WU-FTPD FB_REALPATH() OFF-BY-ONE BUG",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20030804 WU-FTPD-2.6.2 OFF-BY-ONE REMOTE EXPLOIT.",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20060214 RE: LATEST WU-FTPD EXPLOIT :-S",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20060213 LATEST WU-FTPD EXPLOIT :-S",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20030804 OFF-BY-ONE BUFFER OVERFLOW VULNERABILITY IN BSD LIBC REALPATH(3)",
"trust": 0.6
},
{
"db": "REDHAT",
"id": "RHSA-2003:245",
"trust": 0.6
},
{
"db": "REDHAT",
"id": "RHSA-2003:246",
"trust": 0.6
},
{
"db": "VULNWATCH",
"id": "20030731 WU-FTPD FB_REALPATH() OFF-BY-ONE BUG",
"trust": 0.6
},
{
"db": "SUSE",
"id": "SUSE-SA:2003:032",
"trust": 0.6
},
{
"db": "NETBSD",
"id": "NETBSD-SA2003-011.TXT.ASC",
"trust": 0.6
},
{
"db": "SUNALERT",
"id": "1001257",
"trust": 0.6
},
{
"db": "TURBO",
"id": "TLSA-2003-46",
"trust": 0.6
},
{
"db": "IMMUNIX",
"id": "IMNX-2003-7+-019-01",
"trust": 0.6
},
{
"db": "MANDRAKE",
"id": "MDKSA-2003:080",
"trust": 0.6
},
{
"db": "OVAL",
"id": "OVAL:ORG.MITRE.OVAL:DEF:1970",
"trust": 0.6
},
{
"db": "XF",
"id": "12785",
"trust": 0.6
},
{
"db": "FREEBSD",
"id": "FREEBSD-SA-03:08",
"trust": 0.6
},
{
"db": "DEBIAN",
"id": "DSA-357",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "31479",
"trust": 0.2
},
{
"db": "EXPLOIT-DB",
"id": "22976",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "22974",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "22975",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-62739",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-76759",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-76761",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-76760",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-7294",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#743092"
},
{
"db": "VULHUB",
"id": "VHN-7294"
},
{
"db": "BID",
"id": "8315"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000237"
},
{
"db": "PACKETSTORM",
"id": "31479"
},
{
"db": "CNNVD",
"id": "CNNVD-200308-136"
},
{
"db": "NVD",
"id": "CVE-2003-0466"
}
]
},
"id": "VAR-200308-0014",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-7294"
}
],
"trust": 0.01
},
"last_update_date": "2024-02-28T22:37:56.784000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "245",
"trust": 0.8,
"url": "http://www.miraclelinux.com/support/update/data/wu-ftpd.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2003-000237"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-193",
"trust": 1.0
},
{
"problemtype": "Determination of boundary conditions (CWE-193) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2003-000237"
},
{
"db": "NVD",
"id": "CVE-2003-0466"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://isec.pl/vulnerabilities/isec-0011-wu-ftpd.txt"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/8315"
},
{
"trust": 2.5,
"url": "http://www.kb.cert.org/vuls/id/743092"
},
{
"trust": 2.0,
"url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2003-011.txt.asc"
},
{
"trust": 2.0,
"url": "http://www.turbolinux.com/security/tlsa-2003-46.txt"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/424852/100/0/threaded"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/425061/100/0/threaded"
},
{
"trust": 1.7,
"url": "http://www.debian.org/security/2003/dsa-357"
},
{
"trust": 1.7,
"url": "http://download.immunix.org/immunixos/7+/updates/errata/imnx-2003-7+-019-01"
},
{
"trust": 1.7,
"url": "http://www.mandriva.com/security/advisories?name=mdksa-2003:080"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/6602"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2003-245.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2003-246.html"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1007380"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/9423"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/9446"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/9447"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/9535"
},
{
"trust": 1.7,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1001257.1-1"
},
{
"trust": 1.7,
"url": "http://www.novell.com/linux/security/advisories/2003_032_wuftpd.html"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0065.html"
},
{
"trust": 1.1,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a1970"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12785"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=105967301604815\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=106001410028809\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=106001702232325\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=106002488209129\u0026w=2"
},
{
"trust": 0.9,
"url": "http://www.wuftpd.org/"
},
{
"trust": 0.8,
"url": "http://www.secunia.com/advisories/9406/"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2003-0466"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/12785"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=106002488209129\u0026w=2"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=106001702232325\u0026w=2"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=106001410028809\u0026w=2"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=105967301604815\u0026w=2"
},
{
"trust": 0.6,
"url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:1970"
},
{
"trust": 0.3,
"url": "http://www.info.apple.com/usen/security/security_updates.html"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f56121"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/patches/linux/security.html"
},
{
"trust": 0.3,
"url": "http://www.wu-ftpd.org"
},
{
"trust": 0.3,
"url": "/archive/1/331295"
},
{
"trust": 0.3,
"url": "/archive/1/331723"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=105967301604815\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=106002488209129\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=106001702232325\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=106001410028809\u0026amp;w=2"
},
{
"trust": 0.1,
"url": ""
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2003-0466"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2003-0466"
},
{
"trust": 0.1,
"url": "http://isec.pl/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#743092"
},
{
"db": "VULHUB",
"id": "VHN-7294"
},
{
"db": "BID",
"id": "8315"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000237"
},
{
"db": "PACKETSTORM",
"id": "31479"
},
{
"db": "CNNVD",
"id": "CNNVD-200308-136"
},
{
"db": "NVD",
"id": "CVE-2003-0466"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#743092"
},
{
"db": "VULHUB",
"id": "VHN-7294"
},
{
"db": "BID",
"id": "8315"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000237"
},
{
"db": "PACKETSTORM",
"id": "31479"
},
{
"db": "CNNVD",
"id": "CNNVD-200308-136"
},
{
"db": "NVD",
"id": "CVE-2003-0466"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-07-31T00:00:00",
"db": "CERT/CC",
"id": "VU#743092"
},
{
"date": "2003-08-27T00:00:00",
"db": "VULHUB",
"id": "VHN-7294"
},
{
"date": "2003-07-31T00:00:00",
"db": "BID",
"id": "8315"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2003-000237"
},
{
"date": "2003-08-05T16:57:23",
"db": "PACKETSTORM",
"id": "31479"
},
{
"date": "2003-07-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200308-136"
},
{
"date": "2003-08-27T04:00:00",
"db": "NVD",
"id": "CVE-2003-0466"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-08-15T00:00:00",
"db": "CERT/CC",
"id": "VU#743092"
},
{
"date": "2018-05-03T00:00:00",
"db": "VULHUB",
"id": "VHN-7294"
},
{
"date": "2007-05-15T19:08:00",
"db": "BID",
"id": "8315"
},
{
"date": "2024-02-28T04:21:00",
"db": "JVNDB",
"id": "JVNDB-2003-000237"
},
{
"date": "2007-05-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200308-136"
},
{
"date": "2024-02-08T15:50:15.020000",
"db": "NVD",
"id": "CVE-2003-0466"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200308-136"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "realpath(3) function contains off-by-one buffer overflow",
"sources": [
{
"db": "CERT/CC",
"id": "VU#743092"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Boundary Condition Error",
"sources": [
{
"db": "BID",
"id": "8315"
},
{
"db": "CNNVD",
"id": "CNNVD-200308-136"
}
],
"trust": 0.9
}
}
VAR-200203-0011
Vulnerability from variot - Updated: 2024-02-26 22:51Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges. OpenSSH is a program used to provide secure connection and communications between client and servers. Channels are used to segregate differing traffic between the client and the server. OpenSSH is a suite implementing the SSH protocol. It includes client and server software, and supports ssh and sftp. It was initially developed for BSD, but is also widely used for Linux, Solaris, and other UNIX-like operating systems. A vulnerability has been announced in some versions of OpenSSH. A malicious client may exploit this vulnerability by connecting to a vulnerable server. Valid credentials are believed to be required, since the exploitable condition reportedly occurs after successful authentication. An examination of the code suggests this, but it has not been confirmed by the maintainer. Administrators should assume that this can be exploited without authentication and should patch vulnerable versions immediately. It encrypts and transmits all network communications, thereby avoiding attacks at many network layers, and is a very useful network connection tool. A user with a legal login account can use this vulnerability to obtain the root authority of the host. To implement X11, TCP and proxy forwarding, OpenSSH multiplexes multiple "channels" on a single TCP connection. The program may mistakenly use memory data outside the normal range, and an attacker with a legitimate login account logs in After entering the system, this vulnerability can be exploited to allow sshd to execute arbitrary commands with root privileges
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200203-0011",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linux",
"scope": "eq",
"trust": 1.6,
"vendor": "redhat",
"version": "7.1"
},
{
"model": "mandrake linux corporate server",
"scope": "eq",
"trust": 1.0,
"vendor": "mandrakesoft",
"version": "1.0.1"
},
{
"model": "openssh",
"scope": "lt",
"trust": 1.0,
"vendor": "openbsd",
"version": "3.1"
},
{
"model": "secure linux",
"scope": "eq",
"trust": 1.0,
"vendor": "trustix",
"version": "1.5"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "conectiva",
"version": "5.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "conectiva",
"version": "7.0"
},
{
"model": "mandrake single network firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "mandrakesoft",
"version": "7.2"
},
{
"model": "mandrake linux",
"scope": "eq",
"trust": 1.0,
"vendor": "mandrakesoft",
"version": "8.0"
},
{
"model": "secure linux",
"scope": "eq",
"trust": 1.0,
"vendor": "engardelinux",
"version": "1.0.1"
},
{
"model": "mandrake linux",
"scope": "eq",
"trust": 1.0,
"vendor": "mandrakesoft",
"version": "7.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "conectiva",
"version": "6.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "conectiva",
"version": "ecommerce"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "conectiva",
"version": "graficas"
},
{
"model": "openssh",
"scope": "gte",
"trust": 1.0,
"vendor": "openbsd",
"version": "2.0"
},
{
"model": "mandrake linux",
"scope": "eq",
"trust": 1.0,
"vendor": "mandrakesoft",
"version": "7.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "7.3"
},
{
"model": "openpkg",
"scope": "eq",
"trust": 1.0,
"vendor": "openpkg",
"version": "1.0"
},
{
"model": "secure linux",
"scope": "eq",
"trust": 1.0,
"vendor": "trustix",
"version": "1.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "7.1"
},
{
"model": "immunix",
"scope": "eq",
"trust": 1.0,
"vendor": "immunix",
"version": "7.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "mandrake linux",
"scope": "eq",
"trust": 1.0,
"vendor": "mandrakesoft",
"version": "8.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "7.0"
},
{
"model": "secure linux",
"scope": "eq",
"trust": 1.0,
"vendor": "trustix",
"version": "1.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "7.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "6.4"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "conectiva",
"version": "5.1"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "bsdi",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "caldera",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "conectiva",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "engarde",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mandrakesoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "netbsd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "openbsd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "openpkg",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "openssh",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "openwall gnu linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "suse",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sun",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "trustix",
"version": null
},
{
"model": "hp-ux",
"scope": null,
"trust": 0.8,
"vendor": "\u30d2\u30e5\u30fc\u30ec\u30c3\u30c8 \u30d1\u30c3\u30ab\u30fc\u30c9",
"version": null
},
{
"model": "red hat linux",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
"version": "7.0"
},
{
"model": "red hat linux",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
"version": "7.2"
},
{
"model": "red hat linux",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
"version": "7.1"
},
{
"model": "openssh",
"scope": null,
"trust": 0.8,
"vendor": "openbsd",
"version": null
},
{
"model": "p1",
"scope": "eq",
"trust": 0.3,
"vendor": "openssh",
"version": "3.0.2"
},
{
"model": "openssh",
"scope": "eq",
"trust": 0.3,
"vendor": "openssh",
"version": "3.0.2"
},
{
"model": "openssh",
"scope": "eq",
"trust": 0.3,
"vendor": "openssh",
"version": "3.0.1"
},
{
"model": "openssh",
"scope": "eq",
"trust": 0.3,
"vendor": "openssh",
"version": "2.9.9"
},
{
"model": "p2",
"scope": "eq",
"trust": 0.3,
"vendor": "openssh",
"version": "2.9"
},
{
"model": "p1",
"scope": "eq",
"trust": 0.3,
"vendor": "openssh",
"version": "2.9"
},
{
"model": "openssh",
"scope": "eq",
"trust": 0.3,
"vendor": "openssh",
"version": "2.9"
},
{
"model": "openssh",
"scope": "eq",
"trust": 0.3,
"vendor": "openssh",
"version": "2.5.2"
},
{
"model": "openssh",
"scope": "eq",
"trust": 0.3,
"vendor": "openssh",
"version": "2.5.1"
},
{
"model": "openssh",
"scope": "eq",
"trust": 0.3,
"vendor": "openssh",
"version": "2.5"
},
{
"model": "openssh",
"scope": "eq",
"trust": 0.3,
"vendor": "openssh",
"version": "2.3"
},
{
"model": "openssh",
"scope": "eq",
"trust": 0.3,
"vendor": "openssh",
"version": "2.2"
},
{
"model": "openssh",
"scope": "eq",
"trust": 0.3,
"vendor": "openssh",
"version": "2.1.1"
},
{
"model": "openssh",
"scope": "eq",
"trust": 0.3,
"vendor": "openssh",
"version": "2.1"
},
{
"model": "openbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "openbsd",
"version": "2.8"
},
{
"model": "openssh",
"scope": "ne",
"trust": 0.3,
"vendor": "openssh",
"version": "3.1"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#408419"
},
{
"db": "BID",
"id": "4241"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000054"
},
{
"db": "CNNVD",
"id": "CNNVD-200203-034"
},
{
"db": "NVD",
"id": "CVE-2002-0083"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:conectiva:linux:graficas:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:immunix:immunix:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:conectiva:linux:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:conectiva:linux:5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openpkg:openpkg:1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:conectiva:linux:ecommerce:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mandrakesoft:mandrake_single_network_firewall:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:conectiva:linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:conectiva:linux:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.1",
"versionStartIncluding": "2.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mandrakesoft:mandrake_linux:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:trustix:secure_linux:1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:suse_linux:7.1:*:sparc:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:suse_linux:7.1:alpha:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mandrakesoft:mandrake_linux:8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:1.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mandrakesoft:mandrake_linux:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:suse_linux:7.3:*:ppc:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:suse_linux:7.0:*:sparc:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:trustix:secure_linux:1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:suse_linux:6.4:*:i386:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:suse_linux:7.3:*:i386:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:suse_linux:7.0:*:i386:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:suse_linux:7.0:*:ppc:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mandrakesoft:mandrake_linux:8.0:*:ppc:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:engardelinux:secure_linux:1.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:suse_linux:6.4:*:ppc:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:suse_linux:7.0:alpha:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:trustix:secure_linux:1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:suse_linux:7.1:*:spa:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:suse_linux:6.4:alpha:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mandrakesoft:mandrake_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:suse_linux:7.2:*:i386:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:suse_linux:7.3:*:sparc:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:suse_linux:7.1:*:x86:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:linux:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0083"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Joost Pol\u203b joost@pine.nl",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200203-034"
}
],
"trust": 0.6
},
"cve": "CVE-2002-0083",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2002-0083",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-4478",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2002-0083",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2002-0083",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#408419",
"trust": 0.8,
"value": "25.65"
},
{
"author": "CNNVD",
"id": "CNNVD-200203-034",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-4478",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#408419"
},
{
"db": "VULHUB",
"id": "VHN-4478"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000054"
},
{
"db": "CNNVD",
"id": "CNNVD-200203-034"
},
{
"db": "NVD",
"id": "CVE-2002-0083"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges. OpenSSH is a program used to provide secure connection and communications between client and servers. Channels are used to segregate differing traffic between the client and the server. OpenSSH is a suite implementing the SSH protocol. It includes client and server software, and supports ssh and sftp. It was initially developed for BSD, but is also widely used for Linux, Solaris, and other UNIX-like operating systems. \nA vulnerability has been announced in some versions of OpenSSH. A malicious client may exploit this vulnerability by connecting to a vulnerable server. Valid credentials are believed to be required, since the exploitable condition reportedly occurs after successful authentication. An examination of the code suggests this, but it has not been confirmed by the maintainer. \nAdministrators should assume that this can be exploited without authentication and should patch vulnerable versions immediately. It encrypts and transmits all network communications, thereby avoiding attacks at many network layers, and is a very useful network connection tool. A user with a legal login account can use this vulnerability to obtain the root authority of the host. To implement X11, TCP and proxy forwarding, OpenSSH multiplexes multiple \"channels\" on a single TCP connection. The program may mistakenly use memory data outside the normal range, and an attacker with a legitimate login account logs in After entering the system, this vulnerability can be exploited to allow sshd to execute arbitrary commands with root privileges",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0083"
},
{
"db": "CERT/CC",
"id": "VU#408419"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000054"
},
{
"db": "BID",
"id": "4241"
},
{
"db": "VULHUB",
"id": "VHN-4478"
}
],
"trust": 2.7
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-4478",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-4478"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2002-0083",
"trust": 3.6
},
{
"db": "BID",
"id": "4241",
"trust": 3.0
},
{
"db": "CERT/CC",
"id": "VU#408419",
"trust": 1.6
},
{
"db": "OSVDB",
"id": "730",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000054",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200203-034",
"trust": 0.7
},
{
"db": "EXPLOIT-DB",
"id": "21314",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-75148",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-4478",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#408419"
},
{
"db": "VULHUB",
"id": "VHN-4478"
},
{
"db": "BID",
"id": "4241"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000054"
},
{
"db": "CNNVD",
"id": "CNNVD-200203-034"
},
{
"db": "NVD",
"id": "CVE-2002-0083"
}
]
},
"id": "VAR-200203-0011",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-4478"
}
],
"trust": 0.01
},
"last_update_date": "2024-02-26T22:51:43.141000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "043",
"trust": 0.8,
"url": "http://www.openbsd.org/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2002-000054"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-193",
"trust": 1.0
},
{
"problemtype": "Determination of boundary conditions (CWE-193) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-189",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-4478"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000054"
},
{
"db": "NVD",
"id": "CVE-2002-0083"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://www.openbsd.org/advisories/ssh_channelalloc.txt"
},
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/4241"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=101553908201861\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=101552065005254\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=101561384821761\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=101586991827622\u0026w=2"
},
{
"trust": 1.1,
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-03/0108.html"
},
{
"trust": 1.1,
"url": "http://online.securityfocus.com/archive/1/264657"
},
{
"trust": 1.1,
"url": "http://www.calderasystems.com/support/security/advisories/cssa-2002-012.0.txt"
},
{
"trust": 1.1,
"url": "ftp://stage.caldera.com/pub/security/openserver/cssa-2002-sco.10/cssa-2002-sco.10.txt"
},
{
"trust": 1.1,
"url": "ftp://stage.caldera.com/pub/security/openunix/cssa-2002-sco.11/cssa-2002-sco.11.txt"
},
{
"trust": 1.1,
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000467"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2002/dsa-119"
},
{
"trust": 1.1,
"url": "http://www.linuxsecurity.com/advisories/other_advisory-1937.html"
},
{
"trust": 1.1,
"url": "ftp://ftp.freebsd.org/pub/freebsd/cert/advisories/freebsd-sa-02:13.openssh.asc"
},
{
"trust": 1.1,
"url": "http://online.securityfocus.com/advisories/3960"
},
{
"trust": 1.1,
"url": "http://www.linux-mandrake.com/en/security/2002/mdksa-2002-019.php"
},
{
"trust": 1.1,
"url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2002-004.txt.asc"
},
{
"trust": 1.1,
"url": "http://www.osvdb.org/730"
},
{
"trust": 1.1,
"url": "http://www.redhat.com/support/errata/rhsa-2002-043.html"
},
{
"trust": 1.1,
"url": "http://www.novell.com/linux/security/advisories/2002_009_openssh_txt.html"
},
{
"trust": 1.1,
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0060.html"
},
{
"trust": 1.1,
"url": "http://www.iss.net/security_center/static/8383.php"
},
{
"trust": 0.8,
"url": "http://www.pine.nl/advisories/pine-cert-20020301.txt"
},
{
"trust": 0.8,
"url": "http://online.securityfocus.com/bid/4241"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2002-0083"
},
{
"trust": 0.8,
"url": "http://www.kb.cert.org/vuls/id/408419"
},
{
"trust": 0.3,
"url": "http://support.coresecurity.com/impact/exploits/44711fd6971e717073942524961d8e3e.html"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#408419"
},
{
"db": "VULHUB",
"id": "VHN-4478"
},
{
"db": "BID",
"id": "4241"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000054"
},
{
"db": "NVD",
"id": "CVE-2002-0083"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#408419"
},
{
"db": "VULHUB",
"id": "VHN-4478"
},
{
"db": "BID",
"id": "4241"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000054"
},
{
"db": "CNNVD",
"id": "CNNVD-200203-034"
},
{
"db": "NVD",
"id": "CVE-2002-0083"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-03-07T00:00:00",
"db": "CERT/CC",
"id": "VU#408419"
},
{
"date": "2002-03-15T00:00:00",
"db": "VULHUB",
"id": "VHN-4478"
},
{
"date": "2002-03-07T00:00:00",
"db": "BID",
"id": "4241"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2002-000054"
},
{
"date": "2002-03-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200203-034"
},
{
"date": "2002-03-15T05:00:00",
"db": "NVD",
"id": "CVE-2002-0083"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-04-02T00:00:00",
"db": "CERT/CC",
"id": "VU#408419"
},
{
"date": "2016-10-18T00:00:00",
"db": "VULHUB",
"id": "VHN-4478"
},
{
"date": "2007-11-05T15:25:00",
"db": "BID",
"id": "4241"
},
{
"date": "2024-02-26T07:51:00",
"db": "JVNDB",
"id": "JVNDB-2002-000054"
},
{
"date": "2006-09-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200203-034"
},
{
"date": "2024-02-02T02:52:51.803000",
"db": "NVD",
"id": "CVE-2002-0083"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200203-034"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenSSH contains a one-off overflow of an array in the channel handling code",
"sources": [
{
"db": "CERT/CC",
"id": "VU#408419"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "digital error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200203-034"
}
],
"trust": 0.6
}
}
VAR-200103-0098
Vulnerability from variot - Updated: 2024-02-06 19:13FireWall-1 4.1 with a limited-IP license allows remote attackers to cause a denial of service by sending a large number of spoofed IP packets with various source addresses to the inside interface, which floods the console with warning messages and consumes CPU resources. The secure-RPC feature of the SSH1 client in Solaris sometimes encrypts the SSH private key file with a weak passphrase, which can be determined by an attacker and used to recover the SSH private keys. Other versions of the SSH client running on non-Solaris platforms are not affected by this vulnerability. NewsDaemon prior to version 0.21b contains a vulnerability allowing remote attackers to gain administrative access to the web site. getty_ps is an open-source software package designed to support logons to the console and terminals. Some implementations create temporary files insecurely with predictable names, leading to corruption of arbitrary files via symbolic link attack. CPU There is a vulnerability that consumes a large amount of resources.System disrupts service operation (DoS) It may be in a state. getty_ps is an open source, freely available, publicly maintained software package shipped with many distributions of Linux. A problem in the getty_ps software package could make it vulnerable to a symbolic link attack. The problem occurs in the creation and handling of files in the /tmp directory by the getty_ps program. Under certain circumstances, getty_ps will create files in the /tmp filesystem in an insecure manner. The program uses a naming scheme that could make it possible to guess the filename of future files in the /tmp directory, and does not check for the existance of the file before attempting to create it. A malicious user could use this vulnerability to overwrite or append to and corrupt system files. SSH is a package designed to encrypt traffic between two end points using the IETF specified SSH protocol. The SSH1 package is distributed and maintained by SSH Communications Security. A problem exists which could allow the discovery of the secret key used to encrypt traffic on the local host. When using SUN-DES-1 to share keys with other hosts on the network to facilitate secure communication via protocols such as NFS and NIS+, the keys are shared between hosts using the private key of the user and a cryptographic algorithm to secure the contents of the key, which is stored on the NIS+ primary. The problem occurs when the key is encrypted with the SUN-DES-1 magic phrase prior to having done a keylogin (the keyserv does not have the users DH private key). A design flaw in the software that shares the key with the NIS+ master will inconsistently return the correct value for an attempted keyshare that has failed. A step in the private key encryption process is skipped, and the users private key is then encrypted only with the public key of the target server and the SUN-DES-1 magic phrase, a phrase that is guessable due to the way it is generated. A user from the same host can then execute a function that returns another users magic phrase, and use this to decrypt the private key of the victim. This makes it possible for a user with malicious intent to gain knowledge of a users secret key, and decrypt sensitive traffic between two hosts, with the possibility of gaining access and elevated privileges on the hosts and/or NIS+ domain. This reportedly affects the SSH2 series of the software package. Firewall-1 is a firewall software package that provides many advanced features such as content filtering and network address translation. It is distributed by Check Point Software Technologies, and designed to run on various systems such as Sparc/Solaris or the Nokia Firewall Modules. A problem with the license manager used with the Firewall-1 package could allow a Denial of Service. The problem manifests itself when the internal interface receives a large number of packets that are source routed and containing ficticious (or even valid) addresses. With each error message generated, the load on the Firewall system CPU raises. Check Point Software has acknowledged this vulnerability and a workaround is available. For the workaround, see the solution section of this vulnerability database entry. This issue will be resolved in the next service pack. There is a vulnerability in FireWall-1 version 4.1 with limited-IP license. This vulnerability can cause console congestion warning messages and CPU resource consumption. TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to majordomo@iss.net Contact alert-owner@iss.net for help with any problems!
-----BEGIN PGP SIGNED MESSAGE-----
Internet Security Systems Security Alert Summary February 6, 2001 Volume 6 Number 3
X-Force Vulnerability and Threat Database: http://xforce.iss.net/ To receive these Alert Summaries as well as other Alerts and Advisories, subscribe to the Internet Security Systems Alert mailing list at: http://xforce.iss.net/maillists/index.php
Contents
120 Reported Vulnerabilities
Risk Factor Key
Date Reported: 1/31/01 Vulnerability: win2k-rdp-dos Platforms Affected: Windows 2000 Risk Factor: Medium Attack Type: Network Based Brief Description: Windows 2000 Server RDP denial of service X-Force URL: http://xforce.iss.net/static/6035.php
Date Reported: 1/31/01 Vulnerability: cisco-ccs-file-access Platforms Affected: Cisco Content Services Switch Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Cisco CCS command line interface could allow read access to files and directories X-Force URL: http://xforce.iss.net/static/6031.php
Date Reported: 1/31/01 Vulnerability: quicktime-embedded-tag-bo Platforms Affected: Quicktime 4.1.2 Risk Factor: High Attack Type: Host Based Brief Description: QuickTime Player EMBED tag buffer overflow X-Force URL: http://xforce.iss.net/static/6040.php
Date Reported: 1/31/01 Vulnerability: solaris-ximp40-bo Platforms Affected: Solaris (7, 8) Risk Factor: High Attack Type: Host Based Brief Description: Solaris "ximp40" shared library buffer overflow X-Force URL: http://xforce.iss.net/static/6039.php
Date Reported: 1/31/01 Vulnerability: cisco-ccs-cli-dos Platforms Affected: Cisco Content Services Switch Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Cisco CCS command line interface denial of service X-Force URL: http://xforce.iss.net/static/6030.php
Date Reported: 1/30/01 Vulnerability: slimserve-httpd-dos Platforms Affected: SlimServe 1.0 Risk Factor: Medium Attack Type: Network Based Brief Description: SlimServe HTTPd denial of service X-Force URL: http://xforce.iss.net/static/6028.php
Date Reported: 1/30/01 Vulnerability: crazywwwboard-qdecoder-bo Platforms Affected: CrazyWWWBoard prior to 2000LEp5-1 Risk Factor: Medium Attack Type: Network Based Brief Description: CrazyWWWBoard qDecoder buffer overflow X-Force URL: http://xforce.iss.net/static/6033.php
Date Reported: 1/30/01 Vulnerability: virusbuster-mua-bo Platforms Affected: Risk Factor: Medium Attack Type: Network Based Brief Description: Virus Buster 2001 Mail User Agent (MUA) buffer overflow X-Force URL: http://xforce.iss.net/static/6034.php
Date Reported: 1/29/01 Vulnerability: iis-isapi-obtain-code Platforms Affected: IIS (4.0, 5.0) Risk Factor: Low Attack Type: Network/Host Based Brief Description: IIS allows remote attacker to obtain code fragments using .htr ISAPI extensions X-Force URL: http://xforce.iss.net/static/6032.php
Date Reported: 1/29/01 Vulnerability: bind-inverse-query-disclosure Platforms Affected: Bind (4.x, 8.2.x) Risk Factor: Medium Attack Type: Network Based Brief Description: BIND 4.x and 8.2.x exposes environment variables X-Force URL: http://xforce.iss.net/static/6018.php
Date Reported: 1/29/01 Vulnerability: hp-man-dos Platforms Affected: HPUX Risk Factor: Medium Attack Type: Host Based Brief Description: HP man command denial of service X-Force URL: http://xforce.iss.net/static/6014.php
Date Reported: 1/29/01 Vulnerability: sort-temp-file-abort Platforms Affected: FreeBSD Risk Factor: Medium Attack Type: Host Based Brief Description: Sort temporary files denial of service X-Force URL: http://xforce.iss.net/static/6038.php
Date Reported: 1/29/01 Vulnerability: bind-complain-format-string Platforms Affected: BIND 4.x Risk Factor: Medium Attack Type: Network Based Brief Description: BIND 4.x nslookupComplain() format string X-Force URL: http://xforce.iss.net/static/6017.php
Date Reported: 1/29/01 Vulnerability: bind-complain-bo Platforms Affected: BIND 4.x Risk Factor: Medium Attack Type: Network Based Brief Description: BIND 4.x nslookupComplain() buffer overflow X-Force URL: http://xforce.iss.net/static/6016.php
Date Reported: 1/29/01 Vulnerability: winvnc-client-bo Platforms Affected: WinVNC Risk Factor: High Attack Type: Network Based Brief Description: WinVNC client buffer overflow X-Force URL: http://xforce.iss.net/static/6025.php
Date Reported: 1/29/01 Vulnerability: winvnc-server-bo Platforms Affected: WinVNC Risk Factor: High Attack Type: Network Based Brief Description: WinVNC server buffer overflow X-Force URL: http://xforce.iss.net/static/6026.php
Date Reported: 1/29/01 Vulnerability: guestserver-cgi-execute-commands Platforms Affected: Guestserver 4.12 and earlier Risk Factor: High Attack Type: Network Based Brief Description: Guestserver.cgi allows remote command execution X-Force URL: http://xforce.iss.net/static/6027.php
Date Reported: 1/29/01 Vulnerability: bind-tsig-bo Platforms Affected: BIND 8.2.x Risk Factor: Unauthorized Access Attempt Attack Type: Network/Host Based Brief Description: BIND 8.2.x transaction signature (TSIG) buffer overflow X-Force URL: http://xforce.iss.net/static/6015.php
Date Reported: 1/28/01 Vulnerability: hyperseek-cgi-reveal-info Platforms Affected: Hyperseek Search Engine 2000 Risk Factor: Medium Attack Type: Network Based Brief Description: Hyperseek CGI could reveal listings of directories and files X-Force URL: http://xforce.iss.net/static/6012.php
Date Reported: 1/26/01 Vulnerability: newsdaemon-gain-admin-access Platforms Affected: NewsDaemon prior to 0.21b Risk Factor: High Attack Type: Network Based Brief Description: NewsDaemon allows remote users to gain administrative access X-Force URL: http://xforce.iss.net/static/6010.php
Date Reported: 1/26/01 Vulnerability: mars-nwe-format-string Platforms Affected: Mars_nwe 0.99.pl19 Risk Factor: High Attack Type: Network Based Brief Description: Mars_nwe format string X-Force URL: http://xforce.iss.net/static/6019.php
Date Reported: 1/26/01 Vulnerability: mars-nwe-format-string Platforms Affected: Mars_nwe 0.99.pl19 Risk Factor: High Attack Type: Network Based Brief Description: Mars_nwe format string X-Force URL: http://xforce.iss.net/static/6019.php
Date Reported: 1/25/01 Vulnerability: planetintra-pi-bo Platforms Affected: Planet Intra LAN Intranet 2.5 Risk Factor: High Attack Type: Network Based Brief Description: Planet Intra 'pi' binary buffer oveflow X-Force URL: http://xforce.iss.net/static/6002.php
Date Reported: 1/25/01 Vulnerability: borderware-ping-dos Platforms Affected: BorderWare Firewall Server 6.1.2 Risk Factor: High Attack Type: Network Based Brief Description: BorderWare ping denial of service X-Force URL: http://xforce.iss.net/static/6004.php
Date Reported: 1/25/01 Vulnerability: aol-malformed-url-dos Platforms Affected: AOL 5.0 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: AOL malformed URL denial of service X-Force URL: http://xforce.iss.net/static/6009.php
Date Reported: 1/25/01 Vulnerability: mirc-bypass-password Platforms Affected: mIRC Risk Factor: High Attack Type: Host Based Brief Description: mIRC allows malicious user to bypass password X-Force URL: http://xforce.iss.net/static/6013.php
Date Reported: 1/25/01 Vulnerability: netscape-enterprise-revlog-dos Platforms Affected: Netscape Enterprise Server Risk Factor: Medium Attack Type: Network Based Brief Description: Netscape Enterprise Server REVLOG denial of service X-Force URL: http://xforce.iss.net/static/6003.php
Date Reported: 1/24/01 Vulnerability: aim-execute-code Platforms Affected: AOL Instant Messenger 4.1 and later Risk Factor: High Attack Type: Host Based Brief Description: AOL Instant Messenger execution of code in modified images X-Force URL: http://xforce.iss.net/static/6005.php
Date Reported: 1/24/01 Vulnerability: netscape-enterprise-list-directories Platforms Affected: Netscape Enterprise Server (3.0, 4.0) Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Netscape Enterprise Server allows remote directory listing X-Force URL: http://xforce.iss.net/static/5997.php
Date Reported: 1/24/01 Vulnerability: winnt-mutex-dos Platforms Affected: Windows NT 4.0 Risk Factor: Medium Attack Type: Host Based Brief Description: Windows NT mutex denial of service X-Force URL: http://xforce.iss.net/static/6006.php
Date Reported: 1/24/01 Vulnerability: jrun-webinf-file-retrieval Platforms Affected: JRun Risk Factor: Medium Attack Type: Network/Host Based Brief Description: JRun malformed URL file retrieval X-Force URL: http://xforce.iss.net/static/6008.php
Date Reported: 1/23/01 Vulnerability: ipfw-bypass-firewall Platforms Affected: FreeBSD (3.x, 4.x) Risk Factor: High Attack Type: Network Based Brief Description: ipfw/ip6fw allows remote attacker to bypass firewall X-Force URL: http://xforce.iss.net/static/5998.php
Date Reported: 1/23/01 Vulnerability: netopia-telnet-dos Platforms Affected: Netopia R-series router Risk Factor: Medium Attack Type: Network Based Brief Description: Netopia R9100 allows remote user to crash the router using telnet X-Force URL: http://xforce.iss.net/static/6001.php
Date Reported: 1/23/01 Vulnerability: wuftp-debug-format-string Platforms Affected: Wu-ftpd Risk Factor: High Attack Type: Network Based Brief Description: Wu-ftpd debug mode format string X-Force URL: http://xforce.iss.net/static/6020.php
Date Reported: 1/23/01 Vulnerability: kde2-kdesu-retrieve-passwords Platforms Affected: Linux: Caldera eDesktop 2.4 Risk Factor: High Attack Type: Host Based Brief Description: KDE2 kdesu program allows users to retrieve passwords X-Force URL: http://xforce.iss.net/static/5995.php
Date Reported: 1/23/01 Vulnerability: easycom-safecom-url-bo Platforms Affected: Easycom/Safecom firmware 404.590 Risk Factor: Medium Attack Type: Network Based Brief Description: Easycom/Safecom print server long URL buffer overflow X-Force URL: http://xforce.iss.net/static/5988.php
Date Reported: 1/23/01 Vulnerability: easycom-safecom-printguide-dos Platforms Affected: Easycom/Safecom firmware 404.590 Risk Factor: Medium Attack Type: Network Based Brief Description: Easycom/Safecom PrintGuide denial of service X-Force URL: http://xforce.iss.net/static/5989.php
Date Reported: 1/23/01 Vulnerability: easycom-safecom-ftp-dos Platforms Affected: Easycom/Safecom firmware 404.590 Risk Factor: Medium Attack Type: Network Based Brief Description: Easycom/Safecom FTP denial of service X-Force URL: http://xforce.iss.net/static/5990.php
Date Reported: 1/23/01 Vulnerability: vnc-weak-authentication Platforms Affected: VNC 3.3.3 and earlier Risk Factor: Medium Attack Type: Network Based Brief Description: VNC weak authentication could allow unauthorized access X-Force URL: http://xforce.iss.net/static/5992.php
Date Reported: 1/23/01 Vulnerability: lotus-domino-smtp-bo Platforms Affected: Lotus Domino 5.0 Risk Factor: High Attack Type: Network/Host Based Brief Description: Lotus Domino SMTP Server policy feature buffer overflow X-Force URL: http://xforce.iss.net/static/5993.php
Date Reported: 1/23/01 Vulnerability: linux-sash-shadow-readable Platforms Affected: sash prior to 3.4-4 Risk Factor: High Attack Type: Host Based Brief Description: Linux sash /etc/shadow directory world-readable X-Force URL: http://xforce.iss.net/static/5994.php
Date Reported: 1/22/01 Vulnerability: powerpoint-execute-code Platforms Affected: Microsoft PowerPoint 2000 Risk Factor: High Attack Type: Host Based Brief Description: PowerPoint could allow code execution on another user's computer X-Force URL: http://xforce.iss.net/static/5996.php
Date Reported: 1/22/01 Vulnerability: icecast-format-string Platforms Affected: Icecast 1.3.8beta2 and prior Risk Factor: High Attack Type: Network/Host Based Brief Description: Icecast format string could allow arbitrary code execution X-Force URL: http://xforce.iss.net/static/5978.php
Date Reported: 1/22/01 Vulnerability: oracle-handlers-directory-traversal Platforms Affected: Oracle 8.1.7 Risk Factor: High Attack Type: Network Based Brief Description: Oracle JSP/SQLJP handlers directory traversal X-Force URL: http://xforce.iss.net/static/5986.php
Date Reported: 1/22/01 Vulnerability: oracle-handlers-execute-jsp Platforms Affected: Oracle 8.1.7 Risk Factor: High Attack Type: Network Based Brief Description: Oracle JSP/SQLJP handlers allows remote attacker to execute .jsp files X-Force URL: http://xforce.iss.net/static/5987.php
Date Reported: 1/22/01 Vulnerability: netscape-enterprise-dot-dos Platforms Affected: Netscape Enterprise Server 4.1 SP5 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Netscape Enterprise Server "/../" denial of service X-Force URL: http://xforce.iss.net/static/5983.php
Date Reported: 1/22/01 Vulnerability: goodtech-ftp-dos Platforms Affected: GoodTech FTP 3.0.1.2.1.0 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: GoodTech FTP server denial of service X-Force URL: http://xforce.iss.net/static/5984.php
Date Reported: 1/22/01 Vulnerability: netscape-fasttrack-cache-dos Platforms Affected: Netscape FastTrack Risk Factor: Low Attack Type: Host Based Brief Description: Netscape FastTrack Server cache denial of service X-Force URL: http://xforce.iss.net/static/5985.php
Date Reported: 1/21/01 Vulnerability: eeye-iris-dos Platforms Affected: Iris Network Analyzer 1.01beta Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Iris denial of service X-Force URL: http://xforce.iss.net/static/5981.php
Date Reported: 1/20/01 Vulnerability: watchguard-firebox-obtain-passphrase Platforms Affected: Firebox II Risk Factor: High Attack Type: Network Based Brief Description: WatchGuard Firebox allows remote user to obtain passphrase X-Force URL: http://xforce.iss.net/static/5979.php
Date Reported: 1/19/01 Vulnerability: fastream-ftp-server-dos Platforms Affected: Fastream FTP++ Simple FTP Server 2.0 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Fastream FTP denial of service X-Force URL: http://xforce.iss.net/static/5976.php
Date Reported: 1/19/01 Vulnerability: fastream-ftp-path-disclosure Platforms Affected: Fastream FTP++ Simple FTP Server 2.0 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Fastream FTP path disclosure X-Force URL: http://xforce.iss.net/static/5977.php
Date Reported: 1/19/01 Vulnerability: localweb2k-directory-traversal Platforms Affected: LocalWEB2000 HTTP Server 1.1.0 Risk Factor: Medium Attack Type: Network Based Brief Description: LocalWEB2000 directory traversal X-Force URL: http://xforce.iss.net/static/5982.php
Date Reported: 1/19/01 Vulnerability: win2k-efs-recover-data Platforms Affected: Windows 2000 Risk Factor: High Attack Type: Host Based Brief Description: Windows 2000 EFS allows local user to recover sensitive data X-Force URL: http://xforce.iss.net/static/5973.php
Date Reported: 1/19/01 Vulnerability: linux-bing-bo Platforms Affected: Linux Risk Factor: High Attack Type: Host Based Brief Description: Bing host name buffer overflow X-Force URL: http://xforce.iss.net/static/6036.php
Date Reported: 1/18/01 Vulnerability: micq-sprintf-remote-bo Platforms Affected: Matt's ICQ Clone 0.4.6 Risk Factor: High Attack Type: Network Based Brief Description: ICQ clone for Linux sprintf() remote buffer overflow X-Force URL: http://xforce.iss.net/static/5962.php
Date Reported: 1/18/01 Vulnerability: mysql-select-bo Platforms Affected: MySQL prior to 3.23.31 Risk Factor: High Attack Type: Host Based Brief Description: MySQL select buffer overflow X-Force URL: http://xforce.iss.net/static/5969.php
Date Reported: 1/18/01 Vulnerability: shoutcast-description-bo Platforms Affected: SHOUTcast DNAS 1.7.1 Risk Factor: Low Attack Type: Network/Host Based Brief Description: Shoutcast Server for Linux description buffer overflow X-Force URL: http://xforce.iss.net/static/5965.php
Date Reported: 1/17/01 Vulnerability: fw1-limited-license-dos Platforms Affected: Check Point Firewall-1 4.1 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: FireWall-1 limited-IP license denial of service X-Force URL: http://xforce.iss.net/static/5966.php
Date Reported: 1/17/01 Vulnerability: fw1-limited-license-dos Platforms Affected: Check Point Firewall-1 4.1 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: FireWall-1 limited-IP license denial of service X-Force URL: http://xforce.iss.net/static/5966.php
Date Reported: 1/17/01 Vulnerability: hp-stm-dos Platforms Affected: HPUX Risk Factor: Medium Attack Type: Host Based Brief Description: HP-UX Support Tools Manager denial of service X-Force URL: http://xforce.iss.net/static/5957.php
Date Reported: 1/17/01 Vulnerability: linux-webmin-tmpfiles Platforms Affected: OpenLinux (2.3, 2.4) Risk Factor: High Attack Type: Host Based Brief Description: Webmin use of tmpfiles could allow a local user to overwrite files X-Force URL: http://xforce.iss.net/static/6011.php
Date Reported: 1/17/01 Vulnerability: tinyproxy-remote-bo Platforms Affected: tinyproxy 1.3.2 and 1.3.3 Risk Factor: Medium Attack Type: Network Based Brief Description: Tinyproxy remote buffer overflow X-Force URL: http://xforce.iss.net/static/5954.php
Date Reported: 1/17/01 Vulnerability: postaci-sql-command-injection Platforms Affected: PostACI Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Postaci SQL command injection X-Force URL: http://xforce.iss.net/static/5972.ph p
Date Reported: 1/17/01 Vulnerability: wwwwais-cgi-dos Platforms Affected: wwwwais.c 25 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: wwwwais CGI based program denial of service X-Force URL: http://xforce.iss.net/static/5980.php
Date Reported: 1/17/01 Vulnerability: mime-header-attachment Platforms Affected: MIME 1.0 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: MIME headers could allow spoofed file attachment X-Force URL: http://xforce.iss.net/static/5991.php
Date Reported: 1/16/01 Vulnerability: ssh-rpc-private-key Platforms Affected: SSH Risk Factor: Medium Attack Type: Network/Host Based Brief Description: SSH secure-RPC could generate a passphrase that exposes a user's private key X-Force URL: http://xforce.iss.net/static/5963.php
Date Reported: 1/16/01 Vulnerability: linux-glibc-preload-overwrite Platforms Affected: Linux Risk Factor: Low Attack Type: Host Based Brief Description: Linux glibc LD_PRELOAD file overwrite X-Force URL: http://xforce.iss.net/static/5971.php
Date Reported: 1/16/01 Vulnerability: inn-tmpfile-symlink Platforms Affected: InterNet News (INN) Risk Factor: High Attack Type: Host Based Brief Description: INN tmpfile symbolic link X-Force URL: http://xforce.iss.net/static/5974.php
Date Reported: 1/15/01 Vulnerability: interscan-viruswall-insecure-password Platforms Affected: InterScan VirusWall (3.0.1, 3.6.x) Risk Factor: High Attack Type: Network Based Brief Description: InterScan VirusWall for Unix password change insecure X-Force URL: http://xforce.iss.net/static/5944.php
Date Reported: 1/15/01 Vulnerability: interscan-viruswall-weak-authentication Platforms Affected: InterScan VirusWall (3.0.1, 3.6.x) Risk Factor: Medium Attack Type: Network Based Brief Description: InterScan VirusWall for Unix uses weak authentication X-Force URL: http://xforce.iss.net/static/5946.php
Date Reported: 1/15/01 Vulnerability: ie-mshtml-dos Platforms Affected: Internet Explorer 4.0 and later Risk Factor: Medium Attack Type: Network Based Brief Description: Internet Explorer mshtml.dll denial of service X-Force URL: http://xforce.iss.net/static/5938.php
Date Reported: 1/15/01 Vulnerability: dhcp-format-string Platforms Affected: Caldera OpenLinux Desktop (2.3, 2.3.1, 2.4) Risk Factor: High Attack Type: Network Based Brief Description: Caldera DHCP format string X-Force URL: http://xforce.iss.net/static/5953.php
Date Reported: 1/15/01 Vulnerability: win-mediaplayer-arbitrary-code Platforms Affected: Windows Media Player 7.0 Risk Factor: High Attack Type: Network/Host Based Brief Description: Windows Media Player skins can be used execute arbitrary code X-Force URL: http://xforce.iss.net/static/5937.php
Date Reported: 1/15/01 Vulnerability: veritas-backupexec-dos Platforms Affected: Backup Exec 4.5 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Veritas Backup Exec denial of service X-Force URL: http://xforce.iss.net/static/5941.php
Date Reported: 1/15/01 Vulnerability: interscan-viruswall-symlink Platforms Affected: InterScan VirusWall (3.0.1, 3.6.x) Risk Factor: High Attack Type: Host Based Brief Description: InterScan VirusWall for Unix symbolic link X-Force URL: http://xforce.iss.net/static/5947.php
Date Reported: 1/15/01 Vulnerability: omnihttpd-statsconfig-corrupt-files Platforms Affected: OmniHTTPd Risk Factor: Medium Attack Type: Network Based Brief Description: OmniHTTPd statsconfig.pl corrupt any file on the system X-Force URL: http://xforce.iss.net/static/5955.php
Date Reported: 1/15/01 Vulnerability: omnihttpd-statsconfig-execute-code Platforms Affected: OmniHTTPd Risk Factor: High Attack Type: Network Based Brief Description: OmniHTTPD statsconfig.pl allows code execution X-Force URL: http://xforce.iss.net/static/5956.php
Date Reported: 1/15/01 Vulnerability: icmp-pmtu-dos Platforms Affected: Linux BSD Risk Factor: Medium Attack Type: Network Based Brief Description: ICMP PMTU denial of service X-Force URL: http://xforce.iss.net/static/5975.php
Date Reported: 1/15/01 Vulnerability: icmp-pmtu-dos Platforms Affected: Linux BSD Risk Factor: Medium Attack Type: Network Based Brief Description: ICMP PMTU denial of service X-Force URL: http://xforce.iss.net/static/5975.php
Date Reported: 1/14/01 Vulnerability: splitvt-perserc-format-string Platforms Affected: splitvt 1.6.4 and earlier Risk Factor: High Attack Type: Host Based Brief Description: Splitvt perserc.c module format string X-Force URL: http://xforce.iss.net/static/5948.php
Date Reported: 1/14/01 Vulnerability: splitvt-perserc-format-string Platforms Affected: splitvt 1.6.4 and earlier Risk Factor: High Attack Type: Host Based Brief Description: Splitvt perserc.c module format string X-Force URL: http://xforce.iss.net/static/5948.php
Date Reported: 1/14/01 Vulnerability: flash-module-bo Platforms Affected: Oliver Debon Flash plugin 0.4.9 and earlier Risk Factor: Medium Attack Type: Network Based Brief Description: Flash browser module buffer overflow X-Force URL: http://xforce.iss.net/static/5952.php
Date Reported: 1/13/01 Vulnerability: rctab-elevate-privileges Platforms Affected: Linux SuSE Risk Factor: Medium Attack Type: Host Based Brief Description: rctab in SuSE Linux could allow privilege elevation X-Force URL: http://xforce.iss.net/static/5945.php
Date Reported: 1/12/01 Vulnerability: ultraboard-cgi-perm Platforms Affected: UltraBoard 2000B Risk Factor: Medium Attack Type: Network/Host Based Brief Description: UltraBoard CGI weak permissions X-Force URL: http://xforce.iss.net/static/5931.php
Date Reported: 1/12/01 Vulnerability: compaq-web-management-bo Platforms Affected: Compaq Web-Based Management Risk Factor: High Attack Type: Network Based Brief Description: Compaq Web-Based Management program buffer overflow X-Force URL: http://xforce.iss.net/static/5935.php
Date Reported: 1/12/01 Vulnerability: php-htaccess-unauth-access Platforms Affected: PHP (4.0.0, 4.0.4) Risk Factor: Low Attack Type: Network Based Brief Description: PHP could allow unauthorized access to restricted files X-Force URL: http://xforce.iss.net/static/5940.php
Date Reported: 1/12/01 Vulnerability: basilix-webmail-retrieve-files Platforms Affected: Basilix Webmail 0.9.7beta Risk Factor: Low Attack Type: Network Based Brief Description: Basilix Webmail System allows unauthorized users to retrieve files X-Force URL: http://xforce.iss.net/static/5934.php
Date Reported: 1/12/01 Vulnerability: solaris-arp-bo Platforms Affected: Solaris Risk Factor: High Attack Type: Host Based Brief Description: Solaris arp buffer overflow X-Force URL: http://xforce.iss.net/static/5928.php
Date Reported: 1/12/01 Vulnerability: php-view-source-code Platforms Affected: PHP (4.0.0, 4.0.4) Risk Factor: Low Attack Type: Network Based Brief Description: PHP could allow remote viewing of source code X-Force URL: http://xforce.iss.net/static/5939.php
Date Reported: 1/11/01 Vulnerability: wec-ntlm-authentication Platforms Affected: Windows 2000 Microsoft Office 2000 Windows ME Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Web Extender Client (WEC) NTLM authentication X-Force URL: http://xforce.iss.net/static/5920.php
Date Reported: 1/11/01 Vulnerability: spamcop-url-seq-predict Platforms Affected: SpamCop Risk Factor: Low Attack Type: Network/Host Based Brief Description: SpamCop URL number increment sequence prediction X-Force URL: http://xforce.iss.net/static/5933.php
Date Reported: 1/10/01 Vulnerability: linux-wuftpd-privatepw-symlink Platforms Affected: Linux Risk Factor: Medium Attack Type: Host Based Brief Description: Linux wu-ftpd privatepw symbolic link X-Force URL: http://xforce.iss.net/static/5915.php
Date Reported: 1/10/01 Vulnerability: rdist-symlink Platforms Affected: rdist Risk Factor: High Attack Type: Host Based Brief Description: rdist symbolic link X-Force URL: http://xforce.iss.net/static/5925.php
Date Reported: 1/10/01 Vulnerability: squid-email-symlink Platforms Affected: squid Risk Factor: High Attack Type: Host Based Brief Description: squid email notification symbolic link X-Force URL: http://xforce.iss.net/static/5921.php
Date Reported: 1/10/01 Vulnerability: linux-diffutils-sdiff-symlimk Platforms Affected: Linux Risk Factor: Medium Attack Type: Host Based Brief Description: Linux diffutils sdiff symbolic link X-Force URL: http://xforce.iss.net/static/5914.php
Date Reported: 1/10/01 Vulnerability: tcpdump-arpwatch-symlink Platforms Affected: arpwatch Risk Factor: High Attack Type: Host Based Brief Description: tcpdump arpwatch symbolic link X-Force URL: http://xforce.iss.net/static/5922.php
Date Reported: 1/10/01 Vulnerability: linuxconf-vpop3d-symlink Platforms Affected: linuxconf Risk Factor: Medium Attack Type: Host Based Brief Description: Linuxconf vpop3d symbolic link X-Force URL: http://xforce.iss.net/static/5923.php
Date Reported: 1/10/01 Vulnerability: shadow-utils-useradd-symlink Platforms Affected: shadow-utils Risk Factor: High Attack Type: Host Based Brief Description: shadow-utils useradd symbolic link X-Force URL: http://xforce.iss.net/static/5927.php
Date Reported: 1/10/01 Vulnerability: linux-glibc-read-files Platforms Affected: Linux glibc Risk Factor: Medium Attack Type: Host Based Brief Description: Linux glibc library can allow users to read restricted files X-Force URL: http://xforce.iss.net/static/5907.php
Date Reported: 1/10/01 Vulnerability: gettyps-symlink Platforms Affected: gettyps Risk Factor: High Attack Type: Host Based Brief Description: getty_ps symbolic link X-Force URL: http://xforce.iss.net/static/5924.php
Date Reported: 1/10/01 Vulnerability: linux-gpm-symlink Platforms Affected: gpm Risk Factor: Medium Attack Type: Host Based Brief Description: Linux gpm symbolic link attack X-Force URL: http://xforce.iss.net/static/5917.php
Date Reported: 1/10/01 Vulnerability: linux-mgetty-symlink Platforms Affected: mgetty Risk Factor: Medium Attack Type: Host Based Brief Description: Linux mgetty symbolic link attack X-Force URL: http://xforce.iss.net/static/5918.php
Date Reported: 1/10/01 Vulnerability: linux-apache-symlink Platforms Affected: Apache Risk Factor: Medium Attack Type: Host Based Brief Description: Linux Apache symbolic link X-Force URL: http://xforce.iss.net/static/5926.php
Date Reported: 1/10/01 Vulnerability: linux-inn-symlink Platforms Affected: inn Risk Factor: Medium Attack Type: Host Based Brief Description: Linux INN tmp directory symbolic link X-Force URL: http://xforce.iss.net/static/5916.php
Date Reported: 1/10/01 Vulnerability: conferenceroom-developer-dos Platforms Affected: ConferenceRoom Professional Edition Risk Factor: Medium Attack Type: Network/Host Based Brief Description: ConferenceRoom Developer Edition denial of service X-Force URL: http://xforce.iss.net/static/5909.php
Date Reported: 1/9/01 Vulnerability: oracle-xsql-execute-code Platforms Affected: Oracle 8.1.7 Risk Factor: High Attack Type: Network Based Brief Description: Oracle XSQL servlet and xml-stylesheet allows code execution on server X-Force URL: http://xforce.iss.net/static/5905.php
Date Reported: 1/9/01 Vulnerability: netscreen-webui-bo Platforms Affected: NetScreen Risk Factor: Medium Attack Type: Network Based Brief Description: NetScreen Firewall WebUI buffer overflow X-Force URL: http://xforce.iss.net/static/5908.php
Date Reported: 1/9/01 Vulnerability: suse-reiserfs-long-filenames Platforms Affected: SuSE 7.0 Risk Factor: High Attack Type: Host Based Brief Description: SuSE reiserfs long file name denial of service X-Force URL: http://xforce.iss.net/static/5910.php
Date Reported: 1/9/01 Vulnerability: interbase-backdoor-account Platforms Affected: InterBase 6.01 and earlier Risk Factor: High Attack Type: Network/Host Based Brief Description: InterBase built-in backdoor account X-Force URL: http://xforce.iss.net/static/5911.php
Date Reported: 1/9/01 Vulnerability: interbase-hidden-function-dos Platforms Affected: InterBase 6.01 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: InterBase hidden function denial of service X-Force URL: http://xforce.iss.net/static/5912.php
Date Reported: 1/9/01 Vulnerability: brickserver-thttpd-dos Platforms Affected: BRICKServer Small Business Risk Factor: Medium Attack Type: Network Based Brief Description: BRICKServer thttpd denial of service X-Force URL: http://xforce.iss.net/static/5919.php
Date Reported: 1/9/01 Vulnerability: solaris-exrecover-bo Platforms Affected: Solaris (2.4, 2.5, 2.5.1, 2.6) Risk Factor: Medium Attack Type: Host Based Brief Description: Solaris exrecover buffer overflow X-Force URL: http://xforce.iss.net/static/5913.php
Date Reported: 1/9/01 Vulnerability: hp-inetd-swait-dos Platforms Affected: HPUX Risk Factor: Medium Attack Type: Host Based Brief Description: HP-UX inetd swait denial of service X-Force URL: http://xforce.iss.net/static/5904.php
Date Reported: 1/8/01 Vulnerability: microsoft-iis-read-files Platforms Affected: IIS (4.0, 5.0) Risk Factor: Medium Attack Type: Network Based Brief Description: Microsoft IIS 5.0 allows the viewing of files through malformed URL X-Force URL: http://xforce.iss.net/static/5903.php
Date Reported: 1/8/01 Vulnerability: ibm-websphere-dos Platforms Affected: IBM Websphere 3.52 IBM HTTP Server 1.3.12 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: IBM WebSphere denial of service X-Force URL: http://xforce.iss.net/static/5900.php
Date Reported: 1/8/01 Vulnerability: storagesoft-imagecast-dos Platforms Affected: ImageCast 4.1 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: StorageSoft ImageCast denial of service X-Force URL: http://xforce.iss.net/static/5901.php
Date Reported: 1/8/01 Vulnerability: nai-pgp-replace-keys Platforms Affected: PGP 7.0 Risk Factor: Medium Attack Type: Host Based Brief Description: PGP users may replace signed exported key blocks with arbitrary keys X-Force URL: http://xforce.iss.net/static/5902.php
Date Reported: 1/7/01 Vulnerability: http-cgi-bbs-forum Platforms Affected: WebBBS 1.0 Risk Factor: High Attack Type: Network Based Brief Description: bbs_forum.cgi allows remote command execution X-Force URL: http://xforce.iss.net/static/5906.php
Date Reported: 1/5/01 Vulnerability: lotus-domino-directory-traversal Platforms Affected: Lotus Domino 5.0.x Risk Factor: Medium Attack Type: Network Based Brief Description: Lotus Domino 5.0.x .nsf, .box, and .ns4 directory traversal X-Force URL: http://xforce.iss.net/static/5899.php
Date Reported: 1/5/01 Vulnerability: http-cgi-fastgraf Platforms Affected: FASTGRAF Risk Factor: High Attack Type: Network Based Brief Description: Fastgraf CGI scripts allow remote command execution X-Force URL: http://xforce.iss.net/static/5897.php
Date Reported: 1/4/01 Vulnerability: newsdesk-cgi-read-files Platforms Affected: Newsdesk 1.2 Risk Factor: High Attack Type: Network Based Brief Description: Newsdesk.cgi allows read access to files X-Force URL: http://xforce.iss.net/static/5898.php
Date Reported: 1/1/01 Vulnerability: gtk-module-execute-code Platforms Affected: GTK+ 1.2.8 and earlier Risk Factor: High Attack Type: Host Based Brief Description: GTK+ arbitrary code execution using custom loadable module X-Force URL: http://xforce.iss.net/static/5832.php
Date Reported: 1/1/01 Vulnerability: linux-tty-writable-dos Platforms Affected: Linux Risk Factor: Medium Attack Type: Host Based Brief Description: Linux writable TTY denial of service X-Force URL: http://xforce.iss.net/static/5896.php
Risk Factor Key:
High Any vulnerability that provides an attacker with immediate
access into a machine, gains superuser access, or bypasses
a firewall. Example: A vulnerable Sendmail 8.6.5 version
that allows an intruder to execute commands on mail
server.
Medium Any vulnerability that provides information that has a
high potential of giving system access to an intruder.
Example: A misconfigured TFTP or vulnerable NIS server
that allows an intruder to get the password file that
could contain an account with a guessable password.
Low Any vulnerability that provides information that
potentially could lead to a compromise. Example: A
finger that allows an intruder to find out who is online
and potential accounts to attempt to crack passwords
via brute force methods.
Additional Information
This document is available at http://xforce.iss.net/alerts/advisennn.php. To receive these Alerts and Advisories: - - Subscribe to the Alert mailing list from http://xforce.iss.net/maillists/index.php - - Or send an email to majordomo@iss.net, and within the body of the message type: 'subscribe alert' (without the quotes).
About Internet Security Systems (ISS) Internet Security Systems, Inc. (ISS) (NASDAQ: ISSX) is the leading global provider of security management solutions for the Internet. By combining best of breed products, security management services, aggressive research and development, and comprehensive educational and consulting services, ISS is the trusted security advisor for thousands of organizations around the world looking to protect their mission critical information and networks.
Copyright (c) 2001 by Internet Security Systems, Inc.
Permission is hereby granted for the redistribution of this Alert electronically. It is not to be edited in any way without express consent of the X-Force. If you wish to reprint the whole or any part of this Alert in any other medium excluding electronic medium, please e-mail xforce@iss.net for permission.
Disclaimer
The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk.
X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as well as on MIT's PGP key server and PGP.com's key server.
Please send suggestions, updates, and comments to: X-Force xforce@iss.net of Internet Security Systems, Inc.
-----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: noconv
iQCVAwUBOogB2jRfJiV99eG9AQESogP9HsIDfUmYkJuWUmNqPhb22a6CVpi/TiG9 7mvhdGc3ySS6LqrvTZgXrBzAcxFlHrdTSmNka8yGiLvYAb0lnghFRZ2OxxRfK11m AV9VS9/Yty/Qk8BnA/7tx4DIcM4Nhry1kTqTbDkpbcfXOb2LI2WUGnMHF/xkc1ge 3mV5zJXCUM4= =ClrQ -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200103-0098",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "firewall-1",
"scope": "eq",
"trust": 1.6,
"vendor": "checkpoint",
"version": "4.1"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ssh security",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sun",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "daemonnews",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "immunix",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mandrakesoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "getty ps",
"version": null
},
{
"model": "vpn-1/firewall-1",
"scope": "lte",
"trust": 0.8,
"vendor": "check point",
"version": "4.1sp3"
},
{
"model": "immunix os -beta",
"scope": "eq",
"trust": 0.3,
"vendor": "wirex",
"version": "7.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "7.2"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "7.1"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "7.0"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "6.1"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "6.0"
},
{
"model": "communications security ssh",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "1.2.30"
},
{
"model": "communications security ssh",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "1.2.29"
},
{
"model": "communications security ssh",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "1.2.28"
},
{
"model": "communications security ssh",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "1.2.27"
},
{
"model": "point software firewall-1 sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software firewall-1 sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software firewall-1 sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software firewall-1",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software firewall-1 sp4",
"scope": "ne",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#850440"
},
{
"db": "CERT/CC",
"id": "VU#987632"
},
{
"db": "CERT/CC",
"id": "VU#342768"
},
{
"db": "BID",
"id": "2194"
},
{
"db": "BID",
"id": "2222"
},
{
"db": "BID",
"id": "2238"
},
{
"db": "JVNDB",
"id": "JVNDB-2001-000005"
},
{
"db": "CNNVD",
"id": "CNNVD-200103-081"
},
{
"db": "NVD",
"id": "CVE-2001-0182"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:checkpoint:firewall-1:4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:checkpoint:firewall-1:4.1:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:checkpoint:firewall-1:4.1:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0182"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This vulnerability was first announced by Greg KH \u003cgreg@wirex.com\u003e on January 10, 2001 via Bugtraq.",
"sources": [
{
"db": "BID",
"id": "2194"
}
],
"trust": 0.3
},
"cve": "CVE-2001-0182",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2001-0182",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-3004",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2001-0182",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#850440",
"trust": 0.8,
"value": "1.89"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#987632",
"trust": 0.8,
"value": "3.19"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#342768",
"trust": 0.8,
"value": "5.63"
},
{
"author": "CNNVD",
"id": "CNNVD-200103-081",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-3004",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2001-0182",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#850440"
},
{
"db": "CERT/CC",
"id": "VU#987632"
},
{
"db": "CERT/CC",
"id": "VU#342768"
},
{
"db": "VULHUB",
"id": "VHN-3004"
},
{
"db": "VULMON",
"id": "CVE-2001-0182"
},
{
"db": "JVNDB",
"id": "JVNDB-2001-000005"
},
{
"db": "CNNVD",
"id": "CNNVD-200103-081"
},
{
"db": "NVD",
"id": "CVE-2001-0182"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FireWall-1 4.1 with a limited-IP license allows remote attackers to cause a denial of service by sending a large number of spoofed IP packets with various source addresses to the inside interface, which floods the console with warning messages and consumes CPU resources. The secure-RPC feature of the SSH1 client in Solaris sometimes encrypts the SSH private key file with a weak passphrase, which can be determined by an attacker and used to recover the SSH private keys. Other versions of the SSH client running on non-Solaris platforms are not affected by this vulnerability. NewsDaemon prior to version 0.21b contains a vulnerability allowing remote attackers to gain administrative access to the web site. getty_ps is an open-source software package designed to support logons to the console and terminals. Some implementations create temporary files insecurely with predictable names, leading to corruption of arbitrary files via symbolic link attack. CPU There is a vulnerability that consumes a large amount of resources.System disrupts service operation (DoS) It may be in a state. getty_ps is an open source, freely available, publicly maintained software package shipped with many distributions of Linux. \nA problem in the getty_ps software package could make it vulnerable to a symbolic link attack. The problem occurs in the creation and handling of files in the /tmp directory by the getty_ps program. Under certain circumstances, getty_ps will create files in the /tmp filesystem in an insecure manner. The program uses a naming scheme that could make it possible to guess the filename of future files in the /tmp directory, and does not check for the existance of the file before attempting to create it. A malicious user could use this vulnerability to overwrite or append to and corrupt system files. SSH is a package designed to encrypt traffic between two end points using the IETF specified SSH protocol. The SSH1 package is distributed and maintained by SSH Communications Security. \nA problem exists which could allow the discovery of the secret key used to encrypt traffic on the local host. When using SUN-DES-1 to share keys with other hosts on the network to facilitate secure communication via protocols such as NFS and NIS+, the keys are shared between hosts using the private key of the user and a cryptographic algorithm to secure the contents of the key, which is stored on the NIS+ primary. The problem occurs when the key is encrypted with the SUN-DES-1 magic phrase prior to having done a keylogin (the keyserv does not have the users DH private key). A design flaw in the software that shares the key with the NIS+ master will inconsistently return the correct value for an attempted keyshare that has failed. A step in the private key encryption process is skipped, and the users private key is then encrypted only with the public key of the target server and the SUN-DES-1 magic phrase, a phrase that is guessable due to the way it is generated. A user from the same host can then execute a function that returns another users magic phrase, and use this to decrypt the private key of the victim. This makes it possible for a user with malicious intent to gain knowledge of a users secret key, and decrypt sensitive traffic between two hosts, with the possibility of gaining access and elevated privileges on the hosts and/or NIS+ domain. This reportedly affects the SSH2 series of the software package. Firewall-1 is a firewall software package that provides many advanced features such as content filtering and network address translation. It is distributed by Check Point Software Technologies, and designed to run on various systems such as Sparc/Solaris or the Nokia Firewall Modules. \nA problem with the license manager used with the Firewall-1 package could allow a Denial of Service. The problem manifests itself when the internal interface receives a large number of packets that are source routed and containing ficticious (or even valid) addresses. With each error message generated, the load on the Firewall system CPU raises. \nCheck Point Software has acknowledged this vulnerability and a workaround is available. For the workaround, see the solution section of this vulnerability database entry. This issue will be resolved in the next service pack. There is a vulnerability in FireWall-1 version 4.1 with limited-IP license. This vulnerability can cause console congestion warning messages and CPU resource consumption. \nTO UNSUBSCRIBE: email \"unsubscribe alert\" in the body of your message to\nmajordomo@iss.net Contact alert-owner@iss.net for help with any problems!\n---------------------------------------------------------------------------\n\n-----BEGIN PGP SIGNED MESSAGE-----\n\nInternet Security Systems Security Alert Summary\nFebruary 6, 2001\nVolume 6 Number 3\n\nX-Force Vulnerability and Threat Database: http://xforce.iss.net/ To\nreceive these Alert Summaries as well as other Alerts and Advisories,\nsubscribe to the Internet Security Systems Alert mailing list at:\nhttp://xforce.iss.net/maillists/index.php\n\n_____\n\nContents\n\n120 Reported Vulnerabilities\n\nRisk Factor Key\n\n_____\n\nDate Reported: 1/31/01\nVulnerability: win2k-rdp-dos\nPlatforms Affected: Windows 2000\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Windows 2000 Server RDP denial of service\nX-Force URL: http://xforce.iss.net/static/6035.php\n\n_____\n\nDate Reported: 1/31/01\nVulnerability: cisco-ccs-file-access\nPlatforms Affected: Cisco Content Services Switch\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Cisco CCS command line interface could allow read access to files and directories\nX-Force URL: http://xforce.iss.net/static/6031.php\n\n_____\n\nDate Reported: 1/31/01\nVulnerability: quicktime-embedded-tag-bo\nPlatforms Affected: Quicktime 4.1.2\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: QuickTime Player EMBED tag buffer overflow\nX-Force URL: http://xforce.iss.net/static/6040.php\n\n_____\n\nDate Reported: 1/31/01\nVulnerability: solaris-ximp40-bo\nPlatforms Affected: Solaris (7, 8)\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: Solaris \"ximp40\" shared library buffer overflow\nX-Force URL: http://xforce.iss.net/static/6039.php\n\n_____\n\nDate Reported: 1/31/01\nVulnerability: cisco-ccs-cli-dos\nPlatforms Affected: Cisco Content Services Switch\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Cisco CCS command line interface denial of service\nX-Force URL: http://xforce.iss.net/static/6030.php\n\n_____\n\nDate Reported: 1/30/01\nVulnerability: slimserve-httpd-dos\nPlatforms Affected: SlimServe 1.0\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: SlimServe HTTPd denial of service\nX-Force URL: http://xforce.iss.net/static/6028.php\n\n_____\n\nDate Reported: 1/30/01\nVulnerability: crazywwwboard-qdecoder-bo\nPlatforms Affected: CrazyWWWBoard prior to 2000LEp5-1\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: CrazyWWWBoard qDecoder buffer overflow\nX-Force URL: http://xforce.iss.net/static/6033.php\n\n_____\n\nDate Reported: 1/30/01\nVulnerability: virusbuster-mua-bo\nPlatforms Affected:\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Virus Buster 2001 Mail User Agent (MUA) buffer overflow\nX-Force URL: http://xforce.iss.net/static/6034.php\n\n_____\n\nDate Reported: 1/29/01\nVulnerability: iis-isapi-obtain-code\nPlatforms Affected: IIS (4.0, 5.0)\nRisk Factor: Low\nAttack Type: Network/Host Based\nBrief Description: IIS allows remote attacker to obtain code fragments using .htr ISAPI extensions\nX-Force URL: http://xforce.iss.net/static/6032.php\n\n_____\n\nDate Reported: 1/29/01\nVulnerability: bind-inverse-query-disclosure\nPlatforms Affected: Bind (4.x, 8.2.x)\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: BIND 4.x and 8.2.x exposes environment variables\nX-Force URL: http://xforce.iss.net/static/6018.php\n\n_____\n\nDate Reported: 1/29/01\nVulnerability: hp-man-dos\nPlatforms Affected: HPUX\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: HP man command denial of service\nX-Force URL: http://xforce.iss.net/static/6014.php\n\n_____\n\nDate Reported: 1/29/01\nVulnerability: sort-temp-file-abort\nPlatforms Affected: FreeBSD\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Sort temporary files denial of service\nX-Force URL: http://xforce.iss.net/static/6038.php\n\n_____\n\nDate Reported: 1/29/01\nVulnerability: bind-complain-format-string\nPlatforms Affected: BIND 4.x\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: BIND 4.x nslookupComplain() format string\nX-Force URL: http://xforce.iss.net/static/6017.php\n\n_____\n\nDate Reported: 1/29/01\nVulnerability: bind-complain-bo\nPlatforms Affected: BIND 4.x\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: BIND 4.x nslookupComplain() buffer overflow\nX-Force URL: http://xforce.iss.net/static/6016.php\n\n_____\n\nDate Reported: 1/29/01\nVulnerability: winvnc-client-bo\nPlatforms Affected: WinVNC\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: WinVNC client buffer overflow\nX-Force URL: http://xforce.iss.net/static/6025.php\n\n_____\n\nDate Reported: 1/29/01\nVulnerability: winvnc-server-bo\nPlatforms Affected: WinVNC\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: WinVNC server buffer overflow\nX-Force URL: http://xforce.iss.net/static/6026.php\n\n_____\n\nDate Reported: 1/29/01\nVulnerability: guestserver-cgi-execute-commands\nPlatforms Affected: Guestserver 4.12 and earlier\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Guestserver.cgi allows remote command execution\nX-Force URL: http://xforce.iss.net/static/6027.php\n\n_____\n\nDate Reported: 1/29/01\nVulnerability: bind-tsig-bo\nPlatforms Affected: BIND 8.2.x\nRisk Factor: Unauthorized Access Attempt\nAttack Type: Network/Host Based\nBrief Description: BIND 8.2.x transaction signature (TSIG) buffer overflow\nX-Force URL: http://xforce.iss.net/static/6015.php\n\n_____\n\nDate Reported: 1/28/01\nVulnerability: hyperseek-cgi-reveal-info\nPlatforms Affected: Hyperseek Search Engine 2000\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Hyperseek CGI could reveal listings of directories and files\nX-Force URL: http://xforce.iss.net/static/6012.php\n\n_____\n\nDate Reported: 1/26/01\nVulnerability: newsdaemon-gain-admin-access\nPlatforms Affected: NewsDaemon prior to 0.21b\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: NewsDaemon allows remote users to gain administrative access\nX-Force URL: http://xforce.iss.net/static/6010.php\n\n_____\n\nDate Reported: 1/26/01\nVulnerability: mars-nwe-format-string\nPlatforms Affected: Mars_nwe 0.99.pl19\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Mars_nwe format string\nX-Force URL: http://xforce.iss.net/static/6019.php\n\n_____\n\nDate Reported: 1/26/01\nVulnerability: mars-nwe-format-string\nPlatforms Affected: Mars_nwe 0.99.pl19\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Mars_nwe format string\nX-Force URL: http://xforce.iss.net/static/6019.php\n\n_____\n\nDate Reported: 1/25/01\nVulnerability: planetintra-pi-bo\nPlatforms Affected: Planet Intra LAN Intranet 2.5\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Planet Intra \u0027pi\u0027 binary buffer oveflow\nX-Force URL: http://xforce.iss.net/static/6002.php\n\n_____\n\nDate Reported: 1/25/01\nVulnerability: borderware-ping-dos\nPlatforms Affected: BorderWare Firewall Server 6.1.2\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: BorderWare ping denial of service\nX-Force URL: http://xforce.iss.net/static/6004.php\n\n_____\n\nDate Reported: 1/25/01\nVulnerability: aol-malformed-url-dos\nPlatforms Affected: AOL 5.0\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: AOL malformed URL denial of service\nX-Force URL: http://xforce.iss.net/static/6009.php\n\n_____\n\nDate Reported: 1/25/01\nVulnerability: mirc-bypass-password\nPlatforms Affected: mIRC\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: mIRC allows malicious user to bypass password\nX-Force URL: http://xforce.iss.net/static/6013.php\n\n_____\n\nDate Reported: 1/25/01\nVulnerability: netscape-enterprise-revlog-dos\nPlatforms Affected: Netscape Enterprise Server\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Netscape Enterprise Server REVLOG denial of service\nX-Force URL: http://xforce.iss.net/static/6003.php\n\n_____\n\nDate Reported: 1/24/01\nVulnerability: aim-execute-code\nPlatforms Affected: AOL Instant Messenger 4.1 and later\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: AOL Instant Messenger execution of code in modified images\nX-Force URL: http://xforce.iss.net/static/6005.php\n\n_____\n\nDate Reported: 1/24/01\nVulnerability: netscape-enterprise-list-directories\nPlatforms Affected: Netscape Enterprise Server (3.0, 4.0)\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Netscape Enterprise Server allows remote directory listing\nX-Force URL: http://xforce.iss.net/static/5997.php\n\n_____\n\nDate Reported: 1/24/01\nVulnerability: winnt-mutex-dos\nPlatforms Affected: Windows NT 4.0\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Windows NT mutex denial of service\nX-Force URL: http://xforce.iss.net/static/6006.php\n\n_____\n\nDate Reported: 1/24/01\nVulnerability: jrun-webinf-file-retrieval\nPlatforms Affected: JRun\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: JRun malformed URL file retrieval\nX-Force URL: http://xforce.iss.net/static/6008.php\n\n_____\n\nDate Reported: 1/23/01\nVulnerability: ipfw-bypass-firewall\nPlatforms Affected: FreeBSD (3.x, 4.x)\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: ipfw/ip6fw allows remote attacker to bypass firewall\nX-Force URL: http://xforce.iss.net/static/5998.php\n\n_____\n\nDate Reported: 1/23/01\nVulnerability: netopia-telnet-dos\nPlatforms Affected: Netopia R-series router\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Netopia R9100 allows remote user to crash the router using telnet\nX-Force URL: http://xforce.iss.net/static/6001.php\n\n_____\n\nDate Reported: 1/23/01\nVulnerability: wuftp-debug-format-string\nPlatforms Affected: Wu-ftpd\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Wu-ftpd debug mode format string\nX-Force URL: http://xforce.iss.net/static/6020.php\n\n_____\n\nDate Reported: 1/23/01\nVulnerability: kde2-kdesu-retrieve-passwords\nPlatforms Affected: Linux: Caldera eDesktop 2.4\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: KDE2 kdesu program allows users to retrieve passwords\nX-Force URL: http://xforce.iss.net/static/5995.php\n\n_____\n\nDate Reported: 1/23/01\nVulnerability: easycom-safecom-url-bo\nPlatforms Affected: Easycom/Safecom firmware 404.590\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Easycom/Safecom print server long URL buffer overflow\nX-Force URL: http://xforce.iss.net/static/5988.php\n\n_____\n\nDate Reported: 1/23/01\nVulnerability: easycom-safecom-printguide-dos\nPlatforms Affected: Easycom/Safecom firmware 404.590\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Easycom/Safecom PrintGuide denial of service\nX-Force URL: http://xforce.iss.net/static/5989.php\n\n_____\n\nDate Reported: 1/23/01\nVulnerability: easycom-safecom-ftp-dos\nPlatforms Affected: Easycom/Safecom firmware 404.590\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Easycom/Safecom FTP denial of service\nX-Force URL: http://xforce.iss.net/static/5990.php\n\n_____\n\nDate Reported: 1/23/01\nVulnerability: vnc-weak-authentication\nPlatforms Affected: VNC 3.3.3 and earlier\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: VNC weak authentication could allow unauthorized access\nX-Force URL: http://xforce.iss.net/static/5992.php\n\n_____\n\nDate Reported: 1/23/01\nVulnerability: lotus-domino-smtp-bo\nPlatforms Affected: Lotus Domino 5.0\nRisk Factor: High\nAttack Type: Network/Host Based\nBrief Description: Lotus Domino SMTP Server policy feature buffer overflow\nX-Force URL: http://xforce.iss.net/static/5993.php\n\n_____\n\nDate Reported: 1/23/01\nVulnerability: linux-sash-shadow-readable\nPlatforms Affected: sash prior to 3.4-4\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: Linux sash /etc/shadow directory world-readable\nX-Force URL: http://xforce.iss.net/static/5994.php\n\n_____\n\nDate Reported: 1/22/01\nVulnerability: powerpoint-execute-code\nPlatforms Affected: Microsoft PowerPoint 2000\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: PowerPoint could allow code execution on another user\u0027s computer\nX-Force URL: http://xforce.iss.net/static/5996.php\n\n_____\n\nDate Reported: 1/22/01\nVulnerability: icecast-format-string\nPlatforms Affected: Icecast 1.3.8beta2 and prior\nRisk Factor: High\nAttack Type: Network/Host Based\nBrief Description: Icecast format string could allow arbitrary code execution\nX-Force URL: http://xforce.iss.net/static/5978.php\n\n_____\n\nDate Reported: 1/22/01\nVulnerability: oracle-handlers-directory-traversal\nPlatforms Affected: Oracle 8.1.7\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Oracle JSP/SQLJP handlers directory traversal\nX-Force URL: http://xforce.iss.net/static/5986.php\n\n_____\n\nDate Reported: 1/22/01\nVulnerability: oracle-handlers-execute-jsp\nPlatforms Affected: Oracle 8.1.7\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Oracle JSP/SQLJP handlers allows remote attacker to execute .jsp files\nX-Force URL: http://xforce.iss.net/static/5987.php\n\n_____\n\nDate Reported: 1/22/01\nVulnerability: netscape-enterprise-dot-dos\nPlatforms Affected: Netscape Enterprise Server 4.1 SP5\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Netscape Enterprise Server \"/../\" denial of service\nX-Force URL: http://xforce.iss.net/static/5983.php\n\n_____\n\nDate Reported: 1/22/01\nVulnerability: goodtech-ftp-dos\nPlatforms Affected: GoodTech FTP 3.0.1.2.1.0\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: GoodTech FTP server denial of service\nX-Force URL: http://xforce.iss.net/static/5984.php\n\n_____\n\nDate Reported: 1/22/01\nVulnerability: netscape-fasttrack-cache-dos\nPlatforms Affected: Netscape FastTrack\nRisk Factor: Low\nAttack Type: Host Based\nBrief Description: Netscape FastTrack Server cache denial of service\nX-Force URL: http://xforce.iss.net/static/5985.php\n\n_____\n\nDate Reported: 1/21/01\nVulnerability: eeye-iris-dos\nPlatforms Affected: Iris Network Analyzer 1.01beta\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Iris denial of service\nX-Force URL: http://xforce.iss.net/static/5981.php\n\n_____\n\nDate Reported: 1/20/01\nVulnerability: watchguard-firebox-obtain-passphrase\nPlatforms Affected: Firebox II\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: WatchGuard Firebox allows remote user to obtain passphrase\nX-Force URL: http://xforce.iss.net/static/5979.php\n\n_____\n\nDate Reported: 1/19/01\nVulnerability: fastream-ftp-server-dos\nPlatforms Affected: Fastream FTP++ Simple FTP Server 2.0\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Fastream FTP denial of service\nX-Force URL: http://xforce.iss.net/static/5976.php\n\n_____\n\nDate Reported: 1/19/01\nVulnerability: fastream-ftp-path-disclosure\nPlatforms Affected: Fastream FTP++ Simple FTP Server 2.0\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Fastream FTP path disclosure\nX-Force URL: http://xforce.iss.net/static/5977.php\n\n_____\n\nDate Reported: 1/19/01\nVulnerability: localweb2k-directory-traversal\nPlatforms Affected: LocalWEB2000 HTTP Server 1.1.0\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: LocalWEB2000 directory traversal\nX-Force URL: http://xforce.iss.net/static/5982.php\n\n_____\n\nDate Reported: 1/19/01\nVulnerability: win2k-efs-recover-data\nPlatforms Affected: Windows 2000\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: Windows 2000 EFS allows local user to recover sensitive data\nX-Force URL: http://xforce.iss.net/static/5973.php\n\n_____\n\nDate Reported: 1/19/01\nVulnerability: linux-bing-bo\nPlatforms Affected: Linux\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: Bing host name buffer overflow\nX-Force URL: http://xforce.iss.net/static/6036.php\n\n_____\n\nDate Reported: 1/18/01\nVulnerability: micq-sprintf-remote-bo\nPlatforms Affected: Matt\u0027s ICQ Clone 0.4.6\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: ICQ clone for Linux sprintf() remote buffer overflow\nX-Force URL: http://xforce.iss.net/static/5962.php\n\n_____\n\nDate Reported: 1/18/01\nVulnerability: mysql-select-bo\nPlatforms Affected: MySQL prior to 3.23.31\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: MySQL select buffer overflow\nX-Force URL: http://xforce.iss.net/static/5969.php\n\n_____\n\nDate Reported: 1/18/01\nVulnerability: shoutcast-description-bo\nPlatforms Affected: SHOUTcast DNAS 1.7.1\nRisk Factor: Low\nAttack Type: Network/Host Based\nBrief Description: Shoutcast Server for Linux description buffer overflow\nX-Force URL: http://xforce.iss.net/static/5965.php\n\n_____\n\nDate Reported: 1/17/01\nVulnerability: fw1-limited-license-dos\nPlatforms Affected: Check Point Firewall-1 4.1\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: FireWall-1 limited-IP license denial of service\nX-Force URL: http://xforce.iss.net/static/5966.php\n\n_____\n\nDate Reported: 1/17/01\nVulnerability: fw1-limited-license-dos\nPlatforms Affected: Check Point Firewall-1 4.1\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: FireWall-1 limited-IP license denial of service\nX-Force URL: http://xforce.iss.net/static/5966.php\n\n_____\n\nDate Reported: 1/17/01\nVulnerability: hp-stm-dos\nPlatforms Affected: HPUX\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: HP-UX Support Tools Manager denial of service\nX-Force URL: http://xforce.iss.net/static/5957.php\n\n_____\n\nDate Reported: 1/17/01\nVulnerability: linux-webmin-tmpfiles\nPlatforms Affected: OpenLinux (2.3, 2.4)\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: Webmin use of tmpfiles could allow a local user to overwrite files\nX-Force URL: http://xforce.iss.net/static/6011.php\n\n_____\n\nDate Reported: 1/17/01\nVulnerability: tinyproxy-remote-bo\nPlatforms Affected: tinyproxy 1.3.2 and 1.3.3\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Tinyproxy remote buffer overflow\nX-Force URL: http://xforce.iss.net/static/5954.php\n\n_____\n\nDate Reported: 1/17/01\nVulnerability: postaci-sql-command-injection\nPlatforms Affected: PostACI\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Postaci SQL command injection\nX-Force URL: http://xforce.iss.net/static/5972.ph p\n\n_____\n\nDate Reported: 1/17/01\nVulnerability: wwwwais-cgi-dos\nPlatforms Affected: wwwwais.c 25\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: wwwwais CGI based program denial of service\nX-Force URL: http://xforce.iss.net/static/5980.php\n\n_____\n\nDate Reported: 1/17/01\nVulnerability: mime-header-attachment\nPlatforms Affected: MIME 1.0\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: MIME headers could allow spoofed file attachment\nX-Force URL: http://xforce.iss.net/static/5991.php\n\n_____\n\nDate Reported: 1/16/01\nVulnerability: ssh-rpc-private-key\nPlatforms Affected: SSH\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: SSH secure-RPC could generate a passphrase that exposes a user\u0027s private key\nX-Force URL: http://xforce.iss.net/static/5963.php\n\n_____\n\nDate Reported: 1/16/01\nVulnerability: linux-glibc-preload-overwrite\nPlatforms Affected: Linux\nRisk Factor: Low\nAttack Type: Host Based\nBrief Description: Linux glibc LD_PRELOAD file overwrite\nX-Force URL: http://xforce.iss.net/static/5971.php\n\n_____\n\nDate Reported: 1/16/01\nVulnerability: inn-tmpfile-symlink\nPlatforms Affected: InterNet News (INN)\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: INN tmpfile symbolic link\nX-Force URL: http://xforce.iss.net/static/5974.php\n\n_____\n\nDate Reported: 1/15/01\nVulnerability: interscan-viruswall-insecure-password\nPlatforms Affected: InterScan VirusWall (3.0.1, 3.6.x)\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: InterScan VirusWall for Unix password change insecure\nX-Force URL: http://xforce.iss.net/static/5944.php\n\n_____\n\nDate Reported: 1/15/01\nVulnerability: interscan-viruswall-weak-authentication\nPlatforms Affected: InterScan VirusWall (3.0.1, 3.6.x)\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: InterScan VirusWall for Unix uses weak authentication\nX-Force URL: http://xforce.iss.net/static/5946.php\n\n_____\n\nDate Reported: 1/15/01\nVulnerability: ie-mshtml-dos\nPlatforms Affected: Internet Explorer 4.0 and later\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Internet Explorer mshtml.dll denial of service\nX-Force URL: http://xforce.iss.net/static/5938.php\n\n_____\n\nDate Reported: 1/15/01\nVulnerability: dhcp-format-string\nPlatforms Affected: Caldera OpenLinux Desktop (2.3, 2.3.1, 2.4)\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Caldera DHCP format string\nX-Force URL: http://xforce.iss.net/static/5953.php\n\n_____\n\nDate Reported: 1/15/01\nVulnerability: win-mediaplayer-arbitrary-code\nPlatforms Affected: Windows Media Player 7.0\nRisk Factor: High\nAttack Type: Network/Host Based\nBrief Description: Windows Media Player skins can be used execute arbitrary code\nX-Force URL: http://xforce.iss.net/static/5937.php\n\n_____\n\nDate Reported: 1/15/01\nVulnerability: veritas-backupexec-dos\nPlatforms Affected: Backup Exec 4.5\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Veritas Backup Exec denial of service\nX-Force URL: http://xforce.iss.net/static/5941.php\n\n_____\n\nDate Reported: 1/15/01\nVulnerability: interscan-viruswall-symlink\nPlatforms Affected: InterScan VirusWall (3.0.1, 3.6.x)\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: InterScan VirusWall for Unix symbolic link\nX-Force URL: http://xforce.iss.net/static/5947.php\n\n_____\n\nDate Reported: 1/15/01\nVulnerability: omnihttpd-statsconfig-corrupt-files\nPlatforms Affected: OmniHTTPd\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: OmniHTTPd statsconfig.pl corrupt any file on the system\nX-Force URL: http://xforce.iss.net/static/5955.php\n\n_____\n\nDate Reported: 1/15/01\nVulnerability: omnihttpd-statsconfig-execute-code\nPlatforms Affected: OmniHTTPd\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: OmniHTTPD statsconfig.pl allows code execution\nX-Force URL: http://xforce.iss.net/static/5956.php\n\n_____\n\nDate Reported: 1/15/01\nVulnerability: icmp-pmtu-dos\nPlatforms Affected: Linux\n BSD\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: ICMP PMTU denial of service\nX-Force URL: http://xforce.iss.net/static/5975.php\n\n_____\n\nDate Reported: 1/15/01\nVulnerability: icmp-pmtu-dos\nPlatforms Affected: Linux\n BSD\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: ICMP PMTU denial of service\nX-Force URL: http://xforce.iss.net/static/5975.php\n\n_____\n\nDate Reported: 1/14/01\nVulnerability: splitvt-perserc-format-string\nPlatforms Affected: splitvt 1.6.4 and earlier\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: Splitvt perserc.c module format string\nX-Force URL: http://xforce.iss.net/static/5948.php\n\n_____\n\nDate Reported: 1/14/01\nVulnerability: splitvt-perserc-format-string\nPlatforms Affected: splitvt 1.6.4 and earlier\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: Splitvt perserc.c module format string\nX-Force URL: http://xforce.iss.net/static/5948.php\n\n_____\n\nDate Reported: 1/14/01\nVulnerability: flash-module-bo\nPlatforms Affected: Oliver Debon Flash plugin 0.4.9 and earlier\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Flash browser module buffer overflow\nX-Force URL: http://xforce.iss.net/static/5952.php\n\n_____\n\nDate Reported: 1/13/01\nVulnerability: rctab-elevate-privileges\nPlatforms Affected: Linux SuSE\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: rctab in SuSE Linux could allow privilege elevation\nX-Force URL: http://xforce.iss.net/static/5945.php\n\n_____\n\nDate Reported: 1/12/01\nVulnerability: ultraboard-cgi-perm\nPlatforms Affected: UltraBoard 2000B\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: UltraBoard CGI weak permissions\nX-Force URL: http://xforce.iss.net/static/5931.php\n\n_____\n\nDate Reported: 1/12/01\nVulnerability: compaq-web-management-bo\nPlatforms Affected: Compaq Web-Based Management\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Compaq Web-Based Management program buffer overflow\nX-Force URL: http://xforce.iss.net/static/5935.php\n\n_____\n\nDate Reported: 1/12/01\nVulnerability: php-htaccess-unauth-access\nPlatforms Affected: PHP (4.0.0, 4.0.4)\nRisk Factor: Low\nAttack Type: Network Based\nBrief Description: PHP could allow unauthorized access to restricted files\nX-Force URL: http://xforce.iss.net/static/5940.php\n\n_____\n\nDate Reported: 1/12/01\nVulnerability: basilix-webmail-retrieve-files\nPlatforms Affected: Basilix Webmail 0.9.7beta\nRisk Factor: Low\nAttack Type: Network Based\nBrief Description: Basilix Webmail System allows unauthorized users to retrieve files\nX-Force URL: http://xforce.iss.net/static/5934.php\n\n_____\n\nDate Reported: 1/12/01\nVulnerability: solaris-arp-bo\nPlatforms Affected: Solaris\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: Solaris arp buffer overflow\nX-Force URL: http://xforce.iss.net/static/5928.php\n\n_____\n\nDate Reported: 1/12/01\nVulnerability: php-view-source-code\nPlatforms Affected: PHP (4.0.0, 4.0.4)\nRisk Factor: Low\nAttack Type: Network Based\nBrief Description: PHP could allow remote viewing of source code\nX-Force URL: http://xforce.iss.net/static/5939.php\n\n_____\n\nDate Reported: 1/11/01\nVulnerability: wec-ntlm-authentication\nPlatforms Affected: Windows 2000\n Microsoft Office 2000\n Windows ME\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Web Extender Client (WEC) NTLM authentication\nX-Force URL: http://xforce.iss.net/static/5920.php\n\n_____\n\nDate Reported: 1/11/01\nVulnerability: spamcop-url-seq-predict\nPlatforms Affected: SpamCop\nRisk Factor: Low\nAttack Type: Network/Host Based\nBrief Description: SpamCop URL number increment sequence prediction\nX-Force URL: http://xforce.iss.net/static/5933.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: linux-wuftpd-privatepw-symlink\nPlatforms Affected: Linux\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Linux wu-ftpd privatepw symbolic link\nX-Force URL: http://xforce.iss.net/static/5915.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: rdist-symlink\nPlatforms Affected: rdist\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: rdist symbolic link\nX-Force URL: http://xforce.iss.net/static/5925.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: squid-email-symlink\nPlatforms Affected: squid\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: squid email notification symbolic link\nX-Force URL: http://xforce.iss.net/static/5921.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: linux-diffutils-sdiff-symlimk\nPlatforms Affected: Linux\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Linux diffutils sdiff symbolic link\nX-Force URL: http://xforce.iss.net/static/5914.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: tcpdump-arpwatch-symlink\nPlatforms Affected: arpwatch\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: tcpdump arpwatch symbolic link\nX-Force URL: http://xforce.iss.net/static/5922.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: linuxconf-vpop3d-symlink\nPlatforms Affected: linuxconf\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Linuxconf vpop3d symbolic link\nX-Force URL: http://xforce.iss.net/static/5923.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: shadow-utils-useradd-symlink\nPlatforms Affected: shadow-utils\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: shadow-utils useradd symbolic link\nX-Force URL: http://xforce.iss.net/static/5927.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: linux-glibc-read-files\nPlatforms Affected: Linux glibc\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Linux glibc library can allow users to read restricted files\nX-Force URL: http://xforce.iss.net/static/5907.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: gettyps-symlink\nPlatforms Affected: gettyps\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: getty_ps symbolic link\nX-Force URL: http://xforce.iss.net/static/5924.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: linux-gpm-symlink\nPlatforms Affected: gpm\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Linux gpm symbolic link attack\nX-Force URL: http://xforce.iss.net/static/5917.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: linux-mgetty-symlink\nPlatforms Affected: mgetty\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Linux mgetty symbolic link attack\nX-Force URL: http://xforce.iss.net/static/5918.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: linux-apache-symlink\nPlatforms Affected: Apache\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Linux Apache symbolic link\nX-Force URL: http://xforce.iss.net/static/5926.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: linux-inn-symlink\nPlatforms Affected: inn\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Linux INN tmp directory symbolic link\nX-Force URL: http://xforce.iss.net/static/5916.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: conferenceroom-developer-dos\nPlatforms Affected: ConferenceRoom Professional Edition\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: ConferenceRoom Developer Edition denial of service\nX-Force URL: http://xforce.iss.net/static/5909.php\n\n_____\n\nDate Reported: 1/9/01\nVulnerability: oracle-xsql-execute-code\nPlatforms Affected: Oracle 8.1.7\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Oracle XSQL servlet and xml-stylesheet allows code execution on server\nX-Force URL: http://xforce.iss.net/static/5905.php\n\n_____\n\nDate Reported: 1/9/01\nVulnerability: netscreen-webui-bo\nPlatforms Affected: NetScreen\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: NetScreen Firewall WebUI buffer overflow\nX-Force URL: http://xforce.iss.net/static/5908.php\n\n_____\n\nDate Reported: 1/9/01\nVulnerability: suse-reiserfs-long-filenames\nPlatforms Affected: SuSE 7.0\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: SuSE reiserfs long file name denial of service\nX-Force URL: http://xforce.iss.net/static/5910.php\n\n_____\n\nDate Reported: 1/9/01\nVulnerability: interbase-backdoor-account\nPlatforms Affected: InterBase 6.01 and earlier\nRisk Factor: High\nAttack Type: Network/Host Based\nBrief Description: InterBase built-in backdoor account\nX-Force URL: http://xforce.iss.net/static/5911.php\n\n_____\n\nDate Reported: 1/9/01\nVulnerability: interbase-hidden-function-dos\nPlatforms Affected: InterBase 6.01\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: InterBase hidden function denial of service\nX-Force URL: http://xforce.iss.net/static/5912.php\n\n_____\n\nDate Reported: 1/9/01\nVulnerability: brickserver-thttpd-dos\nPlatforms Affected: BRICKServer Small Business\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: BRICKServer thttpd denial of service\nX-Force URL: http://xforce.iss.net/static/5919.php\n\n_____\n\nDate Reported: 1/9/01\nVulnerability: solaris-exrecover-bo\nPlatforms Affected: Solaris (2.4, 2.5, 2.5.1, 2.6)\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Solaris exrecover buffer overflow\nX-Force URL: http://xforce.iss.net/static/5913.php\n\n_____\n\nDate Reported: 1/9/01\nVulnerability: hp-inetd-swait-dos\nPlatforms Affected: HPUX\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: HP-UX inetd swait denial of service\nX-Force URL: http://xforce.iss.net/static/5904.php\n\n_____\n\nDate Reported: 1/8/01\nVulnerability: microsoft-iis-read-files\nPlatforms Affected: IIS (4.0, 5.0)\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Microsoft IIS 5.0 allows the viewing of files through malformed URL\nX-Force URL: http://xforce.iss.net/static/5903.php\n\n_____\n\nDate Reported: 1/8/01\nVulnerability: ibm-websphere-dos\nPlatforms Affected: IBM Websphere 3.52\n IBM HTTP Server 1.3.12\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: IBM WebSphere denial of service\nX-Force URL: http://xforce.iss.net/static/5900.php\n\n_____\n\nDate Reported: 1/8/01\nVulnerability: storagesoft-imagecast-dos\nPlatforms Affected: ImageCast 4.1\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: StorageSoft ImageCast denial of service\nX-Force URL: http://xforce.iss.net/static/5901.php\n\n_____\n\nDate Reported: 1/8/01\nVulnerability: nai-pgp-replace-keys\nPlatforms Affected: PGP 7.0\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: PGP users may replace signed exported key blocks with arbitrary keys\nX-Force URL: http://xforce.iss.net/static/5902.php\n\n_____\n\nDate Reported: 1/7/01\nVulnerability: http-cgi-bbs-forum\nPlatforms Affected: WebBBS 1.0\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: bbs_forum.cgi allows remote command execution\nX-Force URL: http://xforce.iss.net/static/5906.php\n\n_____\n\nDate Reported: 1/5/01\nVulnerability: lotus-domino-directory-traversal\nPlatforms Affected: Lotus Domino 5.0.x\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Lotus Domino 5.0.x .nsf, .box, and .ns4 directory traversal\nX-Force URL: http://xforce.iss.net/static/5899.php\n\n_____\n\nDate Reported: 1/5/01\nVulnerability: http-cgi-fastgraf\nPlatforms Affected: FASTGRAF\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Fastgraf CGI scripts allow remote command execution\nX-Force URL: http://xforce.iss.net/static/5897.php\n\n_____\n\nDate Reported: 1/4/01\nVulnerability: newsdesk-cgi-read-files\nPlatforms Affected: Newsdesk 1.2\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Newsdesk.cgi allows read access to files\nX-Force URL: http://xforce.iss.net/static/5898.php\n\n_____\n\nDate Reported: 1/1/01\nVulnerability: gtk-module-execute-code\nPlatforms Affected: GTK+ 1.2.8 and earlier\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: GTK+ arbitrary code execution using custom loadable module\nX-Force URL: http://xforce.iss.net/static/5832.php\n\n_____\n\nDate Reported: 1/1/01\nVulnerability: linux-tty-writable-dos\nPlatforms Affected: Linux\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Linux writable TTY denial of service\nX-Force URL: http://xforce.iss.net/static/5896.php\n\n_____\n\n\nRisk Factor Key:\n\n High Any vulnerability that provides an attacker with immediate\n access into a machine, gains superuser access, or bypasses\n a firewall. Example: A vulnerable Sendmail 8.6.5 version\n that allows an intruder to execute commands on mail\n server. \n Medium Any vulnerability that provides information that has a\n high potential of giving system access to an intruder. \n Example: A misconfigured TFTP or vulnerable NIS server\n that allows an intruder to get the password file that\n could contain an account with a guessable password. \n Low Any vulnerability that provides information that\n potentially could lead to a compromise. Example: A\n finger that allows an intruder to find out who is online\n and potential accounts to attempt to crack passwords\n via brute force methods. \n\n\n_____\n\nAdditional Information\n\nThis document is available at http://xforce.iss.net/alerts/advisennn.php. \nTo receive these Alerts and Advisories:\n- - Subscribe to the Alert mailing list from\nhttp://xforce.iss.net/maillists/index.php\n- - Or send an email to majordomo@iss.net, and within the body of the\nmessage type:\n\u0027subscribe alert\u0027 (without the quotes). \n\n\nAbout Internet Security Systems (ISS)\nInternet Security Systems, Inc. (ISS) (NASDAQ: ISSX) is the leading\nglobal provider of security management solutions for the Internet. \nBy combining best of breed products, security management services,\naggressive research and development, and comprehensive educational\nand consulting services, ISS is the trusted security advisor for\nthousands of organizations around the world looking to protect their\nmission critical information and networks. \n\nCopyright (c) 2001 by Internet Security Systems, Inc. \n\nPermission is hereby granted for the redistribution of this Alert\nelectronically. It is not to be edited in any way without express consent\nof the X-Force. If you wish to reprint the whole or any part of this\nAlert in any other medium excluding electronic medium, please e-mail\nxforce@iss.net for permission. \n\nDisclaimer\n\nThe information within this paper may change without notice. Use of this\ninformation constitutes acceptance for use in an AS IS condition. There\nare NO warranties with regard to this information. In no event shall the\nauthor be liable for any damages whatsoever arising out of or in\nconnection with the use or spread of this information. Any use of this\ninformation is at the user\u0027s own risk. \n\n\n\n\nX-Force PGP Key available at: http://xforce.iss.net/sensitive.php as\nwell as on MIT\u0027s PGP key server and PGP.com\u0027s key server. \n\nPlease send suggestions, updates, and comments to: X-Force xforce@iss.net\nof Internet Security Systems, Inc. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: 2.6.3a\nCharset: noconv\n\niQCVAwUBOogB2jRfJiV99eG9AQESogP9HsIDfUmYkJuWUmNqPhb22a6CVpi/TiG9\n7mvhdGc3ySS6LqrvTZgXrBzAcxFlHrdTSmNka8yGiLvYAb0lnghFRZ2OxxRfK11m\nAV9VS9/Yty/Qk8BnA/7tx4DIcM4Nhry1kTqTbDkpbcfXOb2LI2WUGnMHF/xkc1ge\n3mV5zJXCUM4=\n=ClrQ\n-----END PGP SIGNATURE-----\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0182"
},
{
"db": "CERT/CC",
"id": "VU#850440"
},
{
"db": "CERT/CC",
"id": "VU#987632"
},
{
"db": "CERT/CC",
"id": "VU#342768"
},
{
"db": "JVNDB",
"id": "JVNDB-2001-000005"
},
{
"db": "BID",
"id": "2194"
},
{
"db": "BID",
"id": "2222"
},
{
"db": "BID",
"id": "2238"
},
{
"db": "VULHUB",
"id": "VHN-3004"
},
{
"db": "VULMON",
"id": "CVE-2001-0182"
},
{
"db": "PACKETSTORM",
"id": "24294"
}
],
"trust": 4.86
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "2238",
"trust": 2.9
},
{
"db": "NVD",
"id": "CVE-2001-0182",
"trust": 2.6
},
{
"db": "OSVDB",
"id": "1733",
"trust": 1.8
},
{
"db": "BID",
"id": "2222",
"trust": 1.1
},
{
"db": "BID",
"id": "2194",
"trust": 1.1
},
{
"db": "XF",
"id": "5963",
"trust": 0.9
},
{
"db": "XF",
"id": "6010",
"trust": 0.9
},
{
"db": "XF",
"id": "5924",
"trust": 0.9
},
{
"db": "CERT/CC",
"id": "VU#850440",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#987632",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#342768",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2001-000005",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200103-081",
"trust": 0.7
},
{
"db": "XF",
"id": "5966",
"trust": 0.7
},
{
"db": "XF",
"id": "1",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20010117 LICENSING FIREWALL-1 DOS ATTACK",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-3004",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2001-0182",
"trust": 0.1
},
{
"db": "XF",
"id": "5947",
"trust": 0.1
},
{
"db": "XF",
"id": "5988",
"trust": 0.1
},
{
"db": "XF",
"id": "5910",
"trust": 0.1
},
{
"db": "XF",
"id": "5908",
"trust": 0.1
},
{
"db": "XF",
"id": "6004",
"trust": 0.1
},
{
"db": "XF",
"id": "6002",
"trust": 0.1
},
{
"db": "XF",
"id": "5931",
"trust": 0.1
},
{
"db": "XF",
"id": "5900",
"trust": 0.1
},
{
"db": "XF",
"id": "5982",
"trust": 0.1
},
{
"db": "XF",
"id": "6035",
"trust": 0.1
},
{
"db": "XF",
"id": "6030",
"trust": 0.1
},
{
"db": "XF",
"id": "5937",
"trust": 0.1
},
{
"db": "XF",
"id": "5969",
"trust": 0.1
},
{
"db": "XF",
"id": "6016",
"trust": 0.1
},
{
"db": "XF",
"id": "5974",
"trust": 0.1
},
{
"db": "XF",
"id": "5912",
"trust": 0.1
},
{
"db": "XF",
"id": "5832",
"trust": 0.1
},
{
"db": "XF",
"id": "5911",
"trust": 0.1
},
{
"db": "XF",
"id": "5926",
"trust": 0.1
},
{
"db": "XF",
"id": "5920",
"trust": 0.1
},
{
"db": "XF",
"id": "6028",
"trust": 0.1
},
{
"db": "XF",
"id": "6039",
"trust": 0.1
},
{
"db": "XF",
"id": "5956",
"trust": 0.1
},
{
"db": "XF",
"id": "6011",
"trust": 0.1
},
{
"db": "XF",
"id": "5992",
"trust": 0.1
},
{
"db": "XF",
"id": "5935",
"trust": 0.1
},
{
"db": "XF",
"id": "6017",
"trust": 0.1
},
{
"db": "XF",
"id": "5922",
"trust": 0.1
},
{
"db": "XF",
"id": "5984",
"trust": 0.1
},
{
"db": "XF",
"id": "5977",
"trust": 0.1
},
{
"db": "XF",
"id": "5957",
"trust": 0.1
},
{
"db": "XF",
"id": "5993",
"trust": 0.1
},
{
"db": "XF",
"id": "6006",
"trust": 0.1
},
{
"db": "XF",
"id": "5913",
"trust": 0.1
},
{
"db": "XF",
"id": "5907",
"trust": 0.1
},
{
"db": "XF",
"id": "5897",
"trust": 0.1
},
{
"db": "XF",
"id": "6034",
"trust": 0.1
},
{
"db": "XF",
"id": "5945",
"trust": 0.1
},
{
"db": "XF",
"id": "5905",
"trust": 0.1
},
{
"db": "XF",
"id": "5940",
"trust": 0.1
},
{
"db": "XF",
"id": "5954",
"trust": 0.1
},
{
"db": "XF",
"id": "5976",
"trust": 0.1
},
{
"db": "XF",
"id": "5903",
"trust": 0.1
},
{
"db": "XF",
"id": "6003",
"trust": 0.1
},
{
"db": "XF",
"id": "6018",
"trust": 0.1
},
{
"db": "XF",
"id": "5972",
"trust": 0.1
},
{
"db": "XF",
"id": "5909",
"trust": 0.1
},
{
"db": "XF",
"id": "5916",
"trust": 0.1
},
{
"db": "XF",
"id": "6033",
"trust": 0.1
},
{
"db": "XF",
"id": "5986",
"trust": 0.1
},
{
"db": "XF",
"id": "5915",
"trust": 0.1
},
{
"db": "XF",
"id": "6019",
"trust": 0.1
},
{
"db": "XF",
"id": "5925",
"trust": 0.1
},
{
"db": "XF",
"id": "5923",
"trust": 0.1
},
{
"db": "XF",
"id": "6005",
"trust": 0.1
},
{
"db": "XF",
"id": "5978",
"trust": 0.1
},
{
"db": "XF",
"id": "5973",
"trust": 0.1
},
{
"db": "XF",
"id": "5979",
"trust": 0.1
},
{
"db": "XF",
"id": "5980",
"trust": 0.1
},
{
"db": "XF",
"id": "5941",
"trust": 0.1
},
{
"db": "XF",
"id": "5934",
"trust": 0.1
},
{
"db": "XF",
"id": "5991",
"trust": 0.1
},
{
"db": "XF",
"id": "5962",
"trust": 0.1
},
{
"db": "XF",
"id": "6014",
"trust": 0.1
},
{
"db": "XF",
"id": "6015",
"trust": 0.1
},
{
"db": "XF",
"id": "5994",
"trust": 0.1
},
{
"db": "XF",
"id": "6036",
"trust": 0.1
},
{
"db": "XF",
"id": "5953",
"trust": 0.1
},
{
"db": "XF",
"id": "5944",
"trust": 0.1
},
{
"db": "XF",
"id": "5896",
"trust": 0.1
},
{
"db": "XF",
"id": "6040",
"trust": 0.1
},
{
"db": "XF",
"id": "5914",
"trust": 0.1
},
{
"db": "XF",
"id": "5927",
"trust": 0.1
},
{
"db": "XF",
"id": "6012",
"trust": 0.1
},
{
"db": "XF",
"id": "6025",
"trust": 0.1
},
{
"db": "XF",
"id": "6001",
"trust": 0.1
},
{
"db": "XF",
"id": "5965",
"trust": 0.1
},
{
"db": "XF",
"id": "5952",
"trust": 0.1
},
{
"db": "XF",
"id": "5917",
"trust": 0.1
},
{
"db": "XF",
"id": "5898",
"trust": 0.1
},
{
"db": "XF",
"id": "6009",
"trust": 0.1
},
{
"db": "XF",
"id": "5998",
"trust": 0.1
},
{
"db": "XF",
"id": "5985",
"trust": 0.1
},
{
"db": "XF",
"id": "6026",
"trust": 0.1
},
{
"db": "XF",
"id": "6013",
"trust": 0.1
},
{
"db": "XF",
"id": "6008",
"trust": 0.1
},
{
"db": "XF",
"id": "5921",
"trust": 0.1
},
{
"db": "XF",
"id": "5981",
"trust": 0.1
},
{
"db": "XF",
"id": "5989",
"trust": 0.1
},
{
"db": "XF",
"id": "5939",
"trust": 0.1
},
{
"db": "XF",
"id": "5906",
"trust": 0.1
},
{
"db": "XF",
"id": "6031",
"trust": 0.1
},
{
"db": "XF",
"id": "6020",
"trust": 0.1
},
{
"db": "XF",
"id": "5948",
"trust": 0.1
},
{
"db": "XF",
"id": "5933",
"trust": 0.1
},
{
"db": "XF",
"id": "6027",
"trust": 0.1
},
{
"db": "XF",
"id": "5919",
"trust": 0.1
},
{
"db": "XF",
"id": "5899",
"trust": 0.1
},
{
"db": "XF",
"id": "5996",
"trust": 0.1
},
{
"db": "XF",
"id": "5987",
"trust": 0.1
},
{
"db": "XF",
"id": "5918",
"trust": 0.1
},
{
"db": "XF",
"id": "5971",
"trust": 0.1
},
{
"db": "XF",
"id": "5995",
"trust": 0.1
},
{
"db": "XF",
"id": "5928",
"trust": 0.1
},
{
"db": "XF",
"id": "5938",
"trust": 0.1
},
{
"db": "XF",
"id": "5983",
"trust": 0.1
},
{
"db": "XF",
"id": "6032",
"trust": 0.1
},
{
"db": "XF",
"id": "5997",
"trust": 0.1
},
{
"db": "XF",
"id": "5904",
"trust": 0.1
},
{
"db": "XF",
"id": "5902",
"trust": 0.1
},
{
"db": "XF",
"id": "5975",
"trust": 0.1
},
{
"db": "XF",
"id": "5901",
"trust": 0.1
},
{
"db": "XF",
"id": "5990",
"trust": 0.1
},
{
"db": "XF",
"id": "5946",
"trust": 0.1
},
{
"db": "XF",
"id": "5955",
"trust": 0.1
},
{
"db": "XF",
"id": "6038",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "24294",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#850440"
},
{
"db": "CERT/CC",
"id": "VU#987632"
},
{
"db": "CERT/CC",
"id": "VU#342768"
},
{
"db": "VULHUB",
"id": "VHN-3004"
},
{
"db": "VULMON",
"id": "CVE-2001-0182"
},
{
"db": "BID",
"id": "2194"
},
{
"db": "BID",
"id": "2222"
},
{
"db": "BID",
"id": "2238"
},
{
"db": "JVNDB",
"id": "JVNDB-2001-000005"
},
{
"db": "PACKETSTORM",
"id": "24294"
},
{
"db": "CNNVD",
"id": "CNNVD-200103-081"
},
{
"db": "NVD",
"id": "CVE-2001-0182"
}
]
},
"id": "VAR-200103-0098",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-3004"
}
],
"trust": 0.01
},
"last_update_date": "2024-02-06T19:13:50.649000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.checkpoint.co.jp/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2001-000005"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0182"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://www.securityfocus.com/bid/2238"
},
{
"trust": 1.8,
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-01/0298.html"
},
{
"trust": 1.8,
"url": "http://www.osvdb.org/1733"
},
{
"trust": 1.2,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5966"
},
{
"trust": 0.9,
"url": "http://xforce.iss.net/static/5963.php"
},
{
"trust": 0.9,
"url": " http://xforce.iss.net/static/6010.php"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/2222"
},
{
"trust": 0.8,
"url": "http://www.ssh.com/products/ssh/patches/securerpcvulnerability.html"
},
{
"trust": 0.8,
"url": "http://www.ssh.com/products/ssh/patches.html"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/archive/1/158966"
},
{
"trust": 0.8,
"url": "http://sourceforge.net/forum/forum.php?forum_id=60570"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/2194"
},
{
"trust": 0.8,
"url": "http://www.linuxsecurity.com/advisories/mandrake_advisory-1037.html"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/xforce/xfdb/5924"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2001-0182"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2001-0182"
},
{
"trust": 0.7,
"url": "http://xforce.iss.net/static/5966.php"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5992.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5926.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5940.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6033.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5916.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6038.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5997.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6026.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5928.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5977.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6013.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5991.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5938.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5969.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5957.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5909.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5948.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6005.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5954.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5933.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5955.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6035.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5990.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5907.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5994.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5983.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5911.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6006.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5908.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5922.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5903.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6027.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5965.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5899.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5980.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5934.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5919.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5931.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5962.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5976.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6003.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5998.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6040.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5920.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5946.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5915.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5986.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5923.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5993.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6001.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6036.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5902.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5971.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5937.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5985.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5945.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6028.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5988.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6009.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6025.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5897.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5952.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5953.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6039.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5978.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5901.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5906.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5974.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6008.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5935.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5944.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5918.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6034.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5925.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6014.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5912.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5924.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5989.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6019.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5921.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5904.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5972.ph"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5900.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5898.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5973.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5832.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5975.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5913.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5905.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6015.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6016.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/maillists/index.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5996.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5981.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6012.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/alerts/advisennn.php."
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5995.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5947.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5896.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5910.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5917.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6017.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6032.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5979.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6004.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/sensitive.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5984.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5939.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5914.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5956.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5941.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6011.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6031.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6018.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6002.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5927.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6020.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5982.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5987.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6030.php"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#850440"
},
{
"db": "CERT/CC",
"id": "VU#987632"
},
{
"db": "CERT/CC",
"id": "VU#342768"
},
{
"db": "VULHUB",
"id": "VHN-3004"
},
{
"db": "VULMON",
"id": "CVE-2001-0182"
},
{
"db": "JVNDB",
"id": "JVNDB-2001-000005"
},
{
"db": "PACKETSTORM",
"id": "24294"
},
{
"db": "CNNVD",
"id": "CNNVD-200103-081"
},
{
"db": "NVD",
"id": "CVE-2001-0182"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#850440"
},
{
"db": "CERT/CC",
"id": "VU#987632"
},
{
"db": "CERT/CC",
"id": "VU#342768"
},
{
"db": "VULHUB",
"id": "VHN-3004"
},
{
"db": "VULMON",
"id": "CVE-2001-0182"
},
{
"db": "BID",
"id": "2194"
},
{
"db": "BID",
"id": "2222"
},
{
"db": "BID",
"id": "2238"
},
{
"db": "JVNDB",
"id": "JVNDB-2001-000005"
},
{
"db": "PACKETSTORM",
"id": "24294"
},
{
"db": "CNNVD",
"id": "CNNVD-200103-081"
},
{
"db": "NVD",
"id": "CVE-2001-0182"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-06-13T00:00:00",
"db": "CERT/CC",
"id": "VU#850440"
},
{
"date": "2001-05-05T00:00:00",
"db": "CERT/CC",
"id": "VU#987632"
},
{
"date": "2001-10-01T00:00:00",
"db": "CERT/CC",
"id": "VU#342768"
},
{
"date": "2001-03-26T00:00:00",
"db": "VULHUB",
"id": "VHN-3004"
},
{
"date": "2001-03-26T00:00:00",
"db": "VULMON",
"id": "CVE-2001-0182"
},
{
"date": "2001-01-10T00:00:00",
"db": "BID",
"id": "2194"
},
{
"date": "2001-01-16T00:00:00",
"db": "BID",
"id": "2222"
},
{
"date": "2001-01-17T00:00:00",
"db": "BID",
"id": "2238"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2001-000005"
},
{
"date": "2001-02-14T07:13:47",
"db": "PACKETSTORM",
"id": "24294"
},
{
"date": "2001-03-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200103-081"
},
{
"date": "2001-03-26T05:00:00",
"db": "NVD",
"id": "CVE-2001-0182"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-10-25T00:00:00",
"db": "CERT/CC",
"id": "VU#850440"
},
{
"date": "2001-06-25T00:00:00",
"db": "CERT/CC",
"id": "VU#987632"
},
{
"date": "2004-07-28T00:00:00",
"db": "CERT/CC",
"id": "VU#342768"
},
{
"date": "2017-10-10T00:00:00",
"db": "VULHUB",
"id": "VHN-3004"
},
{
"date": "2017-10-10T00:00:00",
"db": "VULMON",
"id": "CVE-2001-0182"
},
{
"date": "2001-01-10T00:00:00",
"db": "BID",
"id": "2194"
},
{
"date": "2001-01-16T00:00:00",
"db": "BID",
"id": "2222"
},
{
"date": "2001-01-17T00:00:00",
"db": "BID",
"id": "2238"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2001-000005"
},
{
"date": "2005-05-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200103-081"
},
{
"date": "2017-10-10T01:29:37.873000",
"db": "NVD",
"id": "CVE-2001-0182"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "24294"
},
{
"db": "CNNVD",
"id": "CNNVD-200103-081"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SSH1 may generate weak passphrase when using Secure RPC",
"sources": [
{
"db": "CERT/CC",
"id": "VU#850440"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "unknown",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200103-081"
}
],
"trust": 0.6
}
}
VAR-200312-0279
Vulnerability from variot - Updated: 2023-12-18 13:40The PKI functionality in Mac OS X 10.2.8 and 10.3.2 allows remote attackers to cause a denial of service (service crash) via malformed ASN.1 sequences. Some versions of the rsync program contain a remotely exploitable vulnerability. This vulnerability may allow an attacker to execute arbitrary code on the target system. This could potentially lead to an attacker crashing a service that uses an implementation of the vulnerable software. This issue is reported to be similar to OpenSSL ASN.1 Large Recursion Remote Denial Of Service Vulnerability described in BID 8970. Due to a lack of details further information concerning this issue cannot be provided at the moment. This BID will be updated as more information becomes available. Mac OS X is an operating system used on Mac machines, based on the BSD system. No detailed vulnerability details are currently available
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200312-0279",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.3.2"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.2.8"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.2.8"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.3.2"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple computer",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "debian linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "freebsd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "gentoo linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "guardian digital",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "immunix",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mandriva",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "openbsd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "openpkg",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sgi",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "suse linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "slackware",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "trustix secure linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "turbolinux",
"version": null
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.8"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#325603"
},
{
"db": "BID",
"id": "9266"
},
{
"db": "NVD",
"id": "CVE-2003-1005"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-121"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.2.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.2.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-1005"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The disclosure of this issue has been credited to the vendor.",
"sources": [
{
"db": "BID",
"id": "9266"
}
],
"trust": 0.3
},
"cve": "CVE-2003-1005",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-7830",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2003-1005",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#325603",
"trust": 0.8,
"value": "29.40"
},
{
"author": "CNNVD",
"id": "CNNVD-200312-121",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-7830",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#325603"
},
{
"db": "VULHUB",
"id": "VHN-7830"
},
{
"db": "NVD",
"id": "CVE-2003-1005"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-121"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The PKI functionality in Mac OS X 10.2.8 and 10.3.2 allows remote attackers to cause a denial of service (service crash) via malformed ASN.1 sequences. Some versions of the rsync program contain a remotely exploitable vulnerability. This vulnerability may allow an attacker to execute arbitrary code on the target system. This could potentially lead to an attacker crashing a service that uses an implementation of the vulnerable software. This issue is reported to be similar to OpenSSL ASN.1 Large Recursion Remote Denial Of Service Vulnerability described in BID 8970. \nDue to a lack of details further information concerning this issue cannot be provided at the moment. This BID will be updated as more information becomes available. Mac OS X is an operating system used on Mac machines, based on the BSD system. No detailed vulnerability details are currently available",
"sources": [
{
"db": "NVD",
"id": "CVE-2003-1005"
},
{
"db": "CERT/CC",
"id": "VU#325603"
},
{
"db": "BID",
"id": "9266"
},
{
"db": "VULHUB",
"id": "VHN-7830"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "SECUNIA",
"id": "10474",
"trust": 2.5
},
{
"db": "BID",
"id": "9266",
"trust": 2.0
},
{
"db": "AUSCERT",
"id": "ESB-2003.0867",
"trust": 1.7
},
{
"db": "NVD",
"id": "CVE-2003-1005",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "10361",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "10362",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "10364",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "10357",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "10363",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "10354",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "10359",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "10378",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "10353",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "10358",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "10355",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "10356",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "10360",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#325603",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200312-121",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "5837",
"trust": 0.6
},
{
"db": "APPLE",
"id": "APPLE-SA-2003-12-19",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-7830",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#325603"
},
{
"db": "VULHUB",
"id": "VHN-7830"
},
{
"db": "BID",
"id": "9266"
},
{
"db": "NVD",
"id": "CVE-2003-1005"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-121"
}
]
},
"id": "VAR-200312-0279",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-7830"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:40:58.454000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-1005"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2003/dec/msg00001.html"
},
{
"trust": 1.7,
"url": "http://www.auscert.org.au/render.html?it=3704"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/9266"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/10474/"
},
{
"trust": 0.8,
"url": "http://www.mail-archive.com/rsync@lists.samba.org/msg08271.html"
},
{
"trust": 0.8,
"url": "http://www.secunia.com/advisories/10353/"
},
{
"trust": 0.8,
"url": "http://www.secunia.com/advisories/10354/"
},
{
"trust": 0.8,
"url": "http://www.secunia.com/advisories/10355/"
},
{
"trust": 0.8,
"url": "http://www.secunia.com/advisories/10356/"
},
{
"trust": 0.8,
"url": "http://www.secunia.com/advisories/10357/"
},
{
"trust": 0.8,
"url": "http://www.secunia.com/advisories/10358/"
},
{
"trust": 0.8,
"url": "http://www.secunia.com/advisories/10359/"
},
{
"trust": 0.8,
"url": "http://www.secunia.com/advisories/10360/"
},
{
"trust": 0.8,
"url": "http://www.secunia.com/advisories/10361/"
},
{
"trust": 0.8,
"url": "http://www.secunia.com/advisories/10362/"
},
{
"trust": 0.8,
"url": "http://www.secunia.com/advisories/10363/"
},
{
"trust": 0.8,
"url": "http://www.secunia.com/advisories/10364/"
},
{
"trust": 0.8,
"url": "http://www.secunia.com/advisories/10378/"
},
{
"trust": 0.8,
"url": "http://www.secunia.com/advisories/10474/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/5837"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#325603"
},
{
"db": "VULHUB",
"id": "VHN-7830"
},
{
"db": "NVD",
"id": "CVE-2003-1005"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-121"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#325603"
},
{
"db": "VULHUB",
"id": "VHN-7830"
},
{
"db": "BID",
"id": "9266"
},
{
"db": "NVD",
"id": "CVE-2003-1005"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-121"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-12-09T00:00:00",
"db": "CERT/CC",
"id": "VU#325603"
},
{
"date": "2003-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-7830"
},
{
"date": "2003-12-20T00:00:00",
"db": "BID",
"id": "9266"
},
{
"date": "2003-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2003-1005"
},
{
"date": "2003-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200312-121"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-05-01T00:00:00",
"db": "CERT/CC",
"id": "VU#325603"
},
{
"date": "2008-09-10T00:00:00",
"db": "VULHUB",
"id": "VHN-7830"
},
{
"date": "2003-12-20T00:00:00",
"db": "BID",
"id": "9266"
},
{
"date": "2008-09-10T19:21:24.633000",
"db": "NVD",
"id": "CVE-2003-1005"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200312-121"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200312-121"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Integer overflow vulnerability in rsync",
"sources": [
{
"db": "CERT/CC",
"id": "VU#325603"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200312-121"
}
],
"trust": 0.6
}
}
VAR-200107-0032
Vulnerability from variot - Updated: 2023-12-18 13:05Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200107-0032",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "secure linux",
"scope": "eq",
"trust": 1.6,
"vendor": "trustix",
"version": "1.2"
},
{
"model": "immunix",
"scope": "eq",
"trust": 1.0,
"vendor": "immunix",
"version": "7.0"
},
{
"model": "immunix",
"scope": "eq",
"trust": 1.0,
"vendor": "immunix",
"version": "6.2"
},
{
"model": "web proxy",
"scope": "eq",
"trust": 1.0,
"vendor": "squid",
"version": "2.3stable4"
},
{
"model": "mandrake linux",
"scope": "eq",
"trust": 1.0,
"vendor": "mandrakesoft",
"version": "7.1"
},
{
"model": "mandrake linux",
"scope": "eq",
"trust": 1.0,
"vendor": "mandrakesoft",
"version": "8.0"
},
{
"model": "immunix",
"scope": "eq",
"trust": 1.0,
"vendor": "immunix",
"version": "7.0_beta"
},
{
"model": "secure linux",
"scope": "eq",
"trust": 1.0,
"vendor": "trustix",
"version": "1.01"
},
{
"model": "openlinux server",
"scope": "eq",
"trust": 1.0,
"vendor": "caldera",
"version": "3.1"
},
{
"model": "mandrake linux",
"scope": "eq",
"trust": 1.0,
"vendor": "mandrakesoft",
"version": "7.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "web proxy",
"scope": "eq",
"trust": 1.0,
"vendor": "squid",
"version": "2.3stable3"
},
{
"model": "secure linux",
"scope": "eq",
"trust": 1.0,
"vendor": "trustix",
"version": "1.1"
},
{
"model": "mandrake linux corporate server",
"scope": "eq",
"trust": 1.0,
"vendor": "mandrakesoft",
"version": "1.0.1"
},
{
"model": "mandrake single network firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "mandrakesoft",
"version": "7.2"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-1030"
},
{
"db": "CNNVD",
"id": "CNNVD-200107-116"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:immunix:immunix:7.0_beta:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mandrakesoft:mandrake_single_network_firewall:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:immunix:immunix:6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:immunix:immunix:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:squid:squid_web_proxy:2.3stable3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:squid:squid_web_proxy:2.3stable4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:caldera:openlinux_server:3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:trustix:secure_linux:1.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mandrakesoft:mandrake_linux:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mandrakesoft:mandrake_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:1.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:trustix:secure_linux:1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:trustix:secure_linux:1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mandrakesoft:mandrake_linux:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-1030"
}
]
},
"cve": "CVE-2001-1030",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-3835",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2001-1030",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200107-116",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-3835",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-3835"
},
{
"db": "NVD",
"id": "CVE-2001-1030"
},
{
"db": "CNNVD",
"id": "CNNVD-200107-116"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning",
"sources": [
{
"db": "NVD",
"id": "CVE-2001-1030"
},
{
"db": "VULHUB",
"id": "VHN-3835"
}
],
"trust": 0.99
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2001-1030",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200107-116",
"trust": 0.7
},
{
"db": "REDHAT",
"id": "RHSA-2001:097",
"trust": 0.6
},
{
"db": "CALDERA",
"id": "CSSA-2001-029.0",
"trust": 0.6
},
{
"db": "MANDRAKE",
"id": "MDKSA-2001:066",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20010718 SQUID HTTPD ACCELERATION ACL BUG ENABLES PORTSCANNING",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20010719 TSLSA-2001-0013 - SQUID",
"trust": 0.6
},
{
"db": "XF",
"id": "6862",
"trust": 0.6
},
{
"db": "IMMUNIX",
"id": "IMNX-2001-70-031-01",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-3835",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-3835"
},
{
"db": "NVD",
"id": "CVE-2001-1030"
},
{
"db": "CNNVD",
"id": "CNNVD-200107-116"
}
]
},
"id": "VAR-200107-0032",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-3835"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:05:40.522000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-1030"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/197727"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0362.html"
},
{
"trust": 1.7,
"url": "http://www.calderasystems.com/support/security/advisories/cssa-2001-029.0.txt"
},
{
"trust": 1.7,
"url": "http://download.immunix.org/immunixos/7.0/updates/imnx-2001-70-031-01"
},
{
"trust": 1.7,
"url": "http://www.linux-mandrake.com/en/security/2001/mdksa-2001-066.php3"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2001-097.html"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6862"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/static/6862.php"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-3835"
},
{
"db": "NVD",
"id": "CVE-2001-1030"
},
{
"db": "CNNVD",
"id": "CNNVD-200107-116"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-3835"
},
{
"db": "NVD",
"id": "CVE-2001-1030"
},
{
"db": "CNNVD",
"id": "CNNVD-200107-116"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-07-18T00:00:00",
"db": "VULHUB",
"id": "VHN-3835"
},
{
"date": "2001-07-18T04:00:00",
"db": "NVD",
"id": "CVE-2001-1030"
},
{
"date": "2001-07-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200107-116"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-10T00:00:00",
"db": "VULHUB",
"id": "VHN-3835"
},
{
"date": "2017-10-10T01:29:58.407000",
"db": "NVD",
"id": "CVE-2001-1030"
},
{
"date": "2006-09-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200107-116"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200107-116"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Squid HTTP Accelerator mode illegal activity vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200107-116"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "unknown",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200107-116"
}
],
"trust": 0.6
}
}
VAR-200102-0056
Vulnerability from variot - Updated: 2023-12-18 11:51Directory traversal vulnerability in Arrowpoint (aka Cisco Content Services, or CSS) allows local unprivileged users to read arbitrary files via a .. (dot dot) attack. The secure-RPC feature of the SSH1 client in Solaris sometimes encrypts the SSH private key file with a weak passphrase, which can be determined by an attacker and used to recover the SSH private keys. Other versions of the SSH client running on non-Solaris platforms are not affected by this vulnerability. NewsDaemon prior to version 0.21b contains a vulnerability allowing remote attackers to gain administrative access to the web site. getty_ps is an open-source software package designed to support logons to the console and terminals. Some implementations create temporary files insecurely with predictable names, leading to corruption of arbitrary files via symbolic link attack. getty_ps is an open source, freely available, publicly maintained software package shipped with many distributions of Linux. A problem in the getty_ps software package could make it vulnerable to a symbolic link attack. The problem occurs in the creation and handling of files in the /tmp directory by the getty_ps program. Under certain circumstances, getty_ps will create files in the /tmp filesystem in an insecure manner. The program uses a naming scheme that could make it possible to guess the filename of future files in the /tmp directory, and does not check for the existance of the file before attempting to create it. A malicious user could use this vulnerability to overwrite or append to and corrupt system files. SSH is a package designed to encrypt traffic between two end points using the IETF specified SSH protocol. The SSH1 package is distributed and maintained by SSH Communications Security. A problem exists which could allow the discovery of the secret key used to encrypt traffic on the local host. When using SUN-DES-1 to share keys with other hosts on the network to facilitate secure communication via protocols such as NFS and NIS+, the keys are shared between hosts using the private key of the user and a cryptographic algorithm to secure the contents of the key, which is stored on the NIS+ primary. The problem occurs when the key is encrypted with the SUN-DES-1 magic phrase prior to having done a keylogin (the keyserv does not have the users DH private key). A design flaw in the software that shares the key with the NIS+ master will inconsistently return the correct value for an attempted keyshare that has failed. A step in the private key encryption process is skipped, and the users private key is then encrypted only with the public key of the target server and the SUN-DES-1 magic phrase, a phrase that is guessable due to the way it is generated. A user from the same host can then execute a function that returns another users magic phrase, and use this to decrypt the private key of the victim. This makes it possible for a user with malicious intent to gain knowledge of a users secret key, and decrypt sensitive traffic between two hosts, with the possibility of gaining access and elevated privileges on the hosts and/or NIS+ domain. This reportedly affects the SSH2 series of the software package. The Cisco Content Services (CSS) switches are hardware designed to provide enhanced web services for e-commerece and Web Content delivery using the Cisco Web Network Services (Web NS). The CSS switch is distributed by Cisco Systems. CSS switches allow users access to certain functions on the switch, while enforcing access control to prevent the reading and change of configuration on the switch. Due to a problem in the handling of input, it is possible for a user to gain information on the structure of the directory by executing commands requesting non-existent filenames. Once the structure of the directory is know, it is then possible to read files within the directory. This problem makes it possible for a malicious local user to map the directory tree, and read files that may contain sensitive information. TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to majordomo@iss.net Contact alert-owner@iss.net for help with any problems!
-----BEGIN PGP SIGNED MESSAGE-----
Internet Security Systems Security Alert Summary February 6, 2001 Volume 6 Number 3
X-Force Vulnerability and Threat Database: http://xforce.iss.net/ To receive these Alert Summaries as well as other Alerts and Advisories, subscribe to the Internet Security Systems Alert mailing list at: http://xforce.iss.net/maillists/index.php
Contents
120 Reported Vulnerabilities
Risk Factor Key
Date Reported: 1/31/01 Vulnerability: win2k-rdp-dos Platforms Affected: Windows 2000 Risk Factor: Medium Attack Type: Network Based Brief Description: Windows 2000 Server RDP denial of service X-Force URL: http://xforce.iss.net/static/6035.php
Date Reported: 1/31/01 Vulnerability: cisco-ccs-file-access Platforms Affected: Cisco Content Services Switch Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Cisco CCS command line interface could allow read access to files and directories X-Force URL: http://xforce.iss.net/static/6031.php
Date Reported: 1/31/01 Vulnerability: quicktime-embedded-tag-bo Platforms Affected: Quicktime 4.1.2 Risk Factor: High Attack Type: Host Based Brief Description: QuickTime Player EMBED tag buffer overflow X-Force URL: http://xforce.iss.net/static/6040.php
Date Reported: 1/31/01 Vulnerability: solaris-ximp40-bo Platforms Affected: Solaris (7, 8) Risk Factor: High Attack Type: Host Based Brief Description: Solaris "ximp40" shared library buffer overflow X-Force URL: http://xforce.iss.net/static/6039.php
Date Reported: 1/31/01 Vulnerability: cisco-ccs-cli-dos Platforms Affected: Cisco Content Services Switch Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Cisco CCS command line interface denial of service X-Force URL: http://xforce.iss.net/static/6030.php
Date Reported: 1/30/01 Vulnerability: slimserve-httpd-dos Platforms Affected: SlimServe 1.0 Risk Factor: Medium Attack Type: Network Based Brief Description: SlimServe HTTPd denial of service X-Force URL: http://xforce.iss.net/static/6028.php
Date Reported: 1/30/01 Vulnerability: crazywwwboard-qdecoder-bo Platforms Affected: CrazyWWWBoard prior to 2000LEp5-1 Risk Factor: Medium Attack Type: Network Based Brief Description: CrazyWWWBoard qDecoder buffer overflow X-Force URL: http://xforce.iss.net/static/6033.php
Date Reported: 1/30/01 Vulnerability: virusbuster-mua-bo Platforms Affected: Risk Factor: Medium Attack Type: Network Based Brief Description: Virus Buster 2001 Mail User Agent (MUA) buffer overflow X-Force URL: http://xforce.iss.net/static/6034.php
Date Reported: 1/29/01 Vulnerability: iis-isapi-obtain-code Platforms Affected: IIS (4.0, 5.0) Risk Factor: Low Attack Type: Network/Host Based Brief Description: IIS allows remote attacker to obtain code fragments using .htr ISAPI extensions X-Force URL: http://xforce.iss.net/static/6032.php
Date Reported: 1/29/01 Vulnerability: bind-inverse-query-disclosure Platforms Affected: Bind (4.x, 8.2.x) Risk Factor: Medium Attack Type: Network Based Brief Description: BIND 4.x and 8.2.x exposes environment variables X-Force URL: http://xforce.iss.net/static/6018.php
Date Reported: 1/29/01 Vulnerability: hp-man-dos Platforms Affected: HPUX Risk Factor: Medium Attack Type: Host Based Brief Description: HP man command denial of service X-Force URL: http://xforce.iss.net/static/6014.php
Date Reported: 1/29/01 Vulnerability: sort-temp-file-abort Platforms Affected: FreeBSD Risk Factor: Medium Attack Type: Host Based Brief Description: Sort temporary files denial of service X-Force URL: http://xforce.iss.net/static/6038.php
Date Reported: 1/29/01 Vulnerability: bind-complain-format-string Platforms Affected: BIND 4.x Risk Factor: Medium Attack Type: Network Based Brief Description: BIND 4.x nslookupComplain() format string X-Force URL: http://xforce.iss.net/static/6017.php
Date Reported: 1/29/01 Vulnerability: bind-complain-bo Platforms Affected: BIND 4.x Risk Factor: Medium Attack Type: Network Based Brief Description: BIND 4.x nslookupComplain() buffer overflow X-Force URL: http://xforce.iss.net/static/6016.php
Date Reported: 1/29/01 Vulnerability: winvnc-client-bo Platforms Affected: WinVNC Risk Factor: High Attack Type: Network Based Brief Description: WinVNC client buffer overflow X-Force URL: http://xforce.iss.net/static/6025.php
Date Reported: 1/29/01 Vulnerability: winvnc-server-bo Platforms Affected: WinVNC Risk Factor: High Attack Type: Network Based Brief Description: WinVNC server buffer overflow X-Force URL: http://xforce.iss.net/static/6026.php
Date Reported: 1/29/01 Vulnerability: guestserver-cgi-execute-commands Platforms Affected: Guestserver 4.12 and earlier Risk Factor: High Attack Type: Network Based Brief Description: Guestserver.cgi allows remote command execution X-Force URL: http://xforce.iss.net/static/6027.php
Date Reported: 1/29/01 Vulnerability: bind-tsig-bo Platforms Affected: BIND 8.2.x Risk Factor: Unauthorized Access Attempt Attack Type: Network/Host Based Brief Description: BIND 8.2.x transaction signature (TSIG) buffer overflow X-Force URL: http://xforce.iss.net/static/6015.php
Date Reported: 1/28/01 Vulnerability: hyperseek-cgi-reveal-info Platforms Affected: Hyperseek Search Engine 2000 Risk Factor: Medium Attack Type: Network Based Brief Description: Hyperseek CGI could reveal listings of directories and files X-Force URL: http://xforce.iss.net/static/6012.php
Date Reported: 1/26/01 Vulnerability: newsdaemon-gain-admin-access Platforms Affected: NewsDaemon prior to 0.21b Risk Factor: High Attack Type: Network Based Brief Description: NewsDaemon allows remote users to gain administrative access X-Force URL: http://xforce.iss.net/static/6010.php
Date Reported: 1/26/01 Vulnerability: mars-nwe-format-string Platforms Affected: Mars_nwe 0.99.pl19 Risk Factor: High Attack Type: Network Based Brief Description: Mars_nwe format string X-Force URL: http://xforce.iss.net/static/6019.php
Date Reported: 1/26/01 Vulnerability: mars-nwe-format-string Platforms Affected: Mars_nwe 0.99.pl19 Risk Factor: High Attack Type: Network Based Brief Description: Mars_nwe format string X-Force URL: http://xforce.iss.net/static/6019.php
Date Reported: 1/25/01 Vulnerability: planetintra-pi-bo Platforms Affected: Planet Intra LAN Intranet 2.5 Risk Factor: High Attack Type: Network Based Brief Description: Planet Intra 'pi' binary buffer oveflow X-Force URL: http://xforce.iss.net/static/6002.php
Date Reported: 1/25/01 Vulnerability: borderware-ping-dos Platforms Affected: BorderWare Firewall Server 6.1.2 Risk Factor: High Attack Type: Network Based Brief Description: BorderWare ping denial of service X-Force URL: http://xforce.iss.net/static/6004.php
Date Reported: 1/25/01 Vulnerability: aol-malformed-url-dos Platforms Affected: AOL 5.0 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: AOL malformed URL denial of service X-Force URL: http://xforce.iss.net/static/6009.php
Date Reported: 1/25/01 Vulnerability: mirc-bypass-password Platforms Affected: mIRC Risk Factor: High Attack Type: Host Based Brief Description: mIRC allows malicious user to bypass password X-Force URL: http://xforce.iss.net/static/6013.php
Date Reported: 1/25/01 Vulnerability: netscape-enterprise-revlog-dos Platforms Affected: Netscape Enterprise Server Risk Factor: Medium Attack Type: Network Based Brief Description: Netscape Enterprise Server REVLOG denial of service X-Force URL: http://xforce.iss.net/static/6003.php
Date Reported: 1/24/01 Vulnerability: aim-execute-code Platforms Affected: AOL Instant Messenger 4.1 and later Risk Factor: High Attack Type: Host Based Brief Description: AOL Instant Messenger execution of code in modified images X-Force URL: http://xforce.iss.net/static/6005.php
Date Reported: 1/24/01 Vulnerability: netscape-enterprise-list-directories Platforms Affected: Netscape Enterprise Server (3.0, 4.0) Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Netscape Enterprise Server allows remote directory listing X-Force URL: http://xforce.iss.net/static/5997.php
Date Reported: 1/24/01 Vulnerability: winnt-mutex-dos Platforms Affected: Windows NT 4.0 Risk Factor: Medium Attack Type: Host Based Brief Description: Windows NT mutex denial of service X-Force URL: http://xforce.iss.net/static/6006.php
Date Reported: 1/24/01 Vulnerability: jrun-webinf-file-retrieval Platforms Affected: JRun Risk Factor: Medium Attack Type: Network/Host Based Brief Description: JRun malformed URL file retrieval X-Force URL: http://xforce.iss.net/static/6008.php
Date Reported: 1/23/01 Vulnerability: ipfw-bypass-firewall Platforms Affected: FreeBSD (3.x, 4.x) Risk Factor: High Attack Type: Network Based Brief Description: ipfw/ip6fw allows remote attacker to bypass firewall X-Force URL: http://xforce.iss.net/static/5998.php
Date Reported: 1/23/01 Vulnerability: netopia-telnet-dos Platforms Affected: Netopia R-series router Risk Factor: Medium Attack Type: Network Based Brief Description: Netopia R9100 allows remote user to crash the router using telnet X-Force URL: http://xforce.iss.net/static/6001.php
Date Reported: 1/23/01 Vulnerability: wuftp-debug-format-string Platforms Affected: Wu-ftpd Risk Factor: High Attack Type: Network Based Brief Description: Wu-ftpd debug mode format string X-Force URL: http://xforce.iss.net/static/6020.php
Date Reported: 1/23/01 Vulnerability: kde2-kdesu-retrieve-passwords Platforms Affected: Linux: Caldera eDesktop 2.4 Risk Factor: High Attack Type: Host Based Brief Description: KDE2 kdesu program allows users to retrieve passwords X-Force URL: http://xforce.iss.net/static/5995.php
Date Reported: 1/23/01 Vulnerability: easycom-safecom-url-bo Platforms Affected: Easycom/Safecom firmware 404.590 Risk Factor: Medium Attack Type: Network Based Brief Description: Easycom/Safecom print server long URL buffer overflow X-Force URL: http://xforce.iss.net/static/5988.php
Date Reported: 1/23/01 Vulnerability: easycom-safecom-printguide-dos Platforms Affected: Easycom/Safecom firmware 404.590 Risk Factor: Medium Attack Type: Network Based Brief Description: Easycom/Safecom PrintGuide denial of service X-Force URL: http://xforce.iss.net/static/5989.php
Date Reported: 1/23/01 Vulnerability: easycom-safecom-ftp-dos Platforms Affected: Easycom/Safecom firmware 404.590 Risk Factor: Medium Attack Type: Network Based Brief Description: Easycom/Safecom FTP denial of service X-Force URL: http://xforce.iss.net/static/5990.php
Date Reported: 1/23/01 Vulnerability: vnc-weak-authentication Platforms Affected: VNC 3.3.3 and earlier Risk Factor: Medium Attack Type: Network Based Brief Description: VNC weak authentication could allow unauthorized access X-Force URL: http://xforce.iss.net/static/5992.php
Date Reported: 1/23/01 Vulnerability: lotus-domino-smtp-bo Platforms Affected: Lotus Domino 5.0 Risk Factor: High Attack Type: Network/Host Based Brief Description: Lotus Domino SMTP Server policy feature buffer overflow X-Force URL: http://xforce.iss.net/static/5993.php
Date Reported: 1/23/01 Vulnerability: linux-sash-shadow-readable Platforms Affected: sash prior to 3.4-4 Risk Factor: High Attack Type: Host Based Brief Description: Linux sash /etc/shadow directory world-readable X-Force URL: http://xforce.iss.net/static/5994.php
Date Reported: 1/22/01 Vulnerability: powerpoint-execute-code Platforms Affected: Microsoft PowerPoint 2000 Risk Factor: High Attack Type: Host Based Brief Description: PowerPoint could allow code execution on another user's computer X-Force URL: http://xforce.iss.net/static/5996.php
Date Reported: 1/22/01 Vulnerability: icecast-format-string Platforms Affected: Icecast 1.3.8beta2 and prior Risk Factor: High Attack Type: Network/Host Based Brief Description: Icecast format string could allow arbitrary code execution X-Force URL: http://xforce.iss.net/static/5978.php
Date Reported: 1/22/01 Vulnerability: oracle-handlers-directory-traversal Platforms Affected: Oracle 8.1.7 Risk Factor: High Attack Type: Network Based Brief Description: Oracle JSP/SQLJP handlers directory traversal X-Force URL: http://xforce.iss.net/static/5986.php
Date Reported: 1/22/01 Vulnerability: oracle-handlers-execute-jsp Platforms Affected: Oracle 8.1.7 Risk Factor: High Attack Type: Network Based Brief Description: Oracle JSP/SQLJP handlers allows remote attacker to execute .jsp files X-Force URL: http://xforce.iss.net/static/5987.php
Date Reported: 1/22/01 Vulnerability: netscape-enterprise-dot-dos Platforms Affected: Netscape Enterprise Server 4.1 SP5 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Netscape Enterprise Server "/../" denial of service X-Force URL: http://xforce.iss.net/static/5983.php
Date Reported: 1/22/01 Vulnerability: goodtech-ftp-dos Platforms Affected: GoodTech FTP 3.0.1.2.1.0 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: GoodTech FTP server denial of service X-Force URL: http://xforce.iss.net/static/5984.php
Date Reported: 1/22/01 Vulnerability: netscape-fasttrack-cache-dos Platforms Affected: Netscape FastTrack Risk Factor: Low Attack Type: Host Based Brief Description: Netscape FastTrack Server cache denial of service X-Force URL: http://xforce.iss.net/static/5985.php
Date Reported: 1/21/01 Vulnerability: eeye-iris-dos Platforms Affected: Iris Network Analyzer 1.01beta Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Iris denial of service X-Force URL: http://xforce.iss.net/static/5981.php
Date Reported: 1/20/01 Vulnerability: watchguard-firebox-obtain-passphrase Platforms Affected: Firebox II Risk Factor: High Attack Type: Network Based Brief Description: WatchGuard Firebox allows remote user to obtain passphrase X-Force URL: http://xforce.iss.net/static/5979.php
Date Reported: 1/19/01 Vulnerability: fastream-ftp-server-dos Platforms Affected: Fastream FTP++ Simple FTP Server 2.0 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Fastream FTP denial of service X-Force URL: http://xforce.iss.net/static/5976.php
Date Reported: 1/19/01 Vulnerability: fastream-ftp-path-disclosure Platforms Affected: Fastream FTP++ Simple FTP Server 2.0 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Fastream FTP path disclosure X-Force URL: http://xforce.iss.net/static/5977.php
Date Reported: 1/19/01 Vulnerability: localweb2k-directory-traversal Platforms Affected: LocalWEB2000 HTTP Server 1.1.0 Risk Factor: Medium Attack Type: Network Based Brief Description: LocalWEB2000 directory traversal X-Force URL: http://xforce.iss.net/static/5982.php
Date Reported: 1/19/01 Vulnerability: win2k-efs-recover-data Platforms Affected: Windows 2000 Risk Factor: High Attack Type: Host Based Brief Description: Windows 2000 EFS allows local user to recover sensitive data X-Force URL: http://xforce.iss.net/static/5973.php
Date Reported: 1/19/01 Vulnerability: linux-bing-bo Platforms Affected: Linux Risk Factor: High Attack Type: Host Based Brief Description: Bing host name buffer overflow X-Force URL: http://xforce.iss.net/static/6036.php
Date Reported: 1/18/01 Vulnerability: micq-sprintf-remote-bo Platforms Affected: Matt's ICQ Clone 0.4.6 Risk Factor: High Attack Type: Network Based Brief Description: ICQ clone for Linux sprintf() remote buffer overflow X-Force URL: http://xforce.iss.net/static/5962.php
Date Reported: 1/18/01 Vulnerability: mysql-select-bo Platforms Affected: MySQL prior to 3.23.31 Risk Factor: High Attack Type: Host Based Brief Description: MySQL select buffer overflow X-Force URL: http://xforce.iss.net/static/5969.php
Date Reported: 1/18/01 Vulnerability: shoutcast-description-bo Platforms Affected: SHOUTcast DNAS 1.7.1 Risk Factor: Low Attack Type: Network/Host Based Brief Description: Shoutcast Server for Linux description buffer overflow X-Force URL: http://xforce.iss.net/static/5965.php
Date Reported: 1/17/01 Vulnerability: fw1-limited-license-dos Platforms Affected: Check Point Firewall-1 4.1 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: FireWall-1 limited-IP license denial of service X-Force URL: http://xforce.iss.net/static/5966.php
Date Reported: 1/17/01 Vulnerability: fw1-limited-license-dos Platforms Affected: Check Point Firewall-1 4.1 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: FireWall-1 limited-IP license denial of service X-Force URL: http://xforce.iss.net/static/5966.php
Date Reported: 1/17/01 Vulnerability: hp-stm-dos Platforms Affected: HPUX Risk Factor: Medium Attack Type: Host Based Brief Description: HP-UX Support Tools Manager denial of service X-Force URL: http://xforce.iss.net/static/5957.php
Date Reported: 1/17/01 Vulnerability: linux-webmin-tmpfiles Platforms Affected: OpenLinux (2.3, 2.4) Risk Factor: High Attack Type: Host Based Brief Description: Webmin use of tmpfiles could allow a local user to overwrite files X-Force URL: http://xforce.iss.net/static/6011.php
Date Reported: 1/17/01 Vulnerability: tinyproxy-remote-bo Platforms Affected: tinyproxy 1.3.2 and 1.3.3 Risk Factor: Medium Attack Type: Network Based Brief Description: Tinyproxy remote buffer overflow X-Force URL: http://xforce.iss.net/static/5954.php
Date Reported: 1/17/01 Vulnerability: postaci-sql-command-injection Platforms Affected: PostACI Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Postaci SQL command injection X-Force URL: http://xforce.iss.net/static/5972.ph p
Date Reported: 1/17/01 Vulnerability: wwwwais-cgi-dos Platforms Affected: wwwwais.c 25 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: wwwwais CGI based program denial of service X-Force URL: http://xforce.iss.net/static/5980.php
Date Reported: 1/17/01 Vulnerability: mime-header-attachment Platforms Affected: MIME 1.0 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: MIME headers could allow spoofed file attachment X-Force URL: http://xforce.iss.net/static/5991.php
Date Reported: 1/16/01 Vulnerability: ssh-rpc-private-key Platforms Affected: SSH Risk Factor: Medium Attack Type: Network/Host Based Brief Description: SSH secure-RPC could generate a passphrase that exposes a user's private key X-Force URL: http://xforce.iss.net/static/5963.php
Date Reported: 1/16/01 Vulnerability: linux-glibc-preload-overwrite Platforms Affected: Linux Risk Factor: Low Attack Type: Host Based Brief Description: Linux glibc LD_PRELOAD file overwrite X-Force URL: http://xforce.iss.net/static/5971.php
Date Reported: 1/16/01 Vulnerability: inn-tmpfile-symlink Platforms Affected: InterNet News (INN) Risk Factor: High Attack Type: Host Based Brief Description: INN tmpfile symbolic link X-Force URL: http://xforce.iss.net/static/5974.php
Date Reported: 1/15/01 Vulnerability: interscan-viruswall-insecure-password Platforms Affected: InterScan VirusWall (3.0.1, 3.6.x) Risk Factor: High Attack Type: Network Based Brief Description: InterScan VirusWall for Unix password change insecure X-Force URL: http://xforce.iss.net/static/5944.php
Date Reported: 1/15/01 Vulnerability: interscan-viruswall-weak-authentication Platforms Affected: InterScan VirusWall (3.0.1, 3.6.x) Risk Factor: Medium Attack Type: Network Based Brief Description: InterScan VirusWall for Unix uses weak authentication X-Force URL: http://xforce.iss.net/static/5946.php
Date Reported: 1/15/01 Vulnerability: ie-mshtml-dos Platforms Affected: Internet Explorer 4.0 and later Risk Factor: Medium Attack Type: Network Based Brief Description: Internet Explorer mshtml.dll denial of service X-Force URL: http://xforce.iss.net/static/5938.php
Date Reported: 1/15/01 Vulnerability: dhcp-format-string Platforms Affected: Caldera OpenLinux Desktop (2.3, 2.3.1, 2.4) Risk Factor: High Attack Type: Network Based Brief Description: Caldera DHCP format string X-Force URL: http://xforce.iss.net/static/5953.php
Date Reported: 1/15/01 Vulnerability: win-mediaplayer-arbitrary-code Platforms Affected: Windows Media Player 7.0 Risk Factor: High Attack Type: Network/Host Based Brief Description: Windows Media Player skins can be used execute arbitrary code X-Force URL: http://xforce.iss.net/static/5937.php
Date Reported: 1/15/01 Vulnerability: veritas-backupexec-dos Platforms Affected: Backup Exec 4.5 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Veritas Backup Exec denial of service X-Force URL: http://xforce.iss.net/static/5941.php
Date Reported: 1/15/01 Vulnerability: interscan-viruswall-symlink Platforms Affected: InterScan VirusWall (3.0.1, 3.6.x) Risk Factor: High Attack Type: Host Based Brief Description: InterScan VirusWall for Unix symbolic link X-Force URL: http://xforce.iss.net/static/5947.php
Date Reported: 1/15/01 Vulnerability: omnihttpd-statsconfig-corrupt-files Platforms Affected: OmniHTTPd Risk Factor: Medium Attack Type: Network Based Brief Description: OmniHTTPd statsconfig.pl corrupt any file on the system X-Force URL: http://xforce.iss.net/static/5955.php
Date Reported: 1/15/01 Vulnerability: omnihttpd-statsconfig-execute-code Platforms Affected: OmniHTTPd Risk Factor: High Attack Type: Network Based Brief Description: OmniHTTPD statsconfig.pl allows code execution X-Force URL: http://xforce.iss.net/static/5956.php
Date Reported: 1/15/01 Vulnerability: icmp-pmtu-dos Platforms Affected: Linux BSD Risk Factor: Medium Attack Type: Network Based Brief Description: ICMP PMTU denial of service X-Force URL: http://xforce.iss.net/static/5975.php
Date Reported: 1/15/01 Vulnerability: icmp-pmtu-dos Platforms Affected: Linux BSD Risk Factor: Medium Attack Type: Network Based Brief Description: ICMP PMTU denial of service X-Force URL: http://xforce.iss.net/static/5975.php
Date Reported: 1/14/01 Vulnerability: splitvt-perserc-format-string Platforms Affected: splitvt 1.6.4 and earlier Risk Factor: High Attack Type: Host Based Brief Description: Splitvt perserc.c module format string X-Force URL: http://xforce.iss.net/static/5948.php
Date Reported: 1/14/01 Vulnerability: splitvt-perserc-format-string Platforms Affected: splitvt 1.6.4 and earlier Risk Factor: High Attack Type: Host Based Brief Description: Splitvt perserc.c module format string X-Force URL: http://xforce.iss.net/static/5948.php
Date Reported: 1/14/01 Vulnerability: flash-module-bo Platforms Affected: Oliver Debon Flash plugin 0.4.9 and earlier Risk Factor: Medium Attack Type: Network Based Brief Description: Flash browser module buffer overflow X-Force URL: http://xforce.iss.net/static/5952.php
Date Reported: 1/13/01 Vulnerability: rctab-elevate-privileges Platforms Affected: Linux SuSE Risk Factor: Medium Attack Type: Host Based Brief Description: rctab in SuSE Linux could allow privilege elevation X-Force URL: http://xforce.iss.net/static/5945.php
Date Reported: 1/12/01 Vulnerability: ultraboard-cgi-perm Platforms Affected: UltraBoard 2000B Risk Factor: Medium Attack Type: Network/Host Based Brief Description: UltraBoard CGI weak permissions X-Force URL: http://xforce.iss.net/static/5931.php
Date Reported: 1/12/01 Vulnerability: compaq-web-management-bo Platforms Affected: Compaq Web-Based Management Risk Factor: High Attack Type: Network Based Brief Description: Compaq Web-Based Management program buffer overflow X-Force URL: http://xforce.iss.net/static/5935.php
Date Reported: 1/12/01 Vulnerability: php-htaccess-unauth-access Platforms Affected: PHP (4.0.0, 4.0.4) Risk Factor: Low Attack Type: Network Based Brief Description: PHP could allow unauthorized access to restricted files X-Force URL: http://xforce.iss.net/static/5940.php
Date Reported: 1/12/01 Vulnerability: basilix-webmail-retrieve-files Platforms Affected: Basilix Webmail 0.9.7beta Risk Factor: Low Attack Type: Network Based Brief Description: Basilix Webmail System allows unauthorized users to retrieve files X-Force URL: http://xforce.iss.net/static/5934.php
Date Reported: 1/12/01 Vulnerability: solaris-arp-bo Platforms Affected: Solaris Risk Factor: High Attack Type: Host Based Brief Description: Solaris arp buffer overflow X-Force URL: http://xforce.iss.net/static/5928.php
Date Reported: 1/12/01 Vulnerability: php-view-source-code Platforms Affected: PHP (4.0.0, 4.0.4) Risk Factor: Low Attack Type: Network Based Brief Description: PHP could allow remote viewing of source code X-Force URL: http://xforce.iss.net/static/5939.php
Date Reported: 1/11/01 Vulnerability: wec-ntlm-authentication Platforms Affected: Windows 2000 Microsoft Office 2000 Windows ME Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Web Extender Client (WEC) NTLM authentication X-Force URL: http://xforce.iss.net/static/5920.php
Date Reported: 1/11/01 Vulnerability: spamcop-url-seq-predict Platforms Affected: SpamCop Risk Factor: Low Attack Type: Network/Host Based Brief Description: SpamCop URL number increment sequence prediction X-Force URL: http://xforce.iss.net/static/5933.php
Date Reported: 1/10/01 Vulnerability: linux-wuftpd-privatepw-symlink Platforms Affected: Linux Risk Factor: Medium Attack Type: Host Based Brief Description: Linux wu-ftpd privatepw symbolic link X-Force URL: http://xforce.iss.net/static/5915.php
Date Reported: 1/10/01 Vulnerability: rdist-symlink Platforms Affected: rdist Risk Factor: High Attack Type: Host Based Brief Description: rdist symbolic link X-Force URL: http://xforce.iss.net/static/5925.php
Date Reported: 1/10/01 Vulnerability: squid-email-symlink Platforms Affected: squid Risk Factor: High Attack Type: Host Based Brief Description: squid email notification symbolic link X-Force URL: http://xforce.iss.net/static/5921.php
Date Reported: 1/10/01 Vulnerability: linux-diffutils-sdiff-symlimk Platforms Affected: Linux Risk Factor: Medium Attack Type: Host Based Brief Description: Linux diffutils sdiff symbolic link X-Force URL: http://xforce.iss.net/static/5914.php
Date Reported: 1/10/01 Vulnerability: tcpdump-arpwatch-symlink Platforms Affected: arpwatch Risk Factor: High Attack Type: Host Based Brief Description: tcpdump arpwatch symbolic link X-Force URL: http://xforce.iss.net/static/5922.php
Date Reported: 1/10/01 Vulnerability: linuxconf-vpop3d-symlink Platforms Affected: linuxconf Risk Factor: Medium Attack Type: Host Based Brief Description: Linuxconf vpop3d symbolic link X-Force URL: http://xforce.iss.net/static/5923.php
Date Reported: 1/10/01 Vulnerability: shadow-utils-useradd-symlink Platforms Affected: shadow-utils Risk Factor: High Attack Type: Host Based Brief Description: shadow-utils useradd symbolic link X-Force URL: http://xforce.iss.net/static/5927.php
Date Reported: 1/10/01 Vulnerability: linux-glibc-read-files Platforms Affected: Linux glibc Risk Factor: Medium Attack Type: Host Based Brief Description: Linux glibc library can allow users to read restricted files X-Force URL: http://xforce.iss.net/static/5907.php
Date Reported: 1/10/01 Vulnerability: gettyps-symlink Platforms Affected: gettyps Risk Factor: High Attack Type: Host Based Brief Description: getty_ps symbolic link X-Force URL: http://xforce.iss.net/static/5924.php
Date Reported: 1/10/01 Vulnerability: linux-gpm-symlink Platforms Affected: gpm Risk Factor: Medium Attack Type: Host Based Brief Description: Linux gpm symbolic link attack X-Force URL: http://xforce.iss.net/static/5917.php
Date Reported: 1/10/01 Vulnerability: linux-mgetty-symlink Platforms Affected: mgetty Risk Factor: Medium Attack Type: Host Based Brief Description: Linux mgetty symbolic link attack X-Force URL: http://xforce.iss.net/static/5918.php
Date Reported: 1/10/01 Vulnerability: linux-apache-symlink Platforms Affected: Apache Risk Factor: Medium Attack Type: Host Based Brief Description: Linux Apache symbolic link X-Force URL: http://xforce.iss.net/static/5926.php
Date Reported: 1/10/01 Vulnerability: linux-inn-symlink Platforms Affected: inn Risk Factor: Medium Attack Type: Host Based Brief Description: Linux INN tmp directory symbolic link X-Force URL: http://xforce.iss.net/static/5916.php
Date Reported: 1/10/01 Vulnerability: conferenceroom-developer-dos Platforms Affected: ConferenceRoom Professional Edition Risk Factor: Medium Attack Type: Network/Host Based Brief Description: ConferenceRoom Developer Edition denial of service X-Force URL: http://xforce.iss.net/static/5909.php
Date Reported: 1/9/01 Vulnerability: oracle-xsql-execute-code Platforms Affected: Oracle 8.1.7 Risk Factor: High Attack Type: Network Based Brief Description: Oracle XSQL servlet and xml-stylesheet allows code execution on server X-Force URL: http://xforce.iss.net/static/5905.php
Date Reported: 1/9/01 Vulnerability: netscreen-webui-bo Platforms Affected: NetScreen Risk Factor: Medium Attack Type: Network Based Brief Description: NetScreen Firewall WebUI buffer overflow X-Force URL: http://xforce.iss.net/static/5908.php
Date Reported: 1/9/01 Vulnerability: suse-reiserfs-long-filenames Platforms Affected: SuSE 7.0 Risk Factor: High Attack Type: Host Based Brief Description: SuSE reiserfs long file name denial of service X-Force URL: http://xforce.iss.net/static/5910.php
Date Reported: 1/9/01 Vulnerability: interbase-backdoor-account Platforms Affected: InterBase 6.01 and earlier Risk Factor: High Attack Type: Network/Host Based Brief Description: InterBase built-in backdoor account X-Force URL: http://xforce.iss.net/static/5911.php
Date Reported: 1/9/01 Vulnerability: interbase-hidden-function-dos Platforms Affected: InterBase 6.01 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: InterBase hidden function denial of service X-Force URL: http://xforce.iss.net/static/5912.php
Date Reported: 1/9/01 Vulnerability: brickserver-thttpd-dos Platforms Affected: BRICKServer Small Business Risk Factor: Medium Attack Type: Network Based Brief Description: BRICKServer thttpd denial of service X-Force URL: http://xforce.iss.net/static/5919.php
Date Reported: 1/9/01 Vulnerability: solaris-exrecover-bo Platforms Affected: Solaris (2.4, 2.5, 2.5.1, 2.6) Risk Factor: Medium Attack Type: Host Based Brief Description: Solaris exrecover buffer overflow X-Force URL: http://xforce.iss.net/static/5913.php
Date Reported: 1/9/01 Vulnerability: hp-inetd-swait-dos Platforms Affected: HPUX Risk Factor: Medium Attack Type: Host Based Brief Description: HP-UX inetd swait denial of service X-Force URL: http://xforce.iss.net/static/5904.php
Date Reported: 1/8/01 Vulnerability: microsoft-iis-read-files Platforms Affected: IIS (4.0, 5.0) Risk Factor: Medium Attack Type: Network Based Brief Description: Microsoft IIS 5.0 allows the viewing of files through malformed URL X-Force URL: http://xforce.iss.net/static/5903.php
Date Reported: 1/8/01 Vulnerability: ibm-websphere-dos Platforms Affected: IBM Websphere 3.52 IBM HTTP Server 1.3.12 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: IBM WebSphere denial of service X-Force URL: http://xforce.iss.net/static/5900.php
Date Reported: 1/8/01 Vulnerability: storagesoft-imagecast-dos Platforms Affected: ImageCast 4.1 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: StorageSoft ImageCast denial of service X-Force URL: http://xforce.iss.net/static/5901.php
Date Reported: 1/8/01 Vulnerability: nai-pgp-replace-keys Platforms Affected: PGP 7.0 Risk Factor: Medium Attack Type: Host Based Brief Description: PGP users may replace signed exported key blocks with arbitrary keys X-Force URL: http://xforce.iss.net/static/5902.php
Date Reported: 1/7/01 Vulnerability: http-cgi-bbs-forum Platforms Affected: WebBBS 1.0 Risk Factor: High Attack Type: Network Based Brief Description: bbs_forum.cgi allows remote command execution X-Force URL: http://xforce.iss.net/static/5906.php
Date Reported: 1/5/01 Vulnerability: lotus-domino-directory-traversal Platforms Affected: Lotus Domino 5.0.x Risk Factor: Medium Attack Type: Network Based Brief Description: Lotus Domino 5.0.x .nsf, .box, and .ns4 directory traversal X-Force URL: http://xforce.iss.net/static/5899.php
Date Reported: 1/5/01 Vulnerability: http-cgi-fastgraf Platforms Affected: FASTGRAF Risk Factor: High Attack Type: Network Based Brief Description: Fastgraf CGI scripts allow remote command execution X-Force URL: http://xforce.iss.net/static/5897.php
Date Reported: 1/4/01 Vulnerability: newsdesk-cgi-read-files Platforms Affected: Newsdesk 1.2 Risk Factor: High Attack Type: Network Based Brief Description: Newsdesk.cgi allows read access to files X-Force URL: http://xforce.iss.net/static/5898.php
Date Reported: 1/1/01 Vulnerability: gtk-module-execute-code Platforms Affected: GTK+ 1.2.8 and earlier Risk Factor: High Attack Type: Host Based Brief Description: GTK+ arbitrary code execution using custom loadable module X-Force URL: http://xforce.iss.net/static/5832.php
Date Reported: 1/1/01 Vulnerability: linux-tty-writable-dos Platforms Affected: Linux Risk Factor: Medium Attack Type: Host Based Brief Description: Linux writable TTY denial of service X-Force URL: http://xforce.iss.net/static/5896.php
Risk Factor Key:
High Any vulnerability that provides an attacker with immediate
access into a machine, gains superuser access, or bypasses
a firewall. Example: A vulnerable Sendmail 8.6.5 version
that allows an intruder to execute commands on mail
server.
Medium Any vulnerability that provides information that has a
high potential of giving system access to an intruder.
Example: A misconfigured TFTP or vulnerable NIS server
that allows an intruder to get the password file that
could contain an account with a guessable password.
Low Any vulnerability that provides information that
potentially could lead to a compromise. Example: A
finger that allows an intruder to find out who is online
and potential accounts to attempt to crack passwords
via brute force methods.
Additional Information
This document is available at http://xforce.iss.net/alerts/advisennn.php. To receive these Alerts and Advisories: - - Subscribe to the Alert mailing list from http://xforce.iss.net/maillists/index.php - - Or send an email to majordomo@iss.net, and within the body of the message type: 'subscribe alert' (without the quotes).
About Internet Security Systems (ISS) Internet Security Systems, Inc. (ISS) (NASDAQ: ISSX) is the leading global provider of security management solutions for the Internet. By combining best of breed products, security management services, aggressive research and development, and comprehensive educational and consulting services, ISS is the trusted security advisor for thousands of organizations around the world looking to protect their mission critical information and networks.
Copyright (c) 2001 by Internet Security Systems, Inc.
Permission is hereby granted for the redistribution of this Alert electronically. It is not to be edited in any way without express consent of the X-Force. If you wish to reprint the whole or any part of this Alert in any other medium excluding electronic medium, please e-mail xforce@iss.net for permission.
Disclaimer
The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk.
X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as well as on MIT's PGP key server and PGP.com's key server.
Please send suggestions, updates, and comments to: X-Force xforce@iss.net of Internet Security Systems, Inc.
-----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: noconv
iQCVAwUBOogB2jRfJiV99eG9AQESogP9HsIDfUmYkJuWUmNqPhb22a6CVpi/TiG9 7mvhdGc3ySS6LqrvTZgXrBzAcxFlHrdTSmNka8yGiLvYAb0lnghFRZ2OxxRfK11m AV9VS9/Yty/Qk8BnA/7tx4DIcM4Nhry1kTqTbDkpbcfXOb2LI2WUGnMHF/xkc1ge 3mV5zJXCUM4= =ClrQ -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200102-0056",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "arrowpoint",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "content services switch",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ssh security",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sun",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "daemonnews",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "immunix",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mandrakesoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "getty ps",
"version": null
},
{
"model": "arrowpoint",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "content services switch",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "immunix os -beta",
"scope": "eq",
"trust": 0.3,
"vendor": "wirex",
"version": "7.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "7.2"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "7.1"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "7.0"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "6.1"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "6.0"
},
{
"model": "communications security ssh",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "1.2.30"
},
{
"model": "communications security ssh",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "1.2.29"
},
{
"model": "communications security ssh",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "1.2.28"
},
{
"model": "communications security ssh",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "1.2.27"
},
{
"model": "webns",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0.1"
},
{
"model": "webns",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0"
},
{
"model": "webns",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.1"
},
{
"model": "webns",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#850440"
},
{
"db": "CERT/CC",
"id": "VU#987632"
},
{
"db": "CERT/CC",
"id": "VU#342768"
},
{
"db": "BID",
"id": "2194"
},
{
"db": "BID",
"id": "2222"
},
{
"db": "BID",
"id": "2331"
},
{
"db": "NVD",
"id": "CVE-2001-0020"
},
{
"db": "CNNVD",
"id": "CNNVD-200102-041"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:content_services_switch:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:arrowpoint:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0020"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This vulnerability was announced to Bugtraq in a Cisco Security Advisory dated January 31, 2001. It was initially discovered by Ollie Whitehouse \u003collie@atstake.com\u003e.",
"sources": [
{
"db": "BID",
"id": "2331"
},
{
"db": "CNNVD",
"id": "CNNVD-200102-041"
}
],
"trust": 0.9
},
"cve": "CVE-2001-0020",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-2842",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2001-0020",
"trust": 1.0,
"value": "LOW"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#850440",
"trust": 0.8,
"value": "1.89"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#987632",
"trust": 0.8,
"value": "3.19"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#342768",
"trust": 0.8,
"value": "5.63"
},
{
"author": "CNNVD",
"id": "CNNVD-200102-041",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-2842",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#850440"
},
{
"db": "CERT/CC",
"id": "VU#987632"
},
{
"db": "CERT/CC",
"id": "VU#342768"
},
{
"db": "VULHUB",
"id": "VHN-2842"
},
{
"db": "NVD",
"id": "CVE-2001-0020"
},
{
"db": "CNNVD",
"id": "CNNVD-200102-041"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Directory traversal vulnerability in Arrowpoint (aka Cisco Content Services, or CSS) allows local unprivileged users to read arbitrary files via a .. (dot dot) attack. The secure-RPC feature of the SSH1 client in Solaris sometimes encrypts the SSH private key file with a weak passphrase, which can be determined by an attacker and used to recover the SSH private keys. Other versions of the SSH client running on non-Solaris platforms are not affected by this vulnerability. NewsDaemon prior to version 0.21b contains a vulnerability allowing remote attackers to gain administrative access to the web site. getty_ps is an open-source software package designed to support logons to the console and terminals. Some implementations create temporary files insecurely with predictable names, leading to corruption of arbitrary files via symbolic link attack. getty_ps is an open source, freely available, publicly maintained software package shipped with many distributions of Linux. \nA problem in the getty_ps software package could make it vulnerable to a symbolic link attack. The problem occurs in the creation and handling of files in the /tmp directory by the getty_ps program. Under certain circumstances, getty_ps will create files in the /tmp filesystem in an insecure manner. The program uses a naming scheme that could make it possible to guess the filename of future files in the /tmp directory, and does not check for the existance of the file before attempting to create it. A malicious user could use this vulnerability to overwrite or append to and corrupt system files. SSH is a package designed to encrypt traffic between two end points using the IETF specified SSH protocol. The SSH1 package is distributed and maintained by SSH Communications Security. \nA problem exists which could allow the discovery of the secret key used to encrypt traffic on the local host. When using SUN-DES-1 to share keys with other hosts on the network to facilitate secure communication via protocols such as NFS and NIS+, the keys are shared between hosts using the private key of the user and a cryptographic algorithm to secure the contents of the key, which is stored on the NIS+ primary. The problem occurs when the key is encrypted with the SUN-DES-1 magic phrase prior to having done a keylogin (the keyserv does not have the users DH private key). A design flaw in the software that shares the key with the NIS+ master will inconsistently return the correct value for an attempted keyshare that has failed. A step in the private key encryption process is skipped, and the users private key is then encrypted only with the public key of the target server and the SUN-DES-1 magic phrase, a phrase that is guessable due to the way it is generated. A user from the same host can then execute a function that returns another users magic phrase, and use this to decrypt the private key of the victim. This makes it possible for a user with malicious intent to gain knowledge of a users secret key, and decrypt sensitive traffic between two hosts, with the possibility of gaining access and elevated privileges on the hosts and/or NIS+ domain. This reportedly affects the SSH2 series of the software package. The Cisco Content Services (CSS) switches are hardware designed to provide enhanced web services for e-commerece and Web Content delivery using the Cisco Web Network Services (Web NS). The CSS switch is distributed by Cisco Systems. CSS switches allow users access to certain functions on the switch, while enforcing access control to prevent the reading and change of configuration on the switch. Due to a problem in the handling of input, it is possible for a user to gain information on the structure of the directory by executing commands requesting non-existent filenames. Once the structure of the directory is know, it is then possible to read files within the directory. \nThis problem makes it possible for a malicious local user to map the directory tree, and read files that may contain sensitive information. \nTO UNSUBSCRIBE: email \"unsubscribe alert\" in the body of your message to\nmajordomo@iss.net Contact alert-owner@iss.net for help with any problems!\n---------------------------------------------------------------------------\n\n-----BEGIN PGP SIGNED MESSAGE-----\n\nInternet Security Systems Security Alert Summary\nFebruary 6, 2001\nVolume 6 Number 3\n\nX-Force Vulnerability and Threat Database: http://xforce.iss.net/ To\nreceive these Alert Summaries as well as other Alerts and Advisories,\nsubscribe to the Internet Security Systems Alert mailing list at:\nhttp://xforce.iss.net/maillists/index.php\n\n_____\n\nContents\n\n120 Reported Vulnerabilities\n\nRisk Factor Key\n\n_____\n\nDate Reported: 1/31/01\nVulnerability: win2k-rdp-dos\nPlatforms Affected: Windows 2000\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Windows 2000 Server RDP denial of service\nX-Force URL: http://xforce.iss.net/static/6035.php\n\n_____\n\nDate Reported: 1/31/01\nVulnerability: cisco-ccs-file-access\nPlatforms Affected: Cisco Content Services Switch\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Cisco CCS command line interface could allow read access to files and directories\nX-Force URL: http://xforce.iss.net/static/6031.php\n\n_____\n\nDate Reported: 1/31/01\nVulnerability: quicktime-embedded-tag-bo\nPlatforms Affected: Quicktime 4.1.2\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: QuickTime Player EMBED tag buffer overflow\nX-Force URL: http://xforce.iss.net/static/6040.php\n\n_____\n\nDate Reported: 1/31/01\nVulnerability: solaris-ximp40-bo\nPlatforms Affected: Solaris (7, 8)\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: Solaris \"ximp40\" shared library buffer overflow\nX-Force URL: http://xforce.iss.net/static/6039.php\n\n_____\n\nDate Reported: 1/31/01\nVulnerability: cisco-ccs-cli-dos\nPlatforms Affected: Cisco Content Services Switch\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Cisco CCS command line interface denial of service\nX-Force URL: http://xforce.iss.net/static/6030.php\n\n_____\n\nDate Reported: 1/30/01\nVulnerability: slimserve-httpd-dos\nPlatforms Affected: SlimServe 1.0\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: SlimServe HTTPd denial of service\nX-Force URL: http://xforce.iss.net/static/6028.php\n\n_____\n\nDate Reported: 1/30/01\nVulnerability: crazywwwboard-qdecoder-bo\nPlatforms Affected: CrazyWWWBoard prior to 2000LEp5-1\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: CrazyWWWBoard qDecoder buffer overflow\nX-Force URL: http://xforce.iss.net/static/6033.php\n\n_____\n\nDate Reported: 1/30/01\nVulnerability: virusbuster-mua-bo\nPlatforms Affected:\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Virus Buster 2001 Mail User Agent (MUA) buffer overflow\nX-Force URL: http://xforce.iss.net/static/6034.php\n\n_____\n\nDate Reported: 1/29/01\nVulnerability: iis-isapi-obtain-code\nPlatforms Affected: IIS (4.0, 5.0)\nRisk Factor: Low\nAttack Type: Network/Host Based\nBrief Description: IIS allows remote attacker to obtain code fragments using .htr ISAPI extensions\nX-Force URL: http://xforce.iss.net/static/6032.php\n\n_____\n\nDate Reported: 1/29/01\nVulnerability: bind-inverse-query-disclosure\nPlatforms Affected: Bind (4.x, 8.2.x)\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: BIND 4.x and 8.2.x exposes environment variables\nX-Force URL: http://xforce.iss.net/static/6018.php\n\n_____\n\nDate Reported: 1/29/01\nVulnerability: hp-man-dos\nPlatforms Affected: HPUX\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: HP man command denial of service\nX-Force URL: http://xforce.iss.net/static/6014.php\n\n_____\n\nDate Reported: 1/29/01\nVulnerability: sort-temp-file-abort\nPlatforms Affected: FreeBSD\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Sort temporary files denial of service\nX-Force URL: http://xforce.iss.net/static/6038.php\n\n_____\n\nDate Reported: 1/29/01\nVulnerability: bind-complain-format-string\nPlatforms Affected: BIND 4.x\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: BIND 4.x nslookupComplain() format string\nX-Force URL: http://xforce.iss.net/static/6017.php\n\n_____\n\nDate Reported: 1/29/01\nVulnerability: bind-complain-bo\nPlatforms Affected: BIND 4.x\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: BIND 4.x nslookupComplain() buffer overflow\nX-Force URL: http://xforce.iss.net/static/6016.php\n\n_____\n\nDate Reported: 1/29/01\nVulnerability: winvnc-client-bo\nPlatforms Affected: WinVNC\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: WinVNC client buffer overflow\nX-Force URL: http://xforce.iss.net/static/6025.php\n\n_____\n\nDate Reported: 1/29/01\nVulnerability: winvnc-server-bo\nPlatforms Affected: WinVNC\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: WinVNC server buffer overflow\nX-Force URL: http://xforce.iss.net/static/6026.php\n\n_____\n\nDate Reported: 1/29/01\nVulnerability: guestserver-cgi-execute-commands\nPlatforms Affected: Guestserver 4.12 and earlier\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Guestserver.cgi allows remote command execution\nX-Force URL: http://xforce.iss.net/static/6027.php\n\n_____\n\nDate Reported: 1/29/01\nVulnerability: bind-tsig-bo\nPlatforms Affected: BIND 8.2.x\nRisk Factor: Unauthorized Access Attempt\nAttack Type: Network/Host Based\nBrief Description: BIND 8.2.x transaction signature (TSIG) buffer overflow\nX-Force URL: http://xforce.iss.net/static/6015.php\n\n_____\n\nDate Reported: 1/28/01\nVulnerability: hyperseek-cgi-reveal-info\nPlatforms Affected: Hyperseek Search Engine 2000\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Hyperseek CGI could reveal listings of directories and files\nX-Force URL: http://xforce.iss.net/static/6012.php\n\n_____\n\nDate Reported: 1/26/01\nVulnerability: newsdaemon-gain-admin-access\nPlatforms Affected: NewsDaemon prior to 0.21b\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: NewsDaemon allows remote users to gain administrative access\nX-Force URL: http://xforce.iss.net/static/6010.php\n\n_____\n\nDate Reported: 1/26/01\nVulnerability: mars-nwe-format-string\nPlatforms Affected: Mars_nwe 0.99.pl19\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Mars_nwe format string\nX-Force URL: http://xforce.iss.net/static/6019.php\n\n_____\n\nDate Reported: 1/26/01\nVulnerability: mars-nwe-format-string\nPlatforms Affected: Mars_nwe 0.99.pl19\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Mars_nwe format string\nX-Force URL: http://xforce.iss.net/static/6019.php\n\n_____\n\nDate Reported: 1/25/01\nVulnerability: planetintra-pi-bo\nPlatforms Affected: Planet Intra LAN Intranet 2.5\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Planet Intra \u0027pi\u0027 binary buffer oveflow\nX-Force URL: http://xforce.iss.net/static/6002.php\n\n_____\n\nDate Reported: 1/25/01\nVulnerability: borderware-ping-dos\nPlatforms Affected: BorderWare Firewall Server 6.1.2\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: BorderWare ping denial of service\nX-Force URL: http://xforce.iss.net/static/6004.php\n\n_____\n\nDate Reported: 1/25/01\nVulnerability: aol-malformed-url-dos\nPlatforms Affected: AOL 5.0\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: AOL malformed URL denial of service\nX-Force URL: http://xforce.iss.net/static/6009.php\n\n_____\n\nDate Reported: 1/25/01\nVulnerability: mirc-bypass-password\nPlatforms Affected: mIRC\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: mIRC allows malicious user to bypass password\nX-Force URL: http://xforce.iss.net/static/6013.php\n\n_____\n\nDate Reported: 1/25/01\nVulnerability: netscape-enterprise-revlog-dos\nPlatforms Affected: Netscape Enterprise Server\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Netscape Enterprise Server REVLOG denial of service\nX-Force URL: http://xforce.iss.net/static/6003.php\n\n_____\n\nDate Reported: 1/24/01\nVulnerability: aim-execute-code\nPlatforms Affected: AOL Instant Messenger 4.1 and later\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: AOL Instant Messenger execution of code in modified images\nX-Force URL: http://xforce.iss.net/static/6005.php\n\n_____\n\nDate Reported: 1/24/01\nVulnerability: netscape-enterprise-list-directories\nPlatforms Affected: Netscape Enterprise Server (3.0, 4.0)\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Netscape Enterprise Server allows remote directory listing\nX-Force URL: http://xforce.iss.net/static/5997.php\n\n_____\n\nDate Reported: 1/24/01\nVulnerability: winnt-mutex-dos\nPlatforms Affected: Windows NT 4.0\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Windows NT mutex denial of service\nX-Force URL: http://xforce.iss.net/static/6006.php\n\n_____\n\nDate Reported: 1/24/01\nVulnerability: jrun-webinf-file-retrieval\nPlatforms Affected: JRun\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: JRun malformed URL file retrieval\nX-Force URL: http://xforce.iss.net/static/6008.php\n\n_____\n\nDate Reported: 1/23/01\nVulnerability: ipfw-bypass-firewall\nPlatforms Affected: FreeBSD (3.x, 4.x)\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: ipfw/ip6fw allows remote attacker to bypass firewall\nX-Force URL: http://xforce.iss.net/static/5998.php\n\n_____\n\nDate Reported: 1/23/01\nVulnerability: netopia-telnet-dos\nPlatforms Affected: Netopia R-series router\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Netopia R9100 allows remote user to crash the router using telnet\nX-Force URL: http://xforce.iss.net/static/6001.php\n\n_____\n\nDate Reported: 1/23/01\nVulnerability: wuftp-debug-format-string\nPlatforms Affected: Wu-ftpd\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Wu-ftpd debug mode format string\nX-Force URL: http://xforce.iss.net/static/6020.php\n\n_____\n\nDate Reported: 1/23/01\nVulnerability: kde2-kdesu-retrieve-passwords\nPlatforms Affected: Linux: Caldera eDesktop 2.4\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: KDE2 kdesu program allows users to retrieve passwords\nX-Force URL: http://xforce.iss.net/static/5995.php\n\n_____\n\nDate Reported: 1/23/01\nVulnerability: easycom-safecom-url-bo\nPlatforms Affected: Easycom/Safecom firmware 404.590\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Easycom/Safecom print server long URL buffer overflow\nX-Force URL: http://xforce.iss.net/static/5988.php\n\n_____\n\nDate Reported: 1/23/01\nVulnerability: easycom-safecom-printguide-dos\nPlatforms Affected: Easycom/Safecom firmware 404.590\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Easycom/Safecom PrintGuide denial of service\nX-Force URL: http://xforce.iss.net/static/5989.php\n\n_____\n\nDate Reported: 1/23/01\nVulnerability: easycom-safecom-ftp-dos\nPlatforms Affected: Easycom/Safecom firmware 404.590\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Easycom/Safecom FTP denial of service\nX-Force URL: http://xforce.iss.net/static/5990.php\n\n_____\n\nDate Reported: 1/23/01\nVulnerability: vnc-weak-authentication\nPlatforms Affected: VNC 3.3.3 and earlier\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: VNC weak authentication could allow unauthorized access\nX-Force URL: http://xforce.iss.net/static/5992.php\n\n_____\n\nDate Reported: 1/23/01\nVulnerability: lotus-domino-smtp-bo\nPlatforms Affected: Lotus Domino 5.0\nRisk Factor: High\nAttack Type: Network/Host Based\nBrief Description: Lotus Domino SMTP Server policy feature buffer overflow\nX-Force URL: http://xforce.iss.net/static/5993.php\n\n_____\n\nDate Reported: 1/23/01\nVulnerability: linux-sash-shadow-readable\nPlatforms Affected: sash prior to 3.4-4\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: Linux sash /etc/shadow directory world-readable\nX-Force URL: http://xforce.iss.net/static/5994.php\n\n_____\n\nDate Reported: 1/22/01\nVulnerability: powerpoint-execute-code\nPlatforms Affected: Microsoft PowerPoint 2000\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: PowerPoint could allow code execution on another user\u0027s computer\nX-Force URL: http://xforce.iss.net/static/5996.php\n\n_____\n\nDate Reported: 1/22/01\nVulnerability: icecast-format-string\nPlatforms Affected: Icecast 1.3.8beta2 and prior\nRisk Factor: High\nAttack Type: Network/Host Based\nBrief Description: Icecast format string could allow arbitrary code execution\nX-Force URL: http://xforce.iss.net/static/5978.php\n\n_____\n\nDate Reported: 1/22/01\nVulnerability: oracle-handlers-directory-traversal\nPlatforms Affected: Oracle 8.1.7\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Oracle JSP/SQLJP handlers directory traversal\nX-Force URL: http://xforce.iss.net/static/5986.php\n\n_____\n\nDate Reported: 1/22/01\nVulnerability: oracle-handlers-execute-jsp\nPlatforms Affected: Oracle 8.1.7\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Oracle JSP/SQLJP handlers allows remote attacker to execute .jsp files\nX-Force URL: http://xforce.iss.net/static/5987.php\n\n_____\n\nDate Reported: 1/22/01\nVulnerability: netscape-enterprise-dot-dos\nPlatforms Affected: Netscape Enterprise Server 4.1 SP5\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Netscape Enterprise Server \"/../\" denial of service\nX-Force URL: http://xforce.iss.net/static/5983.php\n\n_____\n\nDate Reported: 1/22/01\nVulnerability: goodtech-ftp-dos\nPlatforms Affected: GoodTech FTP 3.0.1.2.1.0\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: GoodTech FTP server denial of service\nX-Force URL: http://xforce.iss.net/static/5984.php\n\n_____\n\nDate Reported: 1/22/01\nVulnerability: netscape-fasttrack-cache-dos\nPlatforms Affected: Netscape FastTrack\nRisk Factor: Low\nAttack Type: Host Based\nBrief Description: Netscape FastTrack Server cache denial of service\nX-Force URL: http://xforce.iss.net/static/5985.php\n\n_____\n\nDate Reported: 1/21/01\nVulnerability: eeye-iris-dos\nPlatforms Affected: Iris Network Analyzer 1.01beta\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Iris denial of service\nX-Force URL: http://xforce.iss.net/static/5981.php\n\n_____\n\nDate Reported: 1/20/01\nVulnerability: watchguard-firebox-obtain-passphrase\nPlatforms Affected: Firebox II\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: WatchGuard Firebox allows remote user to obtain passphrase\nX-Force URL: http://xforce.iss.net/static/5979.php\n\n_____\n\nDate Reported: 1/19/01\nVulnerability: fastream-ftp-server-dos\nPlatforms Affected: Fastream FTP++ Simple FTP Server 2.0\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Fastream FTP denial of service\nX-Force URL: http://xforce.iss.net/static/5976.php\n\n_____\n\nDate Reported: 1/19/01\nVulnerability: fastream-ftp-path-disclosure\nPlatforms Affected: Fastream FTP++ Simple FTP Server 2.0\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Fastream FTP path disclosure\nX-Force URL: http://xforce.iss.net/static/5977.php\n\n_____\n\nDate Reported: 1/19/01\nVulnerability: localweb2k-directory-traversal\nPlatforms Affected: LocalWEB2000 HTTP Server 1.1.0\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: LocalWEB2000 directory traversal\nX-Force URL: http://xforce.iss.net/static/5982.php\n\n_____\n\nDate Reported: 1/19/01\nVulnerability: win2k-efs-recover-data\nPlatforms Affected: Windows 2000\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: Windows 2000 EFS allows local user to recover sensitive data\nX-Force URL: http://xforce.iss.net/static/5973.php\n\n_____\n\nDate Reported: 1/19/01\nVulnerability: linux-bing-bo\nPlatforms Affected: Linux\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: Bing host name buffer overflow\nX-Force URL: http://xforce.iss.net/static/6036.php\n\n_____\n\nDate Reported: 1/18/01\nVulnerability: micq-sprintf-remote-bo\nPlatforms Affected: Matt\u0027s ICQ Clone 0.4.6\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: ICQ clone for Linux sprintf() remote buffer overflow\nX-Force URL: http://xforce.iss.net/static/5962.php\n\n_____\n\nDate Reported: 1/18/01\nVulnerability: mysql-select-bo\nPlatforms Affected: MySQL prior to 3.23.31\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: MySQL select buffer overflow\nX-Force URL: http://xforce.iss.net/static/5969.php\n\n_____\n\nDate Reported: 1/18/01\nVulnerability: shoutcast-description-bo\nPlatforms Affected: SHOUTcast DNAS 1.7.1\nRisk Factor: Low\nAttack Type: Network/Host Based\nBrief Description: Shoutcast Server for Linux description buffer overflow\nX-Force URL: http://xforce.iss.net/static/5965.php\n\n_____\n\nDate Reported: 1/17/01\nVulnerability: fw1-limited-license-dos\nPlatforms Affected: Check Point Firewall-1 4.1\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: FireWall-1 limited-IP license denial of service\nX-Force URL: http://xforce.iss.net/static/5966.php\n\n_____\n\nDate Reported: 1/17/01\nVulnerability: fw1-limited-license-dos\nPlatforms Affected: Check Point Firewall-1 4.1\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: FireWall-1 limited-IP license denial of service\nX-Force URL: http://xforce.iss.net/static/5966.php\n\n_____\n\nDate Reported: 1/17/01\nVulnerability: hp-stm-dos\nPlatforms Affected: HPUX\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: HP-UX Support Tools Manager denial of service\nX-Force URL: http://xforce.iss.net/static/5957.php\n\n_____\n\nDate Reported: 1/17/01\nVulnerability: linux-webmin-tmpfiles\nPlatforms Affected: OpenLinux (2.3, 2.4)\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: Webmin use of tmpfiles could allow a local user to overwrite files\nX-Force URL: http://xforce.iss.net/static/6011.php\n\n_____\n\nDate Reported: 1/17/01\nVulnerability: tinyproxy-remote-bo\nPlatforms Affected: tinyproxy 1.3.2 and 1.3.3\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Tinyproxy remote buffer overflow\nX-Force URL: http://xforce.iss.net/static/5954.php\n\n_____\n\nDate Reported: 1/17/01\nVulnerability: postaci-sql-command-injection\nPlatforms Affected: PostACI\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Postaci SQL command injection\nX-Force URL: http://xforce.iss.net/static/5972.ph p\n\n_____\n\nDate Reported: 1/17/01\nVulnerability: wwwwais-cgi-dos\nPlatforms Affected: wwwwais.c 25\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: wwwwais CGI based program denial of service\nX-Force URL: http://xforce.iss.net/static/5980.php\n\n_____\n\nDate Reported: 1/17/01\nVulnerability: mime-header-attachment\nPlatforms Affected: MIME 1.0\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: MIME headers could allow spoofed file attachment\nX-Force URL: http://xforce.iss.net/static/5991.php\n\n_____\n\nDate Reported: 1/16/01\nVulnerability: ssh-rpc-private-key\nPlatforms Affected: SSH\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: SSH secure-RPC could generate a passphrase that exposes a user\u0027s private key\nX-Force URL: http://xforce.iss.net/static/5963.php\n\n_____\n\nDate Reported: 1/16/01\nVulnerability: linux-glibc-preload-overwrite\nPlatforms Affected: Linux\nRisk Factor: Low\nAttack Type: Host Based\nBrief Description: Linux glibc LD_PRELOAD file overwrite\nX-Force URL: http://xforce.iss.net/static/5971.php\n\n_____\n\nDate Reported: 1/16/01\nVulnerability: inn-tmpfile-symlink\nPlatforms Affected: InterNet News (INN)\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: INN tmpfile symbolic link\nX-Force URL: http://xforce.iss.net/static/5974.php\n\n_____\n\nDate Reported: 1/15/01\nVulnerability: interscan-viruswall-insecure-password\nPlatforms Affected: InterScan VirusWall (3.0.1, 3.6.x)\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: InterScan VirusWall for Unix password change insecure\nX-Force URL: http://xforce.iss.net/static/5944.php\n\n_____\n\nDate Reported: 1/15/01\nVulnerability: interscan-viruswall-weak-authentication\nPlatforms Affected: InterScan VirusWall (3.0.1, 3.6.x)\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: InterScan VirusWall for Unix uses weak authentication\nX-Force URL: http://xforce.iss.net/static/5946.php\n\n_____\n\nDate Reported: 1/15/01\nVulnerability: ie-mshtml-dos\nPlatforms Affected: Internet Explorer 4.0 and later\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Internet Explorer mshtml.dll denial of service\nX-Force URL: http://xforce.iss.net/static/5938.php\n\n_____\n\nDate Reported: 1/15/01\nVulnerability: dhcp-format-string\nPlatforms Affected: Caldera OpenLinux Desktop (2.3, 2.3.1, 2.4)\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Caldera DHCP format string\nX-Force URL: http://xforce.iss.net/static/5953.php\n\n_____\n\nDate Reported: 1/15/01\nVulnerability: win-mediaplayer-arbitrary-code\nPlatforms Affected: Windows Media Player 7.0\nRisk Factor: High\nAttack Type: Network/Host Based\nBrief Description: Windows Media Player skins can be used execute arbitrary code\nX-Force URL: http://xforce.iss.net/static/5937.php\n\n_____\n\nDate Reported: 1/15/01\nVulnerability: veritas-backupexec-dos\nPlatforms Affected: Backup Exec 4.5\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Veritas Backup Exec denial of service\nX-Force URL: http://xforce.iss.net/static/5941.php\n\n_____\n\nDate Reported: 1/15/01\nVulnerability: interscan-viruswall-symlink\nPlatforms Affected: InterScan VirusWall (3.0.1, 3.6.x)\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: InterScan VirusWall for Unix symbolic link\nX-Force URL: http://xforce.iss.net/static/5947.php\n\n_____\n\nDate Reported: 1/15/01\nVulnerability: omnihttpd-statsconfig-corrupt-files\nPlatforms Affected: OmniHTTPd\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: OmniHTTPd statsconfig.pl corrupt any file on the system\nX-Force URL: http://xforce.iss.net/static/5955.php\n\n_____\n\nDate Reported: 1/15/01\nVulnerability: omnihttpd-statsconfig-execute-code\nPlatforms Affected: OmniHTTPd\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: OmniHTTPD statsconfig.pl allows code execution\nX-Force URL: http://xforce.iss.net/static/5956.php\n\n_____\n\nDate Reported: 1/15/01\nVulnerability: icmp-pmtu-dos\nPlatforms Affected: Linux\n BSD\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: ICMP PMTU denial of service\nX-Force URL: http://xforce.iss.net/static/5975.php\n\n_____\n\nDate Reported: 1/15/01\nVulnerability: icmp-pmtu-dos\nPlatforms Affected: Linux\n BSD\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: ICMP PMTU denial of service\nX-Force URL: http://xforce.iss.net/static/5975.php\n\n_____\n\nDate Reported: 1/14/01\nVulnerability: splitvt-perserc-format-string\nPlatforms Affected: splitvt 1.6.4 and earlier\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: Splitvt perserc.c module format string\nX-Force URL: http://xforce.iss.net/static/5948.php\n\n_____\n\nDate Reported: 1/14/01\nVulnerability: splitvt-perserc-format-string\nPlatforms Affected: splitvt 1.6.4 and earlier\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: Splitvt perserc.c module format string\nX-Force URL: http://xforce.iss.net/static/5948.php\n\n_____\n\nDate Reported: 1/14/01\nVulnerability: flash-module-bo\nPlatforms Affected: Oliver Debon Flash plugin 0.4.9 and earlier\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Flash browser module buffer overflow\nX-Force URL: http://xforce.iss.net/static/5952.php\n\n_____\n\nDate Reported: 1/13/01\nVulnerability: rctab-elevate-privileges\nPlatforms Affected: Linux SuSE\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: rctab in SuSE Linux could allow privilege elevation\nX-Force URL: http://xforce.iss.net/static/5945.php\n\n_____\n\nDate Reported: 1/12/01\nVulnerability: ultraboard-cgi-perm\nPlatforms Affected: UltraBoard 2000B\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: UltraBoard CGI weak permissions\nX-Force URL: http://xforce.iss.net/static/5931.php\n\n_____\n\nDate Reported: 1/12/01\nVulnerability: compaq-web-management-bo\nPlatforms Affected: Compaq Web-Based Management\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Compaq Web-Based Management program buffer overflow\nX-Force URL: http://xforce.iss.net/static/5935.php\n\n_____\n\nDate Reported: 1/12/01\nVulnerability: php-htaccess-unauth-access\nPlatforms Affected: PHP (4.0.0, 4.0.4)\nRisk Factor: Low\nAttack Type: Network Based\nBrief Description: PHP could allow unauthorized access to restricted files\nX-Force URL: http://xforce.iss.net/static/5940.php\n\n_____\n\nDate Reported: 1/12/01\nVulnerability: basilix-webmail-retrieve-files\nPlatforms Affected: Basilix Webmail 0.9.7beta\nRisk Factor: Low\nAttack Type: Network Based\nBrief Description: Basilix Webmail System allows unauthorized users to retrieve files\nX-Force URL: http://xforce.iss.net/static/5934.php\n\n_____\n\nDate Reported: 1/12/01\nVulnerability: solaris-arp-bo\nPlatforms Affected: Solaris\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: Solaris arp buffer overflow\nX-Force URL: http://xforce.iss.net/static/5928.php\n\n_____\n\nDate Reported: 1/12/01\nVulnerability: php-view-source-code\nPlatforms Affected: PHP (4.0.0, 4.0.4)\nRisk Factor: Low\nAttack Type: Network Based\nBrief Description: PHP could allow remote viewing of source code\nX-Force URL: http://xforce.iss.net/static/5939.php\n\n_____\n\nDate Reported: 1/11/01\nVulnerability: wec-ntlm-authentication\nPlatforms Affected: Windows 2000\n Microsoft Office 2000\n Windows ME\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Web Extender Client (WEC) NTLM authentication\nX-Force URL: http://xforce.iss.net/static/5920.php\n\n_____\n\nDate Reported: 1/11/01\nVulnerability: spamcop-url-seq-predict\nPlatforms Affected: SpamCop\nRisk Factor: Low\nAttack Type: Network/Host Based\nBrief Description: SpamCop URL number increment sequence prediction\nX-Force URL: http://xforce.iss.net/static/5933.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: linux-wuftpd-privatepw-symlink\nPlatforms Affected: Linux\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Linux wu-ftpd privatepw symbolic link\nX-Force URL: http://xforce.iss.net/static/5915.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: rdist-symlink\nPlatforms Affected: rdist\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: rdist symbolic link\nX-Force URL: http://xforce.iss.net/static/5925.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: squid-email-symlink\nPlatforms Affected: squid\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: squid email notification symbolic link\nX-Force URL: http://xforce.iss.net/static/5921.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: linux-diffutils-sdiff-symlimk\nPlatforms Affected: Linux\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Linux diffutils sdiff symbolic link\nX-Force URL: http://xforce.iss.net/static/5914.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: tcpdump-arpwatch-symlink\nPlatforms Affected: arpwatch\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: tcpdump arpwatch symbolic link\nX-Force URL: http://xforce.iss.net/static/5922.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: linuxconf-vpop3d-symlink\nPlatforms Affected: linuxconf\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Linuxconf vpop3d symbolic link\nX-Force URL: http://xforce.iss.net/static/5923.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: shadow-utils-useradd-symlink\nPlatforms Affected: shadow-utils\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: shadow-utils useradd symbolic link\nX-Force URL: http://xforce.iss.net/static/5927.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: linux-glibc-read-files\nPlatforms Affected: Linux glibc\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Linux glibc library can allow users to read restricted files\nX-Force URL: http://xforce.iss.net/static/5907.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: gettyps-symlink\nPlatforms Affected: gettyps\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: getty_ps symbolic link\nX-Force URL: http://xforce.iss.net/static/5924.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: linux-gpm-symlink\nPlatforms Affected: gpm\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Linux gpm symbolic link attack\nX-Force URL: http://xforce.iss.net/static/5917.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: linux-mgetty-symlink\nPlatforms Affected: mgetty\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Linux mgetty symbolic link attack\nX-Force URL: http://xforce.iss.net/static/5918.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: linux-apache-symlink\nPlatforms Affected: Apache\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Linux Apache symbolic link\nX-Force URL: http://xforce.iss.net/static/5926.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: linux-inn-symlink\nPlatforms Affected: inn\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Linux INN tmp directory symbolic link\nX-Force URL: http://xforce.iss.net/static/5916.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: conferenceroom-developer-dos\nPlatforms Affected: ConferenceRoom Professional Edition\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: ConferenceRoom Developer Edition denial of service\nX-Force URL: http://xforce.iss.net/static/5909.php\n\n_____\n\nDate Reported: 1/9/01\nVulnerability: oracle-xsql-execute-code\nPlatforms Affected: Oracle 8.1.7\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Oracle XSQL servlet and xml-stylesheet allows code execution on server\nX-Force URL: http://xforce.iss.net/static/5905.php\n\n_____\n\nDate Reported: 1/9/01\nVulnerability: netscreen-webui-bo\nPlatforms Affected: NetScreen\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: NetScreen Firewall WebUI buffer overflow\nX-Force URL: http://xforce.iss.net/static/5908.php\n\n_____\n\nDate Reported: 1/9/01\nVulnerability: suse-reiserfs-long-filenames\nPlatforms Affected: SuSE 7.0\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: SuSE reiserfs long file name denial of service\nX-Force URL: http://xforce.iss.net/static/5910.php\n\n_____\n\nDate Reported: 1/9/01\nVulnerability: interbase-backdoor-account\nPlatforms Affected: InterBase 6.01 and earlier\nRisk Factor: High\nAttack Type: Network/Host Based\nBrief Description: InterBase built-in backdoor account\nX-Force URL: http://xforce.iss.net/static/5911.php\n\n_____\n\nDate Reported: 1/9/01\nVulnerability: interbase-hidden-function-dos\nPlatforms Affected: InterBase 6.01\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: InterBase hidden function denial of service\nX-Force URL: http://xforce.iss.net/static/5912.php\n\n_____\n\nDate Reported: 1/9/01\nVulnerability: brickserver-thttpd-dos\nPlatforms Affected: BRICKServer Small Business\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: BRICKServer thttpd denial of service\nX-Force URL: http://xforce.iss.net/static/5919.php\n\n_____\n\nDate Reported: 1/9/01\nVulnerability: solaris-exrecover-bo\nPlatforms Affected: Solaris (2.4, 2.5, 2.5.1, 2.6)\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Solaris exrecover buffer overflow\nX-Force URL: http://xforce.iss.net/static/5913.php\n\n_____\n\nDate Reported: 1/9/01\nVulnerability: hp-inetd-swait-dos\nPlatforms Affected: HPUX\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: HP-UX inetd swait denial of service\nX-Force URL: http://xforce.iss.net/static/5904.php\n\n_____\n\nDate Reported: 1/8/01\nVulnerability: microsoft-iis-read-files\nPlatforms Affected: IIS (4.0, 5.0)\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Microsoft IIS 5.0 allows the viewing of files through malformed URL\nX-Force URL: http://xforce.iss.net/static/5903.php\n\n_____\n\nDate Reported: 1/8/01\nVulnerability: ibm-websphere-dos\nPlatforms Affected: IBM Websphere 3.52\n IBM HTTP Server 1.3.12\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: IBM WebSphere denial of service\nX-Force URL: http://xforce.iss.net/static/5900.php\n\n_____\n\nDate Reported: 1/8/01\nVulnerability: storagesoft-imagecast-dos\nPlatforms Affected: ImageCast 4.1\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: StorageSoft ImageCast denial of service\nX-Force URL: http://xforce.iss.net/static/5901.php\n\n_____\n\nDate Reported: 1/8/01\nVulnerability: nai-pgp-replace-keys\nPlatforms Affected: PGP 7.0\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: PGP users may replace signed exported key blocks with arbitrary keys\nX-Force URL: http://xforce.iss.net/static/5902.php\n\n_____\n\nDate Reported: 1/7/01\nVulnerability: http-cgi-bbs-forum\nPlatforms Affected: WebBBS 1.0\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: bbs_forum.cgi allows remote command execution\nX-Force URL: http://xforce.iss.net/static/5906.php\n\n_____\n\nDate Reported: 1/5/01\nVulnerability: lotus-domino-directory-traversal\nPlatforms Affected: Lotus Domino 5.0.x\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Lotus Domino 5.0.x .nsf, .box, and .ns4 directory traversal\nX-Force URL: http://xforce.iss.net/static/5899.php\n\n_____\n\nDate Reported: 1/5/01\nVulnerability: http-cgi-fastgraf\nPlatforms Affected: FASTGRAF\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Fastgraf CGI scripts allow remote command execution\nX-Force URL: http://xforce.iss.net/static/5897.php\n\n_____\n\nDate Reported: 1/4/01\nVulnerability: newsdesk-cgi-read-files\nPlatforms Affected: Newsdesk 1.2\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Newsdesk.cgi allows read access to files\nX-Force URL: http://xforce.iss.net/static/5898.php\n\n_____\n\nDate Reported: 1/1/01\nVulnerability: gtk-module-execute-code\nPlatforms Affected: GTK+ 1.2.8 and earlier\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: GTK+ arbitrary code execution using custom loadable module\nX-Force URL: http://xforce.iss.net/static/5832.php\n\n_____\n\nDate Reported: 1/1/01\nVulnerability: linux-tty-writable-dos\nPlatforms Affected: Linux\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Linux writable TTY denial of service\nX-Force URL: http://xforce.iss.net/static/5896.php\n\n_____\n\n\nRisk Factor Key:\n\n High Any vulnerability that provides an attacker with immediate\n access into a machine, gains superuser access, or bypasses\n a firewall. Example: A vulnerable Sendmail 8.6.5 version\n that allows an intruder to execute commands on mail\n server. \n Medium Any vulnerability that provides information that has a\n high potential of giving system access to an intruder. \n Example: A misconfigured TFTP or vulnerable NIS server\n that allows an intruder to get the password file that\n could contain an account with a guessable password. \n Low Any vulnerability that provides information that\n potentially could lead to a compromise. Example: A\n finger that allows an intruder to find out who is online\n and potential accounts to attempt to crack passwords\n via brute force methods. \n\n\n_____\n\nAdditional Information\n\nThis document is available at http://xforce.iss.net/alerts/advisennn.php. \nTo receive these Alerts and Advisories:\n- - Subscribe to the Alert mailing list from\nhttp://xforce.iss.net/maillists/index.php\n- - Or send an email to majordomo@iss.net, and within the body of the\nmessage type:\n\u0027subscribe alert\u0027 (without the quotes). \n\n\nAbout Internet Security Systems (ISS)\nInternet Security Systems, Inc. (ISS) (NASDAQ: ISSX) is the leading\nglobal provider of security management solutions for the Internet. \nBy combining best of breed products, security management services,\naggressive research and development, and comprehensive educational\nand consulting services, ISS is the trusted security advisor for\nthousands of organizations around the world looking to protect their\nmission critical information and networks. \n\nCopyright (c) 2001 by Internet Security Systems, Inc. \n\nPermission is hereby granted for the redistribution of this Alert\nelectronically. It is not to be edited in any way without express consent\nof the X-Force. If you wish to reprint the whole or any part of this\nAlert in any other medium excluding electronic medium, please e-mail\nxforce@iss.net for permission. \n\nDisclaimer\n\nThe information within this paper may change without notice. Use of this\ninformation constitutes acceptance for use in an AS IS condition. There\nare NO warranties with regard to this information. In no event shall the\nauthor be liable for any damages whatsoever arising out of or in\nconnection with the use or spread of this information. Any use of this\ninformation is at the user\u0027s own risk. \n\n\n\n\nX-Force PGP Key available at: http://xforce.iss.net/sensitive.php as\nwell as on MIT\u0027s PGP key server and PGP.com\u0027s key server. \n\nPlease send suggestions, updates, and comments to: X-Force xforce@iss.net\nof Internet Security Systems, Inc. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: 2.6.3a\nCharset: noconv\n\niQCVAwUBOogB2jRfJiV99eG9AQESogP9HsIDfUmYkJuWUmNqPhb22a6CVpi/TiG9\n7mvhdGc3ySS6LqrvTZgXrBzAcxFlHrdTSmNka8yGiLvYAb0lnghFRZ2OxxRfK11m\nAV9VS9/Yty/Qk8BnA/7tx4DIcM4Nhry1kTqTbDkpbcfXOb2LI2WUGnMHF/xkc1ge\n3mV5zJXCUM4=\n=ClrQ\n-----END PGP SIGNATURE-----\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0020"
},
{
"db": "CERT/CC",
"id": "VU#850440"
},
{
"db": "CERT/CC",
"id": "VU#987632"
},
{
"db": "CERT/CC",
"id": "VU#342768"
},
{
"db": "BID",
"id": "2194"
},
{
"db": "BID",
"id": "2222"
},
{
"db": "BID",
"id": "2331"
},
{
"db": "VULHUB",
"id": "VHN-2842"
},
{
"db": "PACKETSTORM",
"id": "24294"
}
],
"trust": 4.05
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "2331",
"trust": 2.0
},
{
"db": "OSVDB",
"id": "1757",
"trust": 1.7
},
{
"db": "NVD",
"id": "CVE-2001-0020",
"trust": 1.7
},
{
"db": "BID",
"id": "2222",
"trust": 1.1
},
{
"db": "BID",
"id": "2194",
"trust": 1.1
},
{
"db": "XF",
"id": "5963",
"trust": 0.9
},
{
"db": "XF",
"id": "6010",
"trust": 0.9
},
{
"db": "XF",
"id": "5924",
"trust": 0.9
},
{
"db": "CERT/CC",
"id": "VU#850440",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#987632",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#342768",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200102-041",
"trust": 0.7
},
{
"db": "XF",
"id": "6031",
"trust": 0.7
},
{
"db": "ATSTAKE",
"id": "A013101-1",
"trust": 0.6
},
{
"db": "CISCO",
"id": "20010131 CISCO CONTENT SERVICES SWITCH VULNERABILITY",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-2842",
"trust": 0.1
},
{
"db": "XF",
"id": "5947",
"trust": 0.1
},
{
"db": "XF",
"id": "5988",
"trust": 0.1
},
{
"db": "XF",
"id": "5910",
"trust": 0.1
},
{
"db": "XF",
"id": "5908",
"trust": 0.1
},
{
"db": "XF",
"id": "6004",
"trust": 0.1
},
{
"db": "XF",
"id": "6002",
"trust": 0.1
},
{
"db": "XF",
"id": "5931",
"trust": 0.1
},
{
"db": "XF",
"id": "5900",
"trust": 0.1
},
{
"db": "XF",
"id": "5982",
"trust": 0.1
},
{
"db": "XF",
"id": "6035",
"trust": 0.1
},
{
"db": "XF",
"id": "6030",
"trust": 0.1
},
{
"db": "XF",
"id": "5937",
"trust": 0.1
},
{
"db": "XF",
"id": "5969",
"trust": 0.1
},
{
"db": "XF",
"id": "6016",
"trust": 0.1
},
{
"db": "XF",
"id": "5974",
"trust": 0.1
},
{
"db": "XF",
"id": "5912",
"trust": 0.1
},
{
"db": "XF",
"id": "5832",
"trust": 0.1
},
{
"db": "XF",
"id": "5911",
"trust": 0.1
},
{
"db": "XF",
"id": "5926",
"trust": 0.1
},
{
"db": "XF",
"id": "5920",
"trust": 0.1
},
{
"db": "XF",
"id": "6028",
"trust": 0.1
},
{
"db": "XF",
"id": "6039",
"trust": 0.1
},
{
"db": "XF",
"id": "5956",
"trust": 0.1
},
{
"db": "XF",
"id": "6011",
"trust": 0.1
},
{
"db": "XF",
"id": "5992",
"trust": 0.1
},
{
"db": "XF",
"id": "5935",
"trust": 0.1
},
{
"db": "XF",
"id": "6017",
"trust": 0.1
},
{
"db": "XF",
"id": "5922",
"trust": 0.1
},
{
"db": "XF",
"id": "5984",
"trust": 0.1
},
{
"db": "XF",
"id": "5977",
"trust": 0.1
},
{
"db": "XF",
"id": "5957",
"trust": 0.1
},
{
"db": "XF",
"id": "5993",
"trust": 0.1
},
{
"db": "XF",
"id": "6006",
"trust": 0.1
},
{
"db": "XF",
"id": "5913",
"trust": 0.1
},
{
"db": "XF",
"id": "5907",
"trust": 0.1
},
{
"db": "XF",
"id": "5897",
"trust": 0.1
},
{
"db": "XF",
"id": "6034",
"trust": 0.1
},
{
"db": "XF",
"id": "5945",
"trust": 0.1
},
{
"db": "XF",
"id": "5905",
"trust": 0.1
},
{
"db": "XF",
"id": "5940",
"trust": 0.1
},
{
"db": "XF",
"id": "5954",
"trust": 0.1
},
{
"db": "XF",
"id": "5976",
"trust": 0.1
},
{
"db": "XF",
"id": "5903",
"trust": 0.1
},
{
"db": "XF",
"id": "6003",
"trust": 0.1
},
{
"db": "XF",
"id": "6018",
"trust": 0.1
},
{
"db": "XF",
"id": "5972",
"trust": 0.1
},
{
"db": "XF",
"id": "5909",
"trust": 0.1
},
{
"db": "XF",
"id": "5916",
"trust": 0.1
},
{
"db": "XF",
"id": "6033",
"trust": 0.1
},
{
"db": "XF",
"id": "5986",
"trust": 0.1
},
{
"db": "XF",
"id": "5915",
"trust": 0.1
},
{
"db": "XF",
"id": "6019",
"trust": 0.1
},
{
"db": "XF",
"id": "5925",
"trust": 0.1
},
{
"db": "XF",
"id": "5923",
"trust": 0.1
},
{
"db": "XF",
"id": "6005",
"trust": 0.1
},
{
"db": "XF",
"id": "5978",
"trust": 0.1
},
{
"db": "XF",
"id": "5973",
"trust": 0.1
},
{
"db": "XF",
"id": "5979",
"trust": 0.1
},
{
"db": "XF",
"id": "5980",
"trust": 0.1
},
{
"db": "XF",
"id": "5941",
"trust": 0.1
},
{
"db": "XF",
"id": "5934",
"trust": 0.1
},
{
"db": "XF",
"id": "5991",
"trust": 0.1
},
{
"db": "XF",
"id": "5962",
"trust": 0.1
},
{
"db": "XF",
"id": "6014",
"trust": 0.1
},
{
"db": "XF",
"id": "5966",
"trust": 0.1
},
{
"db": "XF",
"id": "6015",
"trust": 0.1
},
{
"db": "XF",
"id": "5994",
"trust": 0.1
},
{
"db": "XF",
"id": "6036",
"trust": 0.1
},
{
"db": "XF",
"id": "5953",
"trust": 0.1
},
{
"db": "XF",
"id": "5944",
"trust": 0.1
},
{
"db": "XF",
"id": "5896",
"trust": 0.1
},
{
"db": "XF",
"id": "6040",
"trust": 0.1
},
{
"db": "XF",
"id": "5914",
"trust": 0.1
},
{
"db": "XF",
"id": "5927",
"trust": 0.1
},
{
"db": "XF",
"id": "6012",
"trust": 0.1
},
{
"db": "XF",
"id": "6025",
"trust": 0.1
},
{
"db": "XF",
"id": "6001",
"trust": 0.1
},
{
"db": "XF",
"id": "5965",
"trust": 0.1
},
{
"db": "XF",
"id": "5952",
"trust": 0.1
},
{
"db": "XF",
"id": "5917",
"trust": 0.1
},
{
"db": "XF",
"id": "5898",
"trust": 0.1
},
{
"db": "XF",
"id": "6009",
"trust": 0.1
},
{
"db": "XF",
"id": "5998",
"trust": 0.1
},
{
"db": "XF",
"id": "5985",
"trust": 0.1
},
{
"db": "XF",
"id": "6026",
"trust": 0.1
},
{
"db": "XF",
"id": "6013",
"trust": 0.1
},
{
"db": "XF",
"id": "6008",
"trust": 0.1
},
{
"db": "XF",
"id": "5921",
"trust": 0.1
},
{
"db": "XF",
"id": "5981",
"trust": 0.1
},
{
"db": "XF",
"id": "5989",
"trust": 0.1
},
{
"db": "XF",
"id": "5939",
"trust": 0.1
},
{
"db": "XF",
"id": "5906",
"trust": 0.1
},
{
"db": "XF",
"id": "6020",
"trust": 0.1
},
{
"db": "XF",
"id": "5948",
"trust": 0.1
},
{
"db": "XF",
"id": "5933",
"trust": 0.1
},
{
"db": "XF",
"id": "6027",
"trust": 0.1
},
{
"db": "XF",
"id": "5919",
"trust": 0.1
},
{
"db": "XF",
"id": "5899",
"trust": 0.1
},
{
"db": "XF",
"id": "5996",
"trust": 0.1
},
{
"db": "XF",
"id": "5987",
"trust": 0.1
},
{
"db": "XF",
"id": "5918",
"trust": 0.1
},
{
"db": "XF",
"id": "5971",
"trust": 0.1
},
{
"db": "XF",
"id": "5995",
"trust": 0.1
},
{
"db": "XF",
"id": "5928",
"trust": 0.1
},
{
"db": "XF",
"id": "5938",
"trust": 0.1
},
{
"db": "XF",
"id": "5983",
"trust": 0.1
},
{
"db": "XF",
"id": "6032",
"trust": 0.1
},
{
"db": "XF",
"id": "5997",
"trust": 0.1
},
{
"db": "XF",
"id": "5904",
"trust": 0.1
},
{
"db": "XF",
"id": "5902",
"trust": 0.1
},
{
"db": "XF",
"id": "5975",
"trust": 0.1
},
{
"db": "XF",
"id": "5901",
"trust": 0.1
},
{
"db": "XF",
"id": "5990",
"trust": 0.1
},
{
"db": "XF",
"id": "5946",
"trust": 0.1
},
{
"db": "XF",
"id": "5955",
"trust": 0.1
},
{
"db": "XF",
"id": "6038",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "24294",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#850440"
},
{
"db": "CERT/CC",
"id": "VU#987632"
},
{
"db": "CERT/CC",
"id": "VU#342768"
},
{
"db": "VULHUB",
"id": "VHN-2842"
},
{
"db": "BID",
"id": "2194"
},
{
"db": "BID",
"id": "2222"
},
{
"db": "BID",
"id": "2331"
},
{
"db": "PACKETSTORM",
"id": "24294"
},
{
"db": "NVD",
"id": "CVE-2001-0020"
},
{
"db": "CNNVD",
"id": "CNNVD-200102-041"
}
]
},
"id": "VAR-200102-0056",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-2842"
}
],
"trust": 0.7
},
"last_update_date": "2023-12-18T11:51:27.506000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0020"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.atstake.com/research/advisories/2001/a013101-1.txt"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/2331"
},
{
"trust": 1.7,
"url": "http://www.cisco.com/warp/public/707/arrowpoint-cli-filesystem-pub.shtml"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/1757"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6031"
},
{
"trust": 0.9,
"url": "http://xforce.iss.net/static/5963.php"
},
{
"trust": 0.9,
"url": " http://xforce.iss.net/static/6010.php"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/2222"
},
{
"trust": 0.8,
"url": "http://www.ssh.com/products/ssh/patches/securerpcvulnerability.html"
},
{
"trust": 0.8,
"url": "http://www.ssh.com/products/ssh/patches.html"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/archive/1/158966"
},
{
"trust": 0.8,
"url": "http://sourceforge.net/forum/forum.php?forum_id=60570"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/2194"
},
{
"trust": 0.8,
"url": "http://www.linuxsecurity.com/advisories/mandrake_advisory-1037.html"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/xforce/xfdb/5924"
},
{
"trust": 0.7,
"url": "http://xforce.iss.net/static/6031.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5992.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5926.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5940.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6033.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5916.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6038.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5997.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6026.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5928.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5977.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6013.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5991.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5938.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5969.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5957.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5909.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5948.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6005.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5954.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5933.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5955.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6035.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5990.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5907.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5994.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5983.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5911.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6006.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5908.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5922.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5903.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6027.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5965.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5899.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5980.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5934.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5919.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5931.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5962.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5976.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6003.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5998.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6040.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5920.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5966.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5946.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5915.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5986.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5923.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5993.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6001.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6036.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5902.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5971.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5937.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5985.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5945.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6028.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5988.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6009.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6025.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5897.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5952.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5953.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6039.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5978.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5901.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5906.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5974.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6008.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5935.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5944.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5918.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6034.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5925.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6014.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5912.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5924.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5989.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6019.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5921.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5904.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5972.ph"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5900.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5898.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5973.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5832.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5975.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5913.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5905.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6015.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6016.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/maillists/index.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5996.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5981.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6012.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/alerts/advisennn.php."
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5995.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5947.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5896.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5910.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5917.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6017.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6032.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5979.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6004.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/sensitive.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5984.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5939.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5914.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5956.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5941.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6011.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6018.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6002.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5927.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6020.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5982.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5987.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6030.php"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#850440"
},
{
"db": "CERT/CC",
"id": "VU#987632"
},
{
"db": "CERT/CC",
"id": "VU#342768"
},
{
"db": "VULHUB",
"id": "VHN-2842"
},
{
"db": "BID",
"id": "2331"
},
{
"db": "PACKETSTORM",
"id": "24294"
},
{
"db": "NVD",
"id": "CVE-2001-0020"
},
{
"db": "CNNVD",
"id": "CNNVD-200102-041"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#850440"
},
{
"db": "CERT/CC",
"id": "VU#987632"
},
{
"db": "CERT/CC",
"id": "VU#342768"
},
{
"db": "VULHUB",
"id": "VHN-2842"
},
{
"db": "BID",
"id": "2194"
},
{
"db": "BID",
"id": "2222"
},
{
"db": "BID",
"id": "2331"
},
{
"db": "PACKETSTORM",
"id": "24294"
},
{
"db": "NVD",
"id": "CVE-2001-0020"
},
{
"db": "CNNVD",
"id": "CNNVD-200102-041"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-06-13T00:00:00",
"db": "CERT/CC",
"id": "VU#850440"
},
{
"date": "2001-05-05T00:00:00",
"db": "CERT/CC",
"id": "VU#987632"
},
{
"date": "2001-10-01T00:00:00",
"db": "CERT/CC",
"id": "VU#342768"
},
{
"date": "2001-02-12T00:00:00",
"db": "VULHUB",
"id": "VHN-2842"
},
{
"date": "2001-01-10T00:00:00",
"db": "BID",
"id": "2194"
},
{
"date": "2001-01-16T00:00:00",
"db": "BID",
"id": "2222"
},
{
"date": "2001-01-31T00:00:00",
"db": "BID",
"id": "2331"
},
{
"date": "2001-02-14T07:13:47",
"db": "PACKETSTORM",
"id": "24294"
},
{
"date": "2001-02-12T05:00:00",
"db": "NVD",
"id": "CVE-2001-0020"
},
{
"date": "2001-02-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200102-041"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-10-25T00:00:00",
"db": "CERT/CC",
"id": "VU#850440"
},
{
"date": "2001-06-25T00:00:00",
"db": "CERT/CC",
"id": "VU#987632"
},
{
"date": "2004-07-28T00:00:00",
"db": "CERT/CC",
"id": "VU#342768"
},
{
"date": "2017-10-10T00:00:00",
"db": "VULHUB",
"id": "VHN-2842"
},
{
"date": "2001-01-10T00:00:00",
"db": "BID",
"id": "2194"
},
{
"date": "2001-01-16T00:00:00",
"db": "BID",
"id": "2222"
},
{
"date": "2001-01-31T00:00:00",
"db": "BID",
"id": "2331"
},
{
"date": "2017-10-10T01:29:32.797000",
"db": "NVD",
"id": "CVE-2001-0020"
},
{
"date": "2005-07-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200102-041"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "2194"
},
{
"db": "BID",
"id": "2222"
},
{
"db": "BID",
"id": "2331"
},
{
"db": "CNNVD",
"id": "CNNVD-200102-041"
}
],
"trust": 1.5
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SSH1 may generate weak passphrase when using Secure RPC",
"sources": [
{
"db": "CERT/CC",
"id": "VU#850440"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200102-041"
}
],
"trust": 0.6
}
}
VAR-200103-0101
Vulnerability from variot - Updated: 2023-12-18 11:40Netopia R9100 router version 4.6 allows authenticated users to cause a denial of service by using the router's telnet program to connect to the router's IP address, which causes a crash. The secure-RPC feature of the SSH1 client in Solaris sometimes encrypts the SSH private key file with a weak passphrase, which can be determined by an attacker and used to recover the SSH private keys. Other versions of the SSH client running on non-Solaris platforms are not affected by this vulnerability. NewsDaemon prior to version 0.21b contains a vulnerability allowing remote attackers to gain administrative access to the web site. getty_ps is an open-source software package designed to support logons to the console and terminals. Some implementations create temporary files insecurely with predictable names, leading to corruption of arbitrary files via symbolic link attack. getty_ps is an open source, freely available, publicly maintained software package shipped with many distributions of Linux. A problem in the getty_ps software package could make it vulnerable to a symbolic link attack. The problem occurs in the creation and handling of files in the /tmp directory by the getty_ps program. Under certain circumstances, getty_ps will create files in the /tmp filesystem in an insecure manner. The program uses a naming scheme that could make it possible to guess the filename of future files in the /tmp directory, and does not check for the existance of the file before attempting to create it. A malicious user could use this vulnerability to overwrite or append to and corrupt system files. SSH is a package designed to encrypt traffic between two end points using the IETF specified SSH protocol. The SSH1 package is distributed and maintained by SSH Communications Security. A problem exists which could allow the discovery of the secret key used to encrypt traffic on the local host. When using SUN-DES-1 to share keys with other hosts on the network to facilitate secure communication via protocols such as NFS and NIS+, the keys are shared between hosts using the private key of the user and a cryptographic algorithm to secure the contents of the key, which is stored on the NIS+ primary. The problem occurs when the key is encrypted with the SUN-DES-1 magic phrase prior to having done a keylogin (the keyserv does not have the users DH private key). A design flaw in the software that shares the key with the NIS+ master will inconsistently return the correct value for an attempted keyshare that has failed. A step in the private key encryption process is skipped, and the users private key is then encrypted only with the public key of the target server and the SUN-DES-1 magic phrase, a phrase that is guessable due to the way it is generated. A user from the same host can then execute a function that returns another users magic phrase, and use this to decrypt the private key of the victim. This makes it possible for a user with malicious intent to gain knowledge of a users secret key, and decrypt sensitive traffic between two hosts, with the possibility of gaining access and elevated privileges on the hosts and/or NIS+ domain. This reportedly affects the SSH2 series of the software package. Under very specific circumstances, an attacker can cause the affected router to stop. By attempting to make a looped connection from the router's IP address back to the same address, the unit will crash. A manual restart is required to resume operation. An attack prevents user-disconnect logging and may help the attacker carry out further attacks on the affected host or other systems on its network. Netopia R9100 Router running firmware version 4.6 is vulnerable; subsequent (and current) versions are not vulnerable. TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to majordomo@iss.net Contact alert-owner@iss.net for help with any problems!
-----BEGIN PGP SIGNED MESSAGE-----
Internet Security Systems Security Alert Summary February 6, 2001 Volume 6 Number 3
X-Force Vulnerability and Threat Database: http://xforce.iss.net/ To receive these Alert Summaries as well as other Alerts and Advisories, subscribe to the Internet Security Systems Alert mailing list at: http://xforce.iss.net/maillists/index.php
Contents
120 Reported Vulnerabilities
Risk Factor Key
Date Reported: 1/31/01 Vulnerability: win2k-rdp-dos Platforms Affected: Windows 2000 Risk Factor: Medium Attack Type: Network Based Brief Description: Windows 2000 Server RDP denial of service X-Force URL: http://xforce.iss.net/static/6035.php
Date Reported: 1/31/01 Vulnerability: cisco-ccs-file-access Platforms Affected: Cisco Content Services Switch Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Cisco CCS command line interface could allow read access to files and directories X-Force URL: http://xforce.iss.net/static/6031.php
Date Reported: 1/31/01 Vulnerability: quicktime-embedded-tag-bo Platforms Affected: Quicktime 4.1.2 Risk Factor: High Attack Type: Host Based Brief Description: QuickTime Player EMBED tag buffer overflow X-Force URL: http://xforce.iss.net/static/6040.php
Date Reported: 1/31/01 Vulnerability: solaris-ximp40-bo Platforms Affected: Solaris (7, 8) Risk Factor: High Attack Type: Host Based Brief Description: Solaris "ximp40" shared library buffer overflow X-Force URL: http://xforce.iss.net/static/6039.php
Date Reported: 1/31/01 Vulnerability: cisco-ccs-cli-dos Platforms Affected: Cisco Content Services Switch Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Cisco CCS command line interface denial of service X-Force URL: http://xforce.iss.net/static/6030.php
Date Reported: 1/30/01 Vulnerability: slimserve-httpd-dos Platforms Affected: SlimServe 1.0 Risk Factor: Medium Attack Type: Network Based Brief Description: SlimServe HTTPd denial of service X-Force URL: http://xforce.iss.net/static/6028.php
Date Reported: 1/30/01 Vulnerability: crazywwwboard-qdecoder-bo Platforms Affected: CrazyWWWBoard prior to 2000LEp5-1 Risk Factor: Medium Attack Type: Network Based Brief Description: CrazyWWWBoard qDecoder buffer overflow X-Force URL: http://xforce.iss.net/static/6033.php
Date Reported: 1/30/01 Vulnerability: virusbuster-mua-bo Platforms Affected: Risk Factor: Medium Attack Type: Network Based Brief Description: Virus Buster 2001 Mail User Agent (MUA) buffer overflow X-Force URL: http://xforce.iss.net/static/6034.php
Date Reported: 1/29/01 Vulnerability: iis-isapi-obtain-code Platforms Affected: IIS (4.0, 5.0) Risk Factor: Low Attack Type: Network/Host Based Brief Description: IIS allows remote attacker to obtain code fragments using .htr ISAPI extensions X-Force URL: http://xforce.iss.net/static/6032.php
Date Reported: 1/29/01 Vulnerability: bind-inverse-query-disclosure Platforms Affected: Bind (4.x, 8.2.x) Risk Factor: Medium Attack Type: Network Based Brief Description: BIND 4.x and 8.2.x exposes environment variables X-Force URL: http://xforce.iss.net/static/6018.php
Date Reported: 1/29/01 Vulnerability: hp-man-dos Platforms Affected: HPUX Risk Factor: Medium Attack Type: Host Based Brief Description: HP man command denial of service X-Force URL: http://xforce.iss.net/static/6014.php
Date Reported: 1/29/01 Vulnerability: sort-temp-file-abort Platforms Affected: FreeBSD Risk Factor: Medium Attack Type: Host Based Brief Description: Sort temporary files denial of service X-Force URL: http://xforce.iss.net/static/6038.php
Date Reported: 1/29/01 Vulnerability: bind-complain-format-string Platforms Affected: BIND 4.x Risk Factor: Medium Attack Type: Network Based Brief Description: BIND 4.x nslookupComplain() format string X-Force URL: http://xforce.iss.net/static/6017.php
Date Reported: 1/29/01 Vulnerability: bind-complain-bo Platforms Affected: BIND 4.x Risk Factor: Medium Attack Type: Network Based Brief Description: BIND 4.x nslookupComplain() buffer overflow X-Force URL: http://xforce.iss.net/static/6016.php
Date Reported: 1/29/01 Vulnerability: winvnc-client-bo Platforms Affected: WinVNC Risk Factor: High Attack Type: Network Based Brief Description: WinVNC client buffer overflow X-Force URL: http://xforce.iss.net/static/6025.php
Date Reported: 1/29/01 Vulnerability: winvnc-server-bo Platforms Affected: WinVNC Risk Factor: High Attack Type: Network Based Brief Description: WinVNC server buffer overflow X-Force URL: http://xforce.iss.net/static/6026.php
Date Reported: 1/29/01 Vulnerability: guestserver-cgi-execute-commands Platforms Affected: Guestserver 4.12 and earlier Risk Factor: High Attack Type: Network Based Brief Description: Guestserver.cgi allows remote command execution X-Force URL: http://xforce.iss.net/static/6027.php
Date Reported: 1/29/01 Vulnerability: bind-tsig-bo Platforms Affected: BIND 8.2.x Risk Factor: Unauthorized Access Attempt Attack Type: Network/Host Based Brief Description: BIND 8.2.x transaction signature (TSIG) buffer overflow X-Force URL: http://xforce.iss.net/static/6015.php
Date Reported: 1/28/01 Vulnerability: hyperseek-cgi-reveal-info Platforms Affected: Hyperseek Search Engine 2000 Risk Factor: Medium Attack Type: Network Based Brief Description: Hyperseek CGI could reveal listings of directories and files X-Force URL: http://xforce.iss.net/static/6012.php
Date Reported: 1/26/01 Vulnerability: newsdaemon-gain-admin-access Platforms Affected: NewsDaemon prior to 0.21b Risk Factor: High Attack Type: Network Based Brief Description: NewsDaemon allows remote users to gain administrative access X-Force URL: http://xforce.iss.net/static/6010.php
Date Reported: 1/26/01 Vulnerability: mars-nwe-format-string Platforms Affected: Mars_nwe 0.99.pl19 Risk Factor: High Attack Type: Network Based Brief Description: Mars_nwe format string X-Force URL: http://xforce.iss.net/static/6019.php
Date Reported: 1/26/01 Vulnerability: mars-nwe-format-string Platforms Affected: Mars_nwe 0.99.pl19 Risk Factor: High Attack Type: Network Based Brief Description: Mars_nwe format string X-Force URL: http://xforce.iss.net/static/6019.php
Date Reported: 1/25/01 Vulnerability: planetintra-pi-bo Platforms Affected: Planet Intra LAN Intranet 2.5 Risk Factor: High Attack Type: Network Based Brief Description: Planet Intra 'pi' binary buffer oveflow X-Force URL: http://xforce.iss.net/static/6002.php
Date Reported: 1/25/01 Vulnerability: borderware-ping-dos Platforms Affected: BorderWare Firewall Server 6.1.2 Risk Factor: High Attack Type: Network Based Brief Description: BorderWare ping denial of service X-Force URL: http://xforce.iss.net/static/6004.php
Date Reported: 1/25/01 Vulnerability: aol-malformed-url-dos Platforms Affected: AOL 5.0 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: AOL malformed URL denial of service X-Force URL: http://xforce.iss.net/static/6009.php
Date Reported: 1/25/01 Vulnerability: mirc-bypass-password Platforms Affected: mIRC Risk Factor: High Attack Type: Host Based Brief Description: mIRC allows malicious user to bypass password X-Force URL: http://xforce.iss.net/static/6013.php
Date Reported: 1/25/01 Vulnerability: netscape-enterprise-revlog-dos Platforms Affected: Netscape Enterprise Server Risk Factor: Medium Attack Type: Network Based Brief Description: Netscape Enterprise Server REVLOG denial of service X-Force URL: http://xforce.iss.net/static/6003.php
Date Reported: 1/24/01 Vulnerability: aim-execute-code Platforms Affected: AOL Instant Messenger 4.1 and later Risk Factor: High Attack Type: Host Based Brief Description: AOL Instant Messenger execution of code in modified images X-Force URL: http://xforce.iss.net/static/6005.php
Date Reported: 1/24/01 Vulnerability: netscape-enterprise-list-directories Platforms Affected: Netscape Enterprise Server (3.0, 4.0) Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Netscape Enterprise Server allows remote directory listing X-Force URL: http://xforce.iss.net/static/5997.php
Date Reported: 1/24/01 Vulnerability: winnt-mutex-dos Platforms Affected: Windows NT 4.0 Risk Factor: Medium Attack Type: Host Based Brief Description: Windows NT mutex denial of service X-Force URL: http://xforce.iss.net/static/6006.php
Date Reported: 1/24/01 Vulnerability: jrun-webinf-file-retrieval Platforms Affected: JRun Risk Factor: Medium Attack Type: Network/Host Based Brief Description: JRun malformed URL file retrieval X-Force URL: http://xforce.iss.net/static/6008.php
Date Reported: 1/23/01 Vulnerability: ipfw-bypass-firewall Platforms Affected: FreeBSD (3.x, 4.x) Risk Factor: High Attack Type: Network Based Brief Description: ipfw/ip6fw allows remote attacker to bypass firewall X-Force URL: http://xforce.iss.net/static/5998.php
Date Reported: 1/23/01 Vulnerability: netopia-telnet-dos Platforms Affected: Netopia R-series router Risk Factor: Medium Attack Type: Network Based Brief Description: Netopia R9100 allows remote user to crash the router using telnet X-Force URL: http://xforce.iss.net/static/6001.php
Date Reported: 1/23/01 Vulnerability: wuftp-debug-format-string Platforms Affected: Wu-ftpd Risk Factor: High Attack Type: Network Based Brief Description: Wu-ftpd debug mode format string X-Force URL: http://xforce.iss.net/static/6020.php
Date Reported: 1/23/01 Vulnerability: kde2-kdesu-retrieve-passwords Platforms Affected: Linux: Caldera eDesktop 2.4 Risk Factor: High Attack Type: Host Based Brief Description: KDE2 kdesu program allows users to retrieve passwords X-Force URL: http://xforce.iss.net/static/5995.php
Date Reported: 1/23/01 Vulnerability: easycom-safecom-url-bo Platforms Affected: Easycom/Safecom firmware 404.590 Risk Factor: Medium Attack Type: Network Based Brief Description: Easycom/Safecom print server long URL buffer overflow X-Force URL: http://xforce.iss.net/static/5988.php
Date Reported: 1/23/01 Vulnerability: easycom-safecom-printguide-dos Platforms Affected: Easycom/Safecom firmware 404.590 Risk Factor: Medium Attack Type: Network Based Brief Description: Easycom/Safecom PrintGuide denial of service X-Force URL: http://xforce.iss.net/static/5989.php
Date Reported: 1/23/01 Vulnerability: easycom-safecom-ftp-dos Platforms Affected: Easycom/Safecom firmware 404.590 Risk Factor: Medium Attack Type: Network Based Brief Description: Easycom/Safecom FTP denial of service X-Force URL: http://xforce.iss.net/static/5990.php
Date Reported: 1/23/01 Vulnerability: vnc-weak-authentication Platforms Affected: VNC 3.3.3 and earlier Risk Factor: Medium Attack Type: Network Based Brief Description: VNC weak authentication could allow unauthorized access X-Force URL: http://xforce.iss.net/static/5992.php
Date Reported: 1/23/01 Vulnerability: lotus-domino-smtp-bo Platforms Affected: Lotus Domino 5.0 Risk Factor: High Attack Type: Network/Host Based Brief Description: Lotus Domino SMTP Server policy feature buffer overflow X-Force URL: http://xforce.iss.net/static/5993.php
Date Reported: 1/23/01 Vulnerability: linux-sash-shadow-readable Platforms Affected: sash prior to 3.4-4 Risk Factor: High Attack Type: Host Based Brief Description: Linux sash /etc/shadow directory world-readable X-Force URL: http://xforce.iss.net/static/5994.php
Date Reported: 1/22/01 Vulnerability: powerpoint-execute-code Platforms Affected: Microsoft PowerPoint 2000 Risk Factor: High Attack Type: Host Based Brief Description: PowerPoint could allow code execution on another user's computer X-Force URL: http://xforce.iss.net/static/5996.php
Date Reported: 1/22/01 Vulnerability: icecast-format-string Platforms Affected: Icecast 1.3.8beta2 and prior Risk Factor: High Attack Type: Network/Host Based Brief Description: Icecast format string could allow arbitrary code execution X-Force URL: http://xforce.iss.net/static/5978.php
Date Reported: 1/22/01 Vulnerability: oracle-handlers-directory-traversal Platforms Affected: Oracle 8.1.7 Risk Factor: High Attack Type: Network Based Brief Description: Oracle JSP/SQLJP handlers directory traversal X-Force URL: http://xforce.iss.net/static/5986.php
Date Reported: 1/22/01 Vulnerability: oracle-handlers-execute-jsp Platforms Affected: Oracle 8.1.7 Risk Factor: High Attack Type: Network Based Brief Description: Oracle JSP/SQLJP handlers allows remote attacker to execute .jsp files X-Force URL: http://xforce.iss.net/static/5987.php
Date Reported: 1/22/01 Vulnerability: netscape-enterprise-dot-dos Platforms Affected: Netscape Enterprise Server 4.1 SP5 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Netscape Enterprise Server "/../" denial of service X-Force URL: http://xforce.iss.net/static/5983.php
Date Reported: 1/22/01 Vulnerability: goodtech-ftp-dos Platforms Affected: GoodTech FTP 3.0.1.2.1.0 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: GoodTech FTP server denial of service X-Force URL: http://xforce.iss.net/static/5984.php
Date Reported: 1/22/01 Vulnerability: netscape-fasttrack-cache-dos Platforms Affected: Netscape FastTrack Risk Factor: Low Attack Type: Host Based Brief Description: Netscape FastTrack Server cache denial of service X-Force URL: http://xforce.iss.net/static/5985.php
Date Reported: 1/21/01 Vulnerability: eeye-iris-dos Platforms Affected: Iris Network Analyzer 1.01beta Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Iris denial of service X-Force URL: http://xforce.iss.net/static/5981.php
Date Reported: 1/20/01 Vulnerability: watchguard-firebox-obtain-passphrase Platforms Affected: Firebox II Risk Factor: High Attack Type: Network Based Brief Description: WatchGuard Firebox allows remote user to obtain passphrase X-Force URL: http://xforce.iss.net/static/5979.php
Date Reported: 1/19/01 Vulnerability: fastream-ftp-server-dos Platforms Affected: Fastream FTP++ Simple FTP Server 2.0 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Fastream FTP denial of service X-Force URL: http://xforce.iss.net/static/5976.php
Date Reported: 1/19/01 Vulnerability: fastream-ftp-path-disclosure Platforms Affected: Fastream FTP++ Simple FTP Server 2.0 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Fastream FTP path disclosure X-Force URL: http://xforce.iss.net/static/5977.php
Date Reported: 1/19/01 Vulnerability: localweb2k-directory-traversal Platforms Affected: LocalWEB2000 HTTP Server 1.1.0 Risk Factor: Medium Attack Type: Network Based Brief Description: LocalWEB2000 directory traversal X-Force URL: http://xforce.iss.net/static/5982.php
Date Reported: 1/19/01 Vulnerability: win2k-efs-recover-data Platforms Affected: Windows 2000 Risk Factor: High Attack Type: Host Based Brief Description: Windows 2000 EFS allows local user to recover sensitive data X-Force URL: http://xforce.iss.net/static/5973.php
Date Reported: 1/19/01 Vulnerability: linux-bing-bo Platforms Affected: Linux Risk Factor: High Attack Type: Host Based Brief Description: Bing host name buffer overflow X-Force URL: http://xforce.iss.net/static/6036.php
Date Reported: 1/18/01 Vulnerability: micq-sprintf-remote-bo Platforms Affected: Matt's ICQ Clone 0.4.6 Risk Factor: High Attack Type: Network Based Brief Description: ICQ clone for Linux sprintf() remote buffer overflow X-Force URL: http://xforce.iss.net/static/5962.php
Date Reported: 1/18/01 Vulnerability: mysql-select-bo Platforms Affected: MySQL prior to 3.23.31 Risk Factor: High Attack Type: Host Based Brief Description: MySQL select buffer overflow X-Force URL: http://xforce.iss.net/static/5969.php
Date Reported: 1/18/01 Vulnerability: shoutcast-description-bo Platforms Affected: SHOUTcast DNAS 1.7.1 Risk Factor: Low Attack Type: Network/Host Based Brief Description: Shoutcast Server for Linux description buffer overflow X-Force URL: http://xforce.iss.net/static/5965.php
Date Reported: 1/17/01 Vulnerability: fw1-limited-license-dos Platforms Affected: Check Point Firewall-1 4.1 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: FireWall-1 limited-IP license denial of service X-Force URL: http://xforce.iss.net/static/5966.php
Date Reported: 1/17/01 Vulnerability: fw1-limited-license-dos Platforms Affected: Check Point Firewall-1 4.1 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: FireWall-1 limited-IP license denial of service X-Force URL: http://xforce.iss.net/static/5966.php
Date Reported: 1/17/01 Vulnerability: hp-stm-dos Platforms Affected: HPUX Risk Factor: Medium Attack Type: Host Based Brief Description: HP-UX Support Tools Manager denial of service X-Force URL: http://xforce.iss.net/static/5957.php
Date Reported: 1/17/01 Vulnerability: linux-webmin-tmpfiles Platforms Affected: OpenLinux (2.3, 2.4) Risk Factor: High Attack Type: Host Based Brief Description: Webmin use of tmpfiles could allow a local user to overwrite files X-Force URL: http://xforce.iss.net/static/6011.php
Date Reported: 1/17/01 Vulnerability: tinyproxy-remote-bo Platforms Affected: tinyproxy 1.3.2 and 1.3.3 Risk Factor: Medium Attack Type: Network Based Brief Description: Tinyproxy remote buffer overflow X-Force URL: http://xforce.iss.net/static/5954.php
Date Reported: 1/17/01 Vulnerability: postaci-sql-command-injection Platforms Affected: PostACI Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Postaci SQL command injection X-Force URL: http://xforce.iss.net/static/5972.ph p
Date Reported: 1/17/01 Vulnerability: wwwwais-cgi-dos Platforms Affected: wwwwais.c 25 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: wwwwais CGI based program denial of service X-Force URL: http://xforce.iss.net/static/5980.php
Date Reported: 1/17/01 Vulnerability: mime-header-attachment Platforms Affected: MIME 1.0 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: MIME headers could allow spoofed file attachment X-Force URL: http://xforce.iss.net/static/5991.php
Date Reported: 1/16/01 Vulnerability: ssh-rpc-private-key Platforms Affected: SSH Risk Factor: Medium Attack Type: Network/Host Based Brief Description: SSH secure-RPC could generate a passphrase that exposes a user's private key X-Force URL: http://xforce.iss.net/static/5963.php
Date Reported: 1/16/01 Vulnerability: linux-glibc-preload-overwrite Platforms Affected: Linux Risk Factor: Low Attack Type: Host Based Brief Description: Linux glibc LD_PRELOAD file overwrite X-Force URL: http://xforce.iss.net/static/5971.php
Date Reported: 1/16/01 Vulnerability: inn-tmpfile-symlink Platforms Affected: InterNet News (INN) Risk Factor: High Attack Type: Host Based Brief Description: INN tmpfile symbolic link X-Force URL: http://xforce.iss.net/static/5974.php
Date Reported: 1/15/01 Vulnerability: interscan-viruswall-insecure-password Platforms Affected: InterScan VirusWall (3.0.1, 3.6.x) Risk Factor: High Attack Type: Network Based Brief Description: InterScan VirusWall for Unix password change insecure X-Force URL: http://xforce.iss.net/static/5944.php
Date Reported: 1/15/01 Vulnerability: interscan-viruswall-weak-authentication Platforms Affected: InterScan VirusWall (3.0.1, 3.6.x) Risk Factor: Medium Attack Type: Network Based Brief Description: InterScan VirusWall for Unix uses weak authentication X-Force URL: http://xforce.iss.net/static/5946.php
Date Reported: 1/15/01 Vulnerability: ie-mshtml-dos Platforms Affected: Internet Explorer 4.0 and later Risk Factor: Medium Attack Type: Network Based Brief Description: Internet Explorer mshtml.dll denial of service X-Force URL: http://xforce.iss.net/static/5938.php
Date Reported: 1/15/01 Vulnerability: dhcp-format-string Platforms Affected: Caldera OpenLinux Desktop (2.3, 2.3.1, 2.4) Risk Factor: High Attack Type: Network Based Brief Description: Caldera DHCP format string X-Force URL: http://xforce.iss.net/static/5953.php
Date Reported: 1/15/01 Vulnerability: win-mediaplayer-arbitrary-code Platforms Affected: Windows Media Player 7.0 Risk Factor: High Attack Type: Network/Host Based Brief Description: Windows Media Player skins can be used execute arbitrary code X-Force URL: http://xforce.iss.net/static/5937.php
Date Reported: 1/15/01 Vulnerability: veritas-backupexec-dos Platforms Affected: Backup Exec 4.5 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Veritas Backup Exec denial of service X-Force URL: http://xforce.iss.net/static/5941.php
Date Reported: 1/15/01 Vulnerability: interscan-viruswall-symlink Platforms Affected: InterScan VirusWall (3.0.1, 3.6.x) Risk Factor: High Attack Type: Host Based Brief Description: InterScan VirusWall for Unix symbolic link X-Force URL: http://xforce.iss.net/static/5947.php
Date Reported: 1/15/01 Vulnerability: omnihttpd-statsconfig-corrupt-files Platforms Affected: OmniHTTPd Risk Factor: Medium Attack Type: Network Based Brief Description: OmniHTTPd statsconfig.pl corrupt any file on the system X-Force URL: http://xforce.iss.net/static/5955.php
Date Reported: 1/15/01 Vulnerability: omnihttpd-statsconfig-execute-code Platforms Affected: OmniHTTPd Risk Factor: High Attack Type: Network Based Brief Description: OmniHTTPD statsconfig.pl allows code execution X-Force URL: http://xforce.iss.net/static/5956.php
Date Reported: 1/15/01 Vulnerability: icmp-pmtu-dos Platforms Affected: Linux BSD Risk Factor: Medium Attack Type: Network Based Brief Description: ICMP PMTU denial of service X-Force URL: http://xforce.iss.net/static/5975.php
Date Reported: 1/15/01 Vulnerability: icmp-pmtu-dos Platforms Affected: Linux BSD Risk Factor: Medium Attack Type: Network Based Brief Description: ICMP PMTU denial of service X-Force URL: http://xforce.iss.net/static/5975.php
Date Reported: 1/14/01 Vulnerability: splitvt-perserc-format-string Platforms Affected: splitvt 1.6.4 and earlier Risk Factor: High Attack Type: Host Based Brief Description: Splitvt perserc.c module format string X-Force URL: http://xforce.iss.net/static/5948.php
Date Reported: 1/14/01 Vulnerability: splitvt-perserc-format-string Platforms Affected: splitvt 1.6.4 and earlier Risk Factor: High Attack Type: Host Based Brief Description: Splitvt perserc.c module format string X-Force URL: http://xforce.iss.net/static/5948.php
Date Reported: 1/14/01 Vulnerability: flash-module-bo Platforms Affected: Oliver Debon Flash plugin 0.4.9 and earlier Risk Factor: Medium Attack Type: Network Based Brief Description: Flash browser module buffer overflow X-Force URL: http://xforce.iss.net/static/5952.php
Date Reported: 1/13/01 Vulnerability: rctab-elevate-privileges Platforms Affected: Linux SuSE Risk Factor: Medium Attack Type: Host Based Brief Description: rctab in SuSE Linux could allow privilege elevation X-Force URL: http://xforce.iss.net/static/5945.php
Date Reported: 1/12/01 Vulnerability: ultraboard-cgi-perm Platforms Affected: UltraBoard 2000B Risk Factor: Medium Attack Type: Network/Host Based Brief Description: UltraBoard CGI weak permissions X-Force URL: http://xforce.iss.net/static/5931.php
Date Reported: 1/12/01 Vulnerability: compaq-web-management-bo Platforms Affected: Compaq Web-Based Management Risk Factor: High Attack Type: Network Based Brief Description: Compaq Web-Based Management program buffer overflow X-Force URL: http://xforce.iss.net/static/5935.php
Date Reported: 1/12/01 Vulnerability: php-htaccess-unauth-access Platforms Affected: PHP (4.0.0, 4.0.4) Risk Factor: Low Attack Type: Network Based Brief Description: PHP could allow unauthorized access to restricted files X-Force URL: http://xforce.iss.net/static/5940.php
Date Reported: 1/12/01 Vulnerability: basilix-webmail-retrieve-files Platforms Affected: Basilix Webmail 0.9.7beta Risk Factor: Low Attack Type: Network Based Brief Description: Basilix Webmail System allows unauthorized users to retrieve files X-Force URL: http://xforce.iss.net/static/5934.php
Date Reported: 1/12/01 Vulnerability: solaris-arp-bo Platforms Affected: Solaris Risk Factor: High Attack Type: Host Based Brief Description: Solaris arp buffer overflow X-Force URL: http://xforce.iss.net/static/5928.php
Date Reported: 1/12/01 Vulnerability: php-view-source-code Platforms Affected: PHP (4.0.0, 4.0.4) Risk Factor: Low Attack Type: Network Based Brief Description: PHP could allow remote viewing of source code X-Force URL: http://xforce.iss.net/static/5939.php
Date Reported: 1/11/01 Vulnerability: wec-ntlm-authentication Platforms Affected: Windows 2000 Microsoft Office 2000 Windows ME Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Web Extender Client (WEC) NTLM authentication X-Force URL: http://xforce.iss.net/static/5920.php
Date Reported: 1/11/01 Vulnerability: spamcop-url-seq-predict Platforms Affected: SpamCop Risk Factor: Low Attack Type: Network/Host Based Brief Description: SpamCop URL number increment sequence prediction X-Force URL: http://xforce.iss.net/static/5933.php
Date Reported: 1/10/01 Vulnerability: linux-wuftpd-privatepw-symlink Platforms Affected: Linux Risk Factor: Medium Attack Type: Host Based Brief Description: Linux wu-ftpd privatepw symbolic link X-Force URL: http://xforce.iss.net/static/5915.php
Date Reported: 1/10/01 Vulnerability: rdist-symlink Platforms Affected: rdist Risk Factor: High Attack Type: Host Based Brief Description: rdist symbolic link X-Force URL: http://xforce.iss.net/static/5925.php
Date Reported: 1/10/01 Vulnerability: squid-email-symlink Platforms Affected: squid Risk Factor: High Attack Type: Host Based Brief Description: squid email notification symbolic link X-Force URL: http://xforce.iss.net/static/5921.php
Date Reported: 1/10/01 Vulnerability: linux-diffutils-sdiff-symlimk Platforms Affected: Linux Risk Factor: Medium Attack Type: Host Based Brief Description: Linux diffutils sdiff symbolic link X-Force URL: http://xforce.iss.net/static/5914.php
Date Reported: 1/10/01 Vulnerability: tcpdump-arpwatch-symlink Platforms Affected: arpwatch Risk Factor: High Attack Type: Host Based Brief Description: tcpdump arpwatch symbolic link X-Force URL: http://xforce.iss.net/static/5922.php
Date Reported: 1/10/01 Vulnerability: linuxconf-vpop3d-symlink Platforms Affected: linuxconf Risk Factor: Medium Attack Type: Host Based Brief Description: Linuxconf vpop3d symbolic link X-Force URL: http://xforce.iss.net/static/5923.php
Date Reported: 1/10/01 Vulnerability: shadow-utils-useradd-symlink Platforms Affected: shadow-utils Risk Factor: High Attack Type: Host Based Brief Description: shadow-utils useradd symbolic link X-Force URL: http://xforce.iss.net/static/5927.php
Date Reported: 1/10/01 Vulnerability: linux-glibc-read-files Platforms Affected: Linux glibc Risk Factor: Medium Attack Type: Host Based Brief Description: Linux glibc library can allow users to read restricted files X-Force URL: http://xforce.iss.net/static/5907.php
Date Reported: 1/10/01 Vulnerability: gettyps-symlink Platforms Affected: gettyps Risk Factor: High Attack Type: Host Based Brief Description: getty_ps symbolic link X-Force URL: http://xforce.iss.net/static/5924.php
Date Reported: 1/10/01 Vulnerability: linux-gpm-symlink Platforms Affected: gpm Risk Factor: Medium Attack Type: Host Based Brief Description: Linux gpm symbolic link attack X-Force URL: http://xforce.iss.net/static/5917.php
Date Reported: 1/10/01 Vulnerability: linux-mgetty-symlink Platforms Affected: mgetty Risk Factor: Medium Attack Type: Host Based Brief Description: Linux mgetty symbolic link attack X-Force URL: http://xforce.iss.net/static/5918.php
Date Reported: 1/10/01 Vulnerability: linux-apache-symlink Platforms Affected: Apache Risk Factor: Medium Attack Type: Host Based Brief Description: Linux Apache symbolic link X-Force URL: http://xforce.iss.net/static/5926.php
Date Reported: 1/10/01 Vulnerability: linux-inn-symlink Platforms Affected: inn Risk Factor: Medium Attack Type: Host Based Brief Description: Linux INN tmp directory symbolic link X-Force URL: http://xforce.iss.net/static/5916.php
Date Reported: 1/10/01 Vulnerability: conferenceroom-developer-dos Platforms Affected: ConferenceRoom Professional Edition Risk Factor: Medium Attack Type: Network/Host Based Brief Description: ConferenceRoom Developer Edition denial of service X-Force URL: http://xforce.iss.net/static/5909.php
Date Reported: 1/9/01 Vulnerability: oracle-xsql-execute-code Platforms Affected: Oracle 8.1.7 Risk Factor: High Attack Type: Network Based Brief Description: Oracle XSQL servlet and xml-stylesheet allows code execution on server X-Force URL: http://xforce.iss.net/static/5905.php
Date Reported: 1/9/01 Vulnerability: netscreen-webui-bo Platforms Affected: NetScreen Risk Factor: Medium Attack Type: Network Based Brief Description: NetScreen Firewall WebUI buffer overflow X-Force URL: http://xforce.iss.net/static/5908.php
Date Reported: 1/9/01 Vulnerability: suse-reiserfs-long-filenames Platforms Affected: SuSE 7.0 Risk Factor: High Attack Type: Host Based Brief Description: SuSE reiserfs long file name denial of service X-Force URL: http://xforce.iss.net/static/5910.php
Date Reported: 1/9/01 Vulnerability: interbase-backdoor-account Platforms Affected: InterBase 6.01 and earlier Risk Factor: High Attack Type: Network/Host Based Brief Description: InterBase built-in backdoor account X-Force URL: http://xforce.iss.net/static/5911.php
Date Reported: 1/9/01 Vulnerability: interbase-hidden-function-dos Platforms Affected: InterBase 6.01 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: InterBase hidden function denial of service X-Force URL: http://xforce.iss.net/static/5912.php
Date Reported: 1/9/01 Vulnerability: brickserver-thttpd-dos Platforms Affected: BRICKServer Small Business Risk Factor: Medium Attack Type: Network Based Brief Description: BRICKServer thttpd denial of service X-Force URL: http://xforce.iss.net/static/5919.php
Date Reported: 1/9/01 Vulnerability: solaris-exrecover-bo Platforms Affected: Solaris (2.4, 2.5, 2.5.1, 2.6) Risk Factor: Medium Attack Type: Host Based Brief Description: Solaris exrecover buffer overflow X-Force URL: http://xforce.iss.net/static/5913.php
Date Reported: 1/9/01 Vulnerability: hp-inetd-swait-dos Platforms Affected: HPUX Risk Factor: Medium Attack Type: Host Based Brief Description: HP-UX inetd swait denial of service X-Force URL: http://xforce.iss.net/static/5904.php
Date Reported: 1/8/01 Vulnerability: microsoft-iis-read-files Platforms Affected: IIS (4.0, 5.0) Risk Factor: Medium Attack Type: Network Based Brief Description: Microsoft IIS 5.0 allows the viewing of files through malformed URL X-Force URL: http://xforce.iss.net/static/5903.php
Date Reported: 1/8/01 Vulnerability: ibm-websphere-dos Platforms Affected: IBM Websphere 3.52 IBM HTTP Server 1.3.12 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: IBM WebSphere denial of service X-Force URL: http://xforce.iss.net/static/5900.php
Date Reported: 1/8/01 Vulnerability: storagesoft-imagecast-dos Platforms Affected: ImageCast 4.1 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: StorageSoft ImageCast denial of service X-Force URL: http://xforce.iss.net/static/5901.php
Date Reported: 1/8/01 Vulnerability: nai-pgp-replace-keys Platforms Affected: PGP 7.0 Risk Factor: Medium Attack Type: Host Based Brief Description: PGP users may replace signed exported key blocks with arbitrary keys X-Force URL: http://xforce.iss.net/static/5902.php
Date Reported: 1/7/01 Vulnerability: http-cgi-bbs-forum Platforms Affected: WebBBS 1.0 Risk Factor: High Attack Type: Network Based Brief Description: bbs_forum.cgi allows remote command execution X-Force URL: http://xforce.iss.net/static/5906.php
Date Reported: 1/5/01 Vulnerability: lotus-domino-directory-traversal Platforms Affected: Lotus Domino 5.0.x Risk Factor: Medium Attack Type: Network Based Brief Description: Lotus Domino 5.0.x .nsf, .box, and .ns4 directory traversal X-Force URL: http://xforce.iss.net/static/5899.php
Date Reported: 1/5/01 Vulnerability: http-cgi-fastgraf Platforms Affected: FASTGRAF Risk Factor: High Attack Type: Network Based Brief Description: Fastgraf CGI scripts allow remote command execution X-Force URL: http://xforce.iss.net/static/5897.php
Date Reported: 1/4/01 Vulnerability: newsdesk-cgi-read-files Platforms Affected: Newsdesk 1.2 Risk Factor: High Attack Type: Network Based Brief Description: Newsdesk.cgi allows read access to files X-Force URL: http://xforce.iss.net/static/5898.php
Date Reported: 1/1/01 Vulnerability: gtk-module-execute-code Platforms Affected: GTK+ 1.2.8 and earlier Risk Factor: High Attack Type: Host Based Brief Description: GTK+ arbitrary code execution using custom loadable module X-Force URL: http://xforce.iss.net/static/5832.php
Date Reported: 1/1/01 Vulnerability: linux-tty-writable-dos Platforms Affected: Linux Risk Factor: Medium Attack Type: Host Based Brief Description: Linux writable TTY denial of service X-Force URL: http://xforce.iss.net/static/5896.php
Risk Factor Key:
High Any vulnerability that provides an attacker with immediate
access into a machine, gains superuser access, or bypasses
a firewall. Example: A vulnerable Sendmail 8.6.5 version
that allows an intruder to execute commands on mail
server.
Medium Any vulnerability that provides information that has a
high potential of giving system access to an intruder.
Example: A misconfigured TFTP or vulnerable NIS server
that allows an intruder to get the password file that
could contain an account with a guessable password.
Low Any vulnerability that provides information that
potentially could lead to a compromise. Example: A
finger that allows an intruder to find out who is online
and potential accounts to attempt to crack passwords
via brute force methods.
Additional Information
This document is available at http://xforce.iss.net/alerts/advisennn.php. To receive these Alerts and Advisories: - - Subscribe to the Alert mailing list from http://xforce.iss.net/maillists/index.php - - Or send an email to majordomo@iss.net, and within the body of the message type: 'subscribe alert' (without the quotes).
About Internet Security Systems (ISS) Internet Security Systems, Inc. (ISS) (NASDAQ: ISSX) is the leading global provider of security management solutions for the Internet. By combining best of breed products, security management services, aggressive research and development, and comprehensive educational and consulting services, ISS is the trusted security advisor for thousands of organizations around the world looking to protect their mission critical information and networks.
Copyright (c) 2001 by Internet Security Systems, Inc.
Permission is hereby granted for the redistribution of this Alert electronically. It is not to be edited in any way without express consent of the X-Force. If you wish to reprint the whole or any part of this Alert in any other medium excluding electronic medium, please e-mail xforce@iss.net for permission.
Disclaimer
The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk.
X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as well as on MIT's PGP key server and PGP.com's key server.
Please send suggestions, updates, and comments to: X-Force xforce@iss.net of Internet Security Systems, Inc.
-----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: noconv
iQCVAwUBOogB2jRfJiV99eG9AQESogP9HsIDfUmYkJuWUmNqPhb22a6CVpi/TiG9 7mvhdGc3ySS6LqrvTZgXrBzAcxFlHrdTSmNka8yGiLvYAb0lnghFRZ2OxxRfK11m AV9VS9/Yty/Qk8BnA/7tx4DIcM4Nhry1kTqTbDkpbcfXOb2LI2WUGnMHF/xkc1ge 3mV5zJXCUM4= =ClrQ -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200103-0101",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "r9100 router",
"scope": "lte",
"trust": 1.0,
"vendor": "netopia",
"version": "4.6"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ssh security",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sun",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "daemonnews",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "immunix",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mandrakesoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "getty ps",
"version": null
},
{
"model": "r9100 router",
"scope": "eq",
"trust": 0.6,
"vendor": "netopia",
"version": "4.6"
},
{
"model": "immunix os -beta",
"scope": "eq",
"trust": 0.3,
"vendor": "wirex",
"version": "7.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "7.2"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "7.1"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "7.0"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "6.1"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "6.0"
},
{
"model": "communications security ssh",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "1.2.30"
},
{
"model": "communications security ssh",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "1.2.29"
},
{
"model": "communications security ssh",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "1.2.28"
},
{
"model": "communications security ssh",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "1.2.27"
},
{
"model": "r9100 dsl router",
"scope": "eq",
"trust": 0.3,
"vendor": "netopia",
"version": "4.6"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#850440"
},
{
"db": "CERT/CC",
"id": "VU#987632"
},
{
"db": "CERT/CC",
"id": "VU#342768"
},
{
"db": "BID",
"id": "2194"
},
{
"db": "BID",
"id": "2222"
},
{
"db": "BID",
"id": "2287"
},
{
"db": "NVD",
"id": "CVE-2001-0185"
},
{
"db": "CNNVD",
"id": "CNNVD-200103-095"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netopia:r9100_router:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.6",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0185"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Reported to bugtraq by Julien Henry \n\u003cnyc1660@freesurf.fr\u003e on Tue, 23 Jan 2001.",
"sources": [
{
"db": "BID",
"id": "2287"
},
{
"db": "CNNVD",
"id": "CNNVD-200103-095"
}
],
"trust": 0.9
},
"cve": "CVE-2001-0185",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-3007",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2001-0185",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#850440",
"trust": 0.8,
"value": "1.89"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#987632",
"trust": 0.8,
"value": "3.19"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#342768",
"trust": 0.8,
"value": "5.63"
},
{
"author": "CNNVD",
"id": "CNNVD-200103-095",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-3007",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#850440"
},
{
"db": "CERT/CC",
"id": "VU#987632"
},
{
"db": "CERT/CC",
"id": "VU#342768"
},
{
"db": "VULHUB",
"id": "VHN-3007"
},
{
"db": "NVD",
"id": "CVE-2001-0185"
},
{
"db": "CNNVD",
"id": "CNNVD-200103-095"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Netopia R9100 router version 4.6 allows authenticated users to cause a denial of service by using the router\u0027s telnet program to connect to the router\u0027s IP address, which causes a crash. The secure-RPC feature of the SSH1 client in Solaris sometimes encrypts the SSH private key file with a weak passphrase, which can be determined by an attacker and used to recover the SSH private keys. Other versions of the SSH client running on non-Solaris platforms are not affected by this vulnerability. NewsDaemon prior to version 0.21b contains a vulnerability allowing remote attackers to gain administrative access to the web site. getty_ps is an open-source software package designed to support logons to the console and terminals. Some implementations create temporary files insecurely with predictable names, leading to corruption of arbitrary files via symbolic link attack. getty_ps is an open source, freely available, publicly maintained software package shipped with many distributions of Linux. \nA problem in the getty_ps software package could make it vulnerable to a symbolic link attack. The problem occurs in the creation and handling of files in the /tmp directory by the getty_ps program. Under certain circumstances, getty_ps will create files in the /tmp filesystem in an insecure manner. The program uses a naming scheme that could make it possible to guess the filename of future files in the /tmp directory, and does not check for the existance of the file before attempting to create it. A malicious user could use this vulnerability to overwrite or append to and corrupt system files. SSH is a package designed to encrypt traffic between two end points using the IETF specified SSH protocol. The SSH1 package is distributed and maintained by SSH Communications Security. \nA problem exists which could allow the discovery of the secret key used to encrypt traffic on the local host. When using SUN-DES-1 to share keys with other hosts on the network to facilitate secure communication via protocols such as NFS and NIS+, the keys are shared between hosts using the private key of the user and a cryptographic algorithm to secure the contents of the key, which is stored on the NIS+ primary. The problem occurs when the key is encrypted with the SUN-DES-1 magic phrase prior to having done a keylogin (the keyserv does not have the users DH private key). A design flaw in the software that shares the key with the NIS+ master will inconsistently return the correct value for an attempted keyshare that has failed. A step in the private key encryption process is skipped, and the users private key is then encrypted only with the public key of the target server and the SUN-DES-1 magic phrase, a phrase that is guessable due to the way it is generated. A user from the same host can then execute a function that returns another users magic phrase, and use this to decrypt the private key of the victim. This makes it possible for a user with malicious intent to gain knowledge of a users secret key, and decrypt sensitive traffic between two hosts, with the possibility of gaining access and elevated privileges on the hosts and/or NIS+ domain. This reportedly affects the SSH2 series of the software package. \nUnder very specific circumstances, an attacker can cause the affected router to stop. By attempting to make a looped connection from the router\u0027s IP address back to the same address, the unit will crash. A manual restart is required to resume operation. \nAn attack prevents user-disconnect logging and may help the attacker carry out further attacks on the affected host or other systems on its network. \nNetopia R9100 Router running firmware version 4.6 is vulnerable; subsequent (and current) versions are not vulnerable. \nTO UNSUBSCRIBE: email \"unsubscribe alert\" in the body of your message to\nmajordomo@iss.net Contact alert-owner@iss.net for help with any problems!\n---------------------------------------------------------------------------\n\n-----BEGIN PGP SIGNED MESSAGE-----\n\nInternet Security Systems Security Alert Summary\nFebruary 6, 2001\nVolume 6 Number 3\n\nX-Force Vulnerability and Threat Database: http://xforce.iss.net/ To\nreceive these Alert Summaries as well as other Alerts and Advisories,\nsubscribe to the Internet Security Systems Alert mailing list at:\nhttp://xforce.iss.net/maillists/index.php\n\n_____\n\nContents\n\n120 Reported Vulnerabilities\n\nRisk Factor Key\n\n_____\n\nDate Reported: 1/31/01\nVulnerability: win2k-rdp-dos\nPlatforms Affected: Windows 2000\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Windows 2000 Server RDP denial of service\nX-Force URL: http://xforce.iss.net/static/6035.php\n\n_____\n\nDate Reported: 1/31/01\nVulnerability: cisco-ccs-file-access\nPlatforms Affected: Cisco Content Services Switch\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Cisco CCS command line interface could allow read access to files and directories\nX-Force URL: http://xforce.iss.net/static/6031.php\n\n_____\n\nDate Reported: 1/31/01\nVulnerability: quicktime-embedded-tag-bo\nPlatforms Affected: Quicktime 4.1.2\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: QuickTime Player EMBED tag buffer overflow\nX-Force URL: http://xforce.iss.net/static/6040.php\n\n_____\n\nDate Reported: 1/31/01\nVulnerability: solaris-ximp40-bo\nPlatforms Affected: Solaris (7, 8)\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: Solaris \"ximp40\" shared library buffer overflow\nX-Force URL: http://xforce.iss.net/static/6039.php\n\n_____\n\nDate Reported: 1/31/01\nVulnerability: cisco-ccs-cli-dos\nPlatforms Affected: Cisco Content Services Switch\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Cisco CCS command line interface denial of service\nX-Force URL: http://xforce.iss.net/static/6030.php\n\n_____\n\nDate Reported: 1/30/01\nVulnerability: slimserve-httpd-dos\nPlatforms Affected: SlimServe 1.0\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: SlimServe HTTPd denial of service\nX-Force URL: http://xforce.iss.net/static/6028.php\n\n_____\n\nDate Reported: 1/30/01\nVulnerability: crazywwwboard-qdecoder-bo\nPlatforms Affected: CrazyWWWBoard prior to 2000LEp5-1\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: CrazyWWWBoard qDecoder buffer overflow\nX-Force URL: http://xforce.iss.net/static/6033.php\n\n_____\n\nDate Reported: 1/30/01\nVulnerability: virusbuster-mua-bo\nPlatforms Affected:\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Virus Buster 2001 Mail User Agent (MUA) buffer overflow\nX-Force URL: http://xforce.iss.net/static/6034.php\n\n_____\n\nDate Reported: 1/29/01\nVulnerability: iis-isapi-obtain-code\nPlatforms Affected: IIS (4.0, 5.0)\nRisk Factor: Low\nAttack Type: Network/Host Based\nBrief Description: IIS allows remote attacker to obtain code fragments using .htr ISAPI extensions\nX-Force URL: http://xforce.iss.net/static/6032.php\n\n_____\n\nDate Reported: 1/29/01\nVulnerability: bind-inverse-query-disclosure\nPlatforms Affected: Bind (4.x, 8.2.x)\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: BIND 4.x and 8.2.x exposes environment variables\nX-Force URL: http://xforce.iss.net/static/6018.php\n\n_____\n\nDate Reported: 1/29/01\nVulnerability: hp-man-dos\nPlatforms Affected: HPUX\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: HP man command denial of service\nX-Force URL: http://xforce.iss.net/static/6014.php\n\n_____\n\nDate Reported: 1/29/01\nVulnerability: sort-temp-file-abort\nPlatforms Affected: FreeBSD\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Sort temporary files denial of service\nX-Force URL: http://xforce.iss.net/static/6038.php\n\n_____\n\nDate Reported: 1/29/01\nVulnerability: bind-complain-format-string\nPlatforms Affected: BIND 4.x\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: BIND 4.x nslookupComplain() format string\nX-Force URL: http://xforce.iss.net/static/6017.php\n\n_____\n\nDate Reported: 1/29/01\nVulnerability: bind-complain-bo\nPlatforms Affected: BIND 4.x\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: BIND 4.x nslookupComplain() buffer overflow\nX-Force URL: http://xforce.iss.net/static/6016.php\n\n_____\n\nDate Reported: 1/29/01\nVulnerability: winvnc-client-bo\nPlatforms Affected: WinVNC\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: WinVNC client buffer overflow\nX-Force URL: http://xforce.iss.net/static/6025.php\n\n_____\n\nDate Reported: 1/29/01\nVulnerability: winvnc-server-bo\nPlatforms Affected: WinVNC\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: WinVNC server buffer overflow\nX-Force URL: http://xforce.iss.net/static/6026.php\n\n_____\n\nDate Reported: 1/29/01\nVulnerability: guestserver-cgi-execute-commands\nPlatforms Affected: Guestserver 4.12 and earlier\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Guestserver.cgi allows remote command execution\nX-Force URL: http://xforce.iss.net/static/6027.php\n\n_____\n\nDate Reported: 1/29/01\nVulnerability: bind-tsig-bo\nPlatforms Affected: BIND 8.2.x\nRisk Factor: Unauthorized Access Attempt\nAttack Type: Network/Host Based\nBrief Description: BIND 8.2.x transaction signature (TSIG) buffer overflow\nX-Force URL: http://xforce.iss.net/static/6015.php\n\n_____\n\nDate Reported: 1/28/01\nVulnerability: hyperseek-cgi-reveal-info\nPlatforms Affected: Hyperseek Search Engine 2000\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Hyperseek CGI could reveal listings of directories and files\nX-Force URL: http://xforce.iss.net/static/6012.php\n\n_____\n\nDate Reported: 1/26/01\nVulnerability: newsdaemon-gain-admin-access\nPlatforms Affected: NewsDaemon prior to 0.21b\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: NewsDaemon allows remote users to gain administrative access\nX-Force URL: http://xforce.iss.net/static/6010.php\n\n_____\n\nDate Reported: 1/26/01\nVulnerability: mars-nwe-format-string\nPlatforms Affected: Mars_nwe 0.99.pl19\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Mars_nwe format string\nX-Force URL: http://xforce.iss.net/static/6019.php\n\n_____\n\nDate Reported: 1/26/01\nVulnerability: mars-nwe-format-string\nPlatforms Affected: Mars_nwe 0.99.pl19\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Mars_nwe format string\nX-Force URL: http://xforce.iss.net/static/6019.php\n\n_____\n\nDate Reported: 1/25/01\nVulnerability: planetintra-pi-bo\nPlatforms Affected: Planet Intra LAN Intranet 2.5\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Planet Intra \u0027pi\u0027 binary buffer oveflow\nX-Force URL: http://xforce.iss.net/static/6002.php\n\n_____\n\nDate Reported: 1/25/01\nVulnerability: borderware-ping-dos\nPlatforms Affected: BorderWare Firewall Server 6.1.2\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: BorderWare ping denial of service\nX-Force URL: http://xforce.iss.net/static/6004.php\n\n_____\n\nDate Reported: 1/25/01\nVulnerability: aol-malformed-url-dos\nPlatforms Affected: AOL 5.0\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: AOL malformed URL denial of service\nX-Force URL: http://xforce.iss.net/static/6009.php\n\n_____\n\nDate Reported: 1/25/01\nVulnerability: mirc-bypass-password\nPlatforms Affected: mIRC\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: mIRC allows malicious user to bypass password\nX-Force URL: http://xforce.iss.net/static/6013.php\n\n_____\n\nDate Reported: 1/25/01\nVulnerability: netscape-enterprise-revlog-dos\nPlatforms Affected: Netscape Enterprise Server\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Netscape Enterprise Server REVLOG denial of service\nX-Force URL: http://xforce.iss.net/static/6003.php\n\n_____\n\nDate Reported: 1/24/01\nVulnerability: aim-execute-code\nPlatforms Affected: AOL Instant Messenger 4.1 and later\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: AOL Instant Messenger execution of code in modified images\nX-Force URL: http://xforce.iss.net/static/6005.php\n\n_____\n\nDate Reported: 1/24/01\nVulnerability: netscape-enterprise-list-directories\nPlatforms Affected: Netscape Enterprise Server (3.0, 4.0)\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Netscape Enterprise Server allows remote directory listing\nX-Force URL: http://xforce.iss.net/static/5997.php\n\n_____\n\nDate Reported: 1/24/01\nVulnerability: winnt-mutex-dos\nPlatforms Affected: Windows NT 4.0\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Windows NT mutex denial of service\nX-Force URL: http://xforce.iss.net/static/6006.php\n\n_____\n\nDate Reported: 1/24/01\nVulnerability: jrun-webinf-file-retrieval\nPlatforms Affected: JRun\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: JRun malformed URL file retrieval\nX-Force URL: http://xforce.iss.net/static/6008.php\n\n_____\n\nDate Reported: 1/23/01\nVulnerability: ipfw-bypass-firewall\nPlatforms Affected: FreeBSD (3.x, 4.x)\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: ipfw/ip6fw allows remote attacker to bypass firewall\nX-Force URL: http://xforce.iss.net/static/5998.php\n\n_____\n\nDate Reported: 1/23/01\nVulnerability: netopia-telnet-dos\nPlatforms Affected: Netopia R-series router\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Netopia R9100 allows remote user to crash the router using telnet\nX-Force URL: http://xforce.iss.net/static/6001.php\n\n_____\n\nDate Reported: 1/23/01\nVulnerability: wuftp-debug-format-string\nPlatforms Affected: Wu-ftpd\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Wu-ftpd debug mode format string\nX-Force URL: http://xforce.iss.net/static/6020.php\n\n_____\n\nDate Reported: 1/23/01\nVulnerability: kde2-kdesu-retrieve-passwords\nPlatforms Affected: Linux: Caldera eDesktop 2.4\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: KDE2 kdesu program allows users to retrieve passwords\nX-Force URL: http://xforce.iss.net/static/5995.php\n\n_____\n\nDate Reported: 1/23/01\nVulnerability: easycom-safecom-url-bo\nPlatforms Affected: Easycom/Safecom firmware 404.590\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Easycom/Safecom print server long URL buffer overflow\nX-Force URL: http://xforce.iss.net/static/5988.php\n\n_____\n\nDate Reported: 1/23/01\nVulnerability: easycom-safecom-printguide-dos\nPlatforms Affected: Easycom/Safecom firmware 404.590\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Easycom/Safecom PrintGuide denial of service\nX-Force URL: http://xforce.iss.net/static/5989.php\n\n_____\n\nDate Reported: 1/23/01\nVulnerability: easycom-safecom-ftp-dos\nPlatforms Affected: Easycom/Safecom firmware 404.590\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Easycom/Safecom FTP denial of service\nX-Force URL: http://xforce.iss.net/static/5990.php\n\n_____\n\nDate Reported: 1/23/01\nVulnerability: vnc-weak-authentication\nPlatforms Affected: VNC 3.3.3 and earlier\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: VNC weak authentication could allow unauthorized access\nX-Force URL: http://xforce.iss.net/static/5992.php\n\n_____\n\nDate Reported: 1/23/01\nVulnerability: lotus-domino-smtp-bo\nPlatforms Affected: Lotus Domino 5.0\nRisk Factor: High\nAttack Type: Network/Host Based\nBrief Description: Lotus Domino SMTP Server policy feature buffer overflow\nX-Force URL: http://xforce.iss.net/static/5993.php\n\n_____\n\nDate Reported: 1/23/01\nVulnerability: linux-sash-shadow-readable\nPlatforms Affected: sash prior to 3.4-4\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: Linux sash /etc/shadow directory world-readable\nX-Force URL: http://xforce.iss.net/static/5994.php\n\n_____\n\nDate Reported: 1/22/01\nVulnerability: powerpoint-execute-code\nPlatforms Affected: Microsoft PowerPoint 2000\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: PowerPoint could allow code execution on another user\u0027s computer\nX-Force URL: http://xforce.iss.net/static/5996.php\n\n_____\n\nDate Reported: 1/22/01\nVulnerability: icecast-format-string\nPlatforms Affected: Icecast 1.3.8beta2 and prior\nRisk Factor: High\nAttack Type: Network/Host Based\nBrief Description: Icecast format string could allow arbitrary code execution\nX-Force URL: http://xforce.iss.net/static/5978.php\n\n_____\n\nDate Reported: 1/22/01\nVulnerability: oracle-handlers-directory-traversal\nPlatforms Affected: Oracle 8.1.7\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Oracle JSP/SQLJP handlers directory traversal\nX-Force URL: http://xforce.iss.net/static/5986.php\n\n_____\n\nDate Reported: 1/22/01\nVulnerability: oracle-handlers-execute-jsp\nPlatforms Affected: Oracle 8.1.7\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Oracle JSP/SQLJP handlers allows remote attacker to execute .jsp files\nX-Force URL: http://xforce.iss.net/static/5987.php\n\n_____\n\nDate Reported: 1/22/01\nVulnerability: netscape-enterprise-dot-dos\nPlatforms Affected: Netscape Enterprise Server 4.1 SP5\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Netscape Enterprise Server \"/../\" denial of service\nX-Force URL: http://xforce.iss.net/static/5983.php\n\n_____\n\nDate Reported: 1/22/01\nVulnerability: goodtech-ftp-dos\nPlatforms Affected: GoodTech FTP 3.0.1.2.1.0\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: GoodTech FTP server denial of service\nX-Force URL: http://xforce.iss.net/static/5984.php\n\n_____\n\nDate Reported: 1/22/01\nVulnerability: netscape-fasttrack-cache-dos\nPlatforms Affected: Netscape FastTrack\nRisk Factor: Low\nAttack Type: Host Based\nBrief Description: Netscape FastTrack Server cache denial of service\nX-Force URL: http://xforce.iss.net/static/5985.php\n\n_____\n\nDate Reported: 1/21/01\nVulnerability: eeye-iris-dos\nPlatforms Affected: Iris Network Analyzer 1.01beta\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Iris denial of service\nX-Force URL: http://xforce.iss.net/static/5981.php\n\n_____\n\nDate Reported: 1/20/01\nVulnerability: watchguard-firebox-obtain-passphrase\nPlatforms Affected: Firebox II\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: WatchGuard Firebox allows remote user to obtain passphrase\nX-Force URL: http://xforce.iss.net/static/5979.php\n\n_____\n\nDate Reported: 1/19/01\nVulnerability: fastream-ftp-server-dos\nPlatforms Affected: Fastream FTP++ Simple FTP Server 2.0\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Fastream FTP denial of service\nX-Force URL: http://xforce.iss.net/static/5976.php\n\n_____\n\nDate Reported: 1/19/01\nVulnerability: fastream-ftp-path-disclosure\nPlatforms Affected: Fastream FTP++ Simple FTP Server 2.0\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Fastream FTP path disclosure\nX-Force URL: http://xforce.iss.net/static/5977.php\n\n_____\n\nDate Reported: 1/19/01\nVulnerability: localweb2k-directory-traversal\nPlatforms Affected: LocalWEB2000 HTTP Server 1.1.0\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: LocalWEB2000 directory traversal\nX-Force URL: http://xforce.iss.net/static/5982.php\n\n_____\n\nDate Reported: 1/19/01\nVulnerability: win2k-efs-recover-data\nPlatforms Affected: Windows 2000\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: Windows 2000 EFS allows local user to recover sensitive data\nX-Force URL: http://xforce.iss.net/static/5973.php\n\n_____\n\nDate Reported: 1/19/01\nVulnerability: linux-bing-bo\nPlatforms Affected: Linux\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: Bing host name buffer overflow\nX-Force URL: http://xforce.iss.net/static/6036.php\n\n_____\n\nDate Reported: 1/18/01\nVulnerability: micq-sprintf-remote-bo\nPlatforms Affected: Matt\u0027s ICQ Clone 0.4.6\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: ICQ clone for Linux sprintf() remote buffer overflow\nX-Force URL: http://xforce.iss.net/static/5962.php\n\n_____\n\nDate Reported: 1/18/01\nVulnerability: mysql-select-bo\nPlatforms Affected: MySQL prior to 3.23.31\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: MySQL select buffer overflow\nX-Force URL: http://xforce.iss.net/static/5969.php\n\n_____\n\nDate Reported: 1/18/01\nVulnerability: shoutcast-description-bo\nPlatforms Affected: SHOUTcast DNAS 1.7.1\nRisk Factor: Low\nAttack Type: Network/Host Based\nBrief Description: Shoutcast Server for Linux description buffer overflow\nX-Force URL: http://xforce.iss.net/static/5965.php\n\n_____\n\nDate Reported: 1/17/01\nVulnerability: fw1-limited-license-dos\nPlatforms Affected: Check Point Firewall-1 4.1\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: FireWall-1 limited-IP license denial of service\nX-Force URL: http://xforce.iss.net/static/5966.php\n\n_____\n\nDate Reported: 1/17/01\nVulnerability: fw1-limited-license-dos\nPlatforms Affected: Check Point Firewall-1 4.1\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: FireWall-1 limited-IP license denial of service\nX-Force URL: http://xforce.iss.net/static/5966.php\n\n_____\n\nDate Reported: 1/17/01\nVulnerability: hp-stm-dos\nPlatforms Affected: HPUX\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: HP-UX Support Tools Manager denial of service\nX-Force URL: http://xforce.iss.net/static/5957.php\n\n_____\n\nDate Reported: 1/17/01\nVulnerability: linux-webmin-tmpfiles\nPlatforms Affected: OpenLinux (2.3, 2.4)\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: Webmin use of tmpfiles could allow a local user to overwrite files\nX-Force URL: http://xforce.iss.net/static/6011.php\n\n_____\n\nDate Reported: 1/17/01\nVulnerability: tinyproxy-remote-bo\nPlatforms Affected: tinyproxy 1.3.2 and 1.3.3\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Tinyproxy remote buffer overflow\nX-Force URL: http://xforce.iss.net/static/5954.php\n\n_____\n\nDate Reported: 1/17/01\nVulnerability: postaci-sql-command-injection\nPlatforms Affected: PostACI\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Postaci SQL command injection\nX-Force URL: http://xforce.iss.net/static/5972.ph p\n\n_____\n\nDate Reported: 1/17/01\nVulnerability: wwwwais-cgi-dos\nPlatforms Affected: wwwwais.c 25\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: wwwwais CGI based program denial of service\nX-Force URL: http://xforce.iss.net/static/5980.php\n\n_____\n\nDate Reported: 1/17/01\nVulnerability: mime-header-attachment\nPlatforms Affected: MIME 1.0\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: MIME headers could allow spoofed file attachment\nX-Force URL: http://xforce.iss.net/static/5991.php\n\n_____\n\nDate Reported: 1/16/01\nVulnerability: ssh-rpc-private-key\nPlatforms Affected: SSH\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: SSH secure-RPC could generate a passphrase that exposes a user\u0027s private key\nX-Force URL: http://xforce.iss.net/static/5963.php\n\n_____\n\nDate Reported: 1/16/01\nVulnerability: linux-glibc-preload-overwrite\nPlatforms Affected: Linux\nRisk Factor: Low\nAttack Type: Host Based\nBrief Description: Linux glibc LD_PRELOAD file overwrite\nX-Force URL: http://xforce.iss.net/static/5971.php\n\n_____\n\nDate Reported: 1/16/01\nVulnerability: inn-tmpfile-symlink\nPlatforms Affected: InterNet News (INN)\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: INN tmpfile symbolic link\nX-Force URL: http://xforce.iss.net/static/5974.php\n\n_____\n\nDate Reported: 1/15/01\nVulnerability: interscan-viruswall-insecure-password\nPlatforms Affected: InterScan VirusWall (3.0.1, 3.6.x)\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: InterScan VirusWall for Unix password change insecure\nX-Force URL: http://xforce.iss.net/static/5944.php\n\n_____\n\nDate Reported: 1/15/01\nVulnerability: interscan-viruswall-weak-authentication\nPlatforms Affected: InterScan VirusWall (3.0.1, 3.6.x)\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: InterScan VirusWall for Unix uses weak authentication\nX-Force URL: http://xforce.iss.net/static/5946.php\n\n_____\n\nDate Reported: 1/15/01\nVulnerability: ie-mshtml-dos\nPlatforms Affected: Internet Explorer 4.0 and later\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Internet Explorer mshtml.dll denial of service\nX-Force URL: http://xforce.iss.net/static/5938.php\n\n_____\n\nDate Reported: 1/15/01\nVulnerability: dhcp-format-string\nPlatforms Affected: Caldera OpenLinux Desktop (2.3, 2.3.1, 2.4)\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Caldera DHCP format string\nX-Force URL: http://xforce.iss.net/static/5953.php\n\n_____\n\nDate Reported: 1/15/01\nVulnerability: win-mediaplayer-arbitrary-code\nPlatforms Affected: Windows Media Player 7.0\nRisk Factor: High\nAttack Type: Network/Host Based\nBrief Description: Windows Media Player skins can be used execute arbitrary code\nX-Force URL: http://xforce.iss.net/static/5937.php\n\n_____\n\nDate Reported: 1/15/01\nVulnerability: veritas-backupexec-dos\nPlatforms Affected: Backup Exec 4.5\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Veritas Backup Exec denial of service\nX-Force URL: http://xforce.iss.net/static/5941.php\n\n_____\n\nDate Reported: 1/15/01\nVulnerability: interscan-viruswall-symlink\nPlatforms Affected: InterScan VirusWall (3.0.1, 3.6.x)\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: InterScan VirusWall for Unix symbolic link\nX-Force URL: http://xforce.iss.net/static/5947.php\n\n_____\n\nDate Reported: 1/15/01\nVulnerability: omnihttpd-statsconfig-corrupt-files\nPlatforms Affected: OmniHTTPd\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: OmniHTTPd statsconfig.pl corrupt any file on the system\nX-Force URL: http://xforce.iss.net/static/5955.php\n\n_____\n\nDate Reported: 1/15/01\nVulnerability: omnihttpd-statsconfig-execute-code\nPlatforms Affected: OmniHTTPd\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: OmniHTTPD statsconfig.pl allows code execution\nX-Force URL: http://xforce.iss.net/static/5956.php\n\n_____\n\nDate Reported: 1/15/01\nVulnerability: icmp-pmtu-dos\nPlatforms Affected: Linux\n BSD\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: ICMP PMTU denial of service\nX-Force URL: http://xforce.iss.net/static/5975.php\n\n_____\n\nDate Reported: 1/15/01\nVulnerability: icmp-pmtu-dos\nPlatforms Affected: Linux\n BSD\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: ICMP PMTU denial of service\nX-Force URL: http://xforce.iss.net/static/5975.php\n\n_____\n\nDate Reported: 1/14/01\nVulnerability: splitvt-perserc-format-string\nPlatforms Affected: splitvt 1.6.4 and earlier\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: Splitvt perserc.c module format string\nX-Force URL: http://xforce.iss.net/static/5948.php\n\n_____\n\nDate Reported: 1/14/01\nVulnerability: splitvt-perserc-format-string\nPlatforms Affected: splitvt 1.6.4 and earlier\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: Splitvt perserc.c module format string\nX-Force URL: http://xforce.iss.net/static/5948.php\n\n_____\n\nDate Reported: 1/14/01\nVulnerability: flash-module-bo\nPlatforms Affected: Oliver Debon Flash plugin 0.4.9 and earlier\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Flash browser module buffer overflow\nX-Force URL: http://xforce.iss.net/static/5952.php\n\n_____\n\nDate Reported: 1/13/01\nVulnerability: rctab-elevate-privileges\nPlatforms Affected: Linux SuSE\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: rctab in SuSE Linux could allow privilege elevation\nX-Force URL: http://xforce.iss.net/static/5945.php\n\n_____\n\nDate Reported: 1/12/01\nVulnerability: ultraboard-cgi-perm\nPlatforms Affected: UltraBoard 2000B\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: UltraBoard CGI weak permissions\nX-Force URL: http://xforce.iss.net/static/5931.php\n\n_____\n\nDate Reported: 1/12/01\nVulnerability: compaq-web-management-bo\nPlatforms Affected: Compaq Web-Based Management\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Compaq Web-Based Management program buffer overflow\nX-Force URL: http://xforce.iss.net/static/5935.php\n\n_____\n\nDate Reported: 1/12/01\nVulnerability: php-htaccess-unauth-access\nPlatforms Affected: PHP (4.0.0, 4.0.4)\nRisk Factor: Low\nAttack Type: Network Based\nBrief Description: PHP could allow unauthorized access to restricted files\nX-Force URL: http://xforce.iss.net/static/5940.php\n\n_____\n\nDate Reported: 1/12/01\nVulnerability: basilix-webmail-retrieve-files\nPlatforms Affected: Basilix Webmail 0.9.7beta\nRisk Factor: Low\nAttack Type: Network Based\nBrief Description: Basilix Webmail System allows unauthorized users to retrieve files\nX-Force URL: http://xforce.iss.net/static/5934.php\n\n_____\n\nDate Reported: 1/12/01\nVulnerability: solaris-arp-bo\nPlatforms Affected: Solaris\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: Solaris arp buffer overflow\nX-Force URL: http://xforce.iss.net/static/5928.php\n\n_____\n\nDate Reported: 1/12/01\nVulnerability: php-view-source-code\nPlatforms Affected: PHP (4.0.0, 4.0.4)\nRisk Factor: Low\nAttack Type: Network Based\nBrief Description: PHP could allow remote viewing of source code\nX-Force URL: http://xforce.iss.net/static/5939.php\n\n_____\n\nDate Reported: 1/11/01\nVulnerability: wec-ntlm-authentication\nPlatforms Affected: Windows 2000\n Microsoft Office 2000\n Windows ME\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Web Extender Client (WEC) NTLM authentication\nX-Force URL: http://xforce.iss.net/static/5920.php\n\n_____\n\nDate Reported: 1/11/01\nVulnerability: spamcop-url-seq-predict\nPlatforms Affected: SpamCop\nRisk Factor: Low\nAttack Type: Network/Host Based\nBrief Description: SpamCop URL number increment sequence prediction\nX-Force URL: http://xforce.iss.net/static/5933.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: linux-wuftpd-privatepw-symlink\nPlatforms Affected: Linux\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Linux wu-ftpd privatepw symbolic link\nX-Force URL: http://xforce.iss.net/static/5915.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: rdist-symlink\nPlatforms Affected: rdist\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: rdist symbolic link\nX-Force URL: http://xforce.iss.net/static/5925.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: squid-email-symlink\nPlatforms Affected: squid\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: squid email notification symbolic link\nX-Force URL: http://xforce.iss.net/static/5921.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: linux-diffutils-sdiff-symlimk\nPlatforms Affected: Linux\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Linux diffutils sdiff symbolic link\nX-Force URL: http://xforce.iss.net/static/5914.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: tcpdump-arpwatch-symlink\nPlatforms Affected: arpwatch\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: tcpdump arpwatch symbolic link\nX-Force URL: http://xforce.iss.net/static/5922.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: linuxconf-vpop3d-symlink\nPlatforms Affected: linuxconf\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Linuxconf vpop3d symbolic link\nX-Force URL: http://xforce.iss.net/static/5923.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: shadow-utils-useradd-symlink\nPlatforms Affected: shadow-utils\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: shadow-utils useradd symbolic link\nX-Force URL: http://xforce.iss.net/static/5927.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: linux-glibc-read-files\nPlatforms Affected: Linux glibc\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Linux glibc library can allow users to read restricted files\nX-Force URL: http://xforce.iss.net/static/5907.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: gettyps-symlink\nPlatforms Affected: gettyps\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: getty_ps symbolic link\nX-Force URL: http://xforce.iss.net/static/5924.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: linux-gpm-symlink\nPlatforms Affected: gpm\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Linux gpm symbolic link attack\nX-Force URL: http://xforce.iss.net/static/5917.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: linux-mgetty-symlink\nPlatforms Affected: mgetty\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Linux mgetty symbolic link attack\nX-Force URL: http://xforce.iss.net/static/5918.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: linux-apache-symlink\nPlatforms Affected: Apache\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Linux Apache symbolic link\nX-Force URL: http://xforce.iss.net/static/5926.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: linux-inn-symlink\nPlatforms Affected: inn\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Linux INN tmp directory symbolic link\nX-Force URL: http://xforce.iss.net/static/5916.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: conferenceroom-developer-dos\nPlatforms Affected: ConferenceRoom Professional Edition\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: ConferenceRoom Developer Edition denial of service\nX-Force URL: http://xforce.iss.net/static/5909.php\n\n_____\n\nDate Reported: 1/9/01\nVulnerability: oracle-xsql-execute-code\nPlatforms Affected: Oracle 8.1.7\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Oracle XSQL servlet and xml-stylesheet allows code execution on server\nX-Force URL: http://xforce.iss.net/static/5905.php\n\n_____\n\nDate Reported: 1/9/01\nVulnerability: netscreen-webui-bo\nPlatforms Affected: NetScreen\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: NetScreen Firewall WebUI buffer overflow\nX-Force URL: http://xforce.iss.net/static/5908.php\n\n_____\n\nDate Reported: 1/9/01\nVulnerability: suse-reiserfs-long-filenames\nPlatforms Affected: SuSE 7.0\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: SuSE reiserfs long file name denial of service\nX-Force URL: http://xforce.iss.net/static/5910.php\n\n_____\n\nDate Reported: 1/9/01\nVulnerability: interbase-backdoor-account\nPlatforms Affected: InterBase 6.01 and earlier\nRisk Factor: High\nAttack Type: Network/Host Based\nBrief Description: InterBase built-in backdoor account\nX-Force URL: http://xforce.iss.net/static/5911.php\n\n_____\n\nDate Reported: 1/9/01\nVulnerability: interbase-hidden-function-dos\nPlatforms Affected: InterBase 6.01\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: InterBase hidden function denial of service\nX-Force URL: http://xforce.iss.net/static/5912.php\n\n_____\n\nDate Reported: 1/9/01\nVulnerability: brickserver-thttpd-dos\nPlatforms Affected: BRICKServer Small Business\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: BRICKServer thttpd denial of service\nX-Force URL: http://xforce.iss.net/static/5919.php\n\n_____\n\nDate Reported: 1/9/01\nVulnerability: solaris-exrecover-bo\nPlatforms Affected: Solaris (2.4, 2.5, 2.5.1, 2.6)\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Solaris exrecover buffer overflow\nX-Force URL: http://xforce.iss.net/static/5913.php\n\n_____\n\nDate Reported: 1/9/01\nVulnerability: hp-inetd-swait-dos\nPlatforms Affected: HPUX\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: HP-UX inetd swait denial of service\nX-Force URL: http://xforce.iss.net/static/5904.php\n\n_____\n\nDate Reported: 1/8/01\nVulnerability: microsoft-iis-read-files\nPlatforms Affected: IIS (4.0, 5.0)\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Microsoft IIS 5.0 allows the viewing of files through malformed URL\nX-Force URL: http://xforce.iss.net/static/5903.php\n\n_____\n\nDate Reported: 1/8/01\nVulnerability: ibm-websphere-dos\nPlatforms Affected: IBM Websphere 3.52\n IBM HTTP Server 1.3.12\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: IBM WebSphere denial of service\nX-Force URL: http://xforce.iss.net/static/5900.php\n\n_____\n\nDate Reported: 1/8/01\nVulnerability: storagesoft-imagecast-dos\nPlatforms Affected: ImageCast 4.1\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: StorageSoft ImageCast denial of service\nX-Force URL: http://xforce.iss.net/static/5901.php\n\n_____\n\nDate Reported: 1/8/01\nVulnerability: nai-pgp-replace-keys\nPlatforms Affected: PGP 7.0\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: PGP users may replace signed exported key blocks with arbitrary keys\nX-Force URL: http://xforce.iss.net/static/5902.php\n\n_____\n\nDate Reported: 1/7/01\nVulnerability: http-cgi-bbs-forum\nPlatforms Affected: WebBBS 1.0\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: bbs_forum.cgi allows remote command execution\nX-Force URL: http://xforce.iss.net/static/5906.php\n\n_____\n\nDate Reported: 1/5/01\nVulnerability: lotus-domino-directory-traversal\nPlatforms Affected: Lotus Domino 5.0.x\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Lotus Domino 5.0.x .nsf, .box, and .ns4 directory traversal\nX-Force URL: http://xforce.iss.net/static/5899.php\n\n_____\n\nDate Reported: 1/5/01\nVulnerability: http-cgi-fastgraf\nPlatforms Affected: FASTGRAF\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Fastgraf CGI scripts allow remote command execution\nX-Force URL: http://xforce.iss.net/static/5897.php\n\n_____\n\nDate Reported: 1/4/01\nVulnerability: newsdesk-cgi-read-files\nPlatforms Affected: Newsdesk 1.2\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Newsdesk.cgi allows read access to files\nX-Force URL: http://xforce.iss.net/static/5898.php\n\n_____\n\nDate Reported: 1/1/01\nVulnerability: gtk-module-execute-code\nPlatforms Affected: GTK+ 1.2.8 and earlier\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: GTK+ arbitrary code execution using custom loadable module\nX-Force URL: http://xforce.iss.net/static/5832.php\n\n_____\n\nDate Reported: 1/1/01\nVulnerability: linux-tty-writable-dos\nPlatforms Affected: Linux\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Linux writable TTY denial of service\nX-Force URL: http://xforce.iss.net/static/5896.php\n\n_____\n\n\nRisk Factor Key:\n\n High Any vulnerability that provides an attacker with immediate\n access into a machine, gains superuser access, or bypasses\n a firewall. Example: A vulnerable Sendmail 8.6.5 version\n that allows an intruder to execute commands on mail\n server. \n Medium Any vulnerability that provides information that has a\n high potential of giving system access to an intruder. \n Example: A misconfigured TFTP or vulnerable NIS server\n that allows an intruder to get the password file that\n could contain an account with a guessable password. \n Low Any vulnerability that provides information that\n potentially could lead to a compromise. Example: A\n finger that allows an intruder to find out who is online\n and potential accounts to attempt to crack passwords\n via brute force methods. \n\n\n_____\n\nAdditional Information\n\nThis document is available at http://xforce.iss.net/alerts/advisennn.php. \nTo receive these Alerts and Advisories:\n- - Subscribe to the Alert mailing list from\nhttp://xforce.iss.net/maillists/index.php\n- - Or send an email to majordomo@iss.net, and within the body of the\nmessage type:\n\u0027subscribe alert\u0027 (without the quotes). \n\n\nAbout Internet Security Systems (ISS)\nInternet Security Systems, Inc. (ISS) (NASDAQ: ISSX) is the leading\nglobal provider of security management solutions for the Internet. \nBy combining best of breed products, security management services,\naggressive research and development, and comprehensive educational\nand consulting services, ISS is the trusted security advisor for\nthousands of organizations around the world looking to protect their\nmission critical information and networks. \n\nCopyright (c) 2001 by Internet Security Systems, Inc. \n\nPermission is hereby granted for the redistribution of this Alert\nelectronically. It is not to be edited in any way without express consent\nof the X-Force. If you wish to reprint the whole or any part of this\nAlert in any other medium excluding electronic medium, please e-mail\nxforce@iss.net for permission. \n\nDisclaimer\n\nThe information within this paper may change without notice. Use of this\ninformation constitutes acceptance for use in an AS IS condition. There\nare NO warranties with regard to this information. In no event shall the\nauthor be liable for any damages whatsoever arising out of or in\nconnection with the use or spread of this information. Any use of this\ninformation is at the user\u0027s own risk. \n\n\n\n\nX-Force PGP Key available at: http://xforce.iss.net/sensitive.php as\nwell as on MIT\u0027s PGP key server and PGP.com\u0027s key server. \n\nPlease send suggestions, updates, and comments to: X-Force xforce@iss.net\nof Internet Security Systems, Inc. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: 2.6.3a\nCharset: noconv\n\niQCVAwUBOogB2jRfJiV99eG9AQESogP9HsIDfUmYkJuWUmNqPhb22a6CVpi/TiG9\n7mvhdGc3ySS6LqrvTZgXrBzAcxFlHrdTSmNka8yGiLvYAb0lnghFRZ2OxxRfK11m\nAV9VS9/Yty/Qk8BnA/7tx4DIcM4Nhry1kTqTbDkpbcfXOb2LI2WUGnMHF/xkc1ge\n3mV5zJXCUM4=\n=ClrQ\n-----END PGP SIGNATURE-----\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0185"
},
{
"db": "CERT/CC",
"id": "VU#850440"
},
{
"db": "CERT/CC",
"id": "VU#987632"
},
{
"db": "CERT/CC",
"id": "VU#342768"
},
{
"db": "BID",
"id": "2194"
},
{
"db": "BID",
"id": "2222"
},
{
"db": "BID",
"id": "2287"
},
{
"db": "VULHUB",
"id": "VHN-3007"
},
{
"db": "PACKETSTORM",
"id": "24294"
}
],
"trust": 4.05
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2001-0185",
"trust": 2.0
},
{
"db": "BID",
"id": "2287",
"trust": 2.0
},
{
"db": "BID",
"id": "2222",
"trust": 1.1
},
{
"db": "BID",
"id": "2194",
"trust": 1.1
},
{
"db": "XF",
"id": "5963",
"trust": 0.9
},
{
"db": "XF",
"id": "6010",
"trust": 0.9
},
{
"db": "XF",
"id": "5924",
"trust": 0.9
},
{
"db": "CERT/CC",
"id": "VU#850440",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#987632",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#342768",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200103-095",
"trust": 0.7
},
{
"db": "XF",
"id": "6001",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20010123 MAKE THE NETOPIA R9100 ROUTER TO CRASH",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-3007",
"trust": 0.1
},
{
"db": "XF",
"id": "5947",
"trust": 0.1
},
{
"db": "XF",
"id": "5988",
"trust": 0.1
},
{
"db": "XF",
"id": "5910",
"trust": 0.1
},
{
"db": "XF",
"id": "5908",
"trust": 0.1
},
{
"db": "XF",
"id": "6004",
"trust": 0.1
},
{
"db": "XF",
"id": "6002",
"trust": 0.1
},
{
"db": "XF",
"id": "5931",
"trust": 0.1
},
{
"db": "XF",
"id": "5900",
"trust": 0.1
},
{
"db": "XF",
"id": "5982",
"trust": 0.1
},
{
"db": "XF",
"id": "6035",
"trust": 0.1
},
{
"db": "XF",
"id": "6030",
"trust": 0.1
},
{
"db": "XF",
"id": "5937",
"trust": 0.1
},
{
"db": "XF",
"id": "5969",
"trust": 0.1
},
{
"db": "XF",
"id": "6016",
"trust": 0.1
},
{
"db": "XF",
"id": "5974",
"trust": 0.1
},
{
"db": "XF",
"id": "5912",
"trust": 0.1
},
{
"db": "XF",
"id": "5832",
"trust": 0.1
},
{
"db": "XF",
"id": "5911",
"trust": 0.1
},
{
"db": "XF",
"id": "5926",
"trust": 0.1
},
{
"db": "XF",
"id": "5920",
"trust": 0.1
},
{
"db": "XF",
"id": "6028",
"trust": 0.1
},
{
"db": "XF",
"id": "6039",
"trust": 0.1
},
{
"db": "XF",
"id": "5956",
"trust": 0.1
},
{
"db": "XF",
"id": "6011",
"trust": 0.1
},
{
"db": "XF",
"id": "5992",
"trust": 0.1
},
{
"db": "XF",
"id": "5935",
"trust": 0.1
},
{
"db": "XF",
"id": "6017",
"trust": 0.1
},
{
"db": "XF",
"id": "5922",
"trust": 0.1
},
{
"db": "XF",
"id": "5984",
"trust": 0.1
},
{
"db": "XF",
"id": "5977",
"trust": 0.1
},
{
"db": "XF",
"id": "5957",
"trust": 0.1
},
{
"db": "XF",
"id": "5993",
"trust": 0.1
},
{
"db": "XF",
"id": "6006",
"trust": 0.1
},
{
"db": "XF",
"id": "5913",
"trust": 0.1
},
{
"db": "XF",
"id": "5907",
"trust": 0.1
},
{
"db": "XF",
"id": "5897",
"trust": 0.1
},
{
"db": "XF",
"id": "6034",
"trust": 0.1
},
{
"db": "XF",
"id": "5945",
"trust": 0.1
},
{
"db": "XF",
"id": "5905",
"trust": 0.1
},
{
"db": "XF",
"id": "5940",
"trust": 0.1
},
{
"db": "XF",
"id": "5954",
"trust": 0.1
},
{
"db": "XF",
"id": "5976",
"trust": 0.1
},
{
"db": "XF",
"id": "5903",
"trust": 0.1
},
{
"db": "XF",
"id": "6003",
"trust": 0.1
},
{
"db": "XF",
"id": "6018",
"trust": 0.1
},
{
"db": "XF",
"id": "5972",
"trust": 0.1
},
{
"db": "XF",
"id": "5909",
"trust": 0.1
},
{
"db": "XF",
"id": "5916",
"trust": 0.1
},
{
"db": "XF",
"id": "6033",
"trust": 0.1
},
{
"db": "XF",
"id": "5986",
"trust": 0.1
},
{
"db": "XF",
"id": "5915",
"trust": 0.1
},
{
"db": "XF",
"id": "6019",
"trust": 0.1
},
{
"db": "XF",
"id": "5925",
"trust": 0.1
},
{
"db": "XF",
"id": "5923",
"trust": 0.1
},
{
"db": "XF",
"id": "6005",
"trust": 0.1
},
{
"db": "XF",
"id": "5978",
"trust": 0.1
},
{
"db": "XF",
"id": "5973",
"trust": 0.1
},
{
"db": "XF",
"id": "5979",
"trust": 0.1
},
{
"db": "XF",
"id": "5980",
"trust": 0.1
},
{
"db": "XF",
"id": "5941",
"trust": 0.1
},
{
"db": "XF",
"id": "5934",
"trust": 0.1
},
{
"db": "XF",
"id": "5991",
"trust": 0.1
},
{
"db": "XF",
"id": "5962",
"trust": 0.1
},
{
"db": "XF",
"id": "6014",
"trust": 0.1
},
{
"db": "XF",
"id": "5966",
"trust": 0.1
},
{
"db": "XF",
"id": "6015",
"trust": 0.1
},
{
"db": "XF",
"id": "5994",
"trust": 0.1
},
{
"db": "XF",
"id": "6036",
"trust": 0.1
},
{
"db": "XF",
"id": "5953",
"trust": 0.1
},
{
"db": "XF",
"id": "5944",
"trust": 0.1
},
{
"db": "XF",
"id": "5896",
"trust": 0.1
},
{
"db": "XF",
"id": "6040",
"trust": 0.1
},
{
"db": "XF",
"id": "5914",
"trust": 0.1
},
{
"db": "XF",
"id": "5927",
"trust": 0.1
},
{
"db": "XF",
"id": "6012",
"trust": 0.1
},
{
"db": "XF",
"id": "6025",
"trust": 0.1
},
{
"db": "XF",
"id": "5965",
"trust": 0.1
},
{
"db": "XF",
"id": "5952",
"trust": 0.1
},
{
"db": "XF",
"id": "5917",
"trust": 0.1
},
{
"db": "XF",
"id": "5898",
"trust": 0.1
},
{
"db": "XF",
"id": "6009",
"trust": 0.1
},
{
"db": "XF",
"id": "5998",
"trust": 0.1
},
{
"db": "XF",
"id": "5985",
"trust": 0.1
},
{
"db": "XF",
"id": "6026",
"trust": 0.1
},
{
"db": "XF",
"id": "6013",
"trust": 0.1
},
{
"db": "XF",
"id": "6008",
"trust": 0.1
},
{
"db": "XF",
"id": "5921",
"trust": 0.1
},
{
"db": "XF",
"id": "5981",
"trust": 0.1
},
{
"db": "XF",
"id": "5989",
"trust": 0.1
},
{
"db": "XF",
"id": "5939",
"trust": 0.1
},
{
"db": "XF",
"id": "5906",
"trust": 0.1
},
{
"db": "XF",
"id": "6031",
"trust": 0.1
},
{
"db": "XF",
"id": "6020",
"trust": 0.1
},
{
"db": "XF",
"id": "5948",
"trust": 0.1
},
{
"db": "XF",
"id": "5933",
"trust": 0.1
},
{
"db": "XF",
"id": "6027",
"trust": 0.1
},
{
"db": "XF",
"id": "5919",
"trust": 0.1
},
{
"db": "XF",
"id": "5899",
"trust": 0.1
},
{
"db": "XF",
"id": "5996",
"trust": 0.1
},
{
"db": "XF",
"id": "5987",
"trust": 0.1
},
{
"db": "XF",
"id": "5918",
"trust": 0.1
},
{
"db": "XF",
"id": "5971",
"trust": 0.1
},
{
"db": "XF",
"id": "5995",
"trust": 0.1
},
{
"db": "XF",
"id": "5928",
"trust": 0.1
},
{
"db": "XF",
"id": "5938",
"trust": 0.1
},
{
"db": "XF",
"id": "5983",
"trust": 0.1
},
{
"db": "XF",
"id": "6032",
"trust": 0.1
},
{
"db": "XF",
"id": "5997",
"trust": 0.1
},
{
"db": "XF",
"id": "5904",
"trust": 0.1
},
{
"db": "XF",
"id": "5902",
"trust": 0.1
},
{
"db": "XF",
"id": "5975",
"trust": 0.1
},
{
"db": "XF",
"id": "5901",
"trust": 0.1
},
{
"db": "XF",
"id": "5990",
"trust": 0.1
},
{
"db": "XF",
"id": "5946",
"trust": 0.1
},
{
"db": "XF",
"id": "5955",
"trust": 0.1
},
{
"db": "XF",
"id": "6038",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "24294",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#850440"
},
{
"db": "CERT/CC",
"id": "VU#987632"
},
{
"db": "CERT/CC",
"id": "VU#342768"
},
{
"db": "VULHUB",
"id": "VHN-3007"
},
{
"db": "BID",
"id": "2194"
},
{
"db": "BID",
"id": "2222"
},
{
"db": "BID",
"id": "2287"
},
{
"db": "PACKETSTORM",
"id": "24294"
},
{
"db": "NVD",
"id": "CVE-2001-0185"
},
{
"db": "CNNVD",
"id": "CNNVD-200103-095"
}
]
},
"id": "VAR-200103-0101",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-3007"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:40:59.860000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0185"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/2287"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/157952"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6001"
},
{
"trust": 0.9,
"url": "http://xforce.iss.net/static/5963.php"
},
{
"trust": 0.9,
"url": " http://xforce.iss.net/static/6010.php"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/2222"
},
{
"trust": 0.8,
"url": "http://www.ssh.com/products/ssh/patches/securerpcvulnerability.html"
},
{
"trust": 0.8,
"url": "http://www.ssh.com/products/ssh/patches.html"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/archive/1/158966"
},
{
"trust": 0.8,
"url": "http://sourceforge.net/forum/forum.php?forum_id=60570"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/2194"
},
{
"trust": 0.8,
"url": "http://www.linuxsecurity.com/advisories/mandrake_advisory-1037.html"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/xforce/xfdb/5924"
},
{
"trust": 0.7,
"url": "http://xforce.iss.net/static/6001.php"
},
{
"trust": 0.3,
"url": "http://www.netopia.com/support/technotes/hardware/nir_055.html"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5992.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5926.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5940.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6033.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5916.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6038.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5997.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6026.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5928.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5977.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6013.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5991.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5938.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5969.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5957.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5909.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5948.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6005.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5954.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5933.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5955.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6035.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5990.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5907.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5994.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5983.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5911.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6006.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5908.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5922.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5903.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6027.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5965.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5899.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5980.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5934.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5919.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5931.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5962.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5976.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6003.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5998.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6040.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5920.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5966.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5946.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5915.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5986.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5923.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5993.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6036.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5902.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5971.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5937.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5985.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5945.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6028.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5988.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6009.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6025.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5897.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5952.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5953.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6039.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5978.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5901.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5906.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5974.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6008.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5935.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5944.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5918.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6034.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5925.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6014.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5912.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5924.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5989.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6019.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5921.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5904.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5972.ph"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5900.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5898.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5973.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5832.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5975.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5913.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5905.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6015.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6016.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/maillists/index.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5996.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5981.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6012.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/alerts/advisennn.php."
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5995.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5947.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5896.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5910.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5917.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6017.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6032.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5979.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6004.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/sensitive.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5984.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5939.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5914.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5956.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5941.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6011.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6031.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6018.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6002.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5927.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6020.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5982.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5987.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6030.php"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#850440"
},
{
"db": "CERT/CC",
"id": "VU#987632"
},
{
"db": "CERT/CC",
"id": "VU#342768"
},
{
"db": "VULHUB",
"id": "VHN-3007"
},
{
"db": "BID",
"id": "2287"
},
{
"db": "PACKETSTORM",
"id": "24294"
},
{
"db": "NVD",
"id": "CVE-2001-0185"
},
{
"db": "CNNVD",
"id": "CNNVD-200103-095"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#850440"
},
{
"db": "CERT/CC",
"id": "VU#987632"
},
{
"db": "CERT/CC",
"id": "VU#342768"
},
{
"db": "VULHUB",
"id": "VHN-3007"
},
{
"db": "BID",
"id": "2194"
},
{
"db": "BID",
"id": "2222"
},
{
"db": "BID",
"id": "2287"
},
{
"db": "PACKETSTORM",
"id": "24294"
},
{
"db": "NVD",
"id": "CVE-2001-0185"
},
{
"db": "CNNVD",
"id": "CNNVD-200103-095"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-06-13T00:00:00",
"db": "CERT/CC",
"id": "VU#850440"
},
{
"date": "2001-05-05T00:00:00",
"db": "CERT/CC",
"id": "VU#987632"
},
{
"date": "2001-10-01T00:00:00",
"db": "CERT/CC",
"id": "VU#342768"
},
{
"date": "2001-03-26T00:00:00",
"db": "VULHUB",
"id": "VHN-3007"
},
{
"date": "2001-01-10T00:00:00",
"db": "BID",
"id": "2194"
},
{
"date": "2001-01-16T00:00:00",
"db": "BID",
"id": "2222"
},
{
"date": "2001-01-24T00:00:00",
"db": "BID",
"id": "2287"
},
{
"date": "2001-02-14T07:13:47",
"db": "PACKETSTORM",
"id": "24294"
},
{
"date": "2001-03-26T05:00:00",
"db": "NVD",
"id": "CVE-2001-0185"
},
{
"date": "2001-03-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200103-095"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-10-25T00:00:00",
"db": "CERT/CC",
"id": "VU#850440"
},
{
"date": "2001-06-25T00:00:00",
"db": "CERT/CC",
"id": "VU#987632"
},
{
"date": "2004-07-28T00:00:00",
"db": "CERT/CC",
"id": "VU#342768"
},
{
"date": "2017-10-10T00:00:00",
"db": "VULHUB",
"id": "VHN-3007"
},
{
"date": "2001-01-10T00:00:00",
"db": "BID",
"id": "2194"
},
{
"date": "2001-01-16T00:00:00",
"db": "BID",
"id": "2222"
},
{
"date": "2007-05-31T19:01:00",
"db": "BID",
"id": "2287"
},
{
"date": "2017-10-10T01:29:38",
"db": "NVD",
"id": "CVE-2001-0185"
},
{
"date": "2005-05-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200103-095"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "2194"
},
{
"db": "BID",
"id": "2222"
},
{
"db": "BID",
"id": "2287"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Netopia R9100 Router Denial of Service Vulnerability",
"sources": [
{
"db": "BID",
"id": "2287"
},
{
"db": "CNNVD",
"id": "CNNVD-200103-095"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200103-095"
}
],
"trust": 0.6
}
}
VAR-200105-0010
Vulnerability from variot - Updated: 2023-12-18 11:40Buffer overflow in QuickTime Player plugin 4.1.2 (Japanese) allows remote attackers to execute arbitrary commands via a long HREF parameter in an EMBED tag. The secure-RPC feature of the SSH1 client in Solaris sometimes encrypts the SSH private key file with a weak passphrase, which can be determined by an attacker and used to recover the SSH private keys. Other versions of the SSH client running on non-Solaris platforms are not affected by this vulnerability. NewsDaemon prior to version 0.21b contains a vulnerability allowing remote attackers to gain administrative access to the web site. getty_ps is an open-source software package designed to support logons to the console and terminals. Some implementations create temporary files insecurely with predictable names, leading to corruption of arbitrary files via symbolic link attack. getty_ps is an open source, freely available, publicly maintained software package shipped with many distributions of Linux. A problem in the getty_ps software package could make it vulnerable to a symbolic link attack. The problem occurs in the creation and handling of files in the /tmp directory by the getty_ps program. Under certain circumstances, getty_ps will create files in the /tmp filesystem in an insecure manner. The program uses a naming scheme that could make it possible to guess the filename of future files in the /tmp directory, and does not check for the existance of the file before attempting to create it. A malicious user could use this vulnerability to overwrite or append to and corrupt system files. SSH is a package designed to encrypt traffic between two end points using the IETF specified SSH protocol. The SSH1 package is distributed and maintained by SSH Communications Security. A problem exists which could allow the discovery of the secret key used to encrypt traffic on the local host. When using SUN-DES-1 to share keys with other hosts on the network to facilitate secure communication via protocols such as NFS and NIS+, the keys are shared between hosts using the private key of the user and a cryptographic algorithm to secure the contents of the key, which is stored on the NIS+ primary. The problem occurs when the key is encrypted with the SUN-DES-1 magic phrase prior to having done a keylogin (the keyserv does not have the users DH private key). A design flaw in the software that shares the key with the NIS+ master will inconsistently return the correct value for an attempted keyshare that has failed. A step in the private key encryption process is skipped, and the users private key is then encrypted only with the public key of the target server and the SUN-DES-1 magic phrase, a phrase that is guessable due to the way it is generated. A user from the same host can then execute a function that returns another users magic phrase, and use this to decrypt the private key of the victim. This makes it possible for a user with malicious intent to gain knowledge of a users secret key, and decrypt sensitive traffic between two hosts, with the possibility of gaining access and elevated privileges on the hosts and/or NIS+ domain. This reportedly affects the SSH2 series of the software package. Apple Quicktime plugin for Windows is vulnerable to a remote buffer overflow. A maliciously-constructed web link statement in a remote HTML document, which contains excess data argumenting an EMBED tag, could permit execution of hostile code. TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to majordomo@iss.net Contact alert-owner@iss.net for help with any problems!
-----BEGIN PGP SIGNED MESSAGE-----
Internet Security Systems Security Alert Summary February 6, 2001 Volume 6 Number 3
X-Force Vulnerability and Threat Database: http://xforce.iss.net/ To receive these Alert Summaries as well as other Alerts and Advisories, subscribe to the Internet Security Systems Alert mailing list at: http://xforce.iss.net/maillists/index.php
Contents
120 Reported Vulnerabilities
Risk Factor Key
Date Reported: 1/31/01 Vulnerability: win2k-rdp-dos Platforms Affected: Windows 2000 Risk Factor: Medium Attack Type: Network Based Brief Description: Windows 2000 Server RDP denial of service X-Force URL: http://xforce.iss.net/static/6035.php
Date Reported: 1/31/01 Vulnerability: cisco-ccs-file-access Platforms Affected: Cisco Content Services Switch Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Cisco CCS command line interface could allow read access to files and directories X-Force URL: http://xforce.iss.net/static/6031.php
Date Reported: 1/31/01 Vulnerability: quicktime-embedded-tag-bo Platforms Affected: Quicktime 4.1.2 Risk Factor: High Attack Type: Host Based Brief Description: QuickTime Player EMBED tag buffer overflow X-Force URL: http://xforce.iss.net/static/6040.php
Date Reported: 1/31/01 Vulnerability: solaris-ximp40-bo Platforms Affected: Solaris (7, 8) Risk Factor: High Attack Type: Host Based Brief Description: Solaris "ximp40" shared library buffer overflow X-Force URL: http://xforce.iss.net/static/6039.php
Date Reported: 1/31/01 Vulnerability: cisco-ccs-cli-dos Platforms Affected: Cisco Content Services Switch Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Cisco CCS command line interface denial of service X-Force URL: http://xforce.iss.net/static/6030.php
Date Reported: 1/30/01 Vulnerability: slimserve-httpd-dos Platforms Affected: SlimServe 1.0 Risk Factor: Medium Attack Type: Network Based Brief Description: SlimServe HTTPd denial of service X-Force URL: http://xforce.iss.net/static/6028.php
Date Reported: 1/30/01 Vulnerability: crazywwwboard-qdecoder-bo Platforms Affected: CrazyWWWBoard prior to 2000LEp5-1 Risk Factor: Medium Attack Type: Network Based Brief Description: CrazyWWWBoard qDecoder buffer overflow X-Force URL: http://xforce.iss.net/static/6033.php
Date Reported: 1/30/01 Vulnerability: virusbuster-mua-bo Platforms Affected: Risk Factor: Medium Attack Type: Network Based Brief Description: Virus Buster 2001 Mail User Agent (MUA) buffer overflow X-Force URL: http://xforce.iss.net/static/6034.php
Date Reported: 1/29/01 Vulnerability: iis-isapi-obtain-code Platforms Affected: IIS (4.0, 5.0) Risk Factor: Low Attack Type: Network/Host Based Brief Description: IIS allows remote attacker to obtain code fragments using .htr ISAPI extensions X-Force URL: http://xforce.iss.net/static/6032.php
Date Reported: 1/29/01 Vulnerability: bind-inverse-query-disclosure Platforms Affected: Bind (4.x, 8.2.x) Risk Factor: Medium Attack Type: Network Based Brief Description: BIND 4.x and 8.2.x exposes environment variables X-Force URL: http://xforce.iss.net/static/6018.php
Date Reported: 1/29/01 Vulnerability: hp-man-dos Platforms Affected: HPUX Risk Factor: Medium Attack Type: Host Based Brief Description: HP man command denial of service X-Force URL: http://xforce.iss.net/static/6014.php
Date Reported: 1/29/01 Vulnerability: sort-temp-file-abort Platforms Affected: FreeBSD Risk Factor: Medium Attack Type: Host Based Brief Description: Sort temporary files denial of service X-Force URL: http://xforce.iss.net/static/6038.php
Date Reported: 1/29/01 Vulnerability: bind-complain-format-string Platforms Affected: BIND 4.x Risk Factor: Medium Attack Type: Network Based Brief Description: BIND 4.x nslookupComplain() format string X-Force URL: http://xforce.iss.net/static/6017.php
Date Reported: 1/29/01 Vulnerability: bind-complain-bo Platforms Affected: BIND 4.x Risk Factor: Medium Attack Type: Network Based Brief Description: BIND 4.x nslookupComplain() buffer overflow X-Force URL: http://xforce.iss.net/static/6016.php
Date Reported: 1/29/01 Vulnerability: winvnc-client-bo Platforms Affected: WinVNC Risk Factor: High Attack Type: Network Based Brief Description: WinVNC client buffer overflow X-Force URL: http://xforce.iss.net/static/6025.php
Date Reported: 1/29/01 Vulnerability: winvnc-server-bo Platforms Affected: WinVNC Risk Factor: High Attack Type: Network Based Brief Description: WinVNC server buffer overflow X-Force URL: http://xforce.iss.net/static/6026.php
Date Reported: 1/29/01 Vulnerability: guestserver-cgi-execute-commands Platforms Affected: Guestserver 4.12 and earlier Risk Factor: High Attack Type: Network Based Brief Description: Guestserver.cgi allows remote command execution X-Force URL: http://xforce.iss.net/static/6027.php
Date Reported: 1/29/01 Vulnerability: bind-tsig-bo Platforms Affected: BIND 8.2.x Risk Factor: Unauthorized Access Attempt Attack Type: Network/Host Based Brief Description: BIND 8.2.x transaction signature (TSIG) buffer overflow X-Force URL: http://xforce.iss.net/static/6015.php
Date Reported: 1/28/01 Vulnerability: hyperseek-cgi-reveal-info Platforms Affected: Hyperseek Search Engine 2000 Risk Factor: Medium Attack Type: Network Based Brief Description: Hyperseek CGI could reveal listings of directories and files X-Force URL: http://xforce.iss.net/static/6012.php
Date Reported: 1/26/01 Vulnerability: newsdaemon-gain-admin-access Platforms Affected: NewsDaemon prior to 0.21b Risk Factor: High Attack Type: Network Based Brief Description: NewsDaemon allows remote users to gain administrative access X-Force URL: http://xforce.iss.net/static/6010.php
Date Reported: 1/26/01 Vulnerability: mars-nwe-format-string Platforms Affected: Mars_nwe 0.99.pl19 Risk Factor: High Attack Type: Network Based Brief Description: Mars_nwe format string X-Force URL: http://xforce.iss.net/static/6019.php
Date Reported: 1/26/01 Vulnerability: mars-nwe-format-string Platforms Affected: Mars_nwe 0.99.pl19 Risk Factor: High Attack Type: Network Based Brief Description: Mars_nwe format string X-Force URL: http://xforce.iss.net/static/6019.php
Date Reported: 1/25/01 Vulnerability: planetintra-pi-bo Platforms Affected: Planet Intra LAN Intranet 2.5 Risk Factor: High Attack Type: Network Based Brief Description: Planet Intra 'pi' binary buffer oveflow X-Force URL: http://xforce.iss.net/static/6002.php
Date Reported: 1/25/01 Vulnerability: borderware-ping-dos Platforms Affected: BorderWare Firewall Server 6.1.2 Risk Factor: High Attack Type: Network Based Brief Description: BorderWare ping denial of service X-Force URL: http://xforce.iss.net/static/6004.php
Date Reported: 1/25/01 Vulnerability: aol-malformed-url-dos Platforms Affected: AOL 5.0 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: AOL malformed URL denial of service X-Force URL: http://xforce.iss.net/static/6009.php
Date Reported: 1/25/01 Vulnerability: mirc-bypass-password Platforms Affected: mIRC Risk Factor: High Attack Type: Host Based Brief Description: mIRC allows malicious user to bypass password X-Force URL: http://xforce.iss.net/static/6013.php
Date Reported: 1/25/01 Vulnerability: netscape-enterprise-revlog-dos Platforms Affected: Netscape Enterprise Server Risk Factor: Medium Attack Type: Network Based Brief Description: Netscape Enterprise Server REVLOG denial of service X-Force URL: http://xforce.iss.net/static/6003.php
Date Reported: 1/24/01 Vulnerability: aim-execute-code Platforms Affected: AOL Instant Messenger 4.1 and later Risk Factor: High Attack Type: Host Based Brief Description: AOL Instant Messenger execution of code in modified images X-Force URL: http://xforce.iss.net/static/6005.php
Date Reported: 1/24/01 Vulnerability: netscape-enterprise-list-directories Platforms Affected: Netscape Enterprise Server (3.0, 4.0) Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Netscape Enterprise Server allows remote directory listing X-Force URL: http://xforce.iss.net/static/5997.php
Date Reported: 1/24/01 Vulnerability: winnt-mutex-dos Platforms Affected: Windows NT 4.0 Risk Factor: Medium Attack Type: Host Based Brief Description: Windows NT mutex denial of service X-Force URL: http://xforce.iss.net/static/6006.php
Date Reported: 1/24/01 Vulnerability: jrun-webinf-file-retrieval Platforms Affected: JRun Risk Factor: Medium Attack Type: Network/Host Based Brief Description: JRun malformed URL file retrieval X-Force URL: http://xforce.iss.net/static/6008.php
Date Reported: 1/23/01 Vulnerability: ipfw-bypass-firewall Platforms Affected: FreeBSD (3.x, 4.x) Risk Factor: High Attack Type: Network Based Brief Description: ipfw/ip6fw allows remote attacker to bypass firewall X-Force URL: http://xforce.iss.net/static/5998.php
Date Reported: 1/23/01 Vulnerability: netopia-telnet-dos Platforms Affected: Netopia R-series router Risk Factor: Medium Attack Type: Network Based Brief Description: Netopia R9100 allows remote user to crash the router using telnet X-Force URL: http://xforce.iss.net/static/6001.php
Date Reported: 1/23/01 Vulnerability: wuftp-debug-format-string Platforms Affected: Wu-ftpd Risk Factor: High Attack Type: Network Based Brief Description: Wu-ftpd debug mode format string X-Force URL: http://xforce.iss.net/static/6020.php
Date Reported: 1/23/01 Vulnerability: kde2-kdesu-retrieve-passwords Platforms Affected: Linux: Caldera eDesktop 2.4 Risk Factor: High Attack Type: Host Based Brief Description: KDE2 kdesu program allows users to retrieve passwords X-Force URL: http://xforce.iss.net/static/5995.php
Date Reported: 1/23/01 Vulnerability: easycom-safecom-url-bo Platforms Affected: Easycom/Safecom firmware 404.590 Risk Factor: Medium Attack Type: Network Based Brief Description: Easycom/Safecom print server long URL buffer overflow X-Force URL: http://xforce.iss.net/static/5988.php
Date Reported: 1/23/01 Vulnerability: easycom-safecom-printguide-dos Platforms Affected: Easycom/Safecom firmware 404.590 Risk Factor: Medium Attack Type: Network Based Brief Description: Easycom/Safecom PrintGuide denial of service X-Force URL: http://xforce.iss.net/static/5989.php
Date Reported: 1/23/01 Vulnerability: easycom-safecom-ftp-dos Platforms Affected: Easycom/Safecom firmware 404.590 Risk Factor: Medium Attack Type: Network Based Brief Description: Easycom/Safecom FTP denial of service X-Force URL: http://xforce.iss.net/static/5990.php
Date Reported: 1/23/01 Vulnerability: vnc-weak-authentication Platforms Affected: VNC 3.3.3 and earlier Risk Factor: Medium Attack Type: Network Based Brief Description: VNC weak authentication could allow unauthorized access X-Force URL: http://xforce.iss.net/static/5992.php
Date Reported: 1/23/01 Vulnerability: lotus-domino-smtp-bo Platforms Affected: Lotus Domino 5.0 Risk Factor: High Attack Type: Network/Host Based Brief Description: Lotus Domino SMTP Server policy feature buffer overflow X-Force URL: http://xforce.iss.net/static/5993.php
Date Reported: 1/23/01 Vulnerability: linux-sash-shadow-readable Platforms Affected: sash prior to 3.4-4 Risk Factor: High Attack Type: Host Based Brief Description: Linux sash /etc/shadow directory world-readable X-Force URL: http://xforce.iss.net/static/5994.php
Date Reported: 1/22/01 Vulnerability: powerpoint-execute-code Platforms Affected: Microsoft PowerPoint 2000 Risk Factor: High Attack Type: Host Based Brief Description: PowerPoint could allow code execution on another user's computer X-Force URL: http://xforce.iss.net/static/5996.php
Date Reported: 1/22/01 Vulnerability: icecast-format-string Platforms Affected: Icecast 1.3.8beta2 and prior Risk Factor: High Attack Type: Network/Host Based Brief Description: Icecast format string could allow arbitrary code execution X-Force URL: http://xforce.iss.net/static/5978.php
Date Reported: 1/22/01 Vulnerability: oracle-handlers-directory-traversal Platforms Affected: Oracle 8.1.7 Risk Factor: High Attack Type: Network Based Brief Description: Oracle JSP/SQLJP handlers directory traversal X-Force URL: http://xforce.iss.net/static/5986.php
Date Reported: 1/22/01 Vulnerability: oracle-handlers-execute-jsp Platforms Affected: Oracle 8.1.7 Risk Factor: High Attack Type: Network Based Brief Description: Oracle JSP/SQLJP handlers allows remote attacker to execute .jsp files X-Force URL: http://xforce.iss.net/static/5987.php
Date Reported: 1/22/01 Vulnerability: netscape-enterprise-dot-dos Platforms Affected: Netscape Enterprise Server 4.1 SP5 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Netscape Enterprise Server "/../" denial of service X-Force URL: http://xforce.iss.net/static/5983.php
Date Reported: 1/22/01 Vulnerability: goodtech-ftp-dos Platforms Affected: GoodTech FTP 3.0.1.2.1.0 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: GoodTech FTP server denial of service X-Force URL: http://xforce.iss.net/static/5984.php
Date Reported: 1/22/01 Vulnerability: netscape-fasttrack-cache-dos Platforms Affected: Netscape FastTrack Risk Factor: Low Attack Type: Host Based Brief Description: Netscape FastTrack Server cache denial of service X-Force URL: http://xforce.iss.net/static/5985.php
Date Reported: 1/21/01 Vulnerability: eeye-iris-dos Platforms Affected: Iris Network Analyzer 1.01beta Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Iris denial of service X-Force URL: http://xforce.iss.net/static/5981.php
Date Reported: 1/20/01 Vulnerability: watchguard-firebox-obtain-passphrase Platforms Affected: Firebox II Risk Factor: High Attack Type: Network Based Brief Description: WatchGuard Firebox allows remote user to obtain passphrase X-Force URL: http://xforce.iss.net/static/5979.php
Date Reported: 1/19/01 Vulnerability: fastream-ftp-server-dos Platforms Affected: Fastream FTP++ Simple FTP Server 2.0 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Fastream FTP denial of service X-Force URL: http://xforce.iss.net/static/5976.php
Date Reported: 1/19/01 Vulnerability: fastream-ftp-path-disclosure Platforms Affected: Fastream FTP++ Simple FTP Server 2.0 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Fastream FTP path disclosure X-Force URL: http://xforce.iss.net/static/5977.php
Date Reported: 1/19/01 Vulnerability: localweb2k-directory-traversal Platforms Affected: LocalWEB2000 HTTP Server 1.1.0 Risk Factor: Medium Attack Type: Network Based Brief Description: LocalWEB2000 directory traversal X-Force URL: http://xforce.iss.net/static/5982.php
Date Reported: 1/19/01 Vulnerability: win2k-efs-recover-data Platforms Affected: Windows 2000 Risk Factor: High Attack Type: Host Based Brief Description: Windows 2000 EFS allows local user to recover sensitive data X-Force URL: http://xforce.iss.net/static/5973.php
Date Reported: 1/19/01 Vulnerability: linux-bing-bo Platforms Affected: Linux Risk Factor: High Attack Type: Host Based Brief Description: Bing host name buffer overflow X-Force URL: http://xforce.iss.net/static/6036.php
Date Reported: 1/18/01 Vulnerability: micq-sprintf-remote-bo Platforms Affected: Matt's ICQ Clone 0.4.6 Risk Factor: High Attack Type: Network Based Brief Description: ICQ clone for Linux sprintf() remote buffer overflow X-Force URL: http://xforce.iss.net/static/5962.php
Date Reported: 1/18/01 Vulnerability: mysql-select-bo Platforms Affected: MySQL prior to 3.23.31 Risk Factor: High Attack Type: Host Based Brief Description: MySQL select buffer overflow X-Force URL: http://xforce.iss.net/static/5969.php
Date Reported: 1/18/01 Vulnerability: shoutcast-description-bo Platforms Affected: SHOUTcast DNAS 1.7.1 Risk Factor: Low Attack Type: Network/Host Based Brief Description: Shoutcast Server for Linux description buffer overflow X-Force URL: http://xforce.iss.net/static/5965.php
Date Reported: 1/17/01 Vulnerability: fw1-limited-license-dos Platforms Affected: Check Point Firewall-1 4.1 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: FireWall-1 limited-IP license denial of service X-Force URL: http://xforce.iss.net/static/5966.php
Date Reported: 1/17/01 Vulnerability: fw1-limited-license-dos Platforms Affected: Check Point Firewall-1 4.1 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: FireWall-1 limited-IP license denial of service X-Force URL: http://xforce.iss.net/static/5966.php
Date Reported: 1/17/01 Vulnerability: hp-stm-dos Platforms Affected: HPUX Risk Factor: Medium Attack Type: Host Based Brief Description: HP-UX Support Tools Manager denial of service X-Force URL: http://xforce.iss.net/static/5957.php
Date Reported: 1/17/01 Vulnerability: linux-webmin-tmpfiles Platforms Affected: OpenLinux (2.3, 2.4) Risk Factor: High Attack Type: Host Based Brief Description: Webmin use of tmpfiles could allow a local user to overwrite files X-Force URL: http://xforce.iss.net/static/6011.php
Date Reported: 1/17/01 Vulnerability: tinyproxy-remote-bo Platforms Affected: tinyproxy 1.3.2 and 1.3.3 Risk Factor: Medium Attack Type: Network Based Brief Description: Tinyproxy remote buffer overflow X-Force URL: http://xforce.iss.net/static/5954.php
Date Reported: 1/17/01 Vulnerability: postaci-sql-command-injection Platforms Affected: PostACI Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Postaci SQL command injection X-Force URL: http://xforce.iss.net/static/5972.ph p
Date Reported: 1/17/01 Vulnerability: wwwwais-cgi-dos Platforms Affected: wwwwais.c 25 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: wwwwais CGI based program denial of service X-Force URL: http://xforce.iss.net/static/5980.php
Date Reported: 1/17/01 Vulnerability: mime-header-attachment Platforms Affected: MIME 1.0 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: MIME headers could allow spoofed file attachment X-Force URL: http://xforce.iss.net/static/5991.php
Date Reported: 1/16/01 Vulnerability: ssh-rpc-private-key Platforms Affected: SSH Risk Factor: Medium Attack Type: Network/Host Based Brief Description: SSH secure-RPC could generate a passphrase that exposes a user's private key X-Force URL: http://xforce.iss.net/static/5963.php
Date Reported: 1/16/01 Vulnerability: linux-glibc-preload-overwrite Platforms Affected: Linux Risk Factor: Low Attack Type: Host Based Brief Description: Linux glibc LD_PRELOAD file overwrite X-Force URL: http://xforce.iss.net/static/5971.php
Date Reported: 1/16/01 Vulnerability: inn-tmpfile-symlink Platforms Affected: InterNet News (INN) Risk Factor: High Attack Type: Host Based Brief Description: INN tmpfile symbolic link X-Force URL: http://xforce.iss.net/static/5974.php
Date Reported: 1/15/01 Vulnerability: interscan-viruswall-insecure-password Platforms Affected: InterScan VirusWall (3.0.1, 3.6.x) Risk Factor: High Attack Type: Network Based Brief Description: InterScan VirusWall for Unix password change insecure X-Force URL: http://xforce.iss.net/static/5944.php
Date Reported: 1/15/01 Vulnerability: interscan-viruswall-weak-authentication Platforms Affected: InterScan VirusWall (3.0.1, 3.6.x) Risk Factor: Medium Attack Type: Network Based Brief Description: InterScan VirusWall for Unix uses weak authentication X-Force URL: http://xforce.iss.net/static/5946.php
Date Reported: 1/15/01 Vulnerability: ie-mshtml-dos Platforms Affected: Internet Explorer 4.0 and later Risk Factor: Medium Attack Type: Network Based Brief Description: Internet Explorer mshtml.dll denial of service X-Force URL: http://xforce.iss.net/static/5938.php
Date Reported: 1/15/01 Vulnerability: dhcp-format-string Platforms Affected: Caldera OpenLinux Desktop (2.3, 2.3.1, 2.4) Risk Factor: High Attack Type: Network Based Brief Description: Caldera DHCP format string X-Force URL: http://xforce.iss.net/static/5953.php
Date Reported: 1/15/01 Vulnerability: win-mediaplayer-arbitrary-code Platforms Affected: Windows Media Player 7.0 Risk Factor: High Attack Type: Network/Host Based Brief Description: Windows Media Player skins can be used execute arbitrary code X-Force URL: http://xforce.iss.net/static/5937.php
Date Reported: 1/15/01 Vulnerability: veritas-backupexec-dos Platforms Affected: Backup Exec 4.5 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Veritas Backup Exec denial of service X-Force URL: http://xforce.iss.net/static/5941.php
Date Reported: 1/15/01 Vulnerability: interscan-viruswall-symlink Platforms Affected: InterScan VirusWall (3.0.1, 3.6.x) Risk Factor: High Attack Type: Host Based Brief Description: InterScan VirusWall for Unix symbolic link X-Force URL: http://xforce.iss.net/static/5947.php
Date Reported: 1/15/01 Vulnerability: omnihttpd-statsconfig-corrupt-files Platforms Affected: OmniHTTPd Risk Factor: Medium Attack Type: Network Based Brief Description: OmniHTTPd statsconfig.pl corrupt any file on the system X-Force URL: http://xforce.iss.net/static/5955.php
Date Reported: 1/15/01 Vulnerability: omnihttpd-statsconfig-execute-code Platforms Affected: OmniHTTPd Risk Factor: High Attack Type: Network Based Brief Description: OmniHTTPD statsconfig.pl allows code execution X-Force URL: http://xforce.iss.net/static/5956.php
Date Reported: 1/15/01 Vulnerability: icmp-pmtu-dos Platforms Affected: Linux BSD Risk Factor: Medium Attack Type: Network Based Brief Description: ICMP PMTU denial of service X-Force URL: http://xforce.iss.net/static/5975.php
Date Reported: 1/15/01 Vulnerability: icmp-pmtu-dos Platforms Affected: Linux BSD Risk Factor: Medium Attack Type: Network Based Brief Description: ICMP PMTU denial of service X-Force URL: http://xforce.iss.net/static/5975.php
Date Reported: 1/14/01 Vulnerability: splitvt-perserc-format-string Platforms Affected: splitvt 1.6.4 and earlier Risk Factor: High Attack Type: Host Based Brief Description: Splitvt perserc.c module format string X-Force URL: http://xforce.iss.net/static/5948.php
Date Reported: 1/14/01 Vulnerability: splitvt-perserc-format-string Platforms Affected: splitvt 1.6.4 and earlier Risk Factor: High Attack Type: Host Based Brief Description: Splitvt perserc.c module format string X-Force URL: http://xforce.iss.net/static/5948.php
Date Reported: 1/14/01 Vulnerability: flash-module-bo Platforms Affected: Oliver Debon Flash plugin 0.4.9 and earlier Risk Factor: Medium Attack Type: Network Based Brief Description: Flash browser module buffer overflow X-Force URL: http://xforce.iss.net/static/5952.php
Date Reported: 1/13/01 Vulnerability: rctab-elevate-privileges Platforms Affected: Linux SuSE Risk Factor: Medium Attack Type: Host Based Brief Description: rctab in SuSE Linux could allow privilege elevation X-Force URL: http://xforce.iss.net/static/5945.php
Date Reported: 1/12/01 Vulnerability: ultraboard-cgi-perm Platforms Affected: UltraBoard 2000B Risk Factor: Medium Attack Type: Network/Host Based Brief Description: UltraBoard CGI weak permissions X-Force URL: http://xforce.iss.net/static/5931.php
Date Reported: 1/12/01 Vulnerability: compaq-web-management-bo Platforms Affected: Compaq Web-Based Management Risk Factor: High Attack Type: Network Based Brief Description: Compaq Web-Based Management program buffer overflow X-Force URL: http://xforce.iss.net/static/5935.php
Date Reported: 1/12/01 Vulnerability: php-htaccess-unauth-access Platforms Affected: PHP (4.0.0, 4.0.4) Risk Factor: Low Attack Type: Network Based Brief Description: PHP could allow unauthorized access to restricted files X-Force URL: http://xforce.iss.net/static/5940.php
Date Reported: 1/12/01 Vulnerability: basilix-webmail-retrieve-files Platforms Affected: Basilix Webmail 0.9.7beta Risk Factor: Low Attack Type: Network Based Brief Description: Basilix Webmail System allows unauthorized users to retrieve files X-Force URL: http://xforce.iss.net/static/5934.php
Date Reported: 1/12/01 Vulnerability: solaris-arp-bo Platforms Affected: Solaris Risk Factor: High Attack Type: Host Based Brief Description: Solaris arp buffer overflow X-Force URL: http://xforce.iss.net/static/5928.php
Date Reported: 1/12/01 Vulnerability: php-view-source-code Platforms Affected: PHP (4.0.0, 4.0.4) Risk Factor: Low Attack Type: Network Based Brief Description: PHP could allow remote viewing of source code X-Force URL: http://xforce.iss.net/static/5939.php
Date Reported: 1/11/01 Vulnerability: wec-ntlm-authentication Platforms Affected: Windows 2000 Microsoft Office 2000 Windows ME Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Web Extender Client (WEC) NTLM authentication X-Force URL: http://xforce.iss.net/static/5920.php
Date Reported: 1/11/01 Vulnerability: spamcop-url-seq-predict Platforms Affected: SpamCop Risk Factor: Low Attack Type: Network/Host Based Brief Description: SpamCop URL number increment sequence prediction X-Force URL: http://xforce.iss.net/static/5933.php
Date Reported: 1/10/01 Vulnerability: linux-wuftpd-privatepw-symlink Platforms Affected: Linux Risk Factor: Medium Attack Type: Host Based Brief Description: Linux wu-ftpd privatepw symbolic link X-Force URL: http://xforce.iss.net/static/5915.php
Date Reported: 1/10/01 Vulnerability: rdist-symlink Platforms Affected: rdist Risk Factor: High Attack Type: Host Based Brief Description: rdist symbolic link X-Force URL: http://xforce.iss.net/static/5925.php
Date Reported: 1/10/01 Vulnerability: squid-email-symlink Platforms Affected: squid Risk Factor: High Attack Type: Host Based Brief Description: squid email notification symbolic link X-Force URL: http://xforce.iss.net/static/5921.php
Date Reported: 1/10/01 Vulnerability: linux-diffutils-sdiff-symlimk Platforms Affected: Linux Risk Factor: Medium Attack Type: Host Based Brief Description: Linux diffutils sdiff symbolic link X-Force URL: http://xforce.iss.net/static/5914.php
Date Reported: 1/10/01 Vulnerability: tcpdump-arpwatch-symlink Platforms Affected: arpwatch Risk Factor: High Attack Type: Host Based Brief Description: tcpdump arpwatch symbolic link X-Force URL: http://xforce.iss.net/static/5922.php
Date Reported: 1/10/01 Vulnerability: linuxconf-vpop3d-symlink Platforms Affected: linuxconf Risk Factor: Medium Attack Type: Host Based Brief Description: Linuxconf vpop3d symbolic link X-Force URL: http://xforce.iss.net/static/5923.php
Date Reported: 1/10/01 Vulnerability: shadow-utils-useradd-symlink Platforms Affected: shadow-utils Risk Factor: High Attack Type: Host Based Brief Description: shadow-utils useradd symbolic link X-Force URL: http://xforce.iss.net/static/5927.php
Date Reported: 1/10/01 Vulnerability: linux-glibc-read-files Platforms Affected: Linux glibc Risk Factor: Medium Attack Type: Host Based Brief Description: Linux glibc library can allow users to read restricted files X-Force URL: http://xforce.iss.net/static/5907.php
Date Reported: 1/10/01 Vulnerability: gettyps-symlink Platforms Affected: gettyps Risk Factor: High Attack Type: Host Based Brief Description: getty_ps symbolic link X-Force URL: http://xforce.iss.net/static/5924.php
Date Reported: 1/10/01 Vulnerability: linux-gpm-symlink Platforms Affected: gpm Risk Factor: Medium Attack Type: Host Based Brief Description: Linux gpm symbolic link attack X-Force URL: http://xforce.iss.net/static/5917.php
Date Reported: 1/10/01 Vulnerability: linux-mgetty-symlink Platforms Affected: mgetty Risk Factor: Medium Attack Type: Host Based Brief Description: Linux mgetty symbolic link attack X-Force URL: http://xforce.iss.net/static/5918.php
Date Reported: 1/10/01 Vulnerability: linux-apache-symlink Platforms Affected: Apache Risk Factor: Medium Attack Type: Host Based Brief Description: Linux Apache symbolic link X-Force URL: http://xforce.iss.net/static/5926.php
Date Reported: 1/10/01 Vulnerability: linux-inn-symlink Platforms Affected: inn Risk Factor: Medium Attack Type: Host Based Brief Description: Linux INN tmp directory symbolic link X-Force URL: http://xforce.iss.net/static/5916.php
Date Reported: 1/10/01 Vulnerability: conferenceroom-developer-dos Platforms Affected: ConferenceRoom Professional Edition Risk Factor: Medium Attack Type: Network/Host Based Brief Description: ConferenceRoom Developer Edition denial of service X-Force URL: http://xforce.iss.net/static/5909.php
Date Reported: 1/9/01 Vulnerability: oracle-xsql-execute-code Platforms Affected: Oracle 8.1.7 Risk Factor: High Attack Type: Network Based Brief Description: Oracle XSQL servlet and xml-stylesheet allows code execution on server X-Force URL: http://xforce.iss.net/static/5905.php
Date Reported: 1/9/01 Vulnerability: netscreen-webui-bo Platforms Affected: NetScreen Risk Factor: Medium Attack Type: Network Based Brief Description: NetScreen Firewall WebUI buffer overflow X-Force URL: http://xforce.iss.net/static/5908.php
Date Reported: 1/9/01 Vulnerability: suse-reiserfs-long-filenames Platforms Affected: SuSE 7.0 Risk Factor: High Attack Type: Host Based Brief Description: SuSE reiserfs long file name denial of service X-Force URL: http://xforce.iss.net/static/5910.php
Date Reported: 1/9/01 Vulnerability: interbase-backdoor-account Platforms Affected: InterBase 6.01 and earlier Risk Factor: High Attack Type: Network/Host Based Brief Description: InterBase built-in backdoor account X-Force URL: http://xforce.iss.net/static/5911.php
Date Reported: 1/9/01 Vulnerability: interbase-hidden-function-dos Platforms Affected: InterBase 6.01 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: InterBase hidden function denial of service X-Force URL: http://xforce.iss.net/static/5912.php
Date Reported: 1/9/01 Vulnerability: brickserver-thttpd-dos Platforms Affected: BRICKServer Small Business Risk Factor: Medium Attack Type: Network Based Brief Description: BRICKServer thttpd denial of service X-Force URL: http://xforce.iss.net/static/5919.php
Date Reported: 1/9/01 Vulnerability: solaris-exrecover-bo Platforms Affected: Solaris (2.4, 2.5, 2.5.1, 2.6) Risk Factor: Medium Attack Type: Host Based Brief Description: Solaris exrecover buffer overflow X-Force URL: http://xforce.iss.net/static/5913.php
Date Reported: 1/9/01 Vulnerability: hp-inetd-swait-dos Platforms Affected: HPUX Risk Factor: Medium Attack Type: Host Based Brief Description: HP-UX inetd swait denial of service X-Force URL: http://xforce.iss.net/static/5904.php
Date Reported: 1/8/01 Vulnerability: microsoft-iis-read-files Platforms Affected: IIS (4.0, 5.0) Risk Factor: Medium Attack Type: Network Based Brief Description: Microsoft IIS 5.0 allows the viewing of files through malformed URL X-Force URL: http://xforce.iss.net/static/5903.php
Date Reported: 1/8/01 Vulnerability: ibm-websphere-dos Platforms Affected: IBM Websphere 3.52 IBM HTTP Server 1.3.12 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: IBM WebSphere denial of service X-Force URL: http://xforce.iss.net/static/5900.php
Date Reported: 1/8/01 Vulnerability: storagesoft-imagecast-dos Platforms Affected: ImageCast 4.1 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: StorageSoft ImageCast denial of service X-Force URL: http://xforce.iss.net/static/5901.php
Date Reported: 1/8/01 Vulnerability: nai-pgp-replace-keys Platforms Affected: PGP 7.0 Risk Factor: Medium Attack Type: Host Based Brief Description: PGP users may replace signed exported key blocks with arbitrary keys X-Force URL: http://xforce.iss.net/static/5902.php
Date Reported: 1/7/01 Vulnerability: http-cgi-bbs-forum Platforms Affected: WebBBS 1.0 Risk Factor: High Attack Type: Network Based Brief Description: bbs_forum.cgi allows remote command execution X-Force URL: http://xforce.iss.net/static/5906.php
Date Reported: 1/5/01 Vulnerability: lotus-domino-directory-traversal Platforms Affected: Lotus Domino 5.0.x Risk Factor: Medium Attack Type: Network Based Brief Description: Lotus Domino 5.0.x .nsf, .box, and .ns4 directory traversal X-Force URL: http://xforce.iss.net/static/5899.php
Date Reported: 1/5/01 Vulnerability: http-cgi-fastgraf Platforms Affected: FASTGRAF Risk Factor: High Attack Type: Network Based Brief Description: Fastgraf CGI scripts allow remote command execution X-Force URL: http://xforce.iss.net/static/5897.php
Date Reported: 1/4/01 Vulnerability: newsdesk-cgi-read-files Platforms Affected: Newsdesk 1.2 Risk Factor: High Attack Type: Network Based Brief Description: Newsdesk.cgi allows read access to files X-Force URL: http://xforce.iss.net/static/5898.php
Date Reported: 1/1/01 Vulnerability: gtk-module-execute-code Platforms Affected: GTK+ 1.2.8 and earlier Risk Factor: High Attack Type: Host Based Brief Description: GTK+ arbitrary code execution using custom loadable module X-Force URL: http://xforce.iss.net/static/5832.php
Date Reported: 1/1/01 Vulnerability: linux-tty-writable-dos Platforms Affected: Linux Risk Factor: Medium Attack Type: Host Based Brief Description: Linux writable TTY denial of service X-Force URL: http://xforce.iss.net/static/5896.php
Risk Factor Key:
High Any vulnerability that provides an attacker with immediate
access into a machine, gains superuser access, or bypasses
a firewall. Example: A vulnerable Sendmail 8.6.5 version
that allows an intruder to execute commands on mail
server.
Medium Any vulnerability that provides information that has a
high potential of giving system access to an intruder.
Example: A misconfigured TFTP or vulnerable NIS server
that allows an intruder to get the password file that
could contain an account with a guessable password.
Low Any vulnerability that provides information that
potentially could lead to a compromise. Example: A
finger that allows an intruder to find out who is online
and potential accounts to attempt to crack passwords
via brute force methods.
Additional Information
This document is available at http://xforce.iss.net/alerts/advisennn.php. To receive these Alerts and Advisories: - - Subscribe to the Alert mailing list from http://xforce.iss.net/maillists/index.php - - Or send an email to majordomo@iss.net, and within the body of the message type: 'subscribe alert' (without the quotes).
About Internet Security Systems (ISS) Internet Security Systems, Inc. (ISS) (NASDAQ: ISSX) is the leading global provider of security management solutions for the Internet. By combining best of breed products, security management services, aggressive research and development, and comprehensive educational and consulting services, ISS is the trusted security advisor for thousands of organizations around the world looking to protect their mission critical information and networks.
Copyright (c) 2001 by Internet Security Systems, Inc.
Permission is hereby granted for the redistribution of this Alert electronically. It is not to be edited in any way without express consent of the X-Force. If you wish to reprint the whole or any part of this Alert in any other medium excluding electronic medium, please e-mail xforce@iss.net for permission.
Disclaimer
The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk.
X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as well as on MIT's PGP key server and PGP.com's key server.
Please send suggestions, updates, and comments to: X-Force xforce@iss.net of Internet Security Systems, Inc.
-----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: noconv
iQCVAwUBOogB2jRfJiV99eG9AQESogP9HsIDfUmYkJuWUmNqPhb22a6CVpi/TiG9 7mvhdGc3ySS6LqrvTZgXrBzAcxFlHrdTSmNka8yGiLvYAb0lnghFRZ2OxxRfK11m AV9VS9/Yty/Qk8BnA/7tx4DIcM4Nhry1kTqTbDkpbcfXOb2LI2WUGnMHF/xkc1ge 3mV5zJXCUM4= =ClrQ -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200105-0010",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "4.1.2"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ssh security",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sun",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "daemonnews",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "immunix",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mandrakesoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "getty ps",
"version": null
},
{
"model": "immunix os -beta",
"scope": "eq",
"trust": 0.3,
"vendor": "wirex",
"version": "7.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "7.2"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "7.1"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "7.0"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "6.1"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "6.0"
},
{
"model": "communications security ssh",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "1.2.30"
},
{
"model": "communications security ssh",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "1.2.29"
},
{
"model": "communications security ssh",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "1.2.28"
},
{
"model": "communications security ssh",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "1.2.27"
},
{
"model": "quicktime plugin windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "-4.1.2"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#850440"
},
{
"db": "CERT/CC",
"id": "VU#987632"
},
{
"db": "CERT/CC",
"id": "VU#342768"
},
{
"db": "BID",
"id": "2194"
},
{
"db": "BID",
"id": "2222"
},
{
"db": "BID",
"id": "2328"
},
{
"db": "NVD",
"id": "CVE-2001-0198"
},
{
"db": "CNNVD",
"id": "CNNVD-200105-020"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:4.1.2:*:*:ja:*:windows:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0198"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Reported to bugtraq by UNYUN \u003cshadowpenguin@backsection.net\u003e\non Wed, 31 Jan 2001.",
"sources": [
{
"db": "BID",
"id": "2328"
},
{
"db": "CNNVD",
"id": "CNNVD-200105-020"
}
],
"trust": 0.9
},
"cve": "CVE-2001-0198",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "VHN-3020",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2001-0198",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#850440",
"trust": 0.8,
"value": "1.89"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#987632",
"trust": 0.8,
"value": "3.19"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#342768",
"trust": 0.8,
"value": "5.63"
},
{
"author": "CNNVD",
"id": "CNNVD-200105-020",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-3020",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#850440"
},
{
"db": "CERT/CC",
"id": "VU#987632"
},
{
"db": "CERT/CC",
"id": "VU#342768"
},
{
"db": "VULHUB",
"id": "VHN-3020"
},
{
"db": "NVD",
"id": "CVE-2001-0198"
},
{
"db": "CNNVD",
"id": "CNNVD-200105-020"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in QuickTime Player plugin 4.1.2 (Japanese) allows remote attackers to execute arbitrary commands via a long HREF parameter in an EMBED tag. The secure-RPC feature of the SSH1 client in Solaris sometimes encrypts the SSH private key file with a weak passphrase, which can be determined by an attacker and used to recover the SSH private keys. Other versions of the SSH client running on non-Solaris platforms are not affected by this vulnerability. NewsDaemon prior to version 0.21b contains a vulnerability allowing remote attackers to gain administrative access to the web site. getty_ps is an open-source software package designed to support logons to the console and terminals. Some implementations create temporary files insecurely with predictable names, leading to corruption of arbitrary files via symbolic link attack. getty_ps is an open source, freely available, publicly maintained software package shipped with many distributions of Linux. \nA problem in the getty_ps software package could make it vulnerable to a symbolic link attack. The problem occurs in the creation and handling of files in the /tmp directory by the getty_ps program. Under certain circumstances, getty_ps will create files in the /tmp filesystem in an insecure manner. The program uses a naming scheme that could make it possible to guess the filename of future files in the /tmp directory, and does not check for the existance of the file before attempting to create it. A malicious user could use this vulnerability to overwrite or append to and corrupt system files. SSH is a package designed to encrypt traffic between two end points using the IETF specified SSH protocol. The SSH1 package is distributed and maintained by SSH Communications Security. \nA problem exists which could allow the discovery of the secret key used to encrypt traffic on the local host. When using SUN-DES-1 to share keys with other hosts on the network to facilitate secure communication via protocols such as NFS and NIS+, the keys are shared between hosts using the private key of the user and a cryptographic algorithm to secure the contents of the key, which is stored on the NIS+ primary. The problem occurs when the key is encrypted with the SUN-DES-1 magic phrase prior to having done a keylogin (the keyserv does not have the users DH private key). A design flaw in the software that shares the key with the NIS+ master will inconsistently return the correct value for an attempted keyshare that has failed. A step in the private key encryption process is skipped, and the users private key is then encrypted only with the public key of the target server and the SUN-DES-1 magic phrase, a phrase that is guessable due to the way it is generated. A user from the same host can then execute a function that returns another users magic phrase, and use this to decrypt the private key of the victim. This makes it possible for a user with malicious intent to gain knowledge of a users secret key, and decrypt sensitive traffic between two hosts, with the possibility of gaining access and elevated privileges on the hosts and/or NIS+ domain. This reportedly affects the SSH2 series of the software package. Apple Quicktime plugin for Windows is vulnerable to a remote buffer overflow. \nA maliciously-constructed web link statement in a remote HTML document, which contains excess data argumenting an EMBED tag, could permit execution of hostile code. \nTO UNSUBSCRIBE: email \"unsubscribe alert\" in the body of your message to\nmajordomo@iss.net Contact alert-owner@iss.net for help with any problems!\n---------------------------------------------------------------------------\n\n-----BEGIN PGP SIGNED MESSAGE-----\n\nInternet Security Systems Security Alert Summary\nFebruary 6, 2001\nVolume 6 Number 3\n\nX-Force Vulnerability and Threat Database: http://xforce.iss.net/ To\nreceive these Alert Summaries as well as other Alerts and Advisories,\nsubscribe to the Internet Security Systems Alert mailing list at:\nhttp://xforce.iss.net/maillists/index.php\n\n_____\n\nContents\n\n120 Reported Vulnerabilities\n\nRisk Factor Key\n\n_____\n\nDate Reported: 1/31/01\nVulnerability: win2k-rdp-dos\nPlatforms Affected: Windows 2000\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Windows 2000 Server RDP denial of service\nX-Force URL: http://xforce.iss.net/static/6035.php\n\n_____\n\nDate Reported: 1/31/01\nVulnerability: cisco-ccs-file-access\nPlatforms Affected: Cisco Content Services Switch\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Cisco CCS command line interface could allow read access to files and directories\nX-Force URL: http://xforce.iss.net/static/6031.php\n\n_____\n\nDate Reported: 1/31/01\nVulnerability: quicktime-embedded-tag-bo\nPlatforms Affected: Quicktime 4.1.2\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: QuickTime Player EMBED tag buffer overflow\nX-Force URL: http://xforce.iss.net/static/6040.php\n\n_____\n\nDate Reported: 1/31/01\nVulnerability: solaris-ximp40-bo\nPlatforms Affected: Solaris (7, 8)\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: Solaris \"ximp40\" shared library buffer overflow\nX-Force URL: http://xforce.iss.net/static/6039.php\n\n_____\n\nDate Reported: 1/31/01\nVulnerability: cisco-ccs-cli-dos\nPlatforms Affected: Cisco Content Services Switch\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Cisco CCS command line interface denial of service\nX-Force URL: http://xforce.iss.net/static/6030.php\n\n_____\n\nDate Reported: 1/30/01\nVulnerability: slimserve-httpd-dos\nPlatforms Affected: SlimServe 1.0\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: SlimServe HTTPd denial of service\nX-Force URL: http://xforce.iss.net/static/6028.php\n\n_____\n\nDate Reported: 1/30/01\nVulnerability: crazywwwboard-qdecoder-bo\nPlatforms Affected: CrazyWWWBoard prior to 2000LEp5-1\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: CrazyWWWBoard qDecoder buffer overflow\nX-Force URL: http://xforce.iss.net/static/6033.php\n\n_____\n\nDate Reported: 1/30/01\nVulnerability: virusbuster-mua-bo\nPlatforms Affected:\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Virus Buster 2001 Mail User Agent (MUA) buffer overflow\nX-Force URL: http://xforce.iss.net/static/6034.php\n\n_____\n\nDate Reported: 1/29/01\nVulnerability: iis-isapi-obtain-code\nPlatforms Affected: IIS (4.0, 5.0)\nRisk Factor: Low\nAttack Type: Network/Host Based\nBrief Description: IIS allows remote attacker to obtain code fragments using .htr ISAPI extensions\nX-Force URL: http://xforce.iss.net/static/6032.php\n\n_____\n\nDate Reported: 1/29/01\nVulnerability: bind-inverse-query-disclosure\nPlatforms Affected: Bind (4.x, 8.2.x)\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: BIND 4.x and 8.2.x exposes environment variables\nX-Force URL: http://xforce.iss.net/static/6018.php\n\n_____\n\nDate Reported: 1/29/01\nVulnerability: hp-man-dos\nPlatforms Affected: HPUX\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: HP man command denial of service\nX-Force URL: http://xforce.iss.net/static/6014.php\n\n_____\n\nDate Reported: 1/29/01\nVulnerability: sort-temp-file-abort\nPlatforms Affected: FreeBSD\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Sort temporary files denial of service\nX-Force URL: http://xforce.iss.net/static/6038.php\n\n_____\n\nDate Reported: 1/29/01\nVulnerability: bind-complain-format-string\nPlatforms Affected: BIND 4.x\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: BIND 4.x nslookupComplain() format string\nX-Force URL: http://xforce.iss.net/static/6017.php\n\n_____\n\nDate Reported: 1/29/01\nVulnerability: bind-complain-bo\nPlatforms Affected: BIND 4.x\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: BIND 4.x nslookupComplain() buffer overflow\nX-Force URL: http://xforce.iss.net/static/6016.php\n\n_____\n\nDate Reported: 1/29/01\nVulnerability: winvnc-client-bo\nPlatforms Affected: WinVNC\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: WinVNC client buffer overflow\nX-Force URL: http://xforce.iss.net/static/6025.php\n\n_____\n\nDate Reported: 1/29/01\nVulnerability: winvnc-server-bo\nPlatforms Affected: WinVNC\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: WinVNC server buffer overflow\nX-Force URL: http://xforce.iss.net/static/6026.php\n\n_____\n\nDate Reported: 1/29/01\nVulnerability: guestserver-cgi-execute-commands\nPlatforms Affected: Guestserver 4.12 and earlier\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Guestserver.cgi allows remote command execution\nX-Force URL: http://xforce.iss.net/static/6027.php\n\n_____\n\nDate Reported: 1/29/01\nVulnerability: bind-tsig-bo\nPlatforms Affected: BIND 8.2.x\nRisk Factor: Unauthorized Access Attempt\nAttack Type: Network/Host Based\nBrief Description: BIND 8.2.x transaction signature (TSIG) buffer overflow\nX-Force URL: http://xforce.iss.net/static/6015.php\n\n_____\n\nDate Reported: 1/28/01\nVulnerability: hyperseek-cgi-reveal-info\nPlatforms Affected: Hyperseek Search Engine 2000\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Hyperseek CGI could reveal listings of directories and files\nX-Force URL: http://xforce.iss.net/static/6012.php\n\n_____\n\nDate Reported: 1/26/01\nVulnerability: newsdaemon-gain-admin-access\nPlatforms Affected: NewsDaemon prior to 0.21b\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: NewsDaemon allows remote users to gain administrative access\nX-Force URL: http://xforce.iss.net/static/6010.php\n\n_____\n\nDate Reported: 1/26/01\nVulnerability: mars-nwe-format-string\nPlatforms Affected: Mars_nwe 0.99.pl19\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Mars_nwe format string\nX-Force URL: http://xforce.iss.net/static/6019.php\n\n_____\n\nDate Reported: 1/26/01\nVulnerability: mars-nwe-format-string\nPlatforms Affected: Mars_nwe 0.99.pl19\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Mars_nwe format string\nX-Force URL: http://xforce.iss.net/static/6019.php\n\n_____\n\nDate Reported: 1/25/01\nVulnerability: planetintra-pi-bo\nPlatforms Affected: Planet Intra LAN Intranet 2.5\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Planet Intra \u0027pi\u0027 binary buffer oveflow\nX-Force URL: http://xforce.iss.net/static/6002.php\n\n_____\n\nDate Reported: 1/25/01\nVulnerability: borderware-ping-dos\nPlatforms Affected: BorderWare Firewall Server 6.1.2\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: BorderWare ping denial of service\nX-Force URL: http://xforce.iss.net/static/6004.php\n\n_____\n\nDate Reported: 1/25/01\nVulnerability: aol-malformed-url-dos\nPlatforms Affected: AOL 5.0\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: AOL malformed URL denial of service\nX-Force URL: http://xforce.iss.net/static/6009.php\n\n_____\n\nDate Reported: 1/25/01\nVulnerability: mirc-bypass-password\nPlatforms Affected: mIRC\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: mIRC allows malicious user to bypass password\nX-Force URL: http://xforce.iss.net/static/6013.php\n\n_____\n\nDate Reported: 1/25/01\nVulnerability: netscape-enterprise-revlog-dos\nPlatforms Affected: Netscape Enterprise Server\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Netscape Enterprise Server REVLOG denial of service\nX-Force URL: http://xforce.iss.net/static/6003.php\n\n_____\n\nDate Reported: 1/24/01\nVulnerability: aim-execute-code\nPlatforms Affected: AOL Instant Messenger 4.1 and later\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: AOL Instant Messenger execution of code in modified images\nX-Force URL: http://xforce.iss.net/static/6005.php\n\n_____\n\nDate Reported: 1/24/01\nVulnerability: netscape-enterprise-list-directories\nPlatforms Affected: Netscape Enterprise Server (3.0, 4.0)\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Netscape Enterprise Server allows remote directory listing\nX-Force URL: http://xforce.iss.net/static/5997.php\n\n_____\n\nDate Reported: 1/24/01\nVulnerability: winnt-mutex-dos\nPlatforms Affected: Windows NT 4.0\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Windows NT mutex denial of service\nX-Force URL: http://xforce.iss.net/static/6006.php\n\n_____\n\nDate Reported: 1/24/01\nVulnerability: jrun-webinf-file-retrieval\nPlatforms Affected: JRun\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: JRun malformed URL file retrieval\nX-Force URL: http://xforce.iss.net/static/6008.php\n\n_____\n\nDate Reported: 1/23/01\nVulnerability: ipfw-bypass-firewall\nPlatforms Affected: FreeBSD (3.x, 4.x)\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: ipfw/ip6fw allows remote attacker to bypass firewall\nX-Force URL: http://xforce.iss.net/static/5998.php\n\n_____\n\nDate Reported: 1/23/01\nVulnerability: netopia-telnet-dos\nPlatforms Affected: Netopia R-series router\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Netopia R9100 allows remote user to crash the router using telnet\nX-Force URL: http://xforce.iss.net/static/6001.php\n\n_____\n\nDate Reported: 1/23/01\nVulnerability: wuftp-debug-format-string\nPlatforms Affected: Wu-ftpd\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Wu-ftpd debug mode format string\nX-Force URL: http://xforce.iss.net/static/6020.php\n\n_____\n\nDate Reported: 1/23/01\nVulnerability: kde2-kdesu-retrieve-passwords\nPlatforms Affected: Linux: Caldera eDesktop 2.4\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: KDE2 kdesu program allows users to retrieve passwords\nX-Force URL: http://xforce.iss.net/static/5995.php\n\n_____\n\nDate Reported: 1/23/01\nVulnerability: easycom-safecom-url-bo\nPlatforms Affected: Easycom/Safecom firmware 404.590\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Easycom/Safecom print server long URL buffer overflow\nX-Force URL: http://xforce.iss.net/static/5988.php\n\n_____\n\nDate Reported: 1/23/01\nVulnerability: easycom-safecom-printguide-dos\nPlatforms Affected: Easycom/Safecom firmware 404.590\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Easycom/Safecom PrintGuide denial of service\nX-Force URL: http://xforce.iss.net/static/5989.php\n\n_____\n\nDate Reported: 1/23/01\nVulnerability: easycom-safecom-ftp-dos\nPlatforms Affected: Easycom/Safecom firmware 404.590\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Easycom/Safecom FTP denial of service\nX-Force URL: http://xforce.iss.net/static/5990.php\n\n_____\n\nDate Reported: 1/23/01\nVulnerability: vnc-weak-authentication\nPlatforms Affected: VNC 3.3.3 and earlier\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: VNC weak authentication could allow unauthorized access\nX-Force URL: http://xforce.iss.net/static/5992.php\n\n_____\n\nDate Reported: 1/23/01\nVulnerability: lotus-domino-smtp-bo\nPlatforms Affected: Lotus Domino 5.0\nRisk Factor: High\nAttack Type: Network/Host Based\nBrief Description: Lotus Domino SMTP Server policy feature buffer overflow\nX-Force URL: http://xforce.iss.net/static/5993.php\n\n_____\n\nDate Reported: 1/23/01\nVulnerability: linux-sash-shadow-readable\nPlatforms Affected: sash prior to 3.4-4\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: Linux sash /etc/shadow directory world-readable\nX-Force URL: http://xforce.iss.net/static/5994.php\n\n_____\n\nDate Reported: 1/22/01\nVulnerability: powerpoint-execute-code\nPlatforms Affected: Microsoft PowerPoint 2000\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: PowerPoint could allow code execution on another user\u0027s computer\nX-Force URL: http://xforce.iss.net/static/5996.php\n\n_____\n\nDate Reported: 1/22/01\nVulnerability: icecast-format-string\nPlatforms Affected: Icecast 1.3.8beta2 and prior\nRisk Factor: High\nAttack Type: Network/Host Based\nBrief Description: Icecast format string could allow arbitrary code execution\nX-Force URL: http://xforce.iss.net/static/5978.php\n\n_____\n\nDate Reported: 1/22/01\nVulnerability: oracle-handlers-directory-traversal\nPlatforms Affected: Oracle 8.1.7\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Oracle JSP/SQLJP handlers directory traversal\nX-Force URL: http://xforce.iss.net/static/5986.php\n\n_____\n\nDate Reported: 1/22/01\nVulnerability: oracle-handlers-execute-jsp\nPlatforms Affected: Oracle 8.1.7\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Oracle JSP/SQLJP handlers allows remote attacker to execute .jsp files\nX-Force URL: http://xforce.iss.net/static/5987.php\n\n_____\n\nDate Reported: 1/22/01\nVulnerability: netscape-enterprise-dot-dos\nPlatforms Affected: Netscape Enterprise Server 4.1 SP5\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Netscape Enterprise Server \"/../\" denial of service\nX-Force URL: http://xforce.iss.net/static/5983.php\n\n_____\n\nDate Reported: 1/22/01\nVulnerability: goodtech-ftp-dos\nPlatforms Affected: GoodTech FTP 3.0.1.2.1.0\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: GoodTech FTP server denial of service\nX-Force URL: http://xforce.iss.net/static/5984.php\n\n_____\n\nDate Reported: 1/22/01\nVulnerability: netscape-fasttrack-cache-dos\nPlatforms Affected: Netscape FastTrack\nRisk Factor: Low\nAttack Type: Host Based\nBrief Description: Netscape FastTrack Server cache denial of service\nX-Force URL: http://xforce.iss.net/static/5985.php\n\n_____\n\nDate Reported: 1/21/01\nVulnerability: eeye-iris-dos\nPlatforms Affected: Iris Network Analyzer 1.01beta\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Iris denial of service\nX-Force URL: http://xforce.iss.net/static/5981.php\n\n_____\n\nDate Reported: 1/20/01\nVulnerability: watchguard-firebox-obtain-passphrase\nPlatforms Affected: Firebox II\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: WatchGuard Firebox allows remote user to obtain passphrase\nX-Force URL: http://xforce.iss.net/static/5979.php\n\n_____\n\nDate Reported: 1/19/01\nVulnerability: fastream-ftp-server-dos\nPlatforms Affected: Fastream FTP++ Simple FTP Server 2.0\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Fastream FTP denial of service\nX-Force URL: http://xforce.iss.net/static/5976.php\n\n_____\n\nDate Reported: 1/19/01\nVulnerability: fastream-ftp-path-disclosure\nPlatforms Affected: Fastream FTP++ Simple FTP Server 2.0\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Fastream FTP path disclosure\nX-Force URL: http://xforce.iss.net/static/5977.php\n\n_____\n\nDate Reported: 1/19/01\nVulnerability: localweb2k-directory-traversal\nPlatforms Affected: LocalWEB2000 HTTP Server 1.1.0\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: LocalWEB2000 directory traversal\nX-Force URL: http://xforce.iss.net/static/5982.php\n\n_____\n\nDate Reported: 1/19/01\nVulnerability: win2k-efs-recover-data\nPlatforms Affected: Windows 2000\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: Windows 2000 EFS allows local user to recover sensitive data\nX-Force URL: http://xforce.iss.net/static/5973.php\n\n_____\n\nDate Reported: 1/19/01\nVulnerability: linux-bing-bo\nPlatforms Affected: Linux\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: Bing host name buffer overflow\nX-Force URL: http://xforce.iss.net/static/6036.php\n\n_____\n\nDate Reported: 1/18/01\nVulnerability: micq-sprintf-remote-bo\nPlatforms Affected: Matt\u0027s ICQ Clone 0.4.6\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: ICQ clone for Linux sprintf() remote buffer overflow\nX-Force URL: http://xforce.iss.net/static/5962.php\n\n_____\n\nDate Reported: 1/18/01\nVulnerability: mysql-select-bo\nPlatforms Affected: MySQL prior to 3.23.31\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: MySQL select buffer overflow\nX-Force URL: http://xforce.iss.net/static/5969.php\n\n_____\n\nDate Reported: 1/18/01\nVulnerability: shoutcast-description-bo\nPlatforms Affected: SHOUTcast DNAS 1.7.1\nRisk Factor: Low\nAttack Type: Network/Host Based\nBrief Description: Shoutcast Server for Linux description buffer overflow\nX-Force URL: http://xforce.iss.net/static/5965.php\n\n_____\n\nDate Reported: 1/17/01\nVulnerability: fw1-limited-license-dos\nPlatforms Affected: Check Point Firewall-1 4.1\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: FireWall-1 limited-IP license denial of service\nX-Force URL: http://xforce.iss.net/static/5966.php\n\n_____\n\nDate Reported: 1/17/01\nVulnerability: fw1-limited-license-dos\nPlatforms Affected: Check Point Firewall-1 4.1\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: FireWall-1 limited-IP license denial of service\nX-Force URL: http://xforce.iss.net/static/5966.php\n\n_____\n\nDate Reported: 1/17/01\nVulnerability: hp-stm-dos\nPlatforms Affected: HPUX\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: HP-UX Support Tools Manager denial of service\nX-Force URL: http://xforce.iss.net/static/5957.php\n\n_____\n\nDate Reported: 1/17/01\nVulnerability: linux-webmin-tmpfiles\nPlatforms Affected: OpenLinux (2.3, 2.4)\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: Webmin use of tmpfiles could allow a local user to overwrite files\nX-Force URL: http://xforce.iss.net/static/6011.php\n\n_____\n\nDate Reported: 1/17/01\nVulnerability: tinyproxy-remote-bo\nPlatforms Affected: tinyproxy 1.3.2 and 1.3.3\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Tinyproxy remote buffer overflow\nX-Force URL: http://xforce.iss.net/static/5954.php\n\n_____\n\nDate Reported: 1/17/01\nVulnerability: postaci-sql-command-injection\nPlatforms Affected: PostACI\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Postaci SQL command injection\nX-Force URL: http://xforce.iss.net/static/5972.ph p\n\n_____\n\nDate Reported: 1/17/01\nVulnerability: wwwwais-cgi-dos\nPlatforms Affected: wwwwais.c 25\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: wwwwais CGI based program denial of service\nX-Force URL: http://xforce.iss.net/static/5980.php\n\n_____\n\nDate Reported: 1/17/01\nVulnerability: mime-header-attachment\nPlatforms Affected: MIME 1.0\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: MIME headers could allow spoofed file attachment\nX-Force URL: http://xforce.iss.net/static/5991.php\n\n_____\n\nDate Reported: 1/16/01\nVulnerability: ssh-rpc-private-key\nPlatforms Affected: SSH\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: SSH secure-RPC could generate a passphrase that exposes a user\u0027s private key\nX-Force URL: http://xforce.iss.net/static/5963.php\n\n_____\n\nDate Reported: 1/16/01\nVulnerability: linux-glibc-preload-overwrite\nPlatforms Affected: Linux\nRisk Factor: Low\nAttack Type: Host Based\nBrief Description: Linux glibc LD_PRELOAD file overwrite\nX-Force URL: http://xforce.iss.net/static/5971.php\n\n_____\n\nDate Reported: 1/16/01\nVulnerability: inn-tmpfile-symlink\nPlatforms Affected: InterNet News (INN)\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: INN tmpfile symbolic link\nX-Force URL: http://xforce.iss.net/static/5974.php\n\n_____\n\nDate Reported: 1/15/01\nVulnerability: interscan-viruswall-insecure-password\nPlatforms Affected: InterScan VirusWall (3.0.1, 3.6.x)\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: InterScan VirusWall for Unix password change insecure\nX-Force URL: http://xforce.iss.net/static/5944.php\n\n_____\n\nDate Reported: 1/15/01\nVulnerability: interscan-viruswall-weak-authentication\nPlatforms Affected: InterScan VirusWall (3.0.1, 3.6.x)\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: InterScan VirusWall for Unix uses weak authentication\nX-Force URL: http://xforce.iss.net/static/5946.php\n\n_____\n\nDate Reported: 1/15/01\nVulnerability: ie-mshtml-dos\nPlatforms Affected: Internet Explorer 4.0 and later\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Internet Explorer mshtml.dll denial of service\nX-Force URL: http://xforce.iss.net/static/5938.php\n\n_____\n\nDate Reported: 1/15/01\nVulnerability: dhcp-format-string\nPlatforms Affected: Caldera OpenLinux Desktop (2.3, 2.3.1, 2.4)\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Caldera DHCP format string\nX-Force URL: http://xforce.iss.net/static/5953.php\n\n_____\n\nDate Reported: 1/15/01\nVulnerability: win-mediaplayer-arbitrary-code\nPlatforms Affected: Windows Media Player 7.0\nRisk Factor: High\nAttack Type: Network/Host Based\nBrief Description: Windows Media Player skins can be used execute arbitrary code\nX-Force URL: http://xforce.iss.net/static/5937.php\n\n_____\n\nDate Reported: 1/15/01\nVulnerability: veritas-backupexec-dos\nPlatforms Affected: Backup Exec 4.5\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Veritas Backup Exec denial of service\nX-Force URL: http://xforce.iss.net/static/5941.php\n\n_____\n\nDate Reported: 1/15/01\nVulnerability: interscan-viruswall-symlink\nPlatforms Affected: InterScan VirusWall (3.0.1, 3.6.x)\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: InterScan VirusWall for Unix symbolic link\nX-Force URL: http://xforce.iss.net/static/5947.php\n\n_____\n\nDate Reported: 1/15/01\nVulnerability: omnihttpd-statsconfig-corrupt-files\nPlatforms Affected: OmniHTTPd\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: OmniHTTPd statsconfig.pl corrupt any file on the system\nX-Force URL: http://xforce.iss.net/static/5955.php\n\n_____\n\nDate Reported: 1/15/01\nVulnerability: omnihttpd-statsconfig-execute-code\nPlatforms Affected: OmniHTTPd\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: OmniHTTPD statsconfig.pl allows code execution\nX-Force URL: http://xforce.iss.net/static/5956.php\n\n_____\n\nDate Reported: 1/15/01\nVulnerability: icmp-pmtu-dos\nPlatforms Affected: Linux\n BSD\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: ICMP PMTU denial of service\nX-Force URL: http://xforce.iss.net/static/5975.php\n\n_____\n\nDate Reported: 1/15/01\nVulnerability: icmp-pmtu-dos\nPlatforms Affected: Linux\n BSD\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: ICMP PMTU denial of service\nX-Force URL: http://xforce.iss.net/static/5975.php\n\n_____\n\nDate Reported: 1/14/01\nVulnerability: splitvt-perserc-format-string\nPlatforms Affected: splitvt 1.6.4 and earlier\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: Splitvt perserc.c module format string\nX-Force URL: http://xforce.iss.net/static/5948.php\n\n_____\n\nDate Reported: 1/14/01\nVulnerability: splitvt-perserc-format-string\nPlatforms Affected: splitvt 1.6.4 and earlier\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: Splitvt perserc.c module format string\nX-Force URL: http://xforce.iss.net/static/5948.php\n\n_____\n\nDate Reported: 1/14/01\nVulnerability: flash-module-bo\nPlatforms Affected: Oliver Debon Flash plugin 0.4.9 and earlier\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Flash browser module buffer overflow\nX-Force URL: http://xforce.iss.net/static/5952.php\n\n_____\n\nDate Reported: 1/13/01\nVulnerability: rctab-elevate-privileges\nPlatforms Affected: Linux SuSE\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: rctab in SuSE Linux could allow privilege elevation\nX-Force URL: http://xforce.iss.net/static/5945.php\n\n_____\n\nDate Reported: 1/12/01\nVulnerability: ultraboard-cgi-perm\nPlatforms Affected: UltraBoard 2000B\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: UltraBoard CGI weak permissions\nX-Force URL: http://xforce.iss.net/static/5931.php\n\n_____\n\nDate Reported: 1/12/01\nVulnerability: compaq-web-management-bo\nPlatforms Affected: Compaq Web-Based Management\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Compaq Web-Based Management program buffer overflow\nX-Force URL: http://xforce.iss.net/static/5935.php\n\n_____\n\nDate Reported: 1/12/01\nVulnerability: php-htaccess-unauth-access\nPlatforms Affected: PHP (4.0.0, 4.0.4)\nRisk Factor: Low\nAttack Type: Network Based\nBrief Description: PHP could allow unauthorized access to restricted files\nX-Force URL: http://xforce.iss.net/static/5940.php\n\n_____\n\nDate Reported: 1/12/01\nVulnerability: basilix-webmail-retrieve-files\nPlatforms Affected: Basilix Webmail 0.9.7beta\nRisk Factor: Low\nAttack Type: Network Based\nBrief Description: Basilix Webmail System allows unauthorized users to retrieve files\nX-Force URL: http://xforce.iss.net/static/5934.php\n\n_____\n\nDate Reported: 1/12/01\nVulnerability: solaris-arp-bo\nPlatforms Affected: Solaris\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: Solaris arp buffer overflow\nX-Force URL: http://xforce.iss.net/static/5928.php\n\n_____\n\nDate Reported: 1/12/01\nVulnerability: php-view-source-code\nPlatforms Affected: PHP (4.0.0, 4.0.4)\nRisk Factor: Low\nAttack Type: Network Based\nBrief Description: PHP could allow remote viewing of source code\nX-Force URL: http://xforce.iss.net/static/5939.php\n\n_____\n\nDate Reported: 1/11/01\nVulnerability: wec-ntlm-authentication\nPlatforms Affected: Windows 2000\n Microsoft Office 2000\n Windows ME\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Web Extender Client (WEC) NTLM authentication\nX-Force URL: http://xforce.iss.net/static/5920.php\n\n_____\n\nDate Reported: 1/11/01\nVulnerability: spamcop-url-seq-predict\nPlatforms Affected: SpamCop\nRisk Factor: Low\nAttack Type: Network/Host Based\nBrief Description: SpamCop URL number increment sequence prediction\nX-Force URL: http://xforce.iss.net/static/5933.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: linux-wuftpd-privatepw-symlink\nPlatforms Affected: Linux\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Linux wu-ftpd privatepw symbolic link\nX-Force URL: http://xforce.iss.net/static/5915.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: rdist-symlink\nPlatforms Affected: rdist\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: rdist symbolic link\nX-Force URL: http://xforce.iss.net/static/5925.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: squid-email-symlink\nPlatforms Affected: squid\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: squid email notification symbolic link\nX-Force URL: http://xforce.iss.net/static/5921.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: linux-diffutils-sdiff-symlimk\nPlatforms Affected: Linux\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Linux diffutils sdiff symbolic link\nX-Force URL: http://xforce.iss.net/static/5914.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: tcpdump-arpwatch-symlink\nPlatforms Affected: arpwatch\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: tcpdump arpwatch symbolic link\nX-Force URL: http://xforce.iss.net/static/5922.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: linuxconf-vpop3d-symlink\nPlatforms Affected: linuxconf\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Linuxconf vpop3d symbolic link\nX-Force URL: http://xforce.iss.net/static/5923.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: shadow-utils-useradd-symlink\nPlatforms Affected: shadow-utils\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: shadow-utils useradd symbolic link\nX-Force URL: http://xforce.iss.net/static/5927.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: linux-glibc-read-files\nPlatforms Affected: Linux glibc\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Linux glibc library can allow users to read restricted files\nX-Force URL: http://xforce.iss.net/static/5907.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: gettyps-symlink\nPlatforms Affected: gettyps\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: getty_ps symbolic link\nX-Force URL: http://xforce.iss.net/static/5924.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: linux-gpm-symlink\nPlatforms Affected: gpm\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Linux gpm symbolic link attack\nX-Force URL: http://xforce.iss.net/static/5917.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: linux-mgetty-symlink\nPlatforms Affected: mgetty\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Linux mgetty symbolic link attack\nX-Force URL: http://xforce.iss.net/static/5918.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: linux-apache-symlink\nPlatforms Affected: Apache\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Linux Apache symbolic link\nX-Force URL: http://xforce.iss.net/static/5926.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: linux-inn-symlink\nPlatforms Affected: inn\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Linux INN tmp directory symbolic link\nX-Force URL: http://xforce.iss.net/static/5916.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: conferenceroom-developer-dos\nPlatforms Affected: ConferenceRoom Professional Edition\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: ConferenceRoom Developer Edition denial of service\nX-Force URL: http://xforce.iss.net/static/5909.php\n\n_____\n\nDate Reported: 1/9/01\nVulnerability: oracle-xsql-execute-code\nPlatforms Affected: Oracle 8.1.7\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Oracle XSQL servlet and xml-stylesheet allows code execution on server\nX-Force URL: http://xforce.iss.net/static/5905.php\n\n_____\n\nDate Reported: 1/9/01\nVulnerability: netscreen-webui-bo\nPlatforms Affected: NetScreen\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: NetScreen Firewall WebUI buffer overflow\nX-Force URL: http://xforce.iss.net/static/5908.php\n\n_____\n\nDate Reported: 1/9/01\nVulnerability: suse-reiserfs-long-filenames\nPlatforms Affected: SuSE 7.0\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: SuSE reiserfs long file name denial of service\nX-Force URL: http://xforce.iss.net/static/5910.php\n\n_____\n\nDate Reported: 1/9/01\nVulnerability: interbase-backdoor-account\nPlatforms Affected: InterBase 6.01 and earlier\nRisk Factor: High\nAttack Type: Network/Host Based\nBrief Description: InterBase built-in backdoor account\nX-Force URL: http://xforce.iss.net/static/5911.php\n\n_____\n\nDate Reported: 1/9/01\nVulnerability: interbase-hidden-function-dos\nPlatforms Affected: InterBase 6.01\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: InterBase hidden function denial of service\nX-Force URL: http://xforce.iss.net/static/5912.php\n\n_____\n\nDate Reported: 1/9/01\nVulnerability: brickserver-thttpd-dos\nPlatforms Affected: BRICKServer Small Business\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: BRICKServer thttpd denial of service\nX-Force URL: http://xforce.iss.net/static/5919.php\n\n_____\n\nDate Reported: 1/9/01\nVulnerability: solaris-exrecover-bo\nPlatforms Affected: Solaris (2.4, 2.5, 2.5.1, 2.6)\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Solaris exrecover buffer overflow\nX-Force URL: http://xforce.iss.net/static/5913.php\n\n_____\n\nDate Reported: 1/9/01\nVulnerability: hp-inetd-swait-dos\nPlatforms Affected: HPUX\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: HP-UX inetd swait denial of service\nX-Force URL: http://xforce.iss.net/static/5904.php\n\n_____\n\nDate Reported: 1/8/01\nVulnerability: microsoft-iis-read-files\nPlatforms Affected: IIS (4.0, 5.0)\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Microsoft IIS 5.0 allows the viewing of files through malformed URL\nX-Force URL: http://xforce.iss.net/static/5903.php\n\n_____\n\nDate Reported: 1/8/01\nVulnerability: ibm-websphere-dos\nPlatforms Affected: IBM Websphere 3.52\n IBM HTTP Server 1.3.12\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: IBM WebSphere denial of service\nX-Force URL: http://xforce.iss.net/static/5900.php\n\n_____\n\nDate Reported: 1/8/01\nVulnerability: storagesoft-imagecast-dos\nPlatforms Affected: ImageCast 4.1\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: StorageSoft ImageCast denial of service\nX-Force URL: http://xforce.iss.net/static/5901.php\n\n_____\n\nDate Reported: 1/8/01\nVulnerability: nai-pgp-replace-keys\nPlatforms Affected: PGP 7.0\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: PGP users may replace signed exported key blocks with arbitrary keys\nX-Force URL: http://xforce.iss.net/static/5902.php\n\n_____\n\nDate Reported: 1/7/01\nVulnerability: http-cgi-bbs-forum\nPlatforms Affected: WebBBS 1.0\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: bbs_forum.cgi allows remote command execution\nX-Force URL: http://xforce.iss.net/static/5906.php\n\n_____\n\nDate Reported: 1/5/01\nVulnerability: lotus-domino-directory-traversal\nPlatforms Affected: Lotus Domino 5.0.x\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Lotus Domino 5.0.x .nsf, .box, and .ns4 directory traversal\nX-Force URL: http://xforce.iss.net/static/5899.php\n\n_____\n\nDate Reported: 1/5/01\nVulnerability: http-cgi-fastgraf\nPlatforms Affected: FASTGRAF\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Fastgraf CGI scripts allow remote command execution\nX-Force URL: http://xforce.iss.net/static/5897.php\n\n_____\n\nDate Reported: 1/4/01\nVulnerability: newsdesk-cgi-read-files\nPlatforms Affected: Newsdesk 1.2\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Newsdesk.cgi allows read access to files\nX-Force URL: http://xforce.iss.net/static/5898.php\n\n_____\n\nDate Reported: 1/1/01\nVulnerability: gtk-module-execute-code\nPlatforms Affected: GTK+ 1.2.8 and earlier\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: GTK+ arbitrary code execution using custom loadable module\nX-Force URL: http://xforce.iss.net/static/5832.php\n\n_____\n\nDate Reported: 1/1/01\nVulnerability: linux-tty-writable-dos\nPlatforms Affected: Linux\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Linux writable TTY denial of service\nX-Force URL: http://xforce.iss.net/static/5896.php\n\n_____\n\n\nRisk Factor Key:\n\n High Any vulnerability that provides an attacker with immediate\n access into a machine, gains superuser access, or bypasses\n a firewall. Example: A vulnerable Sendmail 8.6.5 version\n that allows an intruder to execute commands on mail\n server. \n Medium Any vulnerability that provides information that has a\n high potential of giving system access to an intruder. \n Example: A misconfigured TFTP or vulnerable NIS server\n that allows an intruder to get the password file that\n could contain an account with a guessable password. \n Low Any vulnerability that provides information that\n potentially could lead to a compromise. Example: A\n finger that allows an intruder to find out who is online\n and potential accounts to attempt to crack passwords\n via brute force methods. \n\n\n_____\n\nAdditional Information\n\nThis document is available at http://xforce.iss.net/alerts/advisennn.php. \nTo receive these Alerts and Advisories:\n- - Subscribe to the Alert mailing list from\nhttp://xforce.iss.net/maillists/index.php\n- - Or send an email to majordomo@iss.net, and within the body of the\nmessage type:\n\u0027subscribe alert\u0027 (without the quotes). \n\n\nAbout Internet Security Systems (ISS)\nInternet Security Systems, Inc. (ISS) (NASDAQ: ISSX) is the leading\nglobal provider of security management solutions for the Internet. \nBy combining best of breed products, security management services,\naggressive research and development, and comprehensive educational\nand consulting services, ISS is the trusted security advisor for\nthousands of organizations around the world looking to protect their\nmission critical information and networks. \n\nCopyright (c) 2001 by Internet Security Systems, Inc. \n\nPermission is hereby granted for the redistribution of this Alert\nelectronically. It is not to be edited in any way without express consent\nof the X-Force. If you wish to reprint the whole or any part of this\nAlert in any other medium excluding electronic medium, please e-mail\nxforce@iss.net for permission. \n\nDisclaimer\n\nThe information within this paper may change without notice. Use of this\ninformation constitutes acceptance for use in an AS IS condition. There\nare NO warranties with regard to this information. In no event shall the\nauthor be liable for any damages whatsoever arising out of or in\nconnection with the use or spread of this information. Any use of this\ninformation is at the user\u0027s own risk. \n\n\n\n\nX-Force PGP Key available at: http://xforce.iss.net/sensitive.php as\nwell as on MIT\u0027s PGP key server and PGP.com\u0027s key server. \n\nPlease send suggestions, updates, and comments to: X-Force xforce@iss.net\nof Internet Security Systems, Inc. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: 2.6.3a\nCharset: noconv\n\niQCVAwUBOogB2jRfJiV99eG9AQESogP9HsIDfUmYkJuWUmNqPhb22a6CVpi/TiG9\n7mvhdGc3ySS6LqrvTZgXrBzAcxFlHrdTSmNka8yGiLvYAb0lnghFRZ2OxxRfK11m\nAV9VS9/Yty/Qk8BnA/7tx4DIcM4Nhry1kTqTbDkpbcfXOb2LI2WUGnMHF/xkc1ge\n3mV5zJXCUM4=\n=ClrQ\n-----END PGP SIGNATURE-----\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0198"
},
{
"db": "CERT/CC",
"id": "VU#850440"
},
{
"db": "CERT/CC",
"id": "VU#987632"
},
{
"db": "CERT/CC",
"id": "VU#342768"
},
{
"db": "BID",
"id": "2194"
},
{
"db": "BID",
"id": "2222"
},
{
"db": "BID",
"id": "2328"
},
{
"db": "VULHUB",
"id": "VHN-3020"
},
{
"db": "PACKETSTORM",
"id": "24294"
}
],
"trust": 4.05
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-3020",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-3020"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "2328",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2001-0198",
"trust": 2.0
},
{
"db": "BID",
"id": "2222",
"trust": 1.1
},
{
"db": "BID",
"id": "2194",
"trust": 1.1
},
{
"db": "EXPLOIT-DB",
"id": "20605",
"trust": 1.1
},
{
"db": "XF",
"id": "5963",
"trust": 0.9
},
{
"db": "XF",
"id": "6010",
"trust": 0.9
},
{
"db": "XF",
"id": "5924",
"trust": 0.9
},
{
"db": "CERT/CC",
"id": "VU#850440",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#987632",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#342768",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200105-020",
"trust": 0.7
},
{
"db": "XF",
"id": "6040",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20010131 [SPSADVISORY#41]APPLE QUICK TIME PLUG-IN BUFFER OVERFLOW",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-74474",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "115697",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-3020",
"trust": 0.1
},
{
"db": "XF",
"id": "5947",
"trust": 0.1
},
{
"db": "XF",
"id": "5988",
"trust": 0.1
},
{
"db": "XF",
"id": "5910",
"trust": 0.1
},
{
"db": "XF",
"id": "5908",
"trust": 0.1
},
{
"db": "XF",
"id": "6004",
"trust": 0.1
},
{
"db": "XF",
"id": "6002",
"trust": 0.1
},
{
"db": "XF",
"id": "5931",
"trust": 0.1
},
{
"db": "XF",
"id": "5900",
"trust": 0.1
},
{
"db": "XF",
"id": "5982",
"trust": 0.1
},
{
"db": "XF",
"id": "6035",
"trust": 0.1
},
{
"db": "XF",
"id": "6030",
"trust": 0.1
},
{
"db": "XF",
"id": "5937",
"trust": 0.1
},
{
"db": "XF",
"id": "5969",
"trust": 0.1
},
{
"db": "XF",
"id": "6016",
"trust": 0.1
},
{
"db": "XF",
"id": "5974",
"trust": 0.1
},
{
"db": "XF",
"id": "5912",
"trust": 0.1
},
{
"db": "XF",
"id": "5832",
"trust": 0.1
},
{
"db": "XF",
"id": "5911",
"trust": 0.1
},
{
"db": "XF",
"id": "5926",
"trust": 0.1
},
{
"db": "XF",
"id": "5920",
"trust": 0.1
},
{
"db": "XF",
"id": "6028",
"trust": 0.1
},
{
"db": "XF",
"id": "6039",
"trust": 0.1
},
{
"db": "XF",
"id": "5956",
"trust": 0.1
},
{
"db": "XF",
"id": "6011",
"trust": 0.1
},
{
"db": "XF",
"id": "5992",
"trust": 0.1
},
{
"db": "XF",
"id": "5935",
"trust": 0.1
},
{
"db": "XF",
"id": "6017",
"trust": 0.1
},
{
"db": "XF",
"id": "5922",
"trust": 0.1
},
{
"db": "XF",
"id": "5984",
"trust": 0.1
},
{
"db": "XF",
"id": "5977",
"trust": 0.1
},
{
"db": "XF",
"id": "5957",
"trust": 0.1
},
{
"db": "XF",
"id": "5993",
"trust": 0.1
},
{
"db": "XF",
"id": "6006",
"trust": 0.1
},
{
"db": "XF",
"id": "5913",
"trust": 0.1
},
{
"db": "XF",
"id": "5907",
"trust": 0.1
},
{
"db": "XF",
"id": "5897",
"trust": 0.1
},
{
"db": "XF",
"id": "6034",
"trust": 0.1
},
{
"db": "XF",
"id": "5945",
"trust": 0.1
},
{
"db": "XF",
"id": "5905",
"trust": 0.1
},
{
"db": "XF",
"id": "5940",
"trust": 0.1
},
{
"db": "XF",
"id": "5954",
"trust": 0.1
},
{
"db": "XF",
"id": "5976",
"trust": 0.1
},
{
"db": "XF",
"id": "5903",
"trust": 0.1
},
{
"db": "XF",
"id": "6003",
"trust": 0.1
},
{
"db": "XF",
"id": "6018",
"trust": 0.1
},
{
"db": "XF",
"id": "5972",
"trust": 0.1
},
{
"db": "XF",
"id": "5909",
"trust": 0.1
},
{
"db": "XF",
"id": "5916",
"trust": 0.1
},
{
"db": "XF",
"id": "6033",
"trust": 0.1
},
{
"db": "XF",
"id": "5986",
"trust": 0.1
},
{
"db": "XF",
"id": "5915",
"trust": 0.1
},
{
"db": "XF",
"id": "6019",
"trust": 0.1
},
{
"db": "XF",
"id": "5925",
"trust": 0.1
},
{
"db": "XF",
"id": "5923",
"trust": 0.1
},
{
"db": "XF",
"id": "6005",
"trust": 0.1
},
{
"db": "XF",
"id": "5978",
"trust": 0.1
},
{
"db": "XF",
"id": "5973",
"trust": 0.1
},
{
"db": "XF",
"id": "5979",
"trust": 0.1
},
{
"db": "XF",
"id": "5980",
"trust": 0.1
},
{
"db": "XF",
"id": "5941",
"trust": 0.1
},
{
"db": "XF",
"id": "5934",
"trust": 0.1
},
{
"db": "XF",
"id": "5991",
"trust": 0.1
},
{
"db": "XF",
"id": "5962",
"trust": 0.1
},
{
"db": "XF",
"id": "6014",
"trust": 0.1
},
{
"db": "XF",
"id": "5966",
"trust": 0.1
},
{
"db": "XF",
"id": "6015",
"trust": 0.1
},
{
"db": "XF",
"id": "5994",
"trust": 0.1
},
{
"db": "XF",
"id": "6036",
"trust": 0.1
},
{
"db": "XF",
"id": "5953",
"trust": 0.1
},
{
"db": "XF",
"id": "5944",
"trust": 0.1
},
{
"db": "XF",
"id": "5896",
"trust": 0.1
},
{
"db": "XF",
"id": "5914",
"trust": 0.1
},
{
"db": "XF",
"id": "5927",
"trust": 0.1
},
{
"db": "XF",
"id": "6012",
"trust": 0.1
},
{
"db": "XF",
"id": "6025",
"trust": 0.1
},
{
"db": "XF",
"id": "6001",
"trust": 0.1
},
{
"db": "XF",
"id": "5965",
"trust": 0.1
},
{
"db": "XF",
"id": "5952",
"trust": 0.1
},
{
"db": "XF",
"id": "5917",
"trust": 0.1
},
{
"db": "XF",
"id": "5898",
"trust": 0.1
},
{
"db": "XF",
"id": "6009",
"trust": 0.1
},
{
"db": "XF",
"id": "5998",
"trust": 0.1
},
{
"db": "XF",
"id": "5985",
"trust": 0.1
},
{
"db": "XF",
"id": "6026",
"trust": 0.1
},
{
"db": "XF",
"id": "6013",
"trust": 0.1
},
{
"db": "XF",
"id": "6008",
"trust": 0.1
},
{
"db": "XF",
"id": "5921",
"trust": 0.1
},
{
"db": "XF",
"id": "5981",
"trust": 0.1
},
{
"db": "XF",
"id": "5989",
"trust": 0.1
},
{
"db": "XF",
"id": "5939",
"trust": 0.1
},
{
"db": "XF",
"id": "5906",
"trust": 0.1
},
{
"db": "XF",
"id": "6031",
"trust": 0.1
},
{
"db": "XF",
"id": "6020",
"trust": 0.1
},
{
"db": "XF",
"id": "5948",
"trust": 0.1
},
{
"db": "XF",
"id": "5933",
"trust": 0.1
},
{
"db": "XF",
"id": "6027",
"trust": 0.1
},
{
"db": "XF",
"id": "5919",
"trust": 0.1
},
{
"db": "XF",
"id": "5899",
"trust": 0.1
},
{
"db": "XF",
"id": "5996",
"trust": 0.1
},
{
"db": "XF",
"id": "5987",
"trust": 0.1
},
{
"db": "XF",
"id": "5918",
"trust": 0.1
},
{
"db": "XF",
"id": "5971",
"trust": 0.1
},
{
"db": "XF",
"id": "5995",
"trust": 0.1
},
{
"db": "XF",
"id": "5928",
"trust": 0.1
},
{
"db": "XF",
"id": "5938",
"trust": 0.1
},
{
"db": "XF",
"id": "5983",
"trust": 0.1
},
{
"db": "XF",
"id": "6032",
"trust": 0.1
},
{
"db": "XF",
"id": "5997",
"trust": 0.1
},
{
"db": "XF",
"id": "5904",
"trust": 0.1
},
{
"db": "XF",
"id": "5902",
"trust": 0.1
},
{
"db": "XF",
"id": "5975",
"trust": 0.1
},
{
"db": "XF",
"id": "5901",
"trust": 0.1
},
{
"db": "XF",
"id": "5990",
"trust": 0.1
},
{
"db": "XF",
"id": "5946",
"trust": 0.1
},
{
"db": "XF",
"id": "5955",
"trust": 0.1
},
{
"db": "XF",
"id": "6038",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "24294",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#850440"
},
{
"db": "CERT/CC",
"id": "VU#987632"
},
{
"db": "CERT/CC",
"id": "VU#342768"
},
{
"db": "VULHUB",
"id": "VHN-3020"
},
{
"db": "BID",
"id": "2194"
},
{
"db": "BID",
"id": "2222"
},
{
"db": "BID",
"id": "2328"
},
{
"db": "PACKETSTORM",
"id": "24294"
},
{
"db": "NVD",
"id": "CVE-2001-0198"
},
{
"db": "CNNVD",
"id": "CNNVD-200105-020"
}
]
},
"id": "VAR-200105-0010",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-3020"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:40:25.702000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0198"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/2328"
},
{
"trust": 1.1,
"url": "http://www.exploit-db.com/exploits/20605"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6040"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=98096678523370\u0026w=2"
},
{
"trust": 0.9,
"url": "http://xforce.iss.net/static/5963.php"
},
{
"trust": 0.9,
"url": " http://xforce.iss.net/static/6010.php"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/2222"
},
{
"trust": 0.8,
"url": "http://www.ssh.com/products/ssh/patches/securerpcvulnerability.html"
},
{
"trust": 0.8,
"url": "http://www.ssh.com/products/ssh/patches.html"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/archive/1/158966"
},
{
"trust": 0.8,
"url": "http://sourceforge.net/forum/forum.php?forum_id=60570"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/2194"
},
{
"trust": 0.8,
"url": "http://www.linuxsecurity.com/advisories/mandrake_advisory-1037.html"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/xforce/xfdb/5924"
},
{
"trust": 0.7,
"url": "http://xforce.iss.net/static/6040.php"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=98096678523370\u0026w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=98096678523370\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5992.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5926.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5940.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6033.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5916.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6038.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5997.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6026.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5928.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5977.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6013.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5991.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5938.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5969.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5957.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5909.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5948.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6005.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5954.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5933.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5955.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6035.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5990.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5907.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5994.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5983.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5911.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6006.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5908.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5922.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5903.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6027.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5965.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5899.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5980.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5934.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5919.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5931.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5962.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5976.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6003.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5998.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5920.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5966.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5946.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5915.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5986.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5923.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5993.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6001.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6036.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5902.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5971.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5937.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5985.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5945.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6028.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5988.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6009.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6025.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5897.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5952.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5953.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6039.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5978.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5901.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5906.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5974.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6008.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5935.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5944.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5918.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6034.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5925.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6014.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5912.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5924.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5989.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6019.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5921.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5904.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5972.ph"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5900.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5898.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5973.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5832.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5975.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5913.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5905.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6015.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6016.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/maillists/index.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5996.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5981.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6012.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/alerts/advisennn.php."
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5995.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5947.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5896.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5910.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5917.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6017.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6032.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5979.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6004.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/sensitive.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5984.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5939.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5914.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5956.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5941.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6011.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6031.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6018.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6002.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5927.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6020.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5982.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5987.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6030.php"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#850440"
},
{
"db": "CERT/CC",
"id": "VU#987632"
},
{
"db": "CERT/CC",
"id": "VU#342768"
},
{
"db": "VULHUB",
"id": "VHN-3020"
},
{
"db": "PACKETSTORM",
"id": "24294"
},
{
"db": "NVD",
"id": "CVE-2001-0198"
},
{
"db": "CNNVD",
"id": "CNNVD-200105-020"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#850440"
},
{
"db": "CERT/CC",
"id": "VU#987632"
},
{
"db": "CERT/CC",
"id": "VU#342768"
},
{
"db": "VULHUB",
"id": "VHN-3020"
},
{
"db": "BID",
"id": "2194"
},
{
"db": "BID",
"id": "2222"
},
{
"db": "BID",
"id": "2328"
},
{
"db": "PACKETSTORM",
"id": "24294"
},
{
"db": "NVD",
"id": "CVE-2001-0198"
},
{
"db": "CNNVD",
"id": "CNNVD-200105-020"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-06-13T00:00:00",
"db": "CERT/CC",
"id": "VU#850440"
},
{
"date": "2001-05-05T00:00:00",
"db": "CERT/CC",
"id": "VU#987632"
},
{
"date": "2001-10-01T00:00:00",
"db": "CERT/CC",
"id": "VU#342768"
},
{
"date": "2001-05-03T00:00:00",
"db": "VULHUB",
"id": "VHN-3020"
},
{
"date": "2001-01-10T00:00:00",
"db": "BID",
"id": "2194"
},
{
"date": "2001-01-16T00:00:00",
"db": "BID",
"id": "2222"
},
{
"date": "2001-01-31T00:00:00",
"db": "BID",
"id": "2328"
},
{
"date": "2001-02-14T07:13:47",
"db": "PACKETSTORM",
"id": "24294"
},
{
"date": "2001-05-03T04:00:00",
"db": "NVD",
"id": "CVE-2001-0198"
},
{
"date": "2001-05-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200105-020"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-10-25T00:00:00",
"db": "CERT/CC",
"id": "VU#850440"
},
{
"date": "2001-06-25T00:00:00",
"db": "CERT/CC",
"id": "VU#987632"
},
{
"date": "2004-07-28T00:00:00",
"db": "CERT/CC",
"id": "VU#342768"
},
{
"date": "2017-12-19T00:00:00",
"db": "VULHUB",
"id": "VHN-3020"
},
{
"date": "2001-01-10T00:00:00",
"db": "BID",
"id": "2194"
},
{
"date": "2001-01-16T00:00:00",
"db": "BID",
"id": "2222"
},
{
"date": "2009-07-11T04:46:00",
"db": "BID",
"id": "2328"
},
{
"date": "2017-12-19T02:29:18.033000",
"db": "NVD",
"id": "CVE-2001-0198"
},
{
"date": "2006-06-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200105-020"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "24294"
},
{
"db": "CNNVD",
"id": "CNNVD-200105-020"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SSH1 may generate weak passphrase when using Secure RPC",
"sources": [
{
"db": "CERT/CC",
"id": "VU#850440"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200105-020"
}
],
"trust": 0.6
}
}
VAR-200412-1185
Vulnerability from variot - Updated: 2023-12-18 11:31Cross-site scripting (XSS) vulnerability in the web management interface in Edimax AR-6004 ADSL Routers allows remote attackers to inject arbitrary web script or HTML via the URL. The secure-RPC feature of the SSH1 client in Solaris sometimes encrypts the SSH private key file with a weak passphrase, which can be determined by an attacker and used to recover the SSH private keys. Other versions of the SSH client running on non-Solaris platforms are not affected by this vulnerability. NewsDaemon prior to version 0.21b contains a vulnerability allowing remote attackers to gain administrative access to the web site. getty_ps is an open-source software package designed to support logons to the console and terminals. Some implementations create temporary files insecurely with predictable names, leading to corruption of arbitrary files via symbolic link attack. An attacker could exploit this issue by enticing a victim user to follow a malicious link to a site hosting the software that contains embedded HTML and script code. The embedded code may be rendered in the web browser of the victim user. This could potentially be exploited to steal cookie-based authentication credentials from legitimate users. Other attacks are also possible. getty_ps is an open source, freely available, publicly maintained software package shipped with many distributions of Linux. A problem in the getty_ps software package could make it vulnerable to a symbolic link attack. The problem occurs in the creation and handling of files in the /tmp directory by the getty_ps program. Under certain circumstances, getty_ps will create files in the /tmp filesystem in an insecure manner. The program uses a naming scheme that could make it possible to guess the filename of future files in the /tmp directory, and does not check for the existance of the file before attempting to create it. A malicious user could use this vulnerability to overwrite or append to and corrupt system files. SSH is a package designed to encrypt traffic between two end points using the IETF specified SSH protocol. The SSH1 package is distributed and maintained by SSH Communications Security. A problem exists which could allow the discovery of the secret key used to encrypt traffic on the local host. When using SUN-DES-1 to share keys with other hosts on the network to facilitate secure communication via protocols such as NFS and NIS+, the keys are shared between hosts using the private key of the user and a cryptographic algorithm to secure the contents of the key, which is stored on the NIS+ primary. The problem occurs when the key is encrypted with the SUN-DES-1 magic phrase prior to having done a keylogin (the keyserv does not have the users DH private key). A design flaw in the software that shares the key with the NIS+ master will inconsistently return the correct value for an attempted keyshare that has failed. A step in the private key encryption process is skipped, and the users private key is then encrypted only with the public key of the target server and the SUN-DES-1 magic phrase, a phrase that is guessable due to the way it is generated. A user from the same host can then execute a function that returns another users magic phrase, and use this to decrypt the private key of the victim. This makes it possible for a user with malicious intent to gain knowledge of a users secret key, and decrypt sensitive traffic between two hosts, with the possibility of gaining access and elevated privileges on the hosts and/or NIS+ domain. This reportedly affects the SSH2 series of the software package. TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to majordomo@iss.net Contact alert-owner@iss.net for help with any problems!
-----BEGIN PGP SIGNED MESSAGE-----
Internet Security Systems Security Alert Summary February 6, 2001 Volume 6 Number 3
X-Force Vulnerability and Threat Database: http://xforce.iss.net/ To receive these Alert Summaries as well as other Alerts and Advisories, subscribe to the Internet Security Systems Alert mailing list at: http://xforce.iss.net/maillists/index.php
Contents
120 Reported Vulnerabilities
Risk Factor Key
Date Reported: 1/31/01 Vulnerability: win2k-rdp-dos Platforms Affected: Windows 2000 Risk Factor: Medium Attack Type: Network Based Brief Description: Windows 2000 Server RDP denial of service X-Force URL: http://xforce.iss.net/static/6035.php
Date Reported: 1/31/01 Vulnerability: cisco-ccs-file-access Platforms Affected: Cisco Content Services Switch Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Cisco CCS command line interface could allow read access to files and directories X-Force URL: http://xforce.iss.net/static/6031.php
Date Reported: 1/31/01 Vulnerability: quicktime-embedded-tag-bo Platforms Affected: Quicktime 4.1.2 Risk Factor: High Attack Type: Host Based Brief Description: QuickTime Player EMBED tag buffer overflow X-Force URL: http://xforce.iss.net/static/6040.php
Date Reported: 1/31/01 Vulnerability: solaris-ximp40-bo Platforms Affected: Solaris (7, 8) Risk Factor: High Attack Type: Host Based Brief Description: Solaris "ximp40" shared library buffer overflow X-Force URL: http://xforce.iss.net/static/6039.php
Date Reported: 1/31/01 Vulnerability: cisco-ccs-cli-dos Platforms Affected: Cisco Content Services Switch Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Cisco CCS command line interface denial of service X-Force URL: http://xforce.iss.net/static/6030.php
Date Reported: 1/30/01 Vulnerability: slimserve-httpd-dos Platforms Affected: SlimServe 1.0 Risk Factor: Medium Attack Type: Network Based Brief Description: SlimServe HTTPd denial of service X-Force URL: http://xforce.iss.net/static/6028.php
Date Reported: 1/30/01 Vulnerability: crazywwwboard-qdecoder-bo Platforms Affected: CrazyWWWBoard prior to 2000LEp5-1 Risk Factor: Medium Attack Type: Network Based Brief Description: CrazyWWWBoard qDecoder buffer overflow X-Force URL: http://xforce.iss.net/static/6033.php
Date Reported: 1/30/01 Vulnerability: virusbuster-mua-bo Platforms Affected: Risk Factor: Medium Attack Type: Network Based Brief Description: Virus Buster 2001 Mail User Agent (MUA) buffer overflow X-Force URL: http://xforce.iss.net/static/6034.php
Date Reported: 1/29/01 Vulnerability: iis-isapi-obtain-code Platforms Affected: IIS (4.0, 5.0) Risk Factor: Low Attack Type: Network/Host Based Brief Description: IIS allows remote attacker to obtain code fragments using .htr ISAPI extensions X-Force URL: http://xforce.iss.net/static/6032.php
Date Reported: 1/29/01 Vulnerability: bind-inverse-query-disclosure Platforms Affected: Bind (4.x, 8.2.x) Risk Factor: Medium Attack Type: Network Based Brief Description: BIND 4.x and 8.2.x exposes environment variables X-Force URL: http://xforce.iss.net/static/6018.php
Date Reported: 1/29/01 Vulnerability: hp-man-dos Platforms Affected: HPUX Risk Factor: Medium Attack Type: Host Based Brief Description: HP man command denial of service X-Force URL: http://xforce.iss.net/static/6014.php
Date Reported: 1/29/01 Vulnerability: sort-temp-file-abort Platforms Affected: FreeBSD Risk Factor: Medium Attack Type: Host Based Brief Description: Sort temporary files denial of service X-Force URL: http://xforce.iss.net/static/6038.php
Date Reported: 1/29/01 Vulnerability: bind-complain-format-string Platforms Affected: BIND 4.x Risk Factor: Medium Attack Type: Network Based Brief Description: BIND 4.x nslookupComplain() format string X-Force URL: http://xforce.iss.net/static/6017.php
Date Reported: 1/29/01 Vulnerability: bind-complain-bo Platforms Affected: BIND 4.x Risk Factor: Medium Attack Type: Network Based Brief Description: BIND 4.x nslookupComplain() buffer overflow X-Force URL: http://xforce.iss.net/static/6016.php
Date Reported: 1/29/01 Vulnerability: winvnc-client-bo Platforms Affected: WinVNC Risk Factor: High Attack Type: Network Based Brief Description: WinVNC client buffer overflow X-Force URL: http://xforce.iss.net/static/6025.php
Date Reported: 1/29/01 Vulnerability: winvnc-server-bo Platforms Affected: WinVNC Risk Factor: High Attack Type: Network Based Brief Description: WinVNC server buffer overflow X-Force URL: http://xforce.iss.net/static/6026.php
Date Reported: 1/29/01 Vulnerability: guestserver-cgi-execute-commands Platforms Affected: Guestserver 4.12 and earlier Risk Factor: High Attack Type: Network Based Brief Description: Guestserver.cgi allows remote command execution X-Force URL: http://xforce.iss.net/static/6027.php
Date Reported: 1/29/01 Vulnerability: bind-tsig-bo Platforms Affected: BIND 8.2.x Risk Factor: Unauthorized Access Attempt Attack Type: Network/Host Based Brief Description: BIND 8.2.x transaction signature (TSIG) buffer overflow X-Force URL: http://xforce.iss.net/static/6015.php
Date Reported: 1/28/01 Vulnerability: hyperseek-cgi-reveal-info Platforms Affected: Hyperseek Search Engine 2000 Risk Factor: Medium Attack Type: Network Based Brief Description: Hyperseek CGI could reveal listings of directories and files X-Force URL: http://xforce.iss.net/static/6012.php
Date Reported: 1/26/01 Vulnerability: newsdaemon-gain-admin-access Platforms Affected: NewsDaemon prior to 0.21b Risk Factor: High Attack Type: Network Based Brief Description: NewsDaemon allows remote users to gain administrative access X-Force URL: http://xforce.iss.net/static/6010.php
Date Reported: 1/26/01 Vulnerability: mars-nwe-format-string Platforms Affected: Mars_nwe 0.99.pl19 Risk Factor: High Attack Type: Network Based Brief Description: Mars_nwe format string X-Force URL: http://xforce.iss.net/static/6019.php
Date Reported: 1/26/01 Vulnerability: mars-nwe-format-string Platforms Affected: Mars_nwe 0.99.pl19 Risk Factor: High Attack Type: Network Based Brief Description: Mars_nwe format string X-Force URL: http://xforce.iss.net/static/6019.php
Date Reported: 1/25/01 Vulnerability: planetintra-pi-bo Platforms Affected: Planet Intra LAN Intranet 2.5 Risk Factor: High Attack Type: Network Based Brief Description: Planet Intra 'pi' binary buffer oveflow X-Force URL: http://xforce.iss.net/static/6002.php
Date Reported: 1/25/01 Vulnerability: borderware-ping-dos Platforms Affected: BorderWare Firewall Server 6.1.2 Risk Factor: High Attack Type: Network Based Brief Description: BorderWare ping denial of service X-Force URL: http://xforce.iss.net/static/6004.php
Date Reported: 1/25/01 Vulnerability: aol-malformed-url-dos Platforms Affected: AOL 5.0 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: AOL malformed URL denial of service X-Force URL: http://xforce.iss.net/static/6009.php
Date Reported: 1/25/01 Vulnerability: mirc-bypass-password Platforms Affected: mIRC Risk Factor: High Attack Type: Host Based Brief Description: mIRC allows malicious user to bypass password X-Force URL: http://xforce.iss.net/static/6013.php
Date Reported: 1/25/01 Vulnerability: netscape-enterprise-revlog-dos Platforms Affected: Netscape Enterprise Server Risk Factor: Medium Attack Type: Network Based Brief Description: Netscape Enterprise Server REVLOG denial of service X-Force URL: http://xforce.iss.net/static/6003.php
Date Reported: 1/24/01 Vulnerability: aim-execute-code Platforms Affected: AOL Instant Messenger 4.1 and later Risk Factor: High Attack Type: Host Based Brief Description: AOL Instant Messenger execution of code in modified images X-Force URL: http://xforce.iss.net/static/6005.php
Date Reported: 1/24/01 Vulnerability: netscape-enterprise-list-directories Platforms Affected: Netscape Enterprise Server (3.0, 4.0) Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Netscape Enterprise Server allows remote directory listing X-Force URL: http://xforce.iss.net/static/5997.php
Date Reported: 1/24/01 Vulnerability: winnt-mutex-dos Platforms Affected: Windows NT 4.0 Risk Factor: Medium Attack Type: Host Based Brief Description: Windows NT mutex denial of service X-Force URL: http://xforce.iss.net/static/6006.php
Date Reported: 1/24/01 Vulnerability: jrun-webinf-file-retrieval Platforms Affected: JRun Risk Factor: Medium Attack Type: Network/Host Based Brief Description: JRun malformed URL file retrieval X-Force URL: http://xforce.iss.net/static/6008.php
Date Reported: 1/23/01 Vulnerability: ipfw-bypass-firewall Platforms Affected: FreeBSD (3.x, 4.x) Risk Factor: High Attack Type: Network Based Brief Description: ipfw/ip6fw allows remote attacker to bypass firewall X-Force URL: http://xforce.iss.net/static/5998.php
Date Reported: 1/23/01 Vulnerability: netopia-telnet-dos Platforms Affected: Netopia R-series router Risk Factor: Medium Attack Type: Network Based Brief Description: Netopia R9100 allows remote user to crash the router using telnet X-Force URL: http://xforce.iss.net/static/6001.php
Date Reported: 1/23/01 Vulnerability: wuftp-debug-format-string Platforms Affected: Wu-ftpd Risk Factor: High Attack Type: Network Based Brief Description: Wu-ftpd debug mode format string X-Force URL: http://xforce.iss.net/static/6020.php
Date Reported: 1/23/01 Vulnerability: kde2-kdesu-retrieve-passwords Platforms Affected: Linux: Caldera eDesktop 2.4 Risk Factor: High Attack Type: Host Based Brief Description: KDE2 kdesu program allows users to retrieve passwords X-Force URL: http://xforce.iss.net/static/5995.php
Date Reported: 1/23/01 Vulnerability: easycom-safecom-url-bo Platforms Affected: Easycom/Safecom firmware 404.590 Risk Factor: Medium Attack Type: Network Based Brief Description: Easycom/Safecom print server long URL buffer overflow X-Force URL: http://xforce.iss.net/static/5988.php
Date Reported: 1/23/01 Vulnerability: easycom-safecom-printguide-dos Platforms Affected: Easycom/Safecom firmware 404.590 Risk Factor: Medium Attack Type: Network Based Brief Description: Easycom/Safecom PrintGuide denial of service X-Force URL: http://xforce.iss.net/static/5989.php
Date Reported: 1/23/01 Vulnerability: easycom-safecom-ftp-dos Platforms Affected: Easycom/Safecom firmware 404.590 Risk Factor: Medium Attack Type: Network Based Brief Description: Easycom/Safecom FTP denial of service X-Force URL: http://xforce.iss.net/static/5990.php
Date Reported: 1/23/01 Vulnerability: vnc-weak-authentication Platforms Affected: VNC 3.3.3 and earlier Risk Factor: Medium Attack Type: Network Based Brief Description: VNC weak authentication could allow unauthorized access X-Force URL: http://xforce.iss.net/static/5992.php
Date Reported: 1/23/01 Vulnerability: lotus-domino-smtp-bo Platforms Affected: Lotus Domino 5.0 Risk Factor: High Attack Type: Network/Host Based Brief Description: Lotus Domino SMTP Server policy feature buffer overflow X-Force URL: http://xforce.iss.net/static/5993.php
Date Reported: 1/23/01 Vulnerability: linux-sash-shadow-readable Platforms Affected: sash prior to 3.4-4 Risk Factor: High Attack Type: Host Based Brief Description: Linux sash /etc/shadow directory world-readable X-Force URL: http://xforce.iss.net/static/5994.php
Date Reported: 1/22/01 Vulnerability: powerpoint-execute-code Platforms Affected: Microsoft PowerPoint 2000 Risk Factor: High Attack Type: Host Based Brief Description: PowerPoint could allow code execution on another user's computer X-Force URL: http://xforce.iss.net/static/5996.php
Date Reported: 1/22/01 Vulnerability: icecast-format-string Platforms Affected: Icecast 1.3.8beta2 and prior Risk Factor: High Attack Type: Network/Host Based Brief Description: Icecast format string could allow arbitrary code execution X-Force URL: http://xforce.iss.net/static/5978.php
Date Reported: 1/22/01 Vulnerability: oracle-handlers-directory-traversal Platforms Affected: Oracle 8.1.7 Risk Factor: High Attack Type: Network Based Brief Description: Oracle JSP/SQLJP handlers directory traversal X-Force URL: http://xforce.iss.net/static/5986.php
Date Reported: 1/22/01 Vulnerability: oracle-handlers-execute-jsp Platforms Affected: Oracle 8.1.7 Risk Factor: High Attack Type: Network Based Brief Description: Oracle JSP/SQLJP handlers allows remote attacker to execute .jsp files X-Force URL: http://xforce.iss.net/static/5987.php
Date Reported: 1/22/01 Vulnerability: netscape-enterprise-dot-dos Platforms Affected: Netscape Enterprise Server 4.1 SP5 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Netscape Enterprise Server "/../" denial of service X-Force URL: http://xforce.iss.net/static/5983.php
Date Reported: 1/22/01 Vulnerability: goodtech-ftp-dos Platforms Affected: GoodTech FTP 3.0.1.2.1.0 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: GoodTech FTP server denial of service X-Force URL: http://xforce.iss.net/static/5984.php
Date Reported: 1/22/01 Vulnerability: netscape-fasttrack-cache-dos Platforms Affected: Netscape FastTrack Risk Factor: Low Attack Type: Host Based Brief Description: Netscape FastTrack Server cache denial of service X-Force URL: http://xforce.iss.net/static/5985.php
Date Reported: 1/21/01 Vulnerability: eeye-iris-dos Platforms Affected: Iris Network Analyzer 1.01beta Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Iris denial of service X-Force URL: http://xforce.iss.net/static/5981.php
Date Reported: 1/20/01 Vulnerability: watchguard-firebox-obtain-passphrase Platforms Affected: Firebox II Risk Factor: High Attack Type: Network Based Brief Description: WatchGuard Firebox allows remote user to obtain passphrase X-Force URL: http://xforce.iss.net/static/5979.php
Date Reported: 1/19/01 Vulnerability: fastream-ftp-server-dos Platforms Affected: Fastream FTP++ Simple FTP Server 2.0 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Fastream FTP denial of service X-Force URL: http://xforce.iss.net/static/5976.php
Date Reported: 1/19/01 Vulnerability: fastream-ftp-path-disclosure Platforms Affected: Fastream FTP++ Simple FTP Server 2.0 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Fastream FTP path disclosure X-Force URL: http://xforce.iss.net/static/5977.php
Date Reported: 1/19/01 Vulnerability: localweb2k-directory-traversal Platforms Affected: LocalWEB2000 HTTP Server 1.1.0 Risk Factor: Medium Attack Type: Network Based Brief Description: LocalWEB2000 directory traversal X-Force URL: http://xforce.iss.net/static/5982.php
Date Reported: 1/19/01 Vulnerability: win2k-efs-recover-data Platforms Affected: Windows 2000 Risk Factor: High Attack Type: Host Based Brief Description: Windows 2000 EFS allows local user to recover sensitive data X-Force URL: http://xforce.iss.net/static/5973.php
Date Reported: 1/19/01 Vulnerability: linux-bing-bo Platforms Affected: Linux Risk Factor: High Attack Type: Host Based Brief Description: Bing host name buffer overflow X-Force URL: http://xforce.iss.net/static/6036.php
Date Reported: 1/18/01 Vulnerability: micq-sprintf-remote-bo Platforms Affected: Matt's ICQ Clone 0.4.6 Risk Factor: High Attack Type: Network Based Brief Description: ICQ clone for Linux sprintf() remote buffer overflow X-Force URL: http://xforce.iss.net/static/5962.php
Date Reported: 1/18/01 Vulnerability: mysql-select-bo Platforms Affected: MySQL prior to 3.23.31 Risk Factor: High Attack Type: Host Based Brief Description: MySQL select buffer overflow X-Force URL: http://xforce.iss.net/static/5969.php
Date Reported: 1/18/01 Vulnerability: shoutcast-description-bo Platforms Affected: SHOUTcast DNAS 1.7.1 Risk Factor: Low Attack Type: Network/Host Based Brief Description: Shoutcast Server for Linux description buffer overflow X-Force URL: http://xforce.iss.net/static/5965.php
Date Reported: 1/17/01 Vulnerability: fw1-limited-license-dos Platforms Affected: Check Point Firewall-1 4.1 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: FireWall-1 limited-IP license denial of service X-Force URL: http://xforce.iss.net/static/5966.php
Date Reported: 1/17/01 Vulnerability: fw1-limited-license-dos Platforms Affected: Check Point Firewall-1 4.1 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: FireWall-1 limited-IP license denial of service X-Force URL: http://xforce.iss.net/static/5966.php
Date Reported: 1/17/01 Vulnerability: hp-stm-dos Platforms Affected: HPUX Risk Factor: Medium Attack Type: Host Based Brief Description: HP-UX Support Tools Manager denial of service X-Force URL: http://xforce.iss.net/static/5957.php
Date Reported: 1/17/01 Vulnerability: linux-webmin-tmpfiles Platforms Affected: OpenLinux (2.3, 2.4) Risk Factor: High Attack Type: Host Based Brief Description: Webmin use of tmpfiles could allow a local user to overwrite files X-Force URL: http://xforce.iss.net/static/6011.php
Date Reported: 1/17/01 Vulnerability: tinyproxy-remote-bo Platforms Affected: tinyproxy 1.3.2 and 1.3.3 Risk Factor: Medium Attack Type: Network Based Brief Description: Tinyproxy remote buffer overflow X-Force URL: http://xforce.iss.net/static/5954.php
Date Reported: 1/17/01 Vulnerability: postaci-sql-command-injection Platforms Affected: PostACI Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Postaci SQL command injection X-Force URL: http://xforce.iss.net/static/5972.ph p
Date Reported: 1/17/01 Vulnerability: wwwwais-cgi-dos Platforms Affected: wwwwais.c 25 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: wwwwais CGI based program denial of service X-Force URL: http://xforce.iss.net/static/5980.php
Date Reported: 1/17/01 Vulnerability: mime-header-attachment Platforms Affected: MIME 1.0 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: MIME headers could allow spoofed file attachment X-Force URL: http://xforce.iss.net/static/5991.php
Date Reported: 1/16/01 Vulnerability: ssh-rpc-private-key Platforms Affected: SSH Risk Factor: Medium Attack Type: Network/Host Based Brief Description: SSH secure-RPC could generate a passphrase that exposes a user's private key X-Force URL: http://xforce.iss.net/static/5963.php
Date Reported: 1/16/01 Vulnerability: linux-glibc-preload-overwrite Platforms Affected: Linux Risk Factor: Low Attack Type: Host Based Brief Description: Linux glibc LD_PRELOAD file overwrite X-Force URL: http://xforce.iss.net/static/5971.php
Date Reported: 1/16/01 Vulnerability: inn-tmpfile-symlink Platforms Affected: InterNet News (INN) Risk Factor: High Attack Type: Host Based Brief Description: INN tmpfile symbolic link X-Force URL: http://xforce.iss.net/static/5974.php
Date Reported: 1/15/01 Vulnerability: interscan-viruswall-insecure-password Platforms Affected: InterScan VirusWall (3.0.1, 3.6.x) Risk Factor: High Attack Type: Network Based Brief Description: InterScan VirusWall for Unix password change insecure X-Force URL: http://xforce.iss.net/static/5944.php
Date Reported: 1/15/01 Vulnerability: interscan-viruswall-weak-authentication Platforms Affected: InterScan VirusWall (3.0.1, 3.6.x) Risk Factor: Medium Attack Type: Network Based Brief Description: InterScan VirusWall for Unix uses weak authentication X-Force URL: http://xforce.iss.net/static/5946.php
Date Reported: 1/15/01 Vulnerability: ie-mshtml-dos Platforms Affected: Internet Explorer 4.0 and later Risk Factor: Medium Attack Type: Network Based Brief Description: Internet Explorer mshtml.dll denial of service X-Force URL: http://xforce.iss.net/static/5938.php
Date Reported: 1/15/01 Vulnerability: dhcp-format-string Platforms Affected: Caldera OpenLinux Desktop (2.3, 2.3.1, 2.4) Risk Factor: High Attack Type: Network Based Brief Description: Caldera DHCP format string X-Force URL: http://xforce.iss.net/static/5953.php
Date Reported: 1/15/01 Vulnerability: win-mediaplayer-arbitrary-code Platforms Affected: Windows Media Player 7.0 Risk Factor: High Attack Type: Network/Host Based Brief Description: Windows Media Player skins can be used execute arbitrary code X-Force URL: http://xforce.iss.net/static/5937.php
Date Reported: 1/15/01 Vulnerability: veritas-backupexec-dos Platforms Affected: Backup Exec 4.5 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Veritas Backup Exec denial of service X-Force URL: http://xforce.iss.net/static/5941.php
Date Reported: 1/15/01 Vulnerability: interscan-viruswall-symlink Platforms Affected: InterScan VirusWall (3.0.1, 3.6.x) Risk Factor: High Attack Type: Host Based Brief Description: InterScan VirusWall for Unix symbolic link X-Force URL: http://xforce.iss.net/static/5947.php
Date Reported: 1/15/01 Vulnerability: omnihttpd-statsconfig-corrupt-files Platforms Affected: OmniHTTPd Risk Factor: Medium Attack Type: Network Based Brief Description: OmniHTTPd statsconfig.pl corrupt any file on the system X-Force URL: http://xforce.iss.net/static/5955.php
Date Reported: 1/15/01 Vulnerability: omnihttpd-statsconfig-execute-code Platforms Affected: OmniHTTPd Risk Factor: High Attack Type: Network Based Brief Description: OmniHTTPD statsconfig.pl allows code execution X-Force URL: http://xforce.iss.net/static/5956.php
Date Reported: 1/15/01 Vulnerability: icmp-pmtu-dos Platforms Affected: Linux BSD Risk Factor: Medium Attack Type: Network Based Brief Description: ICMP PMTU denial of service X-Force URL: http://xforce.iss.net/static/5975.php
Date Reported: 1/15/01 Vulnerability: icmp-pmtu-dos Platforms Affected: Linux BSD Risk Factor: Medium Attack Type: Network Based Brief Description: ICMP PMTU denial of service X-Force URL: http://xforce.iss.net/static/5975.php
Date Reported: 1/14/01 Vulnerability: splitvt-perserc-format-string Platforms Affected: splitvt 1.6.4 and earlier Risk Factor: High Attack Type: Host Based Brief Description: Splitvt perserc.c module format string X-Force URL: http://xforce.iss.net/static/5948.php
Date Reported: 1/14/01 Vulnerability: splitvt-perserc-format-string Platforms Affected: splitvt 1.6.4 and earlier Risk Factor: High Attack Type: Host Based Brief Description: Splitvt perserc.c module format string X-Force URL: http://xforce.iss.net/static/5948.php
Date Reported: 1/14/01 Vulnerability: flash-module-bo Platforms Affected: Oliver Debon Flash plugin 0.4.9 and earlier Risk Factor: Medium Attack Type: Network Based Brief Description: Flash browser module buffer overflow X-Force URL: http://xforce.iss.net/static/5952.php
Date Reported: 1/13/01 Vulnerability: rctab-elevate-privileges Platforms Affected: Linux SuSE Risk Factor: Medium Attack Type: Host Based Brief Description: rctab in SuSE Linux could allow privilege elevation X-Force URL: http://xforce.iss.net/static/5945.php
Date Reported: 1/12/01 Vulnerability: ultraboard-cgi-perm Platforms Affected: UltraBoard 2000B Risk Factor: Medium Attack Type: Network/Host Based Brief Description: UltraBoard CGI weak permissions X-Force URL: http://xforce.iss.net/static/5931.php
Date Reported: 1/12/01 Vulnerability: compaq-web-management-bo Platforms Affected: Compaq Web-Based Management Risk Factor: High Attack Type: Network Based Brief Description: Compaq Web-Based Management program buffer overflow X-Force URL: http://xforce.iss.net/static/5935.php
Date Reported: 1/12/01 Vulnerability: php-htaccess-unauth-access Platforms Affected: PHP (4.0.0, 4.0.4) Risk Factor: Low Attack Type: Network Based Brief Description: PHP could allow unauthorized access to restricted files X-Force URL: http://xforce.iss.net/static/5940.php
Date Reported: 1/12/01 Vulnerability: basilix-webmail-retrieve-files Platforms Affected: Basilix Webmail 0.9.7beta Risk Factor: Low Attack Type: Network Based Brief Description: Basilix Webmail System allows unauthorized users to retrieve files X-Force URL: http://xforce.iss.net/static/5934.php
Date Reported: 1/12/01 Vulnerability: solaris-arp-bo Platforms Affected: Solaris Risk Factor: High Attack Type: Host Based Brief Description: Solaris arp buffer overflow X-Force URL: http://xforce.iss.net/static/5928.php
Date Reported: 1/12/01 Vulnerability: php-view-source-code Platforms Affected: PHP (4.0.0, 4.0.4) Risk Factor: Low Attack Type: Network Based Brief Description: PHP could allow remote viewing of source code X-Force URL: http://xforce.iss.net/static/5939.php
Date Reported: 1/11/01 Vulnerability: wec-ntlm-authentication Platforms Affected: Windows 2000 Microsoft Office 2000 Windows ME Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Web Extender Client (WEC) NTLM authentication X-Force URL: http://xforce.iss.net/static/5920.php
Date Reported: 1/11/01 Vulnerability: spamcop-url-seq-predict Platforms Affected: SpamCop Risk Factor: Low Attack Type: Network/Host Based Brief Description: SpamCop URL number increment sequence prediction X-Force URL: http://xforce.iss.net/static/5933.php
Date Reported: 1/10/01 Vulnerability: linux-wuftpd-privatepw-symlink Platforms Affected: Linux Risk Factor: Medium Attack Type: Host Based Brief Description: Linux wu-ftpd privatepw symbolic link X-Force URL: http://xforce.iss.net/static/5915.php
Date Reported: 1/10/01 Vulnerability: rdist-symlink Platforms Affected: rdist Risk Factor: High Attack Type: Host Based Brief Description: rdist symbolic link X-Force URL: http://xforce.iss.net/static/5925.php
Date Reported: 1/10/01 Vulnerability: squid-email-symlink Platforms Affected: squid Risk Factor: High Attack Type: Host Based Brief Description: squid email notification symbolic link X-Force URL: http://xforce.iss.net/static/5921.php
Date Reported: 1/10/01 Vulnerability: linux-diffutils-sdiff-symlimk Platforms Affected: Linux Risk Factor: Medium Attack Type: Host Based Brief Description: Linux diffutils sdiff symbolic link X-Force URL: http://xforce.iss.net/static/5914.php
Date Reported: 1/10/01 Vulnerability: tcpdump-arpwatch-symlink Platforms Affected: arpwatch Risk Factor: High Attack Type: Host Based Brief Description: tcpdump arpwatch symbolic link X-Force URL: http://xforce.iss.net/static/5922.php
Date Reported: 1/10/01 Vulnerability: linuxconf-vpop3d-symlink Platforms Affected: linuxconf Risk Factor: Medium Attack Type: Host Based Brief Description: Linuxconf vpop3d symbolic link X-Force URL: http://xforce.iss.net/static/5923.php
Date Reported: 1/10/01 Vulnerability: shadow-utils-useradd-symlink Platforms Affected: shadow-utils Risk Factor: High Attack Type: Host Based Brief Description: shadow-utils useradd symbolic link X-Force URL: http://xforce.iss.net/static/5927.php
Date Reported: 1/10/01 Vulnerability: linux-glibc-read-files Platforms Affected: Linux glibc Risk Factor: Medium Attack Type: Host Based Brief Description: Linux glibc library can allow users to read restricted files X-Force URL: http://xforce.iss.net/static/5907.php
Date Reported: 1/10/01 Vulnerability: gettyps-symlink Platforms Affected: gettyps Risk Factor: High Attack Type: Host Based Brief Description: getty_ps symbolic link X-Force URL: http://xforce.iss.net/static/5924.php
Date Reported: 1/10/01 Vulnerability: linux-gpm-symlink Platforms Affected: gpm Risk Factor: Medium Attack Type: Host Based Brief Description: Linux gpm symbolic link attack X-Force URL: http://xforce.iss.net/static/5917.php
Date Reported: 1/10/01 Vulnerability: linux-mgetty-symlink Platforms Affected: mgetty Risk Factor: Medium Attack Type: Host Based Brief Description: Linux mgetty symbolic link attack X-Force URL: http://xforce.iss.net/static/5918.php
Date Reported: 1/10/01 Vulnerability: linux-apache-symlink Platforms Affected: Apache Risk Factor: Medium Attack Type: Host Based Brief Description: Linux Apache symbolic link X-Force URL: http://xforce.iss.net/static/5926.php
Date Reported: 1/10/01 Vulnerability: linux-inn-symlink Platforms Affected: inn Risk Factor: Medium Attack Type: Host Based Brief Description: Linux INN tmp directory symbolic link X-Force URL: http://xforce.iss.net/static/5916.php
Date Reported: 1/10/01 Vulnerability: conferenceroom-developer-dos Platforms Affected: ConferenceRoom Professional Edition Risk Factor: Medium Attack Type: Network/Host Based Brief Description: ConferenceRoom Developer Edition denial of service X-Force URL: http://xforce.iss.net/static/5909.php
Date Reported: 1/9/01 Vulnerability: oracle-xsql-execute-code Platforms Affected: Oracle 8.1.7 Risk Factor: High Attack Type: Network Based Brief Description: Oracle XSQL servlet and xml-stylesheet allows code execution on server X-Force URL: http://xforce.iss.net/static/5905.php
Date Reported: 1/9/01 Vulnerability: netscreen-webui-bo Platforms Affected: NetScreen Risk Factor: Medium Attack Type: Network Based Brief Description: NetScreen Firewall WebUI buffer overflow X-Force URL: http://xforce.iss.net/static/5908.php
Date Reported: 1/9/01 Vulnerability: suse-reiserfs-long-filenames Platforms Affected: SuSE 7.0 Risk Factor: High Attack Type: Host Based Brief Description: SuSE reiserfs long file name denial of service X-Force URL: http://xforce.iss.net/static/5910.php
Date Reported: 1/9/01 Vulnerability: interbase-backdoor-account Platforms Affected: InterBase 6.01 and earlier Risk Factor: High Attack Type: Network/Host Based Brief Description: InterBase built-in backdoor account X-Force URL: http://xforce.iss.net/static/5911.php
Date Reported: 1/9/01 Vulnerability: interbase-hidden-function-dos Platforms Affected: InterBase 6.01 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: InterBase hidden function denial of service X-Force URL: http://xforce.iss.net/static/5912.php
Date Reported: 1/9/01 Vulnerability: brickserver-thttpd-dos Platforms Affected: BRICKServer Small Business Risk Factor: Medium Attack Type: Network Based Brief Description: BRICKServer thttpd denial of service X-Force URL: http://xforce.iss.net/static/5919.php
Date Reported: 1/9/01 Vulnerability: solaris-exrecover-bo Platforms Affected: Solaris (2.4, 2.5, 2.5.1, 2.6) Risk Factor: Medium Attack Type: Host Based Brief Description: Solaris exrecover buffer overflow X-Force URL: http://xforce.iss.net/static/5913.php
Date Reported: 1/9/01 Vulnerability: hp-inetd-swait-dos Platforms Affected: HPUX Risk Factor: Medium Attack Type: Host Based Brief Description: HP-UX inetd swait denial of service X-Force URL: http://xforce.iss.net/static/5904.php
Date Reported: 1/8/01 Vulnerability: microsoft-iis-read-files Platforms Affected: IIS (4.0, 5.0) Risk Factor: Medium Attack Type: Network Based Brief Description: Microsoft IIS 5.0 allows the viewing of files through malformed URL X-Force URL: http://xforce.iss.net/static/5903.php
Date Reported: 1/8/01 Vulnerability: ibm-websphere-dos Platforms Affected: IBM Websphere 3.52 IBM HTTP Server 1.3.12 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: IBM WebSphere denial of service X-Force URL: http://xforce.iss.net/static/5900.php
Date Reported: 1/8/01 Vulnerability: storagesoft-imagecast-dos Platforms Affected: ImageCast 4.1 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: StorageSoft ImageCast denial of service X-Force URL: http://xforce.iss.net/static/5901.php
Date Reported: 1/8/01 Vulnerability: nai-pgp-replace-keys Platforms Affected: PGP 7.0 Risk Factor: Medium Attack Type: Host Based Brief Description: PGP users may replace signed exported key blocks with arbitrary keys X-Force URL: http://xforce.iss.net/static/5902.php
Date Reported: 1/7/01 Vulnerability: http-cgi-bbs-forum Platforms Affected: WebBBS 1.0 Risk Factor: High Attack Type: Network Based Brief Description: bbs_forum.cgi allows remote command execution X-Force URL: http://xforce.iss.net/static/5906.php
Date Reported: 1/5/01 Vulnerability: lotus-domino-directory-traversal Platforms Affected: Lotus Domino 5.0.x Risk Factor: Medium Attack Type: Network Based Brief Description: Lotus Domino 5.0.x .nsf, .box, and .ns4 directory traversal X-Force URL: http://xforce.iss.net/static/5899.php
Date Reported: 1/5/01 Vulnerability: http-cgi-fastgraf Platforms Affected: FASTGRAF Risk Factor: High Attack Type: Network Based Brief Description: Fastgraf CGI scripts allow remote command execution X-Force URL: http://xforce.iss.net/static/5897.php
Date Reported: 1/4/01 Vulnerability: newsdesk-cgi-read-files Platforms Affected: Newsdesk 1.2 Risk Factor: High Attack Type: Network Based Brief Description: Newsdesk.cgi allows read access to files X-Force URL: http://xforce.iss.net/static/5898.php
Date Reported: 1/1/01 Vulnerability: gtk-module-execute-code Platforms Affected: GTK+ 1.2.8 and earlier Risk Factor: High Attack Type: Host Based Brief Description: GTK+ arbitrary code execution using custom loadable module X-Force URL: http://xforce.iss.net/static/5832.php
Date Reported: 1/1/01 Vulnerability: linux-tty-writable-dos Platforms Affected: Linux Risk Factor: Medium Attack Type: Host Based Brief Description: Linux writable TTY denial of service X-Force URL: http://xforce.iss.net/static/5896.php
Risk Factor Key:
High Any vulnerability that provides an attacker with immediate
access into a machine, gains superuser access, or bypasses
a firewall. Example: A vulnerable Sendmail 8.6.5 version
that allows an intruder to execute commands on mail
server.
Medium Any vulnerability that provides information that has a
high potential of giving system access to an intruder.
Example: A misconfigured TFTP or vulnerable NIS server
that allows an intruder to get the password file that
could contain an account with a guessable password.
Low Any vulnerability that provides information that
potentially could lead to a compromise. Example: A
finger that allows an intruder to find out who is online
and potential accounts to attempt to crack passwords
via brute force methods.
Additional Information
This document is available at http://xforce.iss.net/alerts/advisennn.php. To receive these Alerts and Advisories: - - Subscribe to the Alert mailing list from http://xforce.iss.net/maillists/index.php - - Or send an email to majordomo@iss.net, and within the body of the message type: 'subscribe alert' (without the quotes).
About Internet Security Systems (ISS) Internet Security Systems, Inc. (ISS) (NASDAQ: ISSX) is the leading global provider of security management solutions for the Internet. By combining best of breed products, security management services, aggressive research and development, and comprehensive educational and consulting services, ISS is the trusted security advisor for thousands of organizations around the world looking to protect their mission critical information and networks.
Copyright (c) 2001 by Internet Security Systems, Inc.
Permission is hereby granted for the redistribution of this Alert electronically. It is not to be edited in any way without express consent of the X-Force. If you wish to reprint the whole or any part of this Alert in any other medium excluding electronic medium, please e-mail xforce@iss.net for permission.
Disclaimer
The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk.
X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as well as on MIT's PGP key server and PGP.com's key server.
Please send suggestions, updates, and comments to: X-Force xforce@iss.net of Internet Security Systems, Inc.
-----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: noconv
iQCVAwUBOogB2jRfJiV99eG9AQESogP9HsIDfUmYkJuWUmNqPhb22a6CVpi/TiG9 7mvhdGc3ySS6LqrvTZgXrBzAcxFlHrdTSmNka8yGiLvYAb0lnghFRZ2OxxRfK11m AV9VS9/Yty/Qk8BnA/7tx4DIcM4Nhry1kTqTbDkpbcfXOb2LI2WUGnMHF/xkc1ge 3mV5zJXCUM4= =ClrQ -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200412-1185",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "full rate adsl router",
"scope": "eq",
"trust": 1.6,
"vendor": "edimax",
"version": "ar_6004"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ssh security",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sun",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "daemonnews",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "immunix",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mandrakesoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "getty ps",
"version": null
},
{
"model": "ar-6004",
"scope": null,
"trust": 0.3,
"vendor": "edimax",
"version": null
},
{
"model": "immunix os -beta",
"scope": "eq",
"trust": 0.3,
"vendor": "wirex",
"version": "7.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "7.2"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "7.1"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "7.0"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "6.1"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "6.0"
},
{
"model": "communications security ssh",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "1.2.30"
},
{
"model": "communications security ssh",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "1.2.29"
},
{
"model": "communications security ssh",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "1.2.28"
},
{
"model": "communications security ssh",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "1.2.27"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#850440"
},
{
"db": "CERT/CC",
"id": "VU#987632"
},
{
"db": "CERT/CC",
"id": "VU#342768"
},
{
"db": "BID",
"id": "9374"
},
{
"db": "BID",
"id": "2194"
},
{
"db": "BID",
"id": "2222"
},
{
"db": "NVD",
"id": "CVE-2004-1790"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-714"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:edimax:full_rate_adsl_router:ar_6004:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-1790"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovery is credited to Rafel Ivgi.",
"sources": [
{
"db": "BID",
"id": "9374"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-714"
}
],
"trust": 0.9
},
"cve": "CVE-2004-1790",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-10220",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2004-1790",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#850440",
"trust": 0.8,
"value": "1.89"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#987632",
"trust": 0.8,
"value": "3.19"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#342768",
"trust": 0.8,
"value": "5.63"
},
{
"author": "CNNVD",
"id": "CNNVD-200412-714",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-10220",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#850440"
},
{
"db": "CERT/CC",
"id": "VU#987632"
},
{
"db": "CERT/CC",
"id": "VU#342768"
},
{
"db": "VULHUB",
"id": "VHN-10220"
},
{
"db": "NVD",
"id": "CVE-2004-1790"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-714"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in the web management interface in Edimax AR-6004 ADSL Routers allows remote attackers to inject arbitrary web script or HTML via the URL. The secure-RPC feature of the SSH1 client in Solaris sometimes encrypts the SSH private key file with a weak passphrase, which can be determined by an attacker and used to recover the SSH private keys. Other versions of the SSH client running on non-Solaris platforms are not affected by this vulnerability. NewsDaemon prior to version 0.21b contains a vulnerability allowing remote attackers to gain administrative access to the web site. getty_ps is an open-source software package designed to support logons to the console and terminals. Some implementations create temporary files insecurely with predictable names, leading to corruption of arbitrary files via symbolic link attack. An attacker could exploit this issue by enticing a victim user to follow a malicious link to a site hosting the software that contains embedded HTML and script code. The embedded code may be rendered in the web browser of the victim user. \nThis could potentially be exploited to steal cookie-based authentication credentials from legitimate users. Other attacks are also possible. getty_ps is an open source, freely available, publicly maintained software package shipped with many distributions of Linux. \nA problem in the getty_ps software package could make it vulnerable to a symbolic link attack. The problem occurs in the creation and handling of files in the /tmp directory by the getty_ps program. Under certain circumstances, getty_ps will create files in the /tmp filesystem in an insecure manner. The program uses a naming scheme that could make it possible to guess the filename of future files in the /tmp directory, and does not check for the existance of the file before attempting to create it. A malicious user could use this vulnerability to overwrite or append to and corrupt system files. SSH is a package designed to encrypt traffic between two end points using the IETF specified SSH protocol. The SSH1 package is distributed and maintained by SSH Communications Security. \nA problem exists which could allow the discovery of the secret key used to encrypt traffic on the local host. When using SUN-DES-1 to share keys with other hosts on the network to facilitate secure communication via protocols such as NFS and NIS+, the keys are shared between hosts using the private key of the user and a cryptographic algorithm to secure the contents of the key, which is stored on the NIS+ primary. The problem occurs when the key is encrypted with the SUN-DES-1 magic phrase prior to having done a keylogin (the keyserv does not have the users DH private key). A design flaw in the software that shares the key with the NIS+ master will inconsistently return the correct value for an attempted keyshare that has failed. A step in the private key encryption process is skipped, and the users private key is then encrypted only with the public key of the target server and the SUN-DES-1 magic phrase, a phrase that is guessable due to the way it is generated. A user from the same host can then execute a function that returns another users magic phrase, and use this to decrypt the private key of the victim. This makes it possible for a user with malicious intent to gain knowledge of a users secret key, and decrypt sensitive traffic between two hosts, with the possibility of gaining access and elevated privileges on the hosts and/or NIS+ domain. This reportedly affects the SSH2 series of the software package. \nTO UNSUBSCRIBE: email \"unsubscribe alert\" in the body of your message to\nmajordomo@iss.net Contact alert-owner@iss.net for help with any problems!\n---------------------------------------------------------------------------\n\n-----BEGIN PGP SIGNED MESSAGE-----\n\nInternet Security Systems Security Alert Summary\nFebruary 6, 2001\nVolume 6 Number 3\n\nX-Force Vulnerability and Threat Database: http://xforce.iss.net/ To\nreceive these Alert Summaries as well as other Alerts and Advisories,\nsubscribe to the Internet Security Systems Alert mailing list at:\nhttp://xforce.iss.net/maillists/index.php\n\n_____\n\nContents\n\n120 Reported Vulnerabilities\n\nRisk Factor Key\n\n_____\n\nDate Reported: 1/31/01\nVulnerability: win2k-rdp-dos\nPlatforms Affected: Windows 2000\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Windows 2000 Server RDP denial of service\nX-Force URL: http://xforce.iss.net/static/6035.php\n\n_____\n\nDate Reported: 1/31/01\nVulnerability: cisco-ccs-file-access\nPlatforms Affected: Cisco Content Services Switch\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Cisco CCS command line interface could allow read access to files and directories\nX-Force URL: http://xforce.iss.net/static/6031.php\n\n_____\n\nDate Reported: 1/31/01\nVulnerability: quicktime-embedded-tag-bo\nPlatforms Affected: Quicktime 4.1.2\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: QuickTime Player EMBED tag buffer overflow\nX-Force URL: http://xforce.iss.net/static/6040.php\n\n_____\n\nDate Reported: 1/31/01\nVulnerability: solaris-ximp40-bo\nPlatforms Affected: Solaris (7, 8)\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: Solaris \"ximp40\" shared library buffer overflow\nX-Force URL: http://xforce.iss.net/static/6039.php\n\n_____\n\nDate Reported: 1/31/01\nVulnerability: cisco-ccs-cli-dos\nPlatforms Affected: Cisco Content Services Switch\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Cisco CCS command line interface denial of service\nX-Force URL: http://xforce.iss.net/static/6030.php\n\n_____\n\nDate Reported: 1/30/01\nVulnerability: slimserve-httpd-dos\nPlatforms Affected: SlimServe 1.0\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: SlimServe HTTPd denial of service\nX-Force URL: http://xforce.iss.net/static/6028.php\n\n_____\n\nDate Reported: 1/30/01\nVulnerability: crazywwwboard-qdecoder-bo\nPlatforms Affected: CrazyWWWBoard prior to 2000LEp5-1\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: CrazyWWWBoard qDecoder buffer overflow\nX-Force URL: http://xforce.iss.net/static/6033.php\n\n_____\n\nDate Reported: 1/30/01\nVulnerability: virusbuster-mua-bo\nPlatforms Affected:\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Virus Buster 2001 Mail User Agent (MUA) buffer overflow\nX-Force URL: http://xforce.iss.net/static/6034.php\n\n_____\n\nDate Reported: 1/29/01\nVulnerability: iis-isapi-obtain-code\nPlatforms Affected: IIS (4.0, 5.0)\nRisk Factor: Low\nAttack Type: Network/Host Based\nBrief Description: IIS allows remote attacker to obtain code fragments using .htr ISAPI extensions\nX-Force URL: http://xforce.iss.net/static/6032.php\n\n_____\n\nDate Reported: 1/29/01\nVulnerability: bind-inverse-query-disclosure\nPlatforms Affected: Bind (4.x, 8.2.x)\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: BIND 4.x and 8.2.x exposes environment variables\nX-Force URL: http://xforce.iss.net/static/6018.php\n\n_____\n\nDate Reported: 1/29/01\nVulnerability: hp-man-dos\nPlatforms Affected: HPUX\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: HP man command denial of service\nX-Force URL: http://xforce.iss.net/static/6014.php\n\n_____\n\nDate Reported: 1/29/01\nVulnerability: sort-temp-file-abort\nPlatforms Affected: FreeBSD\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Sort temporary files denial of service\nX-Force URL: http://xforce.iss.net/static/6038.php\n\n_____\n\nDate Reported: 1/29/01\nVulnerability: bind-complain-format-string\nPlatforms Affected: BIND 4.x\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: BIND 4.x nslookupComplain() format string\nX-Force URL: http://xforce.iss.net/static/6017.php\n\n_____\n\nDate Reported: 1/29/01\nVulnerability: bind-complain-bo\nPlatforms Affected: BIND 4.x\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: BIND 4.x nslookupComplain() buffer overflow\nX-Force URL: http://xforce.iss.net/static/6016.php\n\n_____\n\nDate Reported: 1/29/01\nVulnerability: winvnc-client-bo\nPlatforms Affected: WinVNC\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: WinVNC client buffer overflow\nX-Force URL: http://xforce.iss.net/static/6025.php\n\n_____\n\nDate Reported: 1/29/01\nVulnerability: winvnc-server-bo\nPlatforms Affected: WinVNC\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: WinVNC server buffer overflow\nX-Force URL: http://xforce.iss.net/static/6026.php\n\n_____\n\nDate Reported: 1/29/01\nVulnerability: guestserver-cgi-execute-commands\nPlatforms Affected: Guestserver 4.12 and earlier\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Guestserver.cgi allows remote command execution\nX-Force URL: http://xforce.iss.net/static/6027.php\n\n_____\n\nDate Reported: 1/29/01\nVulnerability: bind-tsig-bo\nPlatforms Affected: BIND 8.2.x\nRisk Factor: Unauthorized Access Attempt\nAttack Type: Network/Host Based\nBrief Description: BIND 8.2.x transaction signature (TSIG) buffer overflow\nX-Force URL: http://xforce.iss.net/static/6015.php\n\n_____\n\nDate Reported: 1/28/01\nVulnerability: hyperseek-cgi-reveal-info\nPlatforms Affected: Hyperseek Search Engine 2000\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Hyperseek CGI could reveal listings of directories and files\nX-Force URL: http://xforce.iss.net/static/6012.php\n\n_____\n\nDate Reported: 1/26/01\nVulnerability: newsdaemon-gain-admin-access\nPlatforms Affected: NewsDaemon prior to 0.21b\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: NewsDaemon allows remote users to gain administrative access\nX-Force URL: http://xforce.iss.net/static/6010.php\n\n_____\n\nDate Reported: 1/26/01\nVulnerability: mars-nwe-format-string\nPlatforms Affected: Mars_nwe 0.99.pl19\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Mars_nwe format string\nX-Force URL: http://xforce.iss.net/static/6019.php\n\n_____\n\nDate Reported: 1/26/01\nVulnerability: mars-nwe-format-string\nPlatforms Affected: Mars_nwe 0.99.pl19\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Mars_nwe format string\nX-Force URL: http://xforce.iss.net/static/6019.php\n\n_____\n\nDate Reported: 1/25/01\nVulnerability: planetintra-pi-bo\nPlatforms Affected: Planet Intra LAN Intranet 2.5\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Planet Intra \u0027pi\u0027 binary buffer oveflow\nX-Force URL: http://xforce.iss.net/static/6002.php\n\n_____\n\nDate Reported: 1/25/01\nVulnerability: borderware-ping-dos\nPlatforms Affected: BorderWare Firewall Server 6.1.2\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: BorderWare ping denial of service\nX-Force URL: http://xforce.iss.net/static/6004.php\n\n_____\n\nDate Reported: 1/25/01\nVulnerability: aol-malformed-url-dos\nPlatforms Affected: AOL 5.0\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: AOL malformed URL denial of service\nX-Force URL: http://xforce.iss.net/static/6009.php\n\n_____\n\nDate Reported: 1/25/01\nVulnerability: mirc-bypass-password\nPlatforms Affected: mIRC\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: mIRC allows malicious user to bypass password\nX-Force URL: http://xforce.iss.net/static/6013.php\n\n_____\n\nDate Reported: 1/25/01\nVulnerability: netscape-enterprise-revlog-dos\nPlatforms Affected: Netscape Enterprise Server\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Netscape Enterprise Server REVLOG denial of service\nX-Force URL: http://xforce.iss.net/static/6003.php\n\n_____\n\nDate Reported: 1/24/01\nVulnerability: aim-execute-code\nPlatforms Affected: AOL Instant Messenger 4.1 and later\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: AOL Instant Messenger execution of code in modified images\nX-Force URL: http://xforce.iss.net/static/6005.php\n\n_____\n\nDate Reported: 1/24/01\nVulnerability: netscape-enterprise-list-directories\nPlatforms Affected: Netscape Enterprise Server (3.0, 4.0)\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Netscape Enterprise Server allows remote directory listing\nX-Force URL: http://xforce.iss.net/static/5997.php\n\n_____\n\nDate Reported: 1/24/01\nVulnerability: winnt-mutex-dos\nPlatforms Affected: Windows NT 4.0\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Windows NT mutex denial of service\nX-Force URL: http://xforce.iss.net/static/6006.php\n\n_____\n\nDate Reported: 1/24/01\nVulnerability: jrun-webinf-file-retrieval\nPlatforms Affected: JRun\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: JRun malformed URL file retrieval\nX-Force URL: http://xforce.iss.net/static/6008.php\n\n_____\n\nDate Reported: 1/23/01\nVulnerability: ipfw-bypass-firewall\nPlatforms Affected: FreeBSD (3.x, 4.x)\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: ipfw/ip6fw allows remote attacker to bypass firewall\nX-Force URL: http://xforce.iss.net/static/5998.php\n\n_____\n\nDate Reported: 1/23/01\nVulnerability: netopia-telnet-dos\nPlatforms Affected: Netopia R-series router\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Netopia R9100 allows remote user to crash the router using telnet\nX-Force URL: http://xforce.iss.net/static/6001.php\n\n_____\n\nDate Reported: 1/23/01\nVulnerability: wuftp-debug-format-string\nPlatforms Affected: Wu-ftpd\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Wu-ftpd debug mode format string\nX-Force URL: http://xforce.iss.net/static/6020.php\n\n_____\n\nDate Reported: 1/23/01\nVulnerability: kde2-kdesu-retrieve-passwords\nPlatforms Affected: Linux: Caldera eDesktop 2.4\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: KDE2 kdesu program allows users to retrieve passwords\nX-Force URL: http://xforce.iss.net/static/5995.php\n\n_____\n\nDate Reported: 1/23/01\nVulnerability: easycom-safecom-url-bo\nPlatforms Affected: Easycom/Safecom firmware 404.590\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Easycom/Safecom print server long URL buffer overflow\nX-Force URL: http://xforce.iss.net/static/5988.php\n\n_____\n\nDate Reported: 1/23/01\nVulnerability: easycom-safecom-printguide-dos\nPlatforms Affected: Easycom/Safecom firmware 404.590\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Easycom/Safecom PrintGuide denial of service\nX-Force URL: http://xforce.iss.net/static/5989.php\n\n_____\n\nDate Reported: 1/23/01\nVulnerability: easycom-safecom-ftp-dos\nPlatforms Affected: Easycom/Safecom firmware 404.590\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Easycom/Safecom FTP denial of service\nX-Force URL: http://xforce.iss.net/static/5990.php\n\n_____\n\nDate Reported: 1/23/01\nVulnerability: vnc-weak-authentication\nPlatforms Affected: VNC 3.3.3 and earlier\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: VNC weak authentication could allow unauthorized access\nX-Force URL: http://xforce.iss.net/static/5992.php\n\n_____\n\nDate Reported: 1/23/01\nVulnerability: lotus-domino-smtp-bo\nPlatforms Affected: Lotus Domino 5.0\nRisk Factor: High\nAttack Type: Network/Host Based\nBrief Description: Lotus Domino SMTP Server policy feature buffer overflow\nX-Force URL: http://xforce.iss.net/static/5993.php\n\n_____\n\nDate Reported: 1/23/01\nVulnerability: linux-sash-shadow-readable\nPlatforms Affected: sash prior to 3.4-4\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: Linux sash /etc/shadow directory world-readable\nX-Force URL: http://xforce.iss.net/static/5994.php\n\n_____\n\nDate Reported: 1/22/01\nVulnerability: powerpoint-execute-code\nPlatforms Affected: Microsoft PowerPoint 2000\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: PowerPoint could allow code execution on another user\u0027s computer\nX-Force URL: http://xforce.iss.net/static/5996.php\n\n_____\n\nDate Reported: 1/22/01\nVulnerability: icecast-format-string\nPlatforms Affected: Icecast 1.3.8beta2 and prior\nRisk Factor: High\nAttack Type: Network/Host Based\nBrief Description: Icecast format string could allow arbitrary code execution\nX-Force URL: http://xforce.iss.net/static/5978.php\n\n_____\n\nDate Reported: 1/22/01\nVulnerability: oracle-handlers-directory-traversal\nPlatforms Affected: Oracle 8.1.7\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Oracle JSP/SQLJP handlers directory traversal\nX-Force URL: http://xforce.iss.net/static/5986.php\n\n_____\n\nDate Reported: 1/22/01\nVulnerability: oracle-handlers-execute-jsp\nPlatforms Affected: Oracle 8.1.7\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Oracle JSP/SQLJP handlers allows remote attacker to execute .jsp files\nX-Force URL: http://xforce.iss.net/static/5987.php\n\n_____\n\nDate Reported: 1/22/01\nVulnerability: netscape-enterprise-dot-dos\nPlatforms Affected: Netscape Enterprise Server 4.1 SP5\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Netscape Enterprise Server \"/../\" denial of service\nX-Force URL: http://xforce.iss.net/static/5983.php\n\n_____\n\nDate Reported: 1/22/01\nVulnerability: goodtech-ftp-dos\nPlatforms Affected: GoodTech FTP 3.0.1.2.1.0\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: GoodTech FTP server denial of service\nX-Force URL: http://xforce.iss.net/static/5984.php\n\n_____\n\nDate Reported: 1/22/01\nVulnerability: netscape-fasttrack-cache-dos\nPlatforms Affected: Netscape FastTrack\nRisk Factor: Low\nAttack Type: Host Based\nBrief Description: Netscape FastTrack Server cache denial of service\nX-Force URL: http://xforce.iss.net/static/5985.php\n\n_____\n\nDate Reported: 1/21/01\nVulnerability: eeye-iris-dos\nPlatforms Affected: Iris Network Analyzer 1.01beta\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Iris denial of service\nX-Force URL: http://xforce.iss.net/static/5981.php\n\n_____\n\nDate Reported: 1/20/01\nVulnerability: watchguard-firebox-obtain-passphrase\nPlatforms Affected: Firebox II\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: WatchGuard Firebox allows remote user to obtain passphrase\nX-Force URL: http://xforce.iss.net/static/5979.php\n\n_____\n\nDate Reported: 1/19/01\nVulnerability: fastream-ftp-server-dos\nPlatforms Affected: Fastream FTP++ Simple FTP Server 2.0\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Fastream FTP denial of service\nX-Force URL: http://xforce.iss.net/static/5976.php\n\n_____\n\nDate Reported: 1/19/01\nVulnerability: fastream-ftp-path-disclosure\nPlatforms Affected: Fastream FTP++ Simple FTP Server 2.0\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Fastream FTP path disclosure\nX-Force URL: http://xforce.iss.net/static/5977.php\n\n_____\n\nDate Reported: 1/19/01\nVulnerability: localweb2k-directory-traversal\nPlatforms Affected: LocalWEB2000 HTTP Server 1.1.0\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: LocalWEB2000 directory traversal\nX-Force URL: http://xforce.iss.net/static/5982.php\n\n_____\n\nDate Reported: 1/19/01\nVulnerability: win2k-efs-recover-data\nPlatforms Affected: Windows 2000\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: Windows 2000 EFS allows local user to recover sensitive data\nX-Force URL: http://xforce.iss.net/static/5973.php\n\n_____\n\nDate Reported: 1/19/01\nVulnerability: linux-bing-bo\nPlatforms Affected: Linux\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: Bing host name buffer overflow\nX-Force URL: http://xforce.iss.net/static/6036.php\n\n_____\n\nDate Reported: 1/18/01\nVulnerability: micq-sprintf-remote-bo\nPlatforms Affected: Matt\u0027s ICQ Clone 0.4.6\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: ICQ clone for Linux sprintf() remote buffer overflow\nX-Force URL: http://xforce.iss.net/static/5962.php\n\n_____\n\nDate Reported: 1/18/01\nVulnerability: mysql-select-bo\nPlatforms Affected: MySQL prior to 3.23.31\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: MySQL select buffer overflow\nX-Force URL: http://xforce.iss.net/static/5969.php\n\n_____\n\nDate Reported: 1/18/01\nVulnerability: shoutcast-description-bo\nPlatforms Affected: SHOUTcast DNAS 1.7.1\nRisk Factor: Low\nAttack Type: Network/Host Based\nBrief Description: Shoutcast Server for Linux description buffer overflow\nX-Force URL: http://xforce.iss.net/static/5965.php\n\n_____\n\nDate Reported: 1/17/01\nVulnerability: fw1-limited-license-dos\nPlatforms Affected: Check Point Firewall-1 4.1\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: FireWall-1 limited-IP license denial of service\nX-Force URL: http://xforce.iss.net/static/5966.php\n\n_____\n\nDate Reported: 1/17/01\nVulnerability: fw1-limited-license-dos\nPlatforms Affected: Check Point Firewall-1 4.1\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: FireWall-1 limited-IP license denial of service\nX-Force URL: http://xforce.iss.net/static/5966.php\n\n_____\n\nDate Reported: 1/17/01\nVulnerability: hp-stm-dos\nPlatforms Affected: HPUX\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: HP-UX Support Tools Manager denial of service\nX-Force URL: http://xforce.iss.net/static/5957.php\n\n_____\n\nDate Reported: 1/17/01\nVulnerability: linux-webmin-tmpfiles\nPlatforms Affected: OpenLinux (2.3, 2.4)\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: Webmin use of tmpfiles could allow a local user to overwrite files\nX-Force URL: http://xforce.iss.net/static/6011.php\n\n_____\n\nDate Reported: 1/17/01\nVulnerability: tinyproxy-remote-bo\nPlatforms Affected: tinyproxy 1.3.2 and 1.3.3\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Tinyproxy remote buffer overflow\nX-Force URL: http://xforce.iss.net/static/5954.php\n\n_____\n\nDate Reported: 1/17/01\nVulnerability: postaci-sql-command-injection\nPlatforms Affected: PostACI\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Postaci SQL command injection\nX-Force URL: http://xforce.iss.net/static/5972.ph p\n\n_____\n\nDate Reported: 1/17/01\nVulnerability: wwwwais-cgi-dos\nPlatforms Affected: wwwwais.c 25\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: wwwwais CGI based program denial of service\nX-Force URL: http://xforce.iss.net/static/5980.php\n\n_____\n\nDate Reported: 1/17/01\nVulnerability: mime-header-attachment\nPlatforms Affected: MIME 1.0\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: MIME headers could allow spoofed file attachment\nX-Force URL: http://xforce.iss.net/static/5991.php\n\n_____\n\nDate Reported: 1/16/01\nVulnerability: ssh-rpc-private-key\nPlatforms Affected: SSH\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: SSH secure-RPC could generate a passphrase that exposes a user\u0027s private key\nX-Force URL: http://xforce.iss.net/static/5963.php\n\n_____\n\nDate Reported: 1/16/01\nVulnerability: linux-glibc-preload-overwrite\nPlatforms Affected: Linux\nRisk Factor: Low\nAttack Type: Host Based\nBrief Description: Linux glibc LD_PRELOAD file overwrite\nX-Force URL: http://xforce.iss.net/static/5971.php\n\n_____\n\nDate Reported: 1/16/01\nVulnerability: inn-tmpfile-symlink\nPlatforms Affected: InterNet News (INN)\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: INN tmpfile symbolic link\nX-Force URL: http://xforce.iss.net/static/5974.php\n\n_____\n\nDate Reported: 1/15/01\nVulnerability: interscan-viruswall-insecure-password\nPlatforms Affected: InterScan VirusWall (3.0.1, 3.6.x)\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: InterScan VirusWall for Unix password change insecure\nX-Force URL: http://xforce.iss.net/static/5944.php\n\n_____\n\nDate Reported: 1/15/01\nVulnerability: interscan-viruswall-weak-authentication\nPlatforms Affected: InterScan VirusWall (3.0.1, 3.6.x)\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: InterScan VirusWall for Unix uses weak authentication\nX-Force URL: http://xforce.iss.net/static/5946.php\n\n_____\n\nDate Reported: 1/15/01\nVulnerability: ie-mshtml-dos\nPlatforms Affected: Internet Explorer 4.0 and later\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Internet Explorer mshtml.dll denial of service\nX-Force URL: http://xforce.iss.net/static/5938.php\n\n_____\n\nDate Reported: 1/15/01\nVulnerability: dhcp-format-string\nPlatforms Affected: Caldera OpenLinux Desktop (2.3, 2.3.1, 2.4)\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Caldera DHCP format string\nX-Force URL: http://xforce.iss.net/static/5953.php\n\n_____\n\nDate Reported: 1/15/01\nVulnerability: win-mediaplayer-arbitrary-code\nPlatforms Affected: Windows Media Player 7.0\nRisk Factor: High\nAttack Type: Network/Host Based\nBrief Description: Windows Media Player skins can be used execute arbitrary code\nX-Force URL: http://xforce.iss.net/static/5937.php\n\n_____\n\nDate Reported: 1/15/01\nVulnerability: veritas-backupexec-dos\nPlatforms Affected: Backup Exec 4.5\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Veritas Backup Exec denial of service\nX-Force URL: http://xforce.iss.net/static/5941.php\n\n_____\n\nDate Reported: 1/15/01\nVulnerability: interscan-viruswall-symlink\nPlatforms Affected: InterScan VirusWall (3.0.1, 3.6.x)\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: InterScan VirusWall for Unix symbolic link\nX-Force URL: http://xforce.iss.net/static/5947.php\n\n_____\n\nDate Reported: 1/15/01\nVulnerability: omnihttpd-statsconfig-corrupt-files\nPlatforms Affected: OmniHTTPd\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: OmniHTTPd statsconfig.pl corrupt any file on the system\nX-Force URL: http://xforce.iss.net/static/5955.php\n\n_____\n\nDate Reported: 1/15/01\nVulnerability: omnihttpd-statsconfig-execute-code\nPlatforms Affected: OmniHTTPd\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: OmniHTTPD statsconfig.pl allows code execution\nX-Force URL: http://xforce.iss.net/static/5956.php\n\n_____\n\nDate Reported: 1/15/01\nVulnerability: icmp-pmtu-dos\nPlatforms Affected: Linux\n BSD\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: ICMP PMTU denial of service\nX-Force URL: http://xforce.iss.net/static/5975.php\n\n_____\n\nDate Reported: 1/15/01\nVulnerability: icmp-pmtu-dos\nPlatforms Affected: Linux\n BSD\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: ICMP PMTU denial of service\nX-Force URL: http://xforce.iss.net/static/5975.php\n\n_____\n\nDate Reported: 1/14/01\nVulnerability: splitvt-perserc-format-string\nPlatforms Affected: splitvt 1.6.4 and earlier\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: Splitvt perserc.c module format string\nX-Force URL: http://xforce.iss.net/static/5948.php\n\n_____\n\nDate Reported: 1/14/01\nVulnerability: splitvt-perserc-format-string\nPlatforms Affected: splitvt 1.6.4 and earlier\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: Splitvt perserc.c module format string\nX-Force URL: http://xforce.iss.net/static/5948.php\n\n_____\n\nDate Reported: 1/14/01\nVulnerability: flash-module-bo\nPlatforms Affected: Oliver Debon Flash plugin 0.4.9 and earlier\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Flash browser module buffer overflow\nX-Force URL: http://xforce.iss.net/static/5952.php\n\n_____\n\nDate Reported: 1/13/01\nVulnerability: rctab-elevate-privileges\nPlatforms Affected: Linux SuSE\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: rctab in SuSE Linux could allow privilege elevation\nX-Force URL: http://xforce.iss.net/static/5945.php\n\n_____\n\nDate Reported: 1/12/01\nVulnerability: ultraboard-cgi-perm\nPlatforms Affected: UltraBoard 2000B\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: UltraBoard CGI weak permissions\nX-Force URL: http://xforce.iss.net/static/5931.php\n\n_____\n\nDate Reported: 1/12/01\nVulnerability: compaq-web-management-bo\nPlatforms Affected: Compaq Web-Based Management\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Compaq Web-Based Management program buffer overflow\nX-Force URL: http://xforce.iss.net/static/5935.php\n\n_____\n\nDate Reported: 1/12/01\nVulnerability: php-htaccess-unauth-access\nPlatforms Affected: PHP (4.0.0, 4.0.4)\nRisk Factor: Low\nAttack Type: Network Based\nBrief Description: PHP could allow unauthorized access to restricted files\nX-Force URL: http://xforce.iss.net/static/5940.php\n\n_____\n\nDate Reported: 1/12/01\nVulnerability: basilix-webmail-retrieve-files\nPlatforms Affected: Basilix Webmail 0.9.7beta\nRisk Factor: Low\nAttack Type: Network Based\nBrief Description: Basilix Webmail System allows unauthorized users to retrieve files\nX-Force URL: http://xforce.iss.net/static/5934.php\n\n_____\n\nDate Reported: 1/12/01\nVulnerability: solaris-arp-bo\nPlatforms Affected: Solaris\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: Solaris arp buffer overflow\nX-Force URL: http://xforce.iss.net/static/5928.php\n\n_____\n\nDate Reported: 1/12/01\nVulnerability: php-view-source-code\nPlatforms Affected: PHP (4.0.0, 4.0.4)\nRisk Factor: Low\nAttack Type: Network Based\nBrief Description: PHP could allow remote viewing of source code\nX-Force URL: http://xforce.iss.net/static/5939.php\n\n_____\n\nDate Reported: 1/11/01\nVulnerability: wec-ntlm-authentication\nPlatforms Affected: Windows 2000\n Microsoft Office 2000\n Windows ME\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Web Extender Client (WEC) NTLM authentication\nX-Force URL: http://xforce.iss.net/static/5920.php\n\n_____\n\nDate Reported: 1/11/01\nVulnerability: spamcop-url-seq-predict\nPlatforms Affected: SpamCop\nRisk Factor: Low\nAttack Type: Network/Host Based\nBrief Description: SpamCop URL number increment sequence prediction\nX-Force URL: http://xforce.iss.net/static/5933.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: linux-wuftpd-privatepw-symlink\nPlatforms Affected: Linux\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Linux wu-ftpd privatepw symbolic link\nX-Force URL: http://xforce.iss.net/static/5915.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: rdist-symlink\nPlatforms Affected: rdist\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: rdist symbolic link\nX-Force URL: http://xforce.iss.net/static/5925.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: squid-email-symlink\nPlatforms Affected: squid\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: squid email notification symbolic link\nX-Force URL: http://xforce.iss.net/static/5921.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: linux-diffutils-sdiff-symlimk\nPlatforms Affected: Linux\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Linux diffutils sdiff symbolic link\nX-Force URL: http://xforce.iss.net/static/5914.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: tcpdump-arpwatch-symlink\nPlatforms Affected: arpwatch\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: tcpdump arpwatch symbolic link\nX-Force URL: http://xforce.iss.net/static/5922.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: linuxconf-vpop3d-symlink\nPlatforms Affected: linuxconf\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Linuxconf vpop3d symbolic link\nX-Force URL: http://xforce.iss.net/static/5923.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: shadow-utils-useradd-symlink\nPlatforms Affected: shadow-utils\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: shadow-utils useradd symbolic link\nX-Force URL: http://xforce.iss.net/static/5927.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: linux-glibc-read-files\nPlatforms Affected: Linux glibc\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Linux glibc library can allow users to read restricted files\nX-Force URL: http://xforce.iss.net/static/5907.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: gettyps-symlink\nPlatforms Affected: gettyps\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: getty_ps symbolic link\nX-Force URL: http://xforce.iss.net/static/5924.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: linux-gpm-symlink\nPlatforms Affected: gpm\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Linux gpm symbolic link attack\nX-Force URL: http://xforce.iss.net/static/5917.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: linux-mgetty-symlink\nPlatforms Affected: mgetty\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Linux mgetty symbolic link attack\nX-Force URL: http://xforce.iss.net/static/5918.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: linux-apache-symlink\nPlatforms Affected: Apache\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Linux Apache symbolic link\nX-Force URL: http://xforce.iss.net/static/5926.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: linux-inn-symlink\nPlatforms Affected: inn\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Linux INN tmp directory symbolic link\nX-Force URL: http://xforce.iss.net/static/5916.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: conferenceroom-developer-dos\nPlatforms Affected: ConferenceRoom Professional Edition\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: ConferenceRoom Developer Edition denial of service\nX-Force URL: http://xforce.iss.net/static/5909.php\n\n_____\n\nDate Reported: 1/9/01\nVulnerability: oracle-xsql-execute-code\nPlatforms Affected: Oracle 8.1.7\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Oracle XSQL servlet and xml-stylesheet allows code execution on server\nX-Force URL: http://xforce.iss.net/static/5905.php\n\n_____\n\nDate Reported: 1/9/01\nVulnerability: netscreen-webui-bo\nPlatforms Affected: NetScreen\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: NetScreen Firewall WebUI buffer overflow\nX-Force URL: http://xforce.iss.net/static/5908.php\n\n_____\n\nDate Reported: 1/9/01\nVulnerability: suse-reiserfs-long-filenames\nPlatforms Affected: SuSE 7.0\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: SuSE reiserfs long file name denial of service\nX-Force URL: http://xforce.iss.net/static/5910.php\n\n_____\n\nDate Reported: 1/9/01\nVulnerability: interbase-backdoor-account\nPlatforms Affected: InterBase 6.01 and earlier\nRisk Factor: High\nAttack Type: Network/Host Based\nBrief Description: InterBase built-in backdoor account\nX-Force URL: http://xforce.iss.net/static/5911.php\n\n_____\n\nDate Reported: 1/9/01\nVulnerability: interbase-hidden-function-dos\nPlatforms Affected: InterBase 6.01\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: InterBase hidden function denial of service\nX-Force URL: http://xforce.iss.net/static/5912.php\n\n_____\n\nDate Reported: 1/9/01\nVulnerability: brickserver-thttpd-dos\nPlatforms Affected: BRICKServer Small Business\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: BRICKServer thttpd denial of service\nX-Force URL: http://xforce.iss.net/static/5919.php\n\n_____\n\nDate Reported: 1/9/01\nVulnerability: solaris-exrecover-bo\nPlatforms Affected: Solaris (2.4, 2.5, 2.5.1, 2.6)\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Solaris exrecover buffer overflow\nX-Force URL: http://xforce.iss.net/static/5913.php\n\n_____\n\nDate Reported: 1/9/01\nVulnerability: hp-inetd-swait-dos\nPlatforms Affected: HPUX\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: HP-UX inetd swait denial of service\nX-Force URL: http://xforce.iss.net/static/5904.php\n\n_____\n\nDate Reported: 1/8/01\nVulnerability: microsoft-iis-read-files\nPlatforms Affected: IIS (4.0, 5.0)\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Microsoft IIS 5.0 allows the viewing of files through malformed URL\nX-Force URL: http://xforce.iss.net/static/5903.php\n\n_____\n\nDate Reported: 1/8/01\nVulnerability: ibm-websphere-dos\nPlatforms Affected: IBM Websphere 3.52\n IBM HTTP Server 1.3.12\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: IBM WebSphere denial of service\nX-Force URL: http://xforce.iss.net/static/5900.php\n\n_____\n\nDate Reported: 1/8/01\nVulnerability: storagesoft-imagecast-dos\nPlatforms Affected: ImageCast 4.1\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: StorageSoft ImageCast denial of service\nX-Force URL: http://xforce.iss.net/static/5901.php\n\n_____\n\nDate Reported: 1/8/01\nVulnerability: nai-pgp-replace-keys\nPlatforms Affected: PGP 7.0\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: PGP users may replace signed exported key blocks with arbitrary keys\nX-Force URL: http://xforce.iss.net/static/5902.php\n\n_____\n\nDate Reported: 1/7/01\nVulnerability: http-cgi-bbs-forum\nPlatforms Affected: WebBBS 1.0\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: bbs_forum.cgi allows remote command execution\nX-Force URL: http://xforce.iss.net/static/5906.php\n\n_____\n\nDate Reported: 1/5/01\nVulnerability: lotus-domino-directory-traversal\nPlatforms Affected: Lotus Domino 5.0.x\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Lotus Domino 5.0.x .nsf, .box, and .ns4 directory traversal\nX-Force URL: http://xforce.iss.net/static/5899.php\n\n_____\n\nDate Reported: 1/5/01\nVulnerability: http-cgi-fastgraf\nPlatforms Affected: FASTGRAF\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Fastgraf CGI scripts allow remote command execution\nX-Force URL: http://xforce.iss.net/static/5897.php\n\n_____\n\nDate Reported: 1/4/01\nVulnerability: newsdesk-cgi-read-files\nPlatforms Affected: Newsdesk 1.2\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Newsdesk.cgi allows read access to files\nX-Force URL: http://xforce.iss.net/static/5898.php\n\n_____\n\nDate Reported: 1/1/01\nVulnerability: gtk-module-execute-code\nPlatforms Affected: GTK+ 1.2.8 and earlier\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: GTK+ arbitrary code execution using custom loadable module\nX-Force URL: http://xforce.iss.net/static/5832.php\n\n_____\n\nDate Reported: 1/1/01\nVulnerability: linux-tty-writable-dos\nPlatforms Affected: Linux\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Linux writable TTY denial of service\nX-Force URL: http://xforce.iss.net/static/5896.php\n\n_____\n\n\nRisk Factor Key:\n\n High Any vulnerability that provides an attacker with immediate\n access into a machine, gains superuser access, or bypasses\n a firewall. Example: A vulnerable Sendmail 8.6.5 version\n that allows an intruder to execute commands on mail\n server. \n Medium Any vulnerability that provides information that has a\n high potential of giving system access to an intruder. \n Example: A misconfigured TFTP or vulnerable NIS server\n that allows an intruder to get the password file that\n could contain an account with a guessable password. \n Low Any vulnerability that provides information that\n potentially could lead to a compromise. Example: A\n finger that allows an intruder to find out who is online\n and potential accounts to attempt to crack passwords\n via brute force methods. \n\n\n_____\n\nAdditional Information\n\nThis document is available at http://xforce.iss.net/alerts/advisennn.php. \nTo receive these Alerts and Advisories:\n- - Subscribe to the Alert mailing list from\nhttp://xforce.iss.net/maillists/index.php\n- - Or send an email to majordomo@iss.net, and within the body of the\nmessage type:\n\u0027subscribe alert\u0027 (without the quotes). \n\n\nAbout Internet Security Systems (ISS)\nInternet Security Systems, Inc. (ISS) (NASDAQ: ISSX) is the leading\nglobal provider of security management solutions for the Internet. \nBy combining best of breed products, security management services,\naggressive research and development, and comprehensive educational\nand consulting services, ISS is the trusted security advisor for\nthousands of organizations around the world looking to protect their\nmission critical information and networks. \n\nCopyright (c) 2001 by Internet Security Systems, Inc. \n\nPermission is hereby granted for the redistribution of this Alert\nelectronically. It is not to be edited in any way without express consent\nof the X-Force. If you wish to reprint the whole or any part of this\nAlert in any other medium excluding electronic medium, please e-mail\nxforce@iss.net for permission. \n\nDisclaimer\n\nThe information within this paper may change without notice. Use of this\ninformation constitutes acceptance for use in an AS IS condition. There\nare NO warranties with regard to this information. In no event shall the\nauthor be liable for any damages whatsoever arising out of or in\nconnection with the use or spread of this information. Any use of this\ninformation is at the user\u0027s own risk. \n\n\n\n\nX-Force PGP Key available at: http://xforce.iss.net/sensitive.php as\nwell as on MIT\u0027s PGP key server and PGP.com\u0027s key server. \n\nPlease send suggestions, updates, and comments to: X-Force xforce@iss.net\nof Internet Security Systems, Inc. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: 2.6.3a\nCharset: noconv\n\niQCVAwUBOogB2jRfJiV99eG9AQESogP9HsIDfUmYkJuWUmNqPhb22a6CVpi/TiG9\n7mvhdGc3ySS6LqrvTZgXrBzAcxFlHrdTSmNka8yGiLvYAb0lnghFRZ2OxxRfK11m\nAV9VS9/Yty/Qk8BnA/7tx4DIcM4Nhry1kTqTbDkpbcfXOb2LI2WUGnMHF/xkc1ge\n3mV5zJXCUM4=\n=ClrQ\n-----END PGP SIGNATURE-----\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2004-1790"
},
{
"db": "CERT/CC",
"id": "VU#850440"
},
{
"db": "CERT/CC",
"id": "VU#987632"
},
{
"db": "CERT/CC",
"id": "VU#342768"
},
{
"db": "BID",
"id": "9374"
},
{
"db": "BID",
"id": "2194"
},
{
"db": "BID",
"id": "2222"
},
{
"db": "VULHUB",
"id": "VHN-10220"
},
{
"db": "PACKETSTORM",
"id": "24294"
}
],
"trust": 4.05
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-10220",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-10220"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "9374",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2004-1790",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "3435",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "10576",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1008643",
"trust": 1.7
},
{
"db": "BID",
"id": "2222",
"trust": 1.1
},
{
"db": "BID",
"id": "2194",
"trust": 1.1
},
{
"db": "XF",
"id": "5963",
"trust": 0.9
},
{
"db": "XF",
"id": "6010",
"trust": 0.9
},
{
"db": "XF",
"id": "5924",
"trust": 0.9
},
{
"db": "CERT/CC",
"id": "VU#850440",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#987632",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#342768",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200412-714",
"trust": 0.7
},
{
"db": "XF",
"id": "6004",
"trust": 0.7
},
{
"db": "XF",
"id": "14165",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20040106 EDIMAX AR-6004 FULL RATE ADSL ROUTER CROSS SITE SCRIPTING VULNERABILLITY",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "23528",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-77288",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-10220",
"trust": 0.1
},
{
"db": "XF",
"id": "5947",
"trust": 0.1
},
{
"db": "XF",
"id": "5988",
"trust": 0.1
},
{
"db": "XF",
"id": "5910",
"trust": 0.1
},
{
"db": "XF",
"id": "5908",
"trust": 0.1
},
{
"db": "XF",
"id": "6002",
"trust": 0.1
},
{
"db": "XF",
"id": "5931",
"trust": 0.1
},
{
"db": "XF",
"id": "5900",
"trust": 0.1
},
{
"db": "XF",
"id": "5982",
"trust": 0.1
},
{
"db": "XF",
"id": "6035",
"trust": 0.1
},
{
"db": "XF",
"id": "6030",
"trust": 0.1
},
{
"db": "XF",
"id": "5937",
"trust": 0.1
},
{
"db": "XF",
"id": "5969",
"trust": 0.1
},
{
"db": "XF",
"id": "6016",
"trust": 0.1
},
{
"db": "XF",
"id": "5974",
"trust": 0.1
},
{
"db": "XF",
"id": "5912",
"trust": 0.1
},
{
"db": "XF",
"id": "5832",
"trust": 0.1
},
{
"db": "XF",
"id": "5911",
"trust": 0.1
},
{
"db": "XF",
"id": "5926",
"trust": 0.1
},
{
"db": "XF",
"id": "5920",
"trust": 0.1
},
{
"db": "XF",
"id": "6028",
"trust": 0.1
},
{
"db": "XF",
"id": "6039",
"trust": 0.1
},
{
"db": "XF",
"id": "5956",
"trust": 0.1
},
{
"db": "XF",
"id": "6011",
"trust": 0.1
},
{
"db": "XF",
"id": "5992",
"trust": 0.1
},
{
"db": "XF",
"id": "5935",
"trust": 0.1
},
{
"db": "XF",
"id": "6017",
"trust": 0.1
},
{
"db": "XF",
"id": "5922",
"trust": 0.1
},
{
"db": "XF",
"id": "5984",
"trust": 0.1
},
{
"db": "XF",
"id": "5977",
"trust": 0.1
},
{
"db": "XF",
"id": "5957",
"trust": 0.1
},
{
"db": "XF",
"id": "5993",
"trust": 0.1
},
{
"db": "XF",
"id": "6006",
"trust": 0.1
},
{
"db": "XF",
"id": "5913",
"trust": 0.1
},
{
"db": "XF",
"id": "5907",
"trust": 0.1
},
{
"db": "XF",
"id": "5897",
"trust": 0.1
},
{
"db": "XF",
"id": "6034",
"trust": 0.1
},
{
"db": "XF",
"id": "5945",
"trust": 0.1
},
{
"db": "XF",
"id": "5905",
"trust": 0.1
},
{
"db": "XF",
"id": "5940",
"trust": 0.1
},
{
"db": "XF",
"id": "5954",
"trust": 0.1
},
{
"db": "XF",
"id": "5976",
"trust": 0.1
},
{
"db": "XF",
"id": "5903",
"trust": 0.1
},
{
"db": "XF",
"id": "6003",
"trust": 0.1
},
{
"db": "XF",
"id": "6018",
"trust": 0.1
},
{
"db": "XF",
"id": "5972",
"trust": 0.1
},
{
"db": "XF",
"id": "5909",
"trust": 0.1
},
{
"db": "XF",
"id": "5916",
"trust": 0.1
},
{
"db": "XF",
"id": "6033",
"trust": 0.1
},
{
"db": "XF",
"id": "5986",
"trust": 0.1
},
{
"db": "XF",
"id": "5915",
"trust": 0.1
},
{
"db": "XF",
"id": "6019",
"trust": 0.1
},
{
"db": "XF",
"id": "5925",
"trust": 0.1
},
{
"db": "XF",
"id": "5923",
"trust": 0.1
},
{
"db": "XF",
"id": "6005",
"trust": 0.1
},
{
"db": "XF",
"id": "5978",
"trust": 0.1
},
{
"db": "XF",
"id": "5973",
"trust": 0.1
},
{
"db": "XF",
"id": "5979",
"trust": 0.1
},
{
"db": "XF",
"id": "5980",
"trust": 0.1
},
{
"db": "XF",
"id": "5941",
"trust": 0.1
},
{
"db": "XF",
"id": "5934",
"trust": 0.1
},
{
"db": "XF",
"id": "5991",
"trust": 0.1
},
{
"db": "XF",
"id": "5962",
"trust": 0.1
},
{
"db": "XF",
"id": "6014",
"trust": 0.1
},
{
"db": "XF",
"id": "5966",
"trust": 0.1
},
{
"db": "XF",
"id": "6015",
"trust": 0.1
},
{
"db": "XF",
"id": "5994",
"trust": 0.1
},
{
"db": "XF",
"id": "6036",
"trust": 0.1
},
{
"db": "XF",
"id": "5953",
"trust": 0.1
},
{
"db": "XF",
"id": "5944",
"trust": 0.1
},
{
"db": "XF",
"id": "5896",
"trust": 0.1
},
{
"db": "XF",
"id": "6040",
"trust": 0.1
},
{
"db": "XF",
"id": "5914",
"trust": 0.1
},
{
"db": "XF",
"id": "5927",
"trust": 0.1
},
{
"db": "XF",
"id": "6012",
"trust": 0.1
},
{
"db": "XF",
"id": "6025",
"trust": 0.1
},
{
"db": "XF",
"id": "6001",
"trust": 0.1
},
{
"db": "XF",
"id": "5965",
"trust": 0.1
},
{
"db": "XF",
"id": "5952",
"trust": 0.1
},
{
"db": "XF",
"id": "5917",
"trust": 0.1
},
{
"db": "XF",
"id": "5898",
"trust": 0.1
},
{
"db": "XF",
"id": "6009",
"trust": 0.1
},
{
"db": "XF",
"id": "5998",
"trust": 0.1
},
{
"db": "XF",
"id": "5985",
"trust": 0.1
},
{
"db": "XF",
"id": "6026",
"trust": 0.1
},
{
"db": "XF",
"id": "6013",
"trust": 0.1
},
{
"db": "XF",
"id": "6008",
"trust": 0.1
},
{
"db": "XF",
"id": "5921",
"trust": 0.1
},
{
"db": "XF",
"id": "5981",
"trust": 0.1
},
{
"db": "XF",
"id": "5989",
"trust": 0.1
},
{
"db": "XF",
"id": "5939",
"trust": 0.1
},
{
"db": "XF",
"id": "5906",
"trust": 0.1
},
{
"db": "XF",
"id": "6031",
"trust": 0.1
},
{
"db": "XF",
"id": "6020",
"trust": 0.1
},
{
"db": "XF",
"id": "5948",
"trust": 0.1
},
{
"db": "XF",
"id": "5933",
"trust": 0.1
},
{
"db": "XF",
"id": "6027",
"trust": 0.1
},
{
"db": "XF",
"id": "5919",
"trust": 0.1
},
{
"db": "XF",
"id": "5899",
"trust": 0.1
},
{
"db": "XF",
"id": "5996",
"trust": 0.1
},
{
"db": "XF",
"id": "5987",
"trust": 0.1
},
{
"db": "XF",
"id": "5918",
"trust": 0.1
},
{
"db": "XF",
"id": "5971",
"trust": 0.1
},
{
"db": "XF",
"id": "5995",
"trust": 0.1
},
{
"db": "XF",
"id": "5928",
"trust": 0.1
},
{
"db": "XF",
"id": "5938",
"trust": 0.1
},
{
"db": "XF",
"id": "5983",
"trust": 0.1
},
{
"db": "XF",
"id": "6032",
"trust": 0.1
},
{
"db": "XF",
"id": "5997",
"trust": 0.1
},
{
"db": "XF",
"id": "5904",
"trust": 0.1
},
{
"db": "XF",
"id": "5902",
"trust": 0.1
},
{
"db": "XF",
"id": "5975",
"trust": 0.1
},
{
"db": "XF",
"id": "5901",
"trust": 0.1
},
{
"db": "XF",
"id": "5990",
"trust": 0.1
},
{
"db": "XF",
"id": "5946",
"trust": 0.1
},
{
"db": "XF",
"id": "5955",
"trust": 0.1
},
{
"db": "XF",
"id": "6038",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "24294",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#850440"
},
{
"db": "CERT/CC",
"id": "VU#987632"
},
{
"db": "CERT/CC",
"id": "VU#342768"
},
{
"db": "VULHUB",
"id": "VHN-10220"
},
{
"db": "BID",
"id": "9374"
},
{
"db": "BID",
"id": "2194"
},
{
"db": "BID",
"id": "2222"
},
{
"db": "PACKETSTORM",
"id": "24294"
},
{
"db": "NVD",
"id": "CVE-2004-1790"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-714"
}
]
},
"id": "VAR-200412-1185",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-10220"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:31:54.818000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-1790"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/9374"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/349089"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/3435"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1008643"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/10576"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14165"
},
{
"trust": 0.9,
"url": "http://xforce.iss.net/static/5963.php"
},
{
"trust": 0.9,
"url": " http://xforce.iss.net/static/6010.php"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/2222"
},
{
"trust": 0.8,
"url": "http://www.ssh.com/products/ssh/patches/securerpcvulnerability.html"
},
{
"trust": 0.8,
"url": "http://www.ssh.com/products/ssh/patches.html"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/archive/1/158966"
},
{
"trust": 0.8,
"url": "http://sourceforge.net/forum/forum.php?forum_id=60570"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/2194"
},
{
"trust": 0.8,
"url": "http://www.linuxsecurity.com/advisories/mandrake_advisory-1037.html"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/xforce/xfdb/5924"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/14165"
},
{
"trust": 0.3,
"url": "http://www.edimax.com.tw/"
},
{
"trust": 0.3,
"url": "/archive/1/349089"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5992.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5926.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5940.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6033.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5916.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6038.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5997.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6026.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5928.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5977.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6013.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5991.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5938.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5969.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5957.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5909.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5948.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6005.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5954.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5933.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5955.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6035.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5990.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5907.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5994.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5983.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5911.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6006.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5908.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5922.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5903.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6027.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5965.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5899.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5980.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5934.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5919.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5931.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5962.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5976.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6003.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5998.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6040.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5920.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5966.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5946.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5915.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5986.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5923.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5993.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6001.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6036.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5902.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5971.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5937.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5985.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5945.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6028.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5988.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6009.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6025.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5897.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5952.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5953.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6039.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5978.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5901.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5906.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5974.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6008.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5935.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5944.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5918.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6034.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5925.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6014.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5912.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5924.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5989.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6019.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5921.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5904.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5972.ph"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5900.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5898.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5973.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5832.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5975.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5913.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5905.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6015.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6016.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/maillists/index.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5996.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5981.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6012.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/alerts/advisennn.php."
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5995.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5947.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5896.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5910.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5917.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6017.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6032.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5979.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6004.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/sensitive.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5984.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5939.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5914.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5956.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5941.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6011.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6031.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6018.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6002.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5927.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6020.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5982.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5987.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6030.php"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#850440"
},
{
"db": "CERT/CC",
"id": "VU#987632"
},
{
"db": "CERT/CC",
"id": "VU#342768"
},
{
"db": "VULHUB",
"id": "VHN-10220"
},
{
"db": "BID",
"id": "9374"
},
{
"db": "PACKETSTORM",
"id": "24294"
},
{
"db": "NVD",
"id": "CVE-2004-1790"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-714"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#850440"
},
{
"db": "CERT/CC",
"id": "VU#987632"
},
{
"db": "CERT/CC",
"id": "VU#342768"
},
{
"db": "VULHUB",
"id": "VHN-10220"
},
{
"db": "BID",
"id": "9374"
},
{
"db": "BID",
"id": "2194"
},
{
"db": "BID",
"id": "2222"
},
{
"db": "PACKETSTORM",
"id": "24294"
},
{
"db": "NVD",
"id": "CVE-2004-1790"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-714"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-06-13T00:00:00",
"db": "CERT/CC",
"id": "VU#850440"
},
{
"date": "2001-05-05T00:00:00",
"db": "CERT/CC",
"id": "VU#987632"
},
{
"date": "2001-10-01T00:00:00",
"db": "CERT/CC",
"id": "VU#342768"
},
{
"date": "2004-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-10220"
},
{
"date": "2004-01-06T00:00:00",
"db": "BID",
"id": "9374"
},
{
"date": "2001-01-10T00:00:00",
"db": "BID",
"id": "2194"
},
{
"date": "2001-01-16T00:00:00",
"db": "BID",
"id": "2222"
},
{
"date": "2001-02-14T07:13:47",
"db": "PACKETSTORM",
"id": "24294"
},
{
"date": "2004-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2004-1790"
},
{
"date": "2004-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200412-714"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-10-25T00:00:00",
"db": "CERT/CC",
"id": "VU#850440"
},
{
"date": "2001-06-25T00:00:00",
"db": "CERT/CC",
"id": "VU#987632"
},
{
"date": "2004-07-28T00:00:00",
"db": "CERT/CC",
"id": "VU#342768"
},
{
"date": "2017-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-10220"
},
{
"date": "2004-01-06T00:00:00",
"db": "BID",
"id": "9374"
},
{
"date": "2001-01-10T00:00:00",
"db": "BID",
"id": "2194"
},
{
"date": "2001-01-16T00:00:00",
"db": "BID",
"id": "2222"
},
{
"date": "2017-07-11T01:31:21.137000",
"db": "NVD",
"id": "CVE-2004-1790"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200412-714"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "24294"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-714"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Edimax AR-6004 ADSL Router Management Interface Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "BID",
"id": "9374"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-714"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-714"
}
],
"trust": 0.6
}
}
VAR-200106-0104
Vulnerability from variot - Updated: 2023-12-18 11:20Borderware Firewall Server 6.1.2 allows remote attackers to cause a denial of service via a ping to the broadcast address of the public network on which the server is placed, which causes the server to continuously send pings (echo requests) to the network. The secure-RPC feature of the SSH1 client in Solaris sometimes encrypts the SSH private key file with a weak passphrase, which can be determined by an attacker and used to recover the SSH private keys. Other versions of the SSH client running on non-Solaris platforms are not affected by this vulnerability. NewsDaemon prior to version 0.21b contains a vulnerability allowing remote attackers to gain administrative access to the web site. getty_ps is an open-source software package designed to support logons to the console and terminals. Some implementations create temporary files insecurely with predictable names, leading to corruption of arbitrary files via symbolic link attack. getty_ps is an open source, freely available, publicly maintained software package shipped with many distributions of Linux. A problem in the getty_ps software package could make it vulnerable to a symbolic link attack. The problem occurs in the creation and handling of files in the /tmp directory by the getty_ps program. Under certain circumstances, getty_ps will create files in the /tmp filesystem in an insecure manner. The program uses a naming scheme that could make it possible to guess the filename of future files in the /tmp directory, and does not check for the existance of the file before attempting to create it. A malicious user could use this vulnerability to overwrite or append to and corrupt system files. SSH is a package designed to encrypt traffic between two end points using the IETF specified SSH protocol. The SSH1 package is distributed and maintained by SSH Communications Security. A problem exists which could allow the discovery of the secret key used to encrypt traffic on the local host. When using SUN-DES-1 to share keys with other hosts on the network to facilitate secure communication via protocols such as NFS and NIS+, the keys are shared between hosts using the private key of the user and a cryptographic algorithm to secure the contents of the key, which is stored on the NIS+ primary. The problem occurs when the key is encrypted with the SUN-DES-1 magic phrase prior to having done a keylogin (the keyserv does not have the users DH private key). A design flaw in the software that shares the key with the NIS+ master will inconsistently return the correct value for an attempted keyshare that has failed. A step in the private key encryption process is skipped, and the users private key is then encrypted only with the public key of the target server and the SUN-DES-1 magic phrase, a phrase that is guessable due to the way it is generated. A user from the same host can then execute a function that returns another users magic phrase, and use this to decrypt the private key of the victim. This makes it possible for a user with malicious intent to gain knowledge of a users secret key, and decrypt sensitive traffic between two hosts, with the possibility of gaining access and elevated privileges on the hosts and/or NIS+ domain. This reportedly affects the SSH2 series of the software package. Firewall Server is prone to a denial-of-service vulnerability. TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to majordomo@iss.net Contact alert-owner@iss.net for help with any problems!
-----BEGIN PGP SIGNED MESSAGE-----
Internet Security Systems Security Alert Summary February 6, 2001 Volume 6 Number 3
X-Force Vulnerability and Threat Database: http://xforce.iss.net/ To receive these Alert Summaries as well as other Alerts and Advisories, subscribe to the Internet Security Systems Alert mailing list at: http://xforce.iss.net/maillists/index.php
Contents
120 Reported Vulnerabilities
Risk Factor Key
Date Reported: 1/31/01 Vulnerability: win2k-rdp-dos Platforms Affected: Windows 2000 Risk Factor: Medium Attack Type: Network Based Brief Description: Windows 2000 Server RDP denial of service X-Force URL: http://xforce.iss.net/static/6035.php
Date Reported: 1/31/01 Vulnerability: cisco-ccs-file-access Platforms Affected: Cisco Content Services Switch Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Cisco CCS command line interface could allow read access to files and directories X-Force URL: http://xforce.iss.net/static/6031.php
Date Reported: 1/31/01 Vulnerability: quicktime-embedded-tag-bo Platforms Affected: Quicktime 4.1.2 Risk Factor: High Attack Type: Host Based Brief Description: QuickTime Player EMBED tag buffer overflow X-Force URL: http://xforce.iss.net/static/6040.php
Date Reported: 1/31/01 Vulnerability: solaris-ximp40-bo Platforms Affected: Solaris (7, 8) Risk Factor: High Attack Type: Host Based Brief Description: Solaris "ximp40" shared library buffer overflow X-Force URL: http://xforce.iss.net/static/6039.php
Date Reported: 1/31/01 Vulnerability: cisco-ccs-cli-dos Platforms Affected: Cisco Content Services Switch Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Cisco CCS command line interface denial of service X-Force URL: http://xforce.iss.net/static/6030.php
Date Reported: 1/30/01 Vulnerability: slimserve-httpd-dos Platforms Affected: SlimServe 1.0 Risk Factor: Medium Attack Type: Network Based Brief Description: SlimServe HTTPd denial of service X-Force URL: http://xforce.iss.net/static/6028.php
Date Reported: 1/30/01 Vulnerability: crazywwwboard-qdecoder-bo Platforms Affected: CrazyWWWBoard prior to 2000LEp5-1 Risk Factor: Medium Attack Type: Network Based Brief Description: CrazyWWWBoard qDecoder buffer overflow X-Force URL: http://xforce.iss.net/static/6033.php
Date Reported: 1/30/01 Vulnerability: virusbuster-mua-bo Platforms Affected: Risk Factor: Medium Attack Type: Network Based Brief Description: Virus Buster 2001 Mail User Agent (MUA) buffer overflow X-Force URL: http://xforce.iss.net/static/6034.php
Date Reported: 1/29/01 Vulnerability: iis-isapi-obtain-code Platforms Affected: IIS (4.0, 5.0) Risk Factor: Low Attack Type: Network/Host Based Brief Description: IIS allows remote attacker to obtain code fragments using .htr ISAPI extensions X-Force URL: http://xforce.iss.net/static/6032.php
Date Reported: 1/29/01 Vulnerability: bind-inverse-query-disclosure Platforms Affected: Bind (4.x, 8.2.x) Risk Factor: Medium Attack Type: Network Based Brief Description: BIND 4.x and 8.2.x exposes environment variables X-Force URL: http://xforce.iss.net/static/6018.php
Date Reported: 1/29/01 Vulnerability: hp-man-dos Platforms Affected: HPUX Risk Factor: Medium Attack Type: Host Based Brief Description: HP man command denial of service X-Force URL: http://xforce.iss.net/static/6014.php
Date Reported: 1/29/01 Vulnerability: sort-temp-file-abort Platforms Affected: FreeBSD Risk Factor: Medium Attack Type: Host Based Brief Description: Sort temporary files denial of service X-Force URL: http://xforce.iss.net/static/6038.php
Date Reported: 1/29/01 Vulnerability: bind-complain-format-string Platforms Affected: BIND 4.x Risk Factor: Medium Attack Type: Network Based Brief Description: BIND 4.x nslookupComplain() format string X-Force URL: http://xforce.iss.net/static/6017.php
Date Reported: 1/29/01 Vulnerability: bind-complain-bo Platforms Affected: BIND 4.x Risk Factor: Medium Attack Type: Network Based Brief Description: BIND 4.x nslookupComplain() buffer overflow X-Force URL: http://xforce.iss.net/static/6016.php
Date Reported: 1/29/01 Vulnerability: winvnc-client-bo Platforms Affected: WinVNC Risk Factor: High Attack Type: Network Based Brief Description: WinVNC client buffer overflow X-Force URL: http://xforce.iss.net/static/6025.php
Date Reported: 1/29/01 Vulnerability: winvnc-server-bo Platforms Affected: WinVNC Risk Factor: High Attack Type: Network Based Brief Description: WinVNC server buffer overflow X-Force URL: http://xforce.iss.net/static/6026.php
Date Reported: 1/29/01 Vulnerability: guestserver-cgi-execute-commands Platforms Affected: Guestserver 4.12 and earlier Risk Factor: High Attack Type: Network Based Brief Description: Guestserver.cgi allows remote command execution X-Force URL: http://xforce.iss.net/static/6027.php
Date Reported: 1/29/01 Vulnerability: bind-tsig-bo Platforms Affected: BIND 8.2.x Risk Factor: Unauthorized Access Attempt Attack Type: Network/Host Based Brief Description: BIND 8.2.x transaction signature (TSIG) buffer overflow X-Force URL: http://xforce.iss.net/static/6015.php
Date Reported: 1/28/01 Vulnerability: hyperseek-cgi-reveal-info Platforms Affected: Hyperseek Search Engine 2000 Risk Factor: Medium Attack Type: Network Based Brief Description: Hyperseek CGI could reveal listings of directories and files X-Force URL: http://xforce.iss.net/static/6012.php
Date Reported: 1/26/01 Vulnerability: newsdaemon-gain-admin-access Platforms Affected: NewsDaemon prior to 0.21b Risk Factor: High Attack Type: Network Based Brief Description: NewsDaemon allows remote users to gain administrative access X-Force URL: http://xforce.iss.net/static/6010.php
Date Reported: 1/26/01 Vulnerability: mars-nwe-format-string Platforms Affected: Mars_nwe 0.99.pl19 Risk Factor: High Attack Type: Network Based Brief Description: Mars_nwe format string X-Force URL: http://xforce.iss.net/static/6019.php
Date Reported: 1/26/01 Vulnerability: mars-nwe-format-string Platforms Affected: Mars_nwe 0.99.pl19 Risk Factor: High Attack Type: Network Based Brief Description: Mars_nwe format string X-Force URL: http://xforce.iss.net/static/6019.php
Date Reported: 1/25/01 Vulnerability: planetintra-pi-bo Platforms Affected: Planet Intra LAN Intranet 2.5 Risk Factor: High Attack Type: Network Based Brief Description: Planet Intra 'pi' binary buffer oveflow X-Force URL: http://xforce.iss.net/static/6002.php
Date Reported: 1/25/01 Vulnerability: borderware-ping-dos Platforms Affected: BorderWare Firewall Server 6.1.2 Risk Factor: High Attack Type: Network Based Brief Description: BorderWare ping denial of service X-Force URL: http://xforce.iss.net/static/6004.php
Date Reported: 1/25/01 Vulnerability: aol-malformed-url-dos Platforms Affected: AOL 5.0 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: AOL malformed URL denial of service X-Force URL: http://xforce.iss.net/static/6009.php
Date Reported: 1/25/01 Vulnerability: mirc-bypass-password Platforms Affected: mIRC Risk Factor: High Attack Type: Host Based Brief Description: mIRC allows malicious user to bypass password X-Force URL: http://xforce.iss.net/static/6013.php
Date Reported: 1/25/01 Vulnerability: netscape-enterprise-revlog-dos Platforms Affected: Netscape Enterprise Server Risk Factor: Medium Attack Type: Network Based Brief Description: Netscape Enterprise Server REVLOG denial of service X-Force URL: http://xforce.iss.net/static/6003.php
Date Reported: 1/24/01 Vulnerability: aim-execute-code Platforms Affected: AOL Instant Messenger 4.1 and later Risk Factor: High Attack Type: Host Based Brief Description: AOL Instant Messenger execution of code in modified images X-Force URL: http://xforce.iss.net/static/6005.php
Date Reported: 1/24/01 Vulnerability: netscape-enterprise-list-directories Platforms Affected: Netscape Enterprise Server (3.0, 4.0) Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Netscape Enterprise Server allows remote directory listing X-Force URL: http://xforce.iss.net/static/5997.php
Date Reported: 1/24/01 Vulnerability: winnt-mutex-dos Platforms Affected: Windows NT 4.0 Risk Factor: Medium Attack Type: Host Based Brief Description: Windows NT mutex denial of service X-Force URL: http://xforce.iss.net/static/6006.php
Date Reported: 1/24/01 Vulnerability: jrun-webinf-file-retrieval Platforms Affected: JRun Risk Factor: Medium Attack Type: Network/Host Based Brief Description: JRun malformed URL file retrieval X-Force URL: http://xforce.iss.net/static/6008.php
Date Reported: 1/23/01 Vulnerability: ipfw-bypass-firewall Platforms Affected: FreeBSD (3.x, 4.x) Risk Factor: High Attack Type: Network Based Brief Description: ipfw/ip6fw allows remote attacker to bypass firewall X-Force URL: http://xforce.iss.net/static/5998.php
Date Reported: 1/23/01 Vulnerability: netopia-telnet-dos Platforms Affected: Netopia R-series router Risk Factor: Medium Attack Type: Network Based Brief Description: Netopia R9100 allows remote user to crash the router using telnet X-Force URL: http://xforce.iss.net/static/6001.php
Date Reported: 1/23/01 Vulnerability: wuftp-debug-format-string Platforms Affected: Wu-ftpd Risk Factor: High Attack Type: Network Based Brief Description: Wu-ftpd debug mode format string X-Force URL: http://xforce.iss.net/static/6020.php
Date Reported: 1/23/01 Vulnerability: kde2-kdesu-retrieve-passwords Platforms Affected: Linux: Caldera eDesktop 2.4 Risk Factor: High Attack Type: Host Based Brief Description: KDE2 kdesu program allows users to retrieve passwords X-Force URL: http://xforce.iss.net/static/5995.php
Date Reported: 1/23/01 Vulnerability: easycom-safecom-url-bo Platforms Affected: Easycom/Safecom firmware 404.590 Risk Factor: Medium Attack Type: Network Based Brief Description: Easycom/Safecom print server long URL buffer overflow X-Force URL: http://xforce.iss.net/static/5988.php
Date Reported: 1/23/01 Vulnerability: easycom-safecom-printguide-dos Platforms Affected: Easycom/Safecom firmware 404.590 Risk Factor: Medium Attack Type: Network Based Brief Description: Easycom/Safecom PrintGuide denial of service X-Force URL: http://xforce.iss.net/static/5989.php
Date Reported: 1/23/01 Vulnerability: easycom-safecom-ftp-dos Platforms Affected: Easycom/Safecom firmware 404.590 Risk Factor: Medium Attack Type: Network Based Brief Description: Easycom/Safecom FTP denial of service X-Force URL: http://xforce.iss.net/static/5990.php
Date Reported: 1/23/01 Vulnerability: vnc-weak-authentication Platforms Affected: VNC 3.3.3 and earlier Risk Factor: Medium Attack Type: Network Based Brief Description: VNC weak authentication could allow unauthorized access X-Force URL: http://xforce.iss.net/static/5992.php
Date Reported: 1/23/01 Vulnerability: lotus-domino-smtp-bo Platforms Affected: Lotus Domino 5.0 Risk Factor: High Attack Type: Network/Host Based Brief Description: Lotus Domino SMTP Server policy feature buffer overflow X-Force URL: http://xforce.iss.net/static/5993.php
Date Reported: 1/23/01 Vulnerability: linux-sash-shadow-readable Platforms Affected: sash prior to 3.4-4 Risk Factor: High Attack Type: Host Based Brief Description: Linux sash /etc/shadow directory world-readable X-Force URL: http://xforce.iss.net/static/5994.php
Date Reported: 1/22/01 Vulnerability: powerpoint-execute-code Platforms Affected: Microsoft PowerPoint 2000 Risk Factor: High Attack Type: Host Based Brief Description: PowerPoint could allow code execution on another user's computer X-Force URL: http://xforce.iss.net/static/5996.php
Date Reported: 1/22/01 Vulnerability: icecast-format-string Platforms Affected: Icecast 1.3.8beta2 and prior Risk Factor: High Attack Type: Network/Host Based Brief Description: Icecast format string could allow arbitrary code execution X-Force URL: http://xforce.iss.net/static/5978.php
Date Reported: 1/22/01 Vulnerability: oracle-handlers-directory-traversal Platforms Affected: Oracle 8.1.7 Risk Factor: High Attack Type: Network Based Brief Description: Oracle JSP/SQLJP handlers directory traversal X-Force URL: http://xforce.iss.net/static/5986.php
Date Reported: 1/22/01 Vulnerability: oracle-handlers-execute-jsp Platforms Affected: Oracle 8.1.7 Risk Factor: High Attack Type: Network Based Brief Description: Oracle JSP/SQLJP handlers allows remote attacker to execute .jsp files X-Force URL: http://xforce.iss.net/static/5987.php
Date Reported: 1/22/01 Vulnerability: netscape-enterprise-dot-dos Platforms Affected: Netscape Enterprise Server 4.1 SP5 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Netscape Enterprise Server "/../" denial of service X-Force URL: http://xforce.iss.net/static/5983.php
Date Reported: 1/22/01 Vulnerability: goodtech-ftp-dos Platforms Affected: GoodTech FTP 3.0.1.2.1.0 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: GoodTech FTP server denial of service X-Force URL: http://xforce.iss.net/static/5984.php
Date Reported: 1/22/01 Vulnerability: netscape-fasttrack-cache-dos Platforms Affected: Netscape FastTrack Risk Factor: Low Attack Type: Host Based Brief Description: Netscape FastTrack Server cache denial of service X-Force URL: http://xforce.iss.net/static/5985.php
Date Reported: 1/21/01 Vulnerability: eeye-iris-dos Platforms Affected: Iris Network Analyzer 1.01beta Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Iris denial of service X-Force URL: http://xforce.iss.net/static/5981.php
Date Reported: 1/20/01 Vulnerability: watchguard-firebox-obtain-passphrase Platforms Affected: Firebox II Risk Factor: High Attack Type: Network Based Brief Description: WatchGuard Firebox allows remote user to obtain passphrase X-Force URL: http://xforce.iss.net/static/5979.php
Date Reported: 1/19/01 Vulnerability: fastream-ftp-server-dos Platforms Affected: Fastream FTP++ Simple FTP Server 2.0 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Fastream FTP denial of service X-Force URL: http://xforce.iss.net/static/5976.php
Date Reported: 1/19/01 Vulnerability: fastream-ftp-path-disclosure Platforms Affected: Fastream FTP++ Simple FTP Server 2.0 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Fastream FTP path disclosure X-Force URL: http://xforce.iss.net/static/5977.php
Date Reported: 1/19/01 Vulnerability: localweb2k-directory-traversal Platforms Affected: LocalWEB2000 HTTP Server 1.1.0 Risk Factor: Medium Attack Type: Network Based Brief Description: LocalWEB2000 directory traversal X-Force URL: http://xforce.iss.net/static/5982.php
Date Reported: 1/19/01 Vulnerability: win2k-efs-recover-data Platforms Affected: Windows 2000 Risk Factor: High Attack Type: Host Based Brief Description: Windows 2000 EFS allows local user to recover sensitive data X-Force URL: http://xforce.iss.net/static/5973.php
Date Reported: 1/19/01 Vulnerability: linux-bing-bo Platforms Affected: Linux Risk Factor: High Attack Type: Host Based Brief Description: Bing host name buffer overflow X-Force URL: http://xforce.iss.net/static/6036.php
Date Reported: 1/18/01 Vulnerability: micq-sprintf-remote-bo Platforms Affected: Matt's ICQ Clone 0.4.6 Risk Factor: High Attack Type: Network Based Brief Description: ICQ clone for Linux sprintf() remote buffer overflow X-Force URL: http://xforce.iss.net/static/5962.php
Date Reported: 1/18/01 Vulnerability: mysql-select-bo Platforms Affected: MySQL prior to 3.23.31 Risk Factor: High Attack Type: Host Based Brief Description: MySQL select buffer overflow X-Force URL: http://xforce.iss.net/static/5969.php
Date Reported: 1/18/01 Vulnerability: shoutcast-description-bo Platforms Affected: SHOUTcast DNAS 1.7.1 Risk Factor: Low Attack Type: Network/Host Based Brief Description: Shoutcast Server for Linux description buffer overflow X-Force URL: http://xforce.iss.net/static/5965.php
Date Reported: 1/17/01 Vulnerability: fw1-limited-license-dos Platforms Affected: Check Point Firewall-1 4.1 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: FireWall-1 limited-IP license denial of service X-Force URL: http://xforce.iss.net/static/5966.php
Date Reported: 1/17/01 Vulnerability: fw1-limited-license-dos Platforms Affected: Check Point Firewall-1 4.1 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: FireWall-1 limited-IP license denial of service X-Force URL: http://xforce.iss.net/static/5966.php
Date Reported: 1/17/01 Vulnerability: hp-stm-dos Platforms Affected: HPUX Risk Factor: Medium Attack Type: Host Based Brief Description: HP-UX Support Tools Manager denial of service X-Force URL: http://xforce.iss.net/static/5957.php
Date Reported: 1/17/01 Vulnerability: linux-webmin-tmpfiles Platforms Affected: OpenLinux (2.3, 2.4) Risk Factor: High Attack Type: Host Based Brief Description: Webmin use of tmpfiles could allow a local user to overwrite files X-Force URL: http://xforce.iss.net/static/6011.php
Date Reported: 1/17/01 Vulnerability: tinyproxy-remote-bo Platforms Affected: tinyproxy 1.3.2 and 1.3.3 Risk Factor: Medium Attack Type: Network Based Brief Description: Tinyproxy remote buffer overflow X-Force URL: http://xforce.iss.net/static/5954.php
Date Reported: 1/17/01 Vulnerability: postaci-sql-command-injection Platforms Affected: PostACI Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Postaci SQL command injection X-Force URL: http://xforce.iss.net/static/5972.ph p
Date Reported: 1/17/01 Vulnerability: wwwwais-cgi-dos Platforms Affected: wwwwais.c 25 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: wwwwais CGI based program denial of service X-Force URL: http://xforce.iss.net/static/5980.php
Date Reported: 1/17/01 Vulnerability: mime-header-attachment Platforms Affected: MIME 1.0 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: MIME headers could allow spoofed file attachment X-Force URL: http://xforce.iss.net/static/5991.php
Date Reported: 1/16/01 Vulnerability: ssh-rpc-private-key Platforms Affected: SSH Risk Factor: Medium Attack Type: Network/Host Based Brief Description: SSH secure-RPC could generate a passphrase that exposes a user's private key X-Force URL: http://xforce.iss.net/static/5963.php
Date Reported: 1/16/01 Vulnerability: linux-glibc-preload-overwrite Platforms Affected: Linux Risk Factor: Low Attack Type: Host Based Brief Description: Linux glibc LD_PRELOAD file overwrite X-Force URL: http://xforce.iss.net/static/5971.php
Date Reported: 1/16/01 Vulnerability: inn-tmpfile-symlink Platforms Affected: InterNet News (INN) Risk Factor: High Attack Type: Host Based Brief Description: INN tmpfile symbolic link X-Force URL: http://xforce.iss.net/static/5974.php
Date Reported: 1/15/01 Vulnerability: interscan-viruswall-insecure-password Platforms Affected: InterScan VirusWall (3.0.1, 3.6.x) Risk Factor: High Attack Type: Network Based Brief Description: InterScan VirusWall for Unix password change insecure X-Force URL: http://xforce.iss.net/static/5944.php
Date Reported: 1/15/01 Vulnerability: interscan-viruswall-weak-authentication Platforms Affected: InterScan VirusWall (3.0.1, 3.6.x) Risk Factor: Medium Attack Type: Network Based Brief Description: InterScan VirusWall for Unix uses weak authentication X-Force URL: http://xforce.iss.net/static/5946.php
Date Reported: 1/15/01 Vulnerability: ie-mshtml-dos Platforms Affected: Internet Explorer 4.0 and later Risk Factor: Medium Attack Type: Network Based Brief Description: Internet Explorer mshtml.dll denial of service X-Force URL: http://xforce.iss.net/static/5938.php
Date Reported: 1/15/01 Vulnerability: dhcp-format-string Platforms Affected: Caldera OpenLinux Desktop (2.3, 2.3.1, 2.4) Risk Factor: High Attack Type: Network Based Brief Description: Caldera DHCP format string X-Force URL: http://xforce.iss.net/static/5953.php
Date Reported: 1/15/01 Vulnerability: win-mediaplayer-arbitrary-code Platforms Affected: Windows Media Player 7.0 Risk Factor: High Attack Type: Network/Host Based Brief Description: Windows Media Player skins can be used execute arbitrary code X-Force URL: http://xforce.iss.net/static/5937.php
Date Reported: 1/15/01 Vulnerability: veritas-backupexec-dos Platforms Affected: Backup Exec 4.5 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Veritas Backup Exec denial of service X-Force URL: http://xforce.iss.net/static/5941.php
Date Reported: 1/15/01 Vulnerability: interscan-viruswall-symlink Platforms Affected: InterScan VirusWall (3.0.1, 3.6.x) Risk Factor: High Attack Type: Host Based Brief Description: InterScan VirusWall for Unix symbolic link X-Force URL: http://xforce.iss.net/static/5947.php
Date Reported: 1/15/01 Vulnerability: omnihttpd-statsconfig-corrupt-files Platforms Affected: OmniHTTPd Risk Factor: Medium Attack Type: Network Based Brief Description: OmniHTTPd statsconfig.pl corrupt any file on the system X-Force URL: http://xforce.iss.net/static/5955.php
Date Reported: 1/15/01 Vulnerability: omnihttpd-statsconfig-execute-code Platforms Affected: OmniHTTPd Risk Factor: High Attack Type: Network Based Brief Description: OmniHTTPD statsconfig.pl allows code execution X-Force URL: http://xforce.iss.net/static/5956.php
Date Reported: 1/15/01 Vulnerability: icmp-pmtu-dos Platforms Affected: Linux BSD Risk Factor: Medium Attack Type: Network Based Brief Description: ICMP PMTU denial of service X-Force URL: http://xforce.iss.net/static/5975.php
Date Reported: 1/15/01 Vulnerability: icmp-pmtu-dos Platforms Affected: Linux BSD Risk Factor: Medium Attack Type: Network Based Brief Description: ICMP PMTU denial of service X-Force URL: http://xforce.iss.net/static/5975.php
Date Reported: 1/14/01 Vulnerability: splitvt-perserc-format-string Platforms Affected: splitvt 1.6.4 and earlier Risk Factor: High Attack Type: Host Based Brief Description: Splitvt perserc.c module format string X-Force URL: http://xforce.iss.net/static/5948.php
Date Reported: 1/14/01 Vulnerability: splitvt-perserc-format-string Platforms Affected: splitvt 1.6.4 and earlier Risk Factor: High Attack Type: Host Based Brief Description: Splitvt perserc.c module format string X-Force URL: http://xforce.iss.net/static/5948.php
Date Reported: 1/14/01 Vulnerability: flash-module-bo Platforms Affected: Oliver Debon Flash plugin 0.4.9 and earlier Risk Factor: Medium Attack Type: Network Based Brief Description: Flash browser module buffer overflow X-Force URL: http://xforce.iss.net/static/5952.php
Date Reported: 1/13/01 Vulnerability: rctab-elevate-privileges Platforms Affected: Linux SuSE Risk Factor: Medium Attack Type: Host Based Brief Description: rctab in SuSE Linux could allow privilege elevation X-Force URL: http://xforce.iss.net/static/5945.php
Date Reported: 1/12/01 Vulnerability: ultraboard-cgi-perm Platforms Affected: UltraBoard 2000B Risk Factor: Medium Attack Type: Network/Host Based Brief Description: UltraBoard CGI weak permissions X-Force URL: http://xforce.iss.net/static/5931.php
Date Reported: 1/12/01 Vulnerability: compaq-web-management-bo Platforms Affected: Compaq Web-Based Management Risk Factor: High Attack Type: Network Based Brief Description: Compaq Web-Based Management program buffer overflow X-Force URL: http://xforce.iss.net/static/5935.php
Date Reported: 1/12/01 Vulnerability: php-htaccess-unauth-access Platforms Affected: PHP (4.0.0, 4.0.4) Risk Factor: Low Attack Type: Network Based Brief Description: PHP could allow unauthorized access to restricted files X-Force URL: http://xforce.iss.net/static/5940.php
Date Reported: 1/12/01 Vulnerability: basilix-webmail-retrieve-files Platforms Affected: Basilix Webmail 0.9.7beta Risk Factor: Low Attack Type: Network Based Brief Description: Basilix Webmail System allows unauthorized users to retrieve files X-Force URL: http://xforce.iss.net/static/5934.php
Date Reported: 1/12/01 Vulnerability: solaris-arp-bo Platforms Affected: Solaris Risk Factor: High Attack Type: Host Based Brief Description: Solaris arp buffer overflow X-Force URL: http://xforce.iss.net/static/5928.php
Date Reported: 1/12/01 Vulnerability: php-view-source-code Platforms Affected: PHP (4.0.0, 4.0.4) Risk Factor: Low Attack Type: Network Based Brief Description: PHP could allow remote viewing of source code X-Force URL: http://xforce.iss.net/static/5939.php
Date Reported: 1/11/01 Vulnerability: wec-ntlm-authentication Platforms Affected: Windows 2000 Microsoft Office 2000 Windows ME Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Web Extender Client (WEC) NTLM authentication X-Force URL: http://xforce.iss.net/static/5920.php
Date Reported: 1/11/01 Vulnerability: spamcop-url-seq-predict Platforms Affected: SpamCop Risk Factor: Low Attack Type: Network/Host Based Brief Description: SpamCop URL number increment sequence prediction X-Force URL: http://xforce.iss.net/static/5933.php
Date Reported: 1/10/01 Vulnerability: linux-wuftpd-privatepw-symlink Platforms Affected: Linux Risk Factor: Medium Attack Type: Host Based Brief Description: Linux wu-ftpd privatepw symbolic link X-Force URL: http://xforce.iss.net/static/5915.php
Date Reported: 1/10/01 Vulnerability: rdist-symlink Platforms Affected: rdist Risk Factor: High Attack Type: Host Based Brief Description: rdist symbolic link X-Force URL: http://xforce.iss.net/static/5925.php
Date Reported: 1/10/01 Vulnerability: squid-email-symlink Platforms Affected: squid Risk Factor: High Attack Type: Host Based Brief Description: squid email notification symbolic link X-Force URL: http://xforce.iss.net/static/5921.php
Date Reported: 1/10/01 Vulnerability: linux-diffutils-sdiff-symlimk Platforms Affected: Linux Risk Factor: Medium Attack Type: Host Based Brief Description: Linux diffutils sdiff symbolic link X-Force URL: http://xforce.iss.net/static/5914.php
Date Reported: 1/10/01 Vulnerability: tcpdump-arpwatch-symlink Platforms Affected: arpwatch Risk Factor: High Attack Type: Host Based Brief Description: tcpdump arpwatch symbolic link X-Force URL: http://xforce.iss.net/static/5922.php
Date Reported: 1/10/01 Vulnerability: linuxconf-vpop3d-symlink Platforms Affected: linuxconf Risk Factor: Medium Attack Type: Host Based Brief Description: Linuxconf vpop3d symbolic link X-Force URL: http://xforce.iss.net/static/5923.php
Date Reported: 1/10/01 Vulnerability: shadow-utils-useradd-symlink Platforms Affected: shadow-utils Risk Factor: High Attack Type: Host Based Brief Description: shadow-utils useradd symbolic link X-Force URL: http://xforce.iss.net/static/5927.php
Date Reported: 1/10/01 Vulnerability: linux-glibc-read-files Platforms Affected: Linux glibc Risk Factor: Medium Attack Type: Host Based Brief Description: Linux glibc library can allow users to read restricted files X-Force URL: http://xforce.iss.net/static/5907.php
Date Reported: 1/10/01 Vulnerability: gettyps-symlink Platforms Affected: gettyps Risk Factor: High Attack Type: Host Based Brief Description: getty_ps symbolic link X-Force URL: http://xforce.iss.net/static/5924.php
Date Reported: 1/10/01 Vulnerability: linux-gpm-symlink Platforms Affected: gpm Risk Factor: Medium Attack Type: Host Based Brief Description: Linux gpm symbolic link attack X-Force URL: http://xforce.iss.net/static/5917.php
Date Reported: 1/10/01 Vulnerability: linux-mgetty-symlink Platforms Affected: mgetty Risk Factor: Medium Attack Type: Host Based Brief Description: Linux mgetty symbolic link attack X-Force URL: http://xforce.iss.net/static/5918.php
Date Reported: 1/10/01 Vulnerability: linux-apache-symlink Platforms Affected: Apache Risk Factor: Medium Attack Type: Host Based Brief Description: Linux Apache symbolic link X-Force URL: http://xforce.iss.net/static/5926.php
Date Reported: 1/10/01 Vulnerability: linux-inn-symlink Platforms Affected: inn Risk Factor: Medium Attack Type: Host Based Brief Description: Linux INN tmp directory symbolic link X-Force URL: http://xforce.iss.net/static/5916.php
Date Reported: 1/10/01 Vulnerability: conferenceroom-developer-dos Platforms Affected: ConferenceRoom Professional Edition Risk Factor: Medium Attack Type: Network/Host Based Brief Description: ConferenceRoom Developer Edition denial of service X-Force URL: http://xforce.iss.net/static/5909.php
Date Reported: 1/9/01 Vulnerability: oracle-xsql-execute-code Platforms Affected: Oracle 8.1.7 Risk Factor: High Attack Type: Network Based Brief Description: Oracle XSQL servlet and xml-stylesheet allows code execution on server X-Force URL: http://xforce.iss.net/static/5905.php
Date Reported: 1/9/01 Vulnerability: netscreen-webui-bo Platforms Affected: NetScreen Risk Factor: Medium Attack Type: Network Based Brief Description: NetScreen Firewall WebUI buffer overflow X-Force URL: http://xforce.iss.net/static/5908.php
Date Reported: 1/9/01 Vulnerability: suse-reiserfs-long-filenames Platforms Affected: SuSE 7.0 Risk Factor: High Attack Type: Host Based Brief Description: SuSE reiserfs long file name denial of service X-Force URL: http://xforce.iss.net/static/5910.php
Date Reported: 1/9/01 Vulnerability: interbase-backdoor-account Platforms Affected: InterBase 6.01 and earlier Risk Factor: High Attack Type: Network/Host Based Brief Description: InterBase built-in backdoor account X-Force URL: http://xforce.iss.net/static/5911.php
Date Reported: 1/9/01 Vulnerability: interbase-hidden-function-dos Platforms Affected: InterBase 6.01 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: InterBase hidden function denial of service X-Force URL: http://xforce.iss.net/static/5912.php
Date Reported: 1/9/01 Vulnerability: brickserver-thttpd-dos Platforms Affected: BRICKServer Small Business Risk Factor: Medium Attack Type: Network Based Brief Description: BRICKServer thttpd denial of service X-Force URL: http://xforce.iss.net/static/5919.php
Date Reported: 1/9/01 Vulnerability: solaris-exrecover-bo Platforms Affected: Solaris (2.4, 2.5, 2.5.1, 2.6) Risk Factor: Medium Attack Type: Host Based Brief Description: Solaris exrecover buffer overflow X-Force URL: http://xforce.iss.net/static/5913.php
Date Reported: 1/9/01 Vulnerability: hp-inetd-swait-dos Platforms Affected: HPUX Risk Factor: Medium Attack Type: Host Based Brief Description: HP-UX inetd swait denial of service X-Force URL: http://xforce.iss.net/static/5904.php
Date Reported: 1/8/01 Vulnerability: microsoft-iis-read-files Platforms Affected: IIS (4.0, 5.0) Risk Factor: Medium Attack Type: Network Based Brief Description: Microsoft IIS 5.0 allows the viewing of files through malformed URL X-Force URL: http://xforce.iss.net/static/5903.php
Date Reported: 1/8/01 Vulnerability: ibm-websphere-dos Platforms Affected: IBM Websphere 3.52 IBM HTTP Server 1.3.12 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: IBM WebSphere denial of service X-Force URL: http://xforce.iss.net/static/5900.php
Date Reported: 1/8/01 Vulnerability: storagesoft-imagecast-dos Platforms Affected: ImageCast 4.1 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: StorageSoft ImageCast denial of service X-Force URL: http://xforce.iss.net/static/5901.php
Date Reported: 1/8/01 Vulnerability: nai-pgp-replace-keys Platforms Affected: PGP 7.0 Risk Factor: Medium Attack Type: Host Based Brief Description: PGP users may replace signed exported key blocks with arbitrary keys X-Force URL: http://xforce.iss.net/static/5902.php
Date Reported: 1/7/01 Vulnerability: http-cgi-bbs-forum Platforms Affected: WebBBS 1.0 Risk Factor: High Attack Type: Network Based Brief Description: bbs_forum.cgi allows remote command execution X-Force URL: http://xforce.iss.net/static/5906.php
Date Reported: 1/5/01 Vulnerability: lotus-domino-directory-traversal Platforms Affected: Lotus Domino 5.0.x Risk Factor: Medium Attack Type: Network Based Brief Description: Lotus Domino 5.0.x .nsf, .box, and .ns4 directory traversal X-Force URL: http://xforce.iss.net/static/5899.php
Date Reported: 1/5/01 Vulnerability: http-cgi-fastgraf Platforms Affected: FASTGRAF Risk Factor: High Attack Type: Network Based Brief Description: Fastgraf CGI scripts allow remote command execution X-Force URL: http://xforce.iss.net/static/5897.php
Date Reported: 1/4/01 Vulnerability: newsdesk-cgi-read-files Platforms Affected: Newsdesk 1.2 Risk Factor: High Attack Type: Network Based Brief Description: Newsdesk.cgi allows read access to files X-Force URL: http://xforce.iss.net/static/5898.php
Date Reported: 1/1/01 Vulnerability: gtk-module-execute-code Platforms Affected: GTK+ 1.2.8 and earlier Risk Factor: High Attack Type: Host Based Brief Description: GTK+ arbitrary code execution using custom loadable module X-Force URL: http://xforce.iss.net/static/5832.php
Date Reported: 1/1/01 Vulnerability: linux-tty-writable-dos Platforms Affected: Linux Risk Factor: Medium Attack Type: Host Based Brief Description: Linux writable TTY denial of service X-Force URL: http://xforce.iss.net/static/5896.php
Risk Factor Key:
High Any vulnerability that provides an attacker with immediate
access into a machine, gains superuser access, or bypasses
a firewall. Example: A vulnerable Sendmail 8.6.5 version
that allows an intruder to execute commands on mail
server.
Medium Any vulnerability that provides information that has a
high potential of giving system access to an intruder.
Example: A misconfigured TFTP or vulnerable NIS server
that allows an intruder to get the password file that
could contain an account with a guessable password.
Low Any vulnerability that provides information that
potentially could lead to a compromise. Example: A
finger that allows an intruder to find out who is online
and potential accounts to attempt to crack passwords
via brute force methods.
Additional Information
This document is available at http://xforce.iss.net/alerts/advisennn.php. To receive these Alerts and Advisories: - - Subscribe to the Alert mailing list from http://xforce.iss.net/maillists/index.php - - Or send an email to majordomo@iss.net, and within the body of the message type: 'subscribe alert' (without the quotes).
About Internet Security Systems (ISS) Internet Security Systems, Inc. (ISS) (NASDAQ: ISSX) is the leading global provider of security management solutions for the Internet. By combining best of breed products, security management services, aggressive research and development, and comprehensive educational and consulting services, ISS is the trusted security advisor for thousands of organizations around the world looking to protect their mission critical information and networks.
Copyright (c) 2001 by Internet Security Systems, Inc.
Permission is hereby granted for the redistribution of this Alert electronically. It is not to be edited in any way without express consent of the X-Force. If you wish to reprint the whole or any part of this Alert in any other medium excluding electronic medium, please e-mail xforce@iss.net for permission.
Disclaimer
The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk.
X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as well as on MIT's PGP key server and PGP.com's key server.
Please send suggestions, updates, and comments to: X-Force xforce@iss.net of Internet Security Systems, Inc.
-----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: noconv
iQCVAwUBOogB2jRfJiV99eG9AQESogP9HsIDfUmYkJuWUmNqPhb22a6CVpi/TiG9 7mvhdGc3ySS6LqrvTZgXrBzAcxFlHrdTSmNka8yGiLvYAb0lnghFRZ2OxxRfK11m AV9VS9/Yty/Qk8BnA/7tx4DIcM4Nhry1kTqTbDkpbcfXOb2LI2WUGnMHF/xkc1ge 3mV5zJXCUM4= =ClrQ -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200106-0104",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "firewall server",
"scope": "eq",
"trust": 1.9,
"vendor": "borderware",
"version": "6.1.2"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ssh security",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sun",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "daemonnews",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "immunix",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mandrakesoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "getty ps",
"version": null
},
{
"model": "immunix os -beta",
"scope": "eq",
"trust": 0.3,
"vendor": "wirex",
"version": "7.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "7.2"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "7.1"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "7.0"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "6.1"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "6.0"
},
{
"model": "communications security ssh",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "1.2.30"
},
{
"model": "communications security ssh",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "1.2.29"
},
{
"model": "communications security ssh",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "1.2.28"
},
{
"model": "communications security ssh",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "1.2.27"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#850440"
},
{
"db": "CERT/CC",
"id": "VU#987632"
},
{
"db": "CERT/CC",
"id": "VU#342768"
},
{
"db": "BID",
"id": "2194"
},
{
"db": "BID",
"id": "2222"
},
{
"db": "BID",
"id": "89020"
},
{
"db": "NVD",
"id": "CVE-2001-0313"
},
{
"db": "CNNVD",
"id": "CNNVD-200106-024"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:borderware:firewall_server:6.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0313"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This vulnerability was first announced by Greg KH \u003cgreg@wirex.com\u003e on January 10, 2001 via Bugtraq.",
"sources": [
{
"db": "BID",
"id": "2194"
}
],
"trust": 0.3
},
"cve": "CVE-2001-0313",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-3135",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2001-0313",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#850440",
"trust": 0.8,
"value": "1.89"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#987632",
"trust": 0.8,
"value": "3.19"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#342768",
"trust": 0.8,
"value": "5.63"
},
{
"author": "CNNVD",
"id": "CNNVD-200106-024",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-3135",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#850440"
},
{
"db": "CERT/CC",
"id": "VU#987632"
},
{
"db": "CERT/CC",
"id": "VU#342768"
},
{
"db": "VULHUB",
"id": "VHN-3135"
},
{
"db": "NVD",
"id": "CVE-2001-0313"
},
{
"db": "CNNVD",
"id": "CNNVD-200106-024"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Borderware Firewall Server 6.1.2 allows remote attackers to cause a denial of service via a ping to the broadcast address of the public network on which the server is placed, which causes the server to continuously send pings (echo requests) to the network. The secure-RPC feature of the SSH1 client in Solaris sometimes encrypts the SSH private key file with a weak passphrase, which can be determined by an attacker and used to recover the SSH private keys. Other versions of the SSH client running on non-Solaris platforms are not affected by this vulnerability. NewsDaemon prior to version 0.21b contains a vulnerability allowing remote attackers to gain administrative access to the web site. getty_ps is an open-source software package designed to support logons to the console and terminals. Some implementations create temporary files insecurely with predictable names, leading to corruption of arbitrary files via symbolic link attack. getty_ps is an open source, freely available, publicly maintained software package shipped with many distributions of Linux. \nA problem in the getty_ps software package could make it vulnerable to a symbolic link attack. The problem occurs in the creation and handling of files in the /tmp directory by the getty_ps program. Under certain circumstances, getty_ps will create files in the /tmp filesystem in an insecure manner. The program uses a naming scheme that could make it possible to guess the filename of future files in the /tmp directory, and does not check for the existance of the file before attempting to create it. A malicious user could use this vulnerability to overwrite or append to and corrupt system files. SSH is a package designed to encrypt traffic between two end points using the IETF specified SSH protocol. The SSH1 package is distributed and maintained by SSH Communications Security. \nA problem exists which could allow the discovery of the secret key used to encrypt traffic on the local host. When using SUN-DES-1 to share keys with other hosts on the network to facilitate secure communication via protocols such as NFS and NIS+, the keys are shared between hosts using the private key of the user and a cryptographic algorithm to secure the contents of the key, which is stored on the NIS+ primary. The problem occurs when the key is encrypted with the SUN-DES-1 magic phrase prior to having done a keylogin (the keyserv does not have the users DH private key). A design flaw in the software that shares the key with the NIS+ master will inconsistently return the correct value for an attempted keyshare that has failed. A step in the private key encryption process is skipped, and the users private key is then encrypted only with the public key of the target server and the SUN-DES-1 magic phrase, a phrase that is guessable due to the way it is generated. A user from the same host can then execute a function that returns another users magic phrase, and use this to decrypt the private key of the victim. This makes it possible for a user with malicious intent to gain knowledge of a users secret key, and decrypt sensitive traffic between two hosts, with the possibility of gaining access and elevated privileges on the hosts and/or NIS+ domain. This reportedly affects the SSH2 series of the software package. Firewall Server is prone to a denial-of-service vulnerability. \nTO UNSUBSCRIBE: email \"unsubscribe alert\" in the body of your message to\nmajordomo@iss.net Contact alert-owner@iss.net for help with any problems!\n---------------------------------------------------------------------------\n\n-----BEGIN PGP SIGNED MESSAGE-----\n\nInternet Security Systems Security Alert Summary\nFebruary 6, 2001\nVolume 6 Number 3\n\nX-Force Vulnerability and Threat Database: http://xforce.iss.net/ To\nreceive these Alert Summaries as well as other Alerts and Advisories,\nsubscribe to the Internet Security Systems Alert mailing list at:\nhttp://xforce.iss.net/maillists/index.php\n\n_____\n\nContents\n\n120 Reported Vulnerabilities\n\nRisk Factor Key\n\n_____\n\nDate Reported: 1/31/01\nVulnerability: win2k-rdp-dos\nPlatforms Affected: Windows 2000\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Windows 2000 Server RDP denial of service\nX-Force URL: http://xforce.iss.net/static/6035.php\n\n_____\n\nDate Reported: 1/31/01\nVulnerability: cisco-ccs-file-access\nPlatforms Affected: Cisco Content Services Switch\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Cisco CCS command line interface could allow read access to files and directories\nX-Force URL: http://xforce.iss.net/static/6031.php\n\n_____\n\nDate Reported: 1/31/01\nVulnerability: quicktime-embedded-tag-bo\nPlatforms Affected: Quicktime 4.1.2\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: QuickTime Player EMBED tag buffer overflow\nX-Force URL: http://xforce.iss.net/static/6040.php\n\n_____\n\nDate Reported: 1/31/01\nVulnerability: solaris-ximp40-bo\nPlatforms Affected: Solaris (7, 8)\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: Solaris \"ximp40\" shared library buffer overflow\nX-Force URL: http://xforce.iss.net/static/6039.php\n\n_____\n\nDate Reported: 1/31/01\nVulnerability: cisco-ccs-cli-dos\nPlatforms Affected: Cisco Content Services Switch\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Cisco CCS command line interface denial of service\nX-Force URL: http://xforce.iss.net/static/6030.php\n\n_____\n\nDate Reported: 1/30/01\nVulnerability: slimserve-httpd-dos\nPlatforms Affected: SlimServe 1.0\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: SlimServe HTTPd denial of service\nX-Force URL: http://xforce.iss.net/static/6028.php\n\n_____\n\nDate Reported: 1/30/01\nVulnerability: crazywwwboard-qdecoder-bo\nPlatforms Affected: CrazyWWWBoard prior to 2000LEp5-1\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: CrazyWWWBoard qDecoder buffer overflow\nX-Force URL: http://xforce.iss.net/static/6033.php\n\n_____\n\nDate Reported: 1/30/01\nVulnerability: virusbuster-mua-bo\nPlatforms Affected:\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Virus Buster 2001 Mail User Agent (MUA) buffer overflow\nX-Force URL: http://xforce.iss.net/static/6034.php\n\n_____\n\nDate Reported: 1/29/01\nVulnerability: iis-isapi-obtain-code\nPlatforms Affected: IIS (4.0, 5.0)\nRisk Factor: Low\nAttack Type: Network/Host Based\nBrief Description: IIS allows remote attacker to obtain code fragments using .htr ISAPI extensions\nX-Force URL: http://xforce.iss.net/static/6032.php\n\n_____\n\nDate Reported: 1/29/01\nVulnerability: bind-inverse-query-disclosure\nPlatforms Affected: Bind (4.x, 8.2.x)\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: BIND 4.x and 8.2.x exposes environment variables\nX-Force URL: http://xforce.iss.net/static/6018.php\n\n_____\n\nDate Reported: 1/29/01\nVulnerability: hp-man-dos\nPlatforms Affected: HPUX\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: HP man command denial of service\nX-Force URL: http://xforce.iss.net/static/6014.php\n\n_____\n\nDate Reported: 1/29/01\nVulnerability: sort-temp-file-abort\nPlatforms Affected: FreeBSD\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Sort temporary files denial of service\nX-Force URL: http://xforce.iss.net/static/6038.php\n\n_____\n\nDate Reported: 1/29/01\nVulnerability: bind-complain-format-string\nPlatforms Affected: BIND 4.x\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: BIND 4.x nslookupComplain() format string\nX-Force URL: http://xforce.iss.net/static/6017.php\n\n_____\n\nDate Reported: 1/29/01\nVulnerability: bind-complain-bo\nPlatforms Affected: BIND 4.x\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: BIND 4.x nslookupComplain() buffer overflow\nX-Force URL: http://xforce.iss.net/static/6016.php\n\n_____\n\nDate Reported: 1/29/01\nVulnerability: winvnc-client-bo\nPlatforms Affected: WinVNC\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: WinVNC client buffer overflow\nX-Force URL: http://xforce.iss.net/static/6025.php\n\n_____\n\nDate Reported: 1/29/01\nVulnerability: winvnc-server-bo\nPlatforms Affected: WinVNC\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: WinVNC server buffer overflow\nX-Force URL: http://xforce.iss.net/static/6026.php\n\n_____\n\nDate Reported: 1/29/01\nVulnerability: guestserver-cgi-execute-commands\nPlatforms Affected: Guestserver 4.12 and earlier\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Guestserver.cgi allows remote command execution\nX-Force URL: http://xforce.iss.net/static/6027.php\n\n_____\n\nDate Reported: 1/29/01\nVulnerability: bind-tsig-bo\nPlatforms Affected: BIND 8.2.x\nRisk Factor: Unauthorized Access Attempt\nAttack Type: Network/Host Based\nBrief Description: BIND 8.2.x transaction signature (TSIG) buffer overflow\nX-Force URL: http://xforce.iss.net/static/6015.php\n\n_____\n\nDate Reported: 1/28/01\nVulnerability: hyperseek-cgi-reveal-info\nPlatforms Affected: Hyperseek Search Engine 2000\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Hyperseek CGI could reveal listings of directories and files\nX-Force URL: http://xforce.iss.net/static/6012.php\n\n_____\n\nDate Reported: 1/26/01\nVulnerability: newsdaemon-gain-admin-access\nPlatforms Affected: NewsDaemon prior to 0.21b\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: NewsDaemon allows remote users to gain administrative access\nX-Force URL: http://xforce.iss.net/static/6010.php\n\n_____\n\nDate Reported: 1/26/01\nVulnerability: mars-nwe-format-string\nPlatforms Affected: Mars_nwe 0.99.pl19\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Mars_nwe format string\nX-Force URL: http://xforce.iss.net/static/6019.php\n\n_____\n\nDate Reported: 1/26/01\nVulnerability: mars-nwe-format-string\nPlatforms Affected: Mars_nwe 0.99.pl19\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Mars_nwe format string\nX-Force URL: http://xforce.iss.net/static/6019.php\n\n_____\n\nDate Reported: 1/25/01\nVulnerability: planetintra-pi-bo\nPlatforms Affected: Planet Intra LAN Intranet 2.5\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Planet Intra \u0027pi\u0027 binary buffer oveflow\nX-Force URL: http://xforce.iss.net/static/6002.php\n\n_____\n\nDate Reported: 1/25/01\nVulnerability: borderware-ping-dos\nPlatforms Affected: BorderWare Firewall Server 6.1.2\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: BorderWare ping denial of service\nX-Force URL: http://xforce.iss.net/static/6004.php\n\n_____\n\nDate Reported: 1/25/01\nVulnerability: aol-malformed-url-dos\nPlatforms Affected: AOL 5.0\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: AOL malformed URL denial of service\nX-Force URL: http://xforce.iss.net/static/6009.php\n\n_____\n\nDate Reported: 1/25/01\nVulnerability: mirc-bypass-password\nPlatforms Affected: mIRC\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: mIRC allows malicious user to bypass password\nX-Force URL: http://xforce.iss.net/static/6013.php\n\n_____\n\nDate Reported: 1/25/01\nVulnerability: netscape-enterprise-revlog-dos\nPlatforms Affected: Netscape Enterprise Server\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Netscape Enterprise Server REVLOG denial of service\nX-Force URL: http://xforce.iss.net/static/6003.php\n\n_____\n\nDate Reported: 1/24/01\nVulnerability: aim-execute-code\nPlatforms Affected: AOL Instant Messenger 4.1 and later\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: AOL Instant Messenger execution of code in modified images\nX-Force URL: http://xforce.iss.net/static/6005.php\n\n_____\n\nDate Reported: 1/24/01\nVulnerability: netscape-enterprise-list-directories\nPlatforms Affected: Netscape Enterprise Server (3.0, 4.0)\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Netscape Enterprise Server allows remote directory listing\nX-Force URL: http://xforce.iss.net/static/5997.php\n\n_____\n\nDate Reported: 1/24/01\nVulnerability: winnt-mutex-dos\nPlatforms Affected: Windows NT 4.0\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Windows NT mutex denial of service\nX-Force URL: http://xforce.iss.net/static/6006.php\n\n_____\n\nDate Reported: 1/24/01\nVulnerability: jrun-webinf-file-retrieval\nPlatforms Affected: JRun\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: JRun malformed URL file retrieval\nX-Force URL: http://xforce.iss.net/static/6008.php\n\n_____\n\nDate Reported: 1/23/01\nVulnerability: ipfw-bypass-firewall\nPlatforms Affected: FreeBSD (3.x, 4.x)\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: ipfw/ip6fw allows remote attacker to bypass firewall\nX-Force URL: http://xforce.iss.net/static/5998.php\n\n_____\n\nDate Reported: 1/23/01\nVulnerability: netopia-telnet-dos\nPlatforms Affected: Netopia R-series router\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Netopia R9100 allows remote user to crash the router using telnet\nX-Force URL: http://xforce.iss.net/static/6001.php\n\n_____\n\nDate Reported: 1/23/01\nVulnerability: wuftp-debug-format-string\nPlatforms Affected: Wu-ftpd\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Wu-ftpd debug mode format string\nX-Force URL: http://xforce.iss.net/static/6020.php\n\n_____\n\nDate Reported: 1/23/01\nVulnerability: kde2-kdesu-retrieve-passwords\nPlatforms Affected: Linux: Caldera eDesktop 2.4\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: KDE2 kdesu program allows users to retrieve passwords\nX-Force URL: http://xforce.iss.net/static/5995.php\n\n_____\n\nDate Reported: 1/23/01\nVulnerability: easycom-safecom-url-bo\nPlatforms Affected: Easycom/Safecom firmware 404.590\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Easycom/Safecom print server long URL buffer overflow\nX-Force URL: http://xforce.iss.net/static/5988.php\n\n_____\n\nDate Reported: 1/23/01\nVulnerability: easycom-safecom-printguide-dos\nPlatforms Affected: Easycom/Safecom firmware 404.590\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Easycom/Safecom PrintGuide denial of service\nX-Force URL: http://xforce.iss.net/static/5989.php\n\n_____\n\nDate Reported: 1/23/01\nVulnerability: easycom-safecom-ftp-dos\nPlatforms Affected: Easycom/Safecom firmware 404.590\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Easycom/Safecom FTP denial of service\nX-Force URL: http://xforce.iss.net/static/5990.php\n\n_____\n\nDate Reported: 1/23/01\nVulnerability: vnc-weak-authentication\nPlatforms Affected: VNC 3.3.3 and earlier\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: VNC weak authentication could allow unauthorized access\nX-Force URL: http://xforce.iss.net/static/5992.php\n\n_____\n\nDate Reported: 1/23/01\nVulnerability: lotus-domino-smtp-bo\nPlatforms Affected: Lotus Domino 5.0\nRisk Factor: High\nAttack Type: Network/Host Based\nBrief Description: Lotus Domino SMTP Server policy feature buffer overflow\nX-Force URL: http://xforce.iss.net/static/5993.php\n\n_____\n\nDate Reported: 1/23/01\nVulnerability: linux-sash-shadow-readable\nPlatforms Affected: sash prior to 3.4-4\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: Linux sash /etc/shadow directory world-readable\nX-Force URL: http://xforce.iss.net/static/5994.php\n\n_____\n\nDate Reported: 1/22/01\nVulnerability: powerpoint-execute-code\nPlatforms Affected: Microsoft PowerPoint 2000\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: PowerPoint could allow code execution on another user\u0027s computer\nX-Force URL: http://xforce.iss.net/static/5996.php\n\n_____\n\nDate Reported: 1/22/01\nVulnerability: icecast-format-string\nPlatforms Affected: Icecast 1.3.8beta2 and prior\nRisk Factor: High\nAttack Type: Network/Host Based\nBrief Description: Icecast format string could allow arbitrary code execution\nX-Force URL: http://xforce.iss.net/static/5978.php\n\n_____\n\nDate Reported: 1/22/01\nVulnerability: oracle-handlers-directory-traversal\nPlatforms Affected: Oracle 8.1.7\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Oracle JSP/SQLJP handlers directory traversal\nX-Force URL: http://xforce.iss.net/static/5986.php\n\n_____\n\nDate Reported: 1/22/01\nVulnerability: oracle-handlers-execute-jsp\nPlatforms Affected: Oracle 8.1.7\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Oracle JSP/SQLJP handlers allows remote attacker to execute .jsp files\nX-Force URL: http://xforce.iss.net/static/5987.php\n\n_____\n\nDate Reported: 1/22/01\nVulnerability: netscape-enterprise-dot-dos\nPlatforms Affected: Netscape Enterprise Server 4.1 SP5\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Netscape Enterprise Server \"/../\" denial of service\nX-Force URL: http://xforce.iss.net/static/5983.php\n\n_____\n\nDate Reported: 1/22/01\nVulnerability: goodtech-ftp-dos\nPlatforms Affected: GoodTech FTP 3.0.1.2.1.0\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: GoodTech FTP server denial of service\nX-Force URL: http://xforce.iss.net/static/5984.php\n\n_____\n\nDate Reported: 1/22/01\nVulnerability: netscape-fasttrack-cache-dos\nPlatforms Affected: Netscape FastTrack\nRisk Factor: Low\nAttack Type: Host Based\nBrief Description: Netscape FastTrack Server cache denial of service\nX-Force URL: http://xforce.iss.net/static/5985.php\n\n_____\n\nDate Reported: 1/21/01\nVulnerability: eeye-iris-dos\nPlatforms Affected: Iris Network Analyzer 1.01beta\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Iris denial of service\nX-Force URL: http://xforce.iss.net/static/5981.php\n\n_____\n\nDate Reported: 1/20/01\nVulnerability: watchguard-firebox-obtain-passphrase\nPlatforms Affected: Firebox II\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: WatchGuard Firebox allows remote user to obtain passphrase\nX-Force URL: http://xforce.iss.net/static/5979.php\n\n_____\n\nDate Reported: 1/19/01\nVulnerability: fastream-ftp-server-dos\nPlatforms Affected: Fastream FTP++ Simple FTP Server 2.0\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Fastream FTP denial of service\nX-Force URL: http://xforce.iss.net/static/5976.php\n\n_____\n\nDate Reported: 1/19/01\nVulnerability: fastream-ftp-path-disclosure\nPlatforms Affected: Fastream FTP++ Simple FTP Server 2.0\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Fastream FTP path disclosure\nX-Force URL: http://xforce.iss.net/static/5977.php\n\n_____\n\nDate Reported: 1/19/01\nVulnerability: localweb2k-directory-traversal\nPlatforms Affected: LocalWEB2000 HTTP Server 1.1.0\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: LocalWEB2000 directory traversal\nX-Force URL: http://xforce.iss.net/static/5982.php\n\n_____\n\nDate Reported: 1/19/01\nVulnerability: win2k-efs-recover-data\nPlatforms Affected: Windows 2000\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: Windows 2000 EFS allows local user to recover sensitive data\nX-Force URL: http://xforce.iss.net/static/5973.php\n\n_____\n\nDate Reported: 1/19/01\nVulnerability: linux-bing-bo\nPlatforms Affected: Linux\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: Bing host name buffer overflow\nX-Force URL: http://xforce.iss.net/static/6036.php\n\n_____\n\nDate Reported: 1/18/01\nVulnerability: micq-sprintf-remote-bo\nPlatforms Affected: Matt\u0027s ICQ Clone 0.4.6\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: ICQ clone for Linux sprintf() remote buffer overflow\nX-Force URL: http://xforce.iss.net/static/5962.php\n\n_____\n\nDate Reported: 1/18/01\nVulnerability: mysql-select-bo\nPlatforms Affected: MySQL prior to 3.23.31\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: MySQL select buffer overflow\nX-Force URL: http://xforce.iss.net/static/5969.php\n\n_____\n\nDate Reported: 1/18/01\nVulnerability: shoutcast-description-bo\nPlatforms Affected: SHOUTcast DNAS 1.7.1\nRisk Factor: Low\nAttack Type: Network/Host Based\nBrief Description: Shoutcast Server for Linux description buffer overflow\nX-Force URL: http://xforce.iss.net/static/5965.php\n\n_____\n\nDate Reported: 1/17/01\nVulnerability: fw1-limited-license-dos\nPlatforms Affected: Check Point Firewall-1 4.1\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: FireWall-1 limited-IP license denial of service\nX-Force URL: http://xforce.iss.net/static/5966.php\n\n_____\n\nDate Reported: 1/17/01\nVulnerability: fw1-limited-license-dos\nPlatforms Affected: Check Point Firewall-1 4.1\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: FireWall-1 limited-IP license denial of service\nX-Force URL: http://xforce.iss.net/static/5966.php\n\n_____\n\nDate Reported: 1/17/01\nVulnerability: hp-stm-dos\nPlatforms Affected: HPUX\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: HP-UX Support Tools Manager denial of service\nX-Force URL: http://xforce.iss.net/static/5957.php\n\n_____\n\nDate Reported: 1/17/01\nVulnerability: linux-webmin-tmpfiles\nPlatforms Affected: OpenLinux (2.3, 2.4)\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: Webmin use of tmpfiles could allow a local user to overwrite files\nX-Force URL: http://xforce.iss.net/static/6011.php\n\n_____\n\nDate Reported: 1/17/01\nVulnerability: tinyproxy-remote-bo\nPlatforms Affected: tinyproxy 1.3.2 and 1.3.3\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Tinyproxy remote buffer overflow\nX-Force URL: http://xforce.iss.net/static/5954.php\n\n_____\n\nDate Reported: 1/17/01\nVulnerability: postaci-sql-command-injection\nPlatforms Affected: PostACI\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Postaci SQL command injection\nX-Force URL: http://xforce.iss.net/static/5972.ph p\n\n_____\n\nDate Reported: 1/17/01\nVulnerability: wwwwais-cgi-dos\nPlatforms Affected: wwwwais.c 25\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: wwwwais CGI based program denial of service\nX-Force URL: http://xforce.iss.net/static/5980.php\n\n_____\n\nDate Reported: 1/17/01\nVulnerability: mime-header-attachment\nPlatforms Affected: MIME 1.0\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: MIME headers could allow spoofed file attachment\nX-Force URL: http://xforce.iss.net/static/5991.php\n\n_____\n\nDate Reported: 1/16/01\nVulnerability: ssh-rpc-private-key\nPlatforms Affected: SSH\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: SSH secure-RPC could generate a passphrase that exposes a user\u0027s private key\nX-Force URL: http://xforce.iss.net/static/5963.php\n\n_____\n\nDate Reported: 1/16/01\nVulnerability: linux-glibc-preload-overwrite\nPlatforms Affected: Linux\nRisk Factor: Low\nAttack Type: Host Based\nBrief Description: Linux glibc LD_PRELOAD file overwrite\nX-Force URL: http://xforce.iss.net/static/5971.php\n\n_____\n\nDate Reported: 1/16/01\nVulnerability: inn-tmpfile-symlink\nPlatforms Affected: InterNet News (INN)\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: INN tmpfile symbolic link\nX-Force URL: http://xforce.iss.net/static/5974.php\n\n_____\n\nDate Reported: 1/15/01\nVulnerability: interscan-viruswall-insecure-password\nPlatforms Affected: InterScan VirusWall (3.0.1, 3.6.x)\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: InterScan VirusWall for Unix password change insecure\nX-Force URL: http://xforce.iss.net/static/5944.php\n\n_____\n\nDate Reported: 1/15/01\nVulnerability: interscan-viruswall-weak-authentication\nPlatforms Affected: InterScan VirusWall (3.0.1, 3.6.x)\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: InterScan VirusWall for Unix uses weak authentication\nX-Force URL: http://xforce.iss.net/static/5946.php\n\n_____\n\nDate Reported: 1/15/01\nVulnerability: ie-mshtml-dos\nPlatforms Affected: Internet Explorer 4.0 and later\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Internet Explorer mshtml.dll denial of service\nX-Force URL: http://xforce.iss.net/static/5938.php\n\n_____\n\nDate Reported: 1/15/01\nVulnerability: dhcp-format-string\nPlatforms Affected: Caldera OpenLinux Desktop (2.3, 2.3.1, 2.4)\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Caldera DHCP format string\nX-Force URL: http://xforce.iss.net/static/5953.php\n\n_____\n\nDate Reported: 1/15/01\nVulnerability: win-mediaplayer-arbitrary-code\nPlatforms Affected: Windows Media Player 7.0\nRisk Factor: High\nAttack Type: Network/Host Based\nBrief Description: Windows Media Player skins can be used execute arbitrary code\nX-Force URL: http://xforce.iss.net/static/5937.php\n\n_____\n\nDate Reported: 1/15/01\nVulnerability: veritas-backupexec-dos\nPlatforms Affected: Backup Exec 4.5\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Veritas Backup Exec denial of service\nX-Force URL: http://xforce.iss.net/static/5941.php\n\n_____\n\nDate Reported: 1/15/01\nVulnerability: interscan-viruswall-symlink\nPlatforms Affected: InterScan VirusWall (3.0.1, 3.6.x)\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: InterScan VirusWall for Unix symbolic link\nX-Force URL: http://xforce.iss.net/static/5947.php\n\n_____\n\nDate Reported: 1/15/01\nVulnerability: omnihttpd-statsconfig-corrupt-files\nPlatforms Affected: OmniHTTPd\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: OmniHTTPd statsconfig.pl corrupt any file on the system\nX-Force URL: http://xforce.iss.net/static/5955.php\n\n_____\n\nDate Reported: 1/15/01\nVulnerability: omnihttpd-statsconfig-execute-code\nPlatforms Affected: OmniHTTPd\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: OmniHTTPD statsconfig.pl allows code execution\nX-Force URL: http://xforce.iss.net/static/5956.php\n\n_____\n\nDate Reported: 1/15/01\nVulnerability: icmp-pmtu-dos\nPlatforms Affected: Linux\n BSD\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: ICMP PMTU denial of service\nX-Force URL: http://xforce.iss.net/static/5975.php\n\n_____\n\nDate Reported: 1/15/01\nVulnerability: icmp-pmtu-dos\nPlatforms Affected: Linux\n BSD\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: ICMP PMTU denial of service\nX-Force URL: http://xforce.iss.net/static/5975.php\n\n_____\n\nDate Reported: 1/14/01\nVulnerability: splitvt-perserc-format-string\nPlatforms Affected: splitvt 1.6.4 and earlier\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: Splitvt perserc.c module format string\nX-Force URL: http://xforce.iss.net/static/5948.php\n\n_____\n\nDate Reported: 1/14/01\nVulnerability: splitvt-perserc-format-string\nPlatforms Affected: splitvt 1.6.4 and earlier\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: Splitvt perserc.c module format string\nX-Force URL: http://xforce.iss.net/static/5948.php\n\n_____\n\nDate Reported: 1/14/01\nVulnerability: flash-module-bo\nPlatforms Affected: Oliver Debon Flash plugin 0.4.9 and earlier\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Flash browser module buffer overflow\nX-Force URL: http://xforce.iss.net/static/5952.php\n\n_____\n\nDate Reported: 1/13/01\nVulnerability: rctab-elevate-privileges\nPlatforms Affected: Linux SuSE\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: rctab in SuSE Linux could allow privilege elevation\nX-Force URL: http://xforce.iss.net/static/5945.php\n\n_____\n\nDate Reported: 1/12/01\nVulnerability: ultraboard-cgi-perm\nPlatforms Affected: UltraBoard 2000B\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: UltraBoard CGI weak permissions\nX-Force URL: http://xforce.iss.net/static/5931.php\n\n_____\n\nDate Reported: 1/12/01\nVulnerability: compaq-web-management-bo\nPlatforms Affected: Compaq Web-Based Management\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Compaq Web-Based Management program buffer overflow\nX-Force URL: http://xforce.iss.net/static/5935.php\n\n_____\n\nDate Reported: 1/12/01\nVulnerability: php-htaccess-unauth-access\nPlatforms Affected: PHP (4.0.0, 4.0.4)\nRisk Factor: Low\nAttack Type: Network Based\nBrief Description: PHP could allow unauthorized access to restricted files\nX-Force URL: http://xforce.iss.net/static/5940.php\n\n_____\n\nDate Reported: 1/12/01\nVulnerability: basilix-webmail-retrieve-files\nPlatforms Affected: Basilix Webmail 0.9.7beta\nRisk Factor: Low\nAttack Type: Network Based\nBrief Description: Basilix Webmail System allows unauthorized users to retrieve files\nX-Force URL: http://xforce.iss.net/static/5934.php\n\n_____\n\nDate Reported: 1/12/01\nVulnerability: solaris-arp-bo\nPlatforms Affected: Solaris\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: Solaris arp buffer overflow\nX-Force URL: http://xforce.iss.net/static/5928.php\n\n_____\n\nDate Reported: 1/12/01\nVulnerability: php-view-source-code\nPlatforms Affected: PHP (4.0.0, 4.0.4)\nRisk Factor: Low\nAttack Type: Network Based\nBrief Description: PHP could allow remote viewing of source code\nX-Force URL: http://xforce.iss.net/static/5939.php\n\n_____\n\nDate Reported: 1/11/01\nVulnerability: wec-ntlm-authentication\nPlatforms Affected: Windows 2000\n Microsoft Office 2000\n Windows ME\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Web Extender Client (WEC) NTLM authentication\nX-Force URL: http://xforce.iss.net/static/5920.php\n\n_____\n\nDate Reported: 1/11/01\nVulnerability: spamcop-url-seq-predict\nPlatforms Affected: SpamCop\nRisk Factor: Low\nAttack Type: Network/Host Based\nBrief Description: SpamCop URL number increment sequence prediction\nX-Force URL: http://xforce.iss.net/static/5933.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: linux-wuftpd-privatepw-symlink\nPlatforms Affected: Linux\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Linux wu-ftpd privatepw symbolic link\nX-Force URL: http://xforce.iss.net/static/5915.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: rdist-symlink\nPlatforms Affected: rdist\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: rdist symbolic link\nX-Force URL: http://xforce.iss.net/static/5925.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: squid-email-symlink\nPlatforms Affected: squid\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: squid email notification symbolic link\nX-Force URL: http://xforce.iss.net/static/5921.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: linux-diffutils-sdiff-symlimk\nPlatforms Affected: Linux\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Linux diffutils sdiff symbolic link\nX-Force URL: http://xforce.iss.net/static/5914.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: tcpdump-arpwatch-symlink\nPlatforms Affected: arpwatch\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: tcpdump arpwatch symbolic link\nX-Force URL: http://xforce.iss.net/static/5922.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: linuxconf-vpop3d-symlink\nPlatforms Affected: linuxconf\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Linuxconf vpop3d symbolic link\nX-Force URL: http://xforce.iss.net/static/5923.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: shadow-utils-useradd-symlink\nPlatforms Affected: shadow-utils\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: shadow-utils useradd symbolic link\nX-Force URL: http://xforce.iss.net/static/5927.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: linux-glibc-read-files\nPlatforms Affected: Linux glibc\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Linux glibc library can allow users to read restricted files\nX-Force URL: http://xforce.iss.net/static/5907.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: gettyps-symlink\nPlatforms Affected: gettyps\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: getty_ps symbolic link\nX-Force URL: http://xforce.iss.net/static/5924.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: linux-gpm-symlink\nPlatforms Affected: gpm\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Linux gpm symbolic link attack\nX-Force URL: http://xforce.iss.net/static/5917.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: linux-mgetty-symlink\nPlatforms Affected: mgetty\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Linux mgetty symbolic link attack\nX-Force URL: http://xforce.iss.net/static/5918.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: linux-apache-symlink\nPlatforms Affected: Apache\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Linux Apache symbolic link\nX-Force URL: http://xforce.iss.net/static/5926.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: linux-inn-symlink\nPlatforms Affected: inn\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Linux INN tmp directory symbolic link\nX-Force URL: http://xforce.iss.net/static/5916.php\n\n_____\n\nDate Reported: 1/10/01\nVulnerability: conferenceroom-developer-dos\nPlatforms Affected: ConferenceRoom Professional Edition\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: ConferenceRoom Developer Edition denial of service\nX-Force URL: http://xforce.iss.net/static/5909.php\n\n_____\n\nDate Reported: 1/9/01\nVulnerability: oracle-xsql-execute-code\nPlatforms Affected: Oracle 8.1.7\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Oracle XSQL servlet and xml-stylesheet allows code execution on server\nX-Force URL: http://xforce.iss.net/static/5905.php\n\n_____\n\nDate Reported: 1/9/01\nVulnerability: netscreen-webui-bo\nPlatforms Affected: NetScreen\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: NetScreen Firewall WebUI buffer overflow\nX-Force URL: http://xforce.iss.net/static/5908.php\n\n_____\n\nDate Reported: 1/9/01\nVulnerability: suse-reiserfs-long-filenames\nPlatforms Affected: SuSE 7.0\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: SuSE reiserfs long file name denial of service\nX-Force URL: http://xforce.iss.net/static/5910.php\n\n_____\n\nDate Reported: 1/9/01\nVulnerability: interbase-backdoor-account\nPlatforms Affected: InterBase 6.01 and earlier\nRisk Factor: High\nAttack Type: Network/Host Based\nBrief Description: InterBase built-in backdoor account\nX-Force URL: http://xforce.iss.net/static/5911.php\n\n_____\n\nDate Reported: 1/9/01\nVulnerability: interbase-hidden-function-dos\nPlatforms Affected: InterBase 6.01\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: InterBase hidden function denial of service\nX-Force URL: http://xforce.iss.net/static/5912.php\n\n_____\n\nDate Reported: 1/9/01\nVulnerability: brickserver-thttpd-dos\nPlatforms Affected: BRICKServer Small Business\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: BRICKServer thttpd denial of service\nX-Force URL: http://xforce.iss.net/static/5919.php\n\n_____\n\nDate Reported: 1/9/01\nVulnerability: solaris-exrecover-bo\nPlatforms Affected: Solaris (2.4, 2.5, 2.5.1, 2.6)\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Solaris exrecover buffer overflow\nX-Force URL: http://xforce.iss.net/static/5913.php\n\n_____\n\nDate Reported: 1/9/01\nVulnerability: hp-inetd-swait-dos\nPlatforms Affected: HPUX\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: HP-UX inetd swait denial of service\nX-Force URL: http://xforce.iss.net/static/5904.php\n\n_____\n\nDate Reported: 1/8/01\nVulnerability: microsoft-iis-read-files\nPlatforms Affected: IIS (4.0, 5.0)\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Microsoft IIS 5.0 allows the viewing of files through malformed URL\nX-Force URL: http://xforce.iss.net/static/5903.php\n\n_____\n\nDate Reported: 1/8/01\nVulnerability: ibm-websphere-dos\nPlatforms Affected: IBM Websphere 3.52\n IBM HTTP Server 1.3.12\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: IBM WebSphere denial of service\nX-Force URL: http://xforce.iss.net/static/5900.php\n\n_____\n\nDate Reported: 1/8/01\nVulnerability: storagesoft-imagecast-dos\nPlatforms Affected: ImageCast 4.1\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: StorageSoft ImageCast denial of service\nX-Force URL: http://xforce.iss.net/static/5901.php\n\n_____\n\nDate Reported: 1/8/01\nVulnerability: nai-pgp-replace-keys\nPlatforms Affected: PGP 7.0\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: PGP users may replace signed exported key blocks with arbitrary keys\nX-Force URL: http://xforce.iss.net/static/5902.php\n\n_____\n\nDate Reported: 1/7/01\nVulnerability: http-cgi-bbs-forum\nPlatforms Affected: WebBBS 1.0\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: bbs_forum.cgi allows remote command execution\nX-Force URL: http://xforce.iss.net/static/5906.php\n\n_____\n\nDate Reported: 1/5/01\nVulnerability: lotus-domino-directory-traversal\nPlatforms Affected: Lotus Domino 5.0.x\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Lotus Domino 5.0.x .nsf, .box, and .ns4 directory traversal\nX-Force URL: http://xforce.iss.net/static/5899.php\n\n_____\n\nDate Reported: 1/5/01\nVulnerability: http-cgi-fastgraf\nPlatforms Affected: FASTGRAF\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Fastgraf CGI scripts allow remote command execution\nX-Force URL: http://xforce.iss.net/static/5897.php\n\n_____\n\nDate Reported: 1/4/01\nVulnerability: newsdesk-cgi-read-files\nPlatforms Affected: Newsdesk 1.2\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Newsdesk.cgi allows read access to files\nX-Force URL: http://xforce.iss.net/static/5898.php\n\n_____\n\nDate Reported: 1/1/01\nVulnerability: gtk-module-execute-code\nPlatforms Affected: GTK+ 1.2.8 and earlier\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: GTK+ arbitrary code execution using custom loadable module\nX-Force URL: http://xforce.iss.net/static/5832.php\n\n_____\n\nDate Reported: 1/1/01\nVulnerability: linux-tty-writable-dos\nPlatforms Affected: Linux\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Linux writable TTY denial of service\nX-Force URL: http://xforce.iss.net/static/5896.php\n\n_____\n\n\nRisk Factor Key:\n\n High Any vulnerability that provides an attacker with immediate\n access into a machine, gains superuser access, or bypasses\n a firewall. Example: A vulnerable Sendmail 8.6.5 version\n that allows an intruder to execute commands on mail\n server. \n Medium Any vulnerability that provides information that has a\n high potential of giving system access to an intruder. \n Example: A misconfigured TFTP or vulnerable NIS server\n that allows an intruder to get the password file that\n could contain an account with a guessable password. \n Low Any vulnerability that provides information that\n potentially could lead to a compromise. Example: A\n finger that allows an intruder to find out who is online\n and potential accounts to attempt to crack passwords\n via brute force methods. \n\n\n_____\n\nAdditional Information\n\nThis document is available at http://xforce.iss.net/alerts/advisennn.php. \nTo receive these Alerts and Advisories:\n- - Subscribe to the Alert mailing list from\nhttp://xforce.iss.net/maillists/index.php\n- - Or send an email to majordomo@iss.net, and within the body of the\nmessage type:\n\u0027subscribe alert\u0027 (without the quotes). \n\n\nAbout Internet Security Systems (ISS)\nInternet Security Systems, Inc. (ISS) (NASDAQ: ISSX) is the leading\nglobal provider of security management solutions for the Internet. \nBy combining best of breed products, security management services,\naggressive research and development, and comprehensive educational\nand consulting services, ISS is the trusted security advisor for\nthousands of organizations around the world looking to protect their\nmission critical information and networks. \n\nCopyright (c) 2001 by Internet Security Systems, Inc. \n\nPermission is hereby granted for the redistribution of this Alert\nelectronically. It is not to be edited in any way without express consent\nof the X-Force. If you wish to reprint the whole or any part of this\nAlert in any other medium excluding electronic medium, please e-mail\nxforce@iss.net for permission. \n\nDisclaimer\n\nThe information within this paper may change without notice. Use of this\ninformation constitutes acceptance for use in an AS IS condition. There\nare NO warranties with regard to this information. In no event shall the\nauthor be liable for any damages whatsoever arising out of or in\nconnection with the use or spread of this information. Any use of this\ninformation is at the user\u0027s own risk. \n\n\n\n\nX-Force PGP Key available at: http://xforce.iss.net/sensitive.php as\nwell as on MIT\u0027s PGP key server and PGP.com\u0027s key server. \n\nPlease send suggestions, updates, and comments to: X-Force xforce@iss.net\nof Internet Security Systems, Inc. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: 2.6.3a\nCharset: noconv\n\niQCVAwUBOogB2jRfJiV99eG9AQESogP9HsIDfUmYkJuWUmNqPhb22a6CVpi/TiG9\n7mvhdGc3ySS6LqrvTZgXrBzAcxFlHrdTSmNka8yGiLvYAb0lnghFRZ2OxxRfK11m\nAV9VS9/Yty/Qk8BnA/7tx4DIcM4Nhry1kTqTbDkpbcfXOb2LI2WUGnMHF/xkc1ge\n3mV5zJXCUM4=\n=ClrQ\n-----END PGP SIGNATURE-----\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0313"
},
{
"db": "CERT/CC",
"id": "VU#850440"
},
{
"db": "CERT/CC",
"id": "VU#987632"
},
{
"db": "CERT/CC",
"id": "VU#342768"
},
{
"db": "BID",
"id": "2194"
},
{
"db": "BID",
"id": "2222"
},
{
"db": "BID",
"id": "89020"
},
{
"db": "VULHUB",
"id": "VHN-3135"
},
{
"db": "PACKETSTORM",
"id": "24294"
}
],
"trust": 4.05
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2001-0313",
"trust": 2.0
},
{
"db": "BID",
"id": "2222",
"trust": 1.1
},
{
"db": "BID",
"id": "2194",
"trust": 1.1
},
{
"db": "XF",
"id": "6004",
"trust": 1.0
},
{
"db": "XF",
"id": "5963",
"trust": 0.9
},
{
"db": "XF",
"id": "6010",
"trust": 0.9
},
{
"db": "XF",
"id": "5924",
"trust": 0.9
},
{
"db": "CERT/CC",
"id": "VU#850440",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#987632",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#342768",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200106-024",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20010126 BORDERWARE V6.1.2 PING DOS VULNERABILITY",
"trust": 0.6
},
{
"db": "BID",
"id": "89020",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-3135",
"trust": 0.1
},
{
"db": "XF",
"id": "5947",
"trust": 0.1
},
{
"db": "XF",
"id": "5988",
"trust": 0.1
},
{
"db": "XF",
"id": "5910",
"trust": 0.1
},
{
"db": "XF",
"id": "5908",
"trust": 0.1
},
{
"db": "XF",
"id": "6002",
"trust": 0.1
},
{
"db": "XF",
"id": "5931",
"trust": 0.1
},
{
"db": "XF",
"id": "5900",
"trust": 0.1
},
{
"db": "XF",
"id": "5982",
"trust": 0.1
},
{
"db": "XF",
"id": "6035",
"trust": 0.1
},
{
"db": "XF",
"id": "6030",
"trust": 0.1
},
{
"db": "XF",
"id": "5937",
"trust": 0.1
},
{
"db": "XF",
"id": "5969",
"trust": 0.1
},
{
"db": "XF",
"id": "6016",
"trust": 0.1
},
{
"db": "XF",
"id": "5974",
"trust": 0.1
},
{
"db": "XF",
"id": "5912",
"trust": 0.1
},
{
"db": "XF",
"id": "5832",
"trust": 0.1
},
{
"db": "XF",
"id": "5911",
"trust": 0.1
},
{
"db": "XF",
"id": "5926",
"trust": 0.1
},
{
"db": "XF",
"id": "5920",
"trust": 0.1
},
{
"db": "XF",
"id": "6028",
"trust": 0.1
},
{
"db": "XF",
"id": "6039",
"trust": 0.1
},
{
"db": "XF",
"id": "5956",
"trust": 0.1
},
{
"db": "XF",
"id": "6011",
"trust": 0.1
},
{
"db": "XF",
"id": "5992",
"trust": 0.1
},
{
"db": "XF",
"id": "5935",
"trust": 0.1
},
{
"db": "XF",
"id": "6017",
"trust": 0.1
},
{
"db": "XF",
"id": "5922",
"trust": 0.1
},
{
"db": "XF",
"id": "5984",
"trust": 0.1
},
{
"db": "XF",
"id": "5977",
"trust": 0.1
},
{
"db": "XF",
"id": "5957",
"trust": 0.1
},
{
"db": "XF",
"id": "5993",
"trust": 0.1
},
{
"db": "XF",
"id": "6006",
"trust": 0.1
},
{
"db": "XF",
"id": "5913",
"trust": 0.1
},
{
"db": "XF",
"id": "5907",
"trust": 0.1
},
{
"db": "XF",
"id": "5897",
"trust": 0.1
},
{
"db": "XF",
"id": "6034",
"trust": 0.1
},
{
"db": "XF",
"id": "5945",
"trust": 0.1
},
{
"db": "XF",
"id": "5905",
"trust": 0.1
},
{
"db": "XF",
"id": "5940",
"trust": 0.1
},
{
"db": "XF",
"id": "5954",
"trust": 0.1
},
{
"db": "XF",
"id": "5976",
"trust": 0.1
},
{
"db": "XF",
"id": "5903",
"trust": 0.1
},
{
"db": "XF",
"id": "6003",
"trust": 0.1
},
{
"db": "XF",
"id": "6018",
"trust": 0.1
},
{
"db": "XF",
"id": "5972",
"trust": 0.1
},
{
"db": "XF",
"id": "5909",
"trust": 0.1
},
{
"db": "XF",
"id": "5916",
"trust": 0.1
},
{
"db": "XF",
"id": "6033",
"trust": 0.1
},
{
"db": "XF",
"id": "5986",
"trust": 0.1
},
{
"db": "XF",
"id": "5915",
"trust": 0.1
},
{
"db": "XF",
"id": "6019",
"trust": 0.1
},
{
"db": "XF",
"id": "5925",
"trust": 0.1
},
{
"db": "XF",
"id": "5923",
"trust": 0.1
},
{
"db": "XF",
"id": "6005",
"trust": 0.1
},
{
"db": "XF",
"id": "5978",
"trust": 0.1
},
{
"db": "XF",
"id": "5973",
"trust": 0.1
},
{
"db": "XF",
"id": "5979",
"trust": 0.1
},
{
"db": "XF",
"id": "5980",
"trust": 0.1
},
{
"db": "XF",
"id": "5941",
"trust": 0.1
},
{
"db": "XF",
"id": "5934",
"trust": 0.1
},
{
"db": "XF",
"id": "5991",
"trust": 0.1
},
{
"db": "XF",
"id": "5962",
"trust": 0.1
},
{
"db": "XF",
"id": "6014",
"trust": 0.1
},
{
"db": "XF",
"id": "5966",
"trust": 0.1
},
{
"db": "XF",
"id": "6015",
"trust": 0.1
},
{
"db": "XF",
"id": "5994",
"trust": 0.1
},
{
"db": "XF",
"id": "6036",
"trust": 0.1
},
{
"db": "XF",
"id": "5953",
"trust": 0.1
},
{
"db": "XF",
"id": "5944",
"trust": 0.1
},
{
"db": "XF",
"id": "5896",
"trust": 0.1
},
{
"db": "XF",
"id": "6040",
"trust": 0.1
},
{
"db": "XF",
"id": "5914",
"trust": 0.1
},
{
"db": "XF",
"id": "5927",
"trust": 0.1
},
{
"db": "XF",
"id": "6012",
"trust": 0.1
},
{
"db": "XF",
"id": "6025",
"trust": 0.1
},
{
"db": "XF",
"id": "6001",
"trust": 0.1
},
{
"db": "XF",
"id": "5965",
"trust": 0.1
},
{
"db": "XF",
"id": "5952",
"trust": 0.1
},
{
"db": "XF",
"id": "5917",
"trust": 0.1
},
{
"db": "XF",
"id": "5898",
"trust": 0.1
},
{
"db": "XF",
"id": "6009",
"trust": 0.1
},
{
"db": "XF",
"id": "5998",
"trust": 0.1
},
{
"db": "XF",
"id": "5985",
"trust": 0.1
},
{
"db": "XF",
"id": "6026",
"trust": 0.1
},
{
"db": "XF",
"id": "6013",
"trust": 0.1
},
{
"db": "XF",
"id": "6008",
"trust": 0.1
},
{
"db": "XF",
"id": "5921",
"trust": 0.1
},
{
"db": "XF",
"id": "5981",
"trust": 0.1
},
{
"db": "XF",
"id": "5989",
"trust": 0.1
},
{
"db": "XF",
"id": "5939",
"trust": 0.1
},
{
"db": "XF",
"id": "5906",
"trust": 0.1
},
{
"db": "XF",
"id": "6031",
"trust": 0.1
},
{
"db": "XF",
"id": "6020",
"trust": 0.1
},
{
"db": "XF",
"id": "5948",
"trust": 0.1
},
{
"db": "XF",
"id": "5933",
"trust": 0.1
},
{
"db": "XF",
"id": "6027",
"trust": 0.1
},
{
"db": "XF",
"id": "5919",
"trust": 0.1
},
{
"db": "XF",
"id": "5899",
"trust": 0.1
},
{
"db": "XF",
"id": "5996",
"trust": 0.1
},
{
"db": "XF",
"id": "5987",
"trust": 0.1
},
{
"db": "XF",
"id": "5918",
"trust": 0.1
},
{
"db": "XF",
"id": "5971",
"trust": 0.1
},
{
"db": "XF",
"id": "5995",
"trust": 0.1
},
{
"db": "XF",
"id": "5928",
"trust": 0.1
},
{
"db": "XF",
"id": "5938",
"trust": 0.1
},
{
"db": "XF",
"id": "5983",
"trust": 0.1
},
{
"db": "XF",
"id": "6032",
"trust": 0.1
},
{
"db": "XF",
"id": "5997",
"trust": 0.1
},
{
"db": "XF",
"id": "5904",
"trust": 0.1
},
{
"db": "XF",
"id": "5902",
"trust": 0.1
},
{
"db": "XF",
"id": "5975",
"trust": 0.1
},
{
"db": "XF",
"id": "5901",
"trust": 0.1
},
{
"db": "XF",
"id": "5990",
"trust": 0.1
},
{
"db": "XF",
"id": "5946",
"trust": 0.1
},
{
"db": "XF",
"id": "5955",
"trust": 0.1
},
{
"db": "XF",
"id": "6038",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "24294",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#850440"
},
{
"db": "CERT/CC",
"id": "VU#987632"
},
{
"db": "CERT/CC",
"id": "VU#342768"
},
{
"db": "VULHUB",
"id": "VHN-3135"
},
{
"db": "BID",
"id": "2194"
},
{
"db": "BID",
"id": "2222"
},
{
"db": "BID",
"id": "89020"
},
{
"db": "PACKETSTORM",
"id": "24294"
},
{
"db": "NVD",
"id": "CVE-2001-0313"
},
{
"db": "CNNVD",
"id": "CNNVD-200106-024"
}
]
},
"id": "VAR-200106-0104",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-3135"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:20:19.965000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0313"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6004"
},
{
"trust": 1.0,
"url": "http://xforce.iss.net/static/6004.php"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=98053139231392\u0026w=2"
},
{
"trust": 0.9,
"url": "http://xforce.iss.net/static/5963.php"
},
{
"trust": 0.9,
"url": " http://xforce.iss.net/static/6010.php"
},
{
"trust": 0.9,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=98053139231392\u0026w=2"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/2222"
},
{
"trust": 0.8,
"url": "http://www.ssh.com/products/ssh/patches/securerpcvulnerability.html"
},
{
"trust": 0.8,
"url": "http://www.ssh.com/products/ssh/patches.html"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/archive/1/158966"
},
{
"trust": 0.8,
"url": "http://sourceforge.net/forum/forum.php?forum_id=60570"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/2194"
},
{
"trust": 0.8,
"url": "http://www.linuxsecurity.com/advisories/mandrake_advisory-1037.html"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/xforce/xfdb/5924"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=98053139231392\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5992.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5926.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5940.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6033.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5916.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6038.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5997.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6026.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5928.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5977.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6013.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5991.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5938.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5969.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5957.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5909.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5948.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6005.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5954.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5933.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5955.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6035.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5990.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5907.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5994.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5983.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5911.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6006.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5908.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5922.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5903.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6027.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5965.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5899.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5980.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5934.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5919.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5931.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5962.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5976.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6003.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5998.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6040.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5920.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5966.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5946.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5915.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5986.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5923.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5993.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6001.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6036.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5902.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5971.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5937.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5985.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5945.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6028.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5988.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6009.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6025.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5897.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5952.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5953.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6039.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5978.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5901.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5906.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5974.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6008.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5935.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5944.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5918.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6034.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5925.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6014.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5912.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5924.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5989.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6019.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5921.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5904.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5972.ph"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5900.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5898.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5973.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5832.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5975.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5913.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5905.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6015.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6016.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/maillists/index.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5996.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5981.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6012.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/alerts/advisennn.php."
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5995.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5947.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5896.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5910.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5917.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6017.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6032.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5979.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/sensitive.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5984.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5939.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5914.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5956.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5941.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6011.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6031.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6018.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6002.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5927.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6020.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5982.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5987.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6030.php"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#850440"
},
{
"db": "CERT/CC",
"id": "VU#987632"
},
{
"db": "CERT/CC",
"id": "VU#342768"
},
{
"db": "VULHUB",
"id": "VHN-3135"
},
{
"db": "BID",
"id": "89020"
},
{
"db": "PACKETSTORM",
"id": "24294"
},
{
"db": "NVD",
"id": "CVE-2001-0313"
},
{
"db": "CNNVD",
"id": "CNNVD-200106-024"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#850440"
},
{
"db": "CERT/CC",
"id": "VU#987632"
},
{
"db": "CERT/CC",
"id": "VU#342768"
},
{
"db": "VULHUB",
"id": "VHN-3135"
},
{
"db": "BID",
"id": "2194"
},
{
"db": "BID",
"id": "2222"
},
{
"db": "BID",
"id": "89020"
},
{
"db": "PACKETSTORM",
"id": "24294"
},
{
"db": "NVD",
"id": "CVE-2001-0313"
},
{
"db": "CNNVD",
"id": "CNNVD-200106-024"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-06-13T00:00:00",
"db": "CERT/CC",
"id": "VU#850440"
},
{
"date": "2001-05-05T00:00:00",
"db": "CERT/CC",
"id": "VU#987632"
},
{
"date": "2001-10-01T00:00:00",
"db": "CERT/CC",
"id": "VU#342768"
},
{
"date": "2001-06-02T00:00:00",
"db": "VULHUB",
"id": "VHN-3135"
},
{
"date": "2001-01-10T00:00:00",
"db": "BID",
"id": "2194"
},
{
"date": "2001-01-16T00:00:00",
"db": "BID",
"id": "2222"
},
{
"date": "2001-06-02T00:00:00",
"db": "BID",
"id": "89020"
},
{
"date": "2001-02-14T07:13:47",
"db": "PACKETSTORM",
"id": "24294"
},
{
"date": "2001-06-02T04:00:00",
"db": "NVD",
"id": "CVE-2001-0313"
},
{
"date": "2001-06-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200106-024"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-10-25T00:00:00",
"db": "CERT/CC",
"id": "VU#850440"
},
{
"date": "2001-06-25T00:00:00",
"db": "CERT/CC",
"id": "VU#987632"
},
{
"date": "2004-07-28T00:00:00",
"db": "CERT/CC",
"id": "VU#342768"
},
{
"date": "2017-12-19T00:00:00",
"db": "VULHUB",
"id": "VHN-3135"
},
{
"date": "2001-01-10T00:00:00",
"db": "BID",
"id": "2194"
},
{
"date": "2001-01-16T00:00:00",
"db": "BID",
"id": "2222"
},
{
"date": "2001-06-02T00:00:00",
"db": "BID",
"id": "89020"
},
{
"date": "2017-12-19T02:29:19.237000",
"db": "NVD",
"id": "CVE-2001-0313"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200106-024"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "24294"
},
{
"db": "CNNVD",
"id": "CNNVD-200106-024"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SSH1 may generate weak passphrase when using Secure RPC",
"sources": [
{
"db": "CERT/CC",
"id": "VU#850440"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "unknown",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200106-024"
}
],
"trust": 0.6
}
}
CVE-2002-1565 (GCVE-0-2002-1565)
Vulnerability from nvd – Published: 2003-06-05 04:00 – Updated: 2024-08-08 03:26- n/a
| URL | Tags |
|---|---|
| ftp://patches.sgi.com/support/free/security/advis… | vendor-advisoryx_refsource_SGI |
| ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-200… | vendor-advisoryx_refsource_SCO |
| http://distro.conectiva.com.br/atualizacoes/?id=a… | vendor-advisoryx_refsource_CONECTIVA |
| http://www.debian.org/security/2002/dsa-209 | vendor-advisoryx_refsource_DEBIAN |
| http://marc.info/?l=bugtraq&m=105474357016184&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://www.redhat.com/support/errata/RHSA-2003-372.html | vendor-advisoryx_refsource_REDHAT |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:26:28.998Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20040202-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc"
},
{
"name": "CSSA-2003-003.0",
"tags": [
"vendor-advisory",
"x_refsource_SCO",
"x_transferred"
],
"url": "ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-003.0.txt"
},
{
"name": "CLA-2003:716",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000716"
},
{
"name": "DSA-209",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2002/dsa-209"
},
{
"name": "20030604 Immunix Secured OS 7+ wget update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105474357016184\u0026w=2"
},
{
"name": "RHSA-2003:372",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-372.html"
},
{
"name": "wget-url-filename-bo(10851)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10851"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-12-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in url_filename function for wget 1.8.1 allows attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a long URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20040202-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc"
},
{
"name": "CSSA-2003-003.0",
"tags": [
"vendor-advisory",
"x_refsource_SCO"
],
"url": "ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-003.0.txt"
},
{
"name": "CLA-2003:716",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000716"
},
{
"name": "DSA-209",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2002/dsa-209"
},
{
"name": "20030604 Immunix Secured OS 7+ wget update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105474357016184\u0026w=2"
},
{
"name": "RHSA-2003:372",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-372.html"
},
{
"name": "wget-url-filename-bo(10851)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10851"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1565",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in url_filename function for wget 1.8.1 allows attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a long URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040202-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc"
},
{
"name": "CSSA-2003-003.0",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-003.0.txt"
},
{
"name": "CLA-2003:716",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000716"
},
{
"name": "DSA-209",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2002/dsa-209"
},
{
"name": "20030604 Immunix Secured OS 7+ wget update",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=105474357016184\u0026w=2"
},
{
"name": "RHSA-2003:372",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-372.html"
},
{
"name": "wget-url-filename-bo(10851)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10851"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1565",
"datePublished": "2003-06-05T04:00:00.000Z",
"dateReserved": "2003-06-04T00:00:00.000Z",
"dateUpdated": "2024-08-08T03:26:28.998Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-1208 (GCVE-0-2000-1208)
Vulnerability from nvd – Published: 2002-08-01 04:00 – Updated: 2024-08-08 05:45- n/a
| URL | Tags |
|---|---|
| http://marc.info/?l=bugtraq&m=96994604300675&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://www.iss.net/security_center/static/5286.php | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/1711 | vdb-entryx_refsource_BID |
| http://online.securityfocus.com/archive/1/137555 | mailing-listx_refsource_BUGTRAQ |
| http://www.redhat.com/support/errata/RHSA-2000-066.html | vendor-advisoryx_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:45:37.340Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20000925 Format strings: bug #1: BSD-lpr",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=96994604300675\u0026w=2"
},
{
"name": "lpr-checkremote-format-string(5286)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/5286.php"
},
{
"name": "1711",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1711"
},
{
"name": "20001004 Immunix OS Security Update for lpr",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/137555"
},
{
"name": "RHSA-2000:066",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-066.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-05-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in startprinting() function of printjob.c in BSD-based lpr lpd package may allow local users to gain privileges via an improper syslog call that uses format strings from the checkremote() call."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20000925 Format strings: bug #1: BSD-lpr",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=96994604300675\u0026w=2"
},
{
"name": "lpr-checkremote-format-string(5286)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/5286.php"
},
{
"name": "1711",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1711"
},
{
"name": "20001004 Immunix OS Security Update for lpr",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/137555"
},
{
"name": "RHSA-2000:066",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-066.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-1208",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in startprinting() function of printjob.c in BSD-based lpr lpd package may allow local users to gain privileges via an improper syslog call that uses format strings from the checkremote() call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20000925 Format strings: bug #1: BSD-lpr",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=96994604300675\u0026w=2"
},
{
"name": "lpr-checkremote-format-string(5286)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/5286.php"
},
{
"name": "1711",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1711"
},
{
"name": "20001004 Immunix OS Security Update for lpr",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/137555"
},
{
"name": "RHSA-2000:066",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2000-066.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-1208",
"datePublished": "2002-08-01T04:00:00.000Z",
"dateReserved": "2002-07-31T00:00:00.000Z",
"dateUpdated": "2024-08-08T05:45:37.340Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-0083 (GCVE-0-2002-0083)
Vulnerability from nvd – Published: 2002-06-25 04:00 – Updated: 2024-08-08 02:35- n/a
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:35:17.574Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020311 TSLSA-2002-0039 - openssh",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-03/0108.html"
},
{
"name": "CSSA-2002-SCO.10",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.10/CSSA-2002-SCO.10.txt"
},
{
"name": "730",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/730"
},
{
"name": "4241",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4241"
},
{
"name": "20020308 [OpenPKG-SA-2002.002] OpenPKG Security Advisory (openssh)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101561384821761\u0026w=2"
},
{
"name": "CSSA-2002-SCO.11",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.11/CSSA-2002-SCO.11.txt"
},
{
"name": "HPSBTL0203-029",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://online.securityfocus.com/advisories/3960"
},
{
"name": "DSA-119",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2002/dsa-119"
},
{
"name": "SuSE-SA:2002:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2002_009_openssh_txt.html"
},
{
"name": "CSSA-2002-012.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2002-012.0.txt"
},
{
"name": "20020310 OpenSSH 2.9.9p2 packages for Immunix 6.2 with latest fix",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101586991827622\u0026w=2"
},
{
"name": "ESA-20020307-007",
"tags": [
"vendor-advisory",
"x_refsource_ENGARDE",
"x_transferred"
],
"url": "http://www.linuxsecurity.com/advisories/other_advisory-1937.html"
},
{
"name": "CLA-2002:467",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000467"
},
{
"name": "NetBSD-SA2002-004",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD",
"x_transferred"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-004.txt.asc"
},
{
"name": "FreeBSD-SA-02:13",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:13.openssh.asc"
},
{
"name": "20020307 OpenSSH Security Advisory (adv.channelalloc)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101553908201861\u0026w=2"
},
{
"name": "20020307 [PINE-CERT-20020301] OpenSSH off-by-one",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101552065005254\u0026w=2"
},
{
"name": "MDKSA-2002:019",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-019.php"
},
{
"name": "RHSA-2002:043",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-043.html"
},
{
"name": "openssh-channel-error(8383)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/8383.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openbsd.org/advisories/ssh_channelalloc.txt"
},
{
"name": "20020328 OpenSSH channel_lookup() off by one exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/264657"
},
{
"name": "20020307 [VulnWatch] [PINE-CERT-20020301] OpenSSH off-by-one",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0060.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-03-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-06-16T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020311 TSLSA-2002-0039 - openssh",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-03/0108.html"
},
{
"name": "CSSA-2002-SCO.10",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.10/CSSA-2002-SCO.10.txt"
},
{
"name": "730",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/730"
},
{
"name": "4241",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4241"
},
{
"name": "20020308 [OpenPKG-SA-2002.002] OpenPKG Security Advisory (openssh)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101561384821761\u0026w=2"
},
{
"name": "CSSA-2002-SCO.11",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.11/CSSA-2002-SCO.11.txt"
},
{
"name": "HPSBTL0203-029",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://online.securityfocus.com/advisories/3960"
},
{
"name": "DSA-119",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2002/dsa-119"
},
{
"name": "SuSE-SA:2002:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2002_009_openssh_txt.html"
},
{
"name": "CSSA-2002-012.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2002-012.0.txt"
},
{
"name": "20020310 OpenSSH 2.9.9p2 packages for Immunix 6.2 with latest fix",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101586991827622\u0026w=2"
},
{
"name": "ESA-20020307-007",
"tags": [
"vendor-advisory",
"x_refsource_ENGARDE"
],
"url": "http://www.linuxsecurity.com/advisories/other_advisory-1937.html"
},
{
"name": "CLA-2002:467",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000467"
},
{
"name": "NetBSD-SA2002-004",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-004.txt.asc"
},
{
"name": "FreeBSD-SA-02:13",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:13.openssh.asc"
},
{
"name": "20020307 OpenSSH Security Advisory (adv.channelalloc)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101553908201861\u0026w=2"
},
{
"name": "20020307 [PINE-CERT-20020301] OpenSSH off-by-one",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101552065005254\u0026w=2"
},
{
"name": "MDKSA-2002:019",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-019.php"
},
{
"name": "RHSA-2002:043",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-043.html"
},
{
"name": "openssh-channel-error(8383)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/8383.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openbsd.org/advisories/ssh_channelalloc.txt"
},
{
"name": "20020328 OpenSSH channel_lookup() off by one exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/264657"
},
{
"name": "20020307 [VulnWatch] [PINE-CERT-20020301] OpenSSH off-by-one",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0060.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0083",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020311 TSLSA-2002-0039 - openssh",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-03/0108.html"
},
{
"name": "CSSA-2002-SCO.10",
"refsource": "CALDERA",
"url": "ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.10/CSSA-2002-SCO.10.txt"
},
{
"name": "730",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/730"
},
{
"name": "4241",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4241"
},
{
"name": "20020308 [OpenPKG-SA-2002.002] OpenPKG Security Advisory (openssh)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101561384821761\u0026w=2"
},
{
"name": "CSSA-2002-SCO.11",
"refsource": "CALDERA",
"url": "ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.11/CSSA-2002-SCO.11.txt"
},
{
"name": "HPSBTL0203-029",
"refsource": "HP",
"url": "http://online.securityfocus.com/advisories/3960"
},
{
"name": "DSA-119",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2002/dsa-119"
},
{
"name": "SuSE-SA:2002:009",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2002_009_openssh_txt.html"
},
{
"name": "CSSA-2002-012.0",
"refsource": "CALDERA",
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2002-012.0.txt"
},
{
"name": "20020310 OpenSSH 2.9.9p2 packages for Immunix 6.2 with latest fix",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101586991827622\u0026w=2"
},
{
"name": "ESA-20020307-007",
"refsource": "ENGARDE",
"url": "http://www.linuxsecurity.com/advisories/other_advisory-1937.html"
},
{
"name": "CLA-2002:467",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000467"
},
{
"name": "NetBSD-SA2002-004",
"refsource": "NETBSD",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-004.txt.asc"
},
{
"name": "FreeBSD-SA-02:13",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:13.openssh.asc"
},
{
"name": "20020307 OpenSSH Security Advisory (adv.channelalloc)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101553908201861\u0026w=2"
},
{
"name": "20020307 [PINE-CERT-20020301] OpenSSH off-by-one",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101552065005254\u0026w=2"
},
{
"name": "MDKSA-2002:019",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-019.php"
},
{
"name": "RHSA-2002:043",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-043.html"
},
{
"name": "openssh-channel-error(8383)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8383.php"
},
{
"name": "http://www.openbsd.org/advisories/ssh_channelalloc.txt",
"refsource": "CONFIRM",
"url": "http://www.openbsd.org/advisories/ssh_channelalloc.txt"
},
{
"name": "20020328 OpenSSH channel_lookup() off by one exploit",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/264657"
},
{
"name": "20020307 [VulnWatch] [PINE-CERT-20020301] OpenSSH off-by-one",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0060.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0083",
"datePublished": "2002-06-25T04:00:00.000Z",
"dateReserved": "2002-03-06T00:00:00.000Z",
"dateUpdated": "2024-08-08T02:35:17.574Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-0738 (GCVE-0-2001-0738)
Vulnerability from nvd – Published: 2002-03-09 05:00 – Updated: 2024-08-08 04:30- n/a
| URL | Tags |
|---|---|
| http://download.immunix.org/ImmunixOS/7.0/updates… | vendor-advisoryx_refsource_IMMUNIX |
| http://www.kb.cert.org/vuls/id/249579 | third-party-advisoryx_refsource_CERT-VN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://marc.info/?l=bugtraq&m=99258618906506&w=2 | mailing-listx_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:30:06.100Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "IMNX-2001-70-026-01",
"tags": [
"vendor-advisory",
"x_refsource_IMMUNIX",
"x_transferred"
],
"url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-026-01"
},
{
"name": "VU#249579",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/249579"
},
{
"name": "klogd-null-byte-dos(7098)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7098"
},
{
"name": "20010614 sysklogd update -- Immunix OS 6.2, 7.0-beta, 7.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=99258618906506\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-02-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "LogLine function in klogd in sysklogd 1.3 in various Linux distributions allows an attacker to cause a denial of service (hang) by causing null bytes to be placed in log messages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-02-26T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "IMNX-2001-70-026-01",
"tags": [
"vendor-advisory",
"x_refsource_IMMUNIX"
],
"url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-026-01"
},
{
"name": "VU#249579",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/249579"
},
{
"name": "klogd-null-byte-dos(7098)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7098"
},
{
"name": "20010614 sysklogd update -- Immunix OS 6.2, 7.0-beta, 7.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=99258618906506\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0738",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LogLine function in klogd in sysklogd 1.3 in various Linux distributions allows an attacker to cause a denial of service (hang) by causing null bytes to be placed in log messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "IMNX-2001-70-026-01",
"refsource": "IMMUNIX",
"url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-026-01"
},
{
"name": "VU#249579",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/249579"
},
{
"name": "klogd-null-byte-dos(7098)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7098"
},
{
"name": "20010614 sysklogd update -- Immunix OS 6.2, 7.0-beta, 7.0",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=99258618906506\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0738",
"datePublished": "2002-03-09T05:00:00.000Z",
"dateReserved": "2001-10-12T00:00:00.000Z",
"dateUpdated": "2024-08-08T04:30:06.100Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-0736 (GCVE-0-2001-0736)
Vulnerability from nvd – Published: 2001-10-12 04:00 – Updated: 2024-08-08 04:30- n/a
| URL | Tags |
|---|---|
| http://marc.info/?l=bugtraq&m=98749102621604&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://marc.info/?l=bugtraq&m=99106787825229&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://www.linux-mandrake.com/en/security/2001/MD… | vendor-advisoryx_refsource_MANDRAKE |
| http://www.redhat.com/support/errata/RHSA-2001-042.html | vendor-advisoryx_refsource_REDHAT |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:30:06.075Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20010416 Immunix OS Security update for pine",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=98749102621604\u0026w=2"
},
{
"name": "20010527 [ESA-20010509-01] pine temporary file handling vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=99106787825229\u0026w=2"
},
{
"name": "MDKSA-2001:047",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-047.php3?dis=8.0"
},
{
"name": "RHSA-2001:042",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-042.html"
},
{
"name": "pine-tmp-file-symlink(6367)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6367"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-03-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in (1) pine before 4.33 and (2) the pico editor, included with pine, allows local users local users to overwrite arbitrary files via a symlink attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-18T21:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20010416 Immunix OS Security update for pine",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=98749102621604\u0026w=2"
},
{
"name": "20010527 [ESA-20010509-01] pine temporary file handling vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=99106787825229\u0026w=2"
},
{
"name": "MDKSA-2001:047",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-047.php3?dis=8.0"
},
{
"name": "RHSA-2001:042",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-042.html"
},
{
"name": "pine-tmp-file-symlink(6367)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6367"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0736",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in (1) pine before 4.33 and (2) the pico editor, included with pine, allows local users local users to overwrite arbitrary files via a symlink attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010416 Immunix OS Security update for pine",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=98749102621604\u0026w=2"
},
{
"name": "20010527 [ESA-20010509-01] pine temporary file handling vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=99106787825229\u0026w=2"
},
{
"name": "MDKSA-2001:047",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-047.php3?dis=8.0"
},
{
"name": "RHSA-2001:042",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2001-042.html"
},
{
"name": "pine-tmp-file-symlink(6367)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6367"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0736",
"datePublished": "2001-10-12T04:00:00.000Z",
"dateReserved": "2001-10-12T00:00:00.000Z",
"dateUpdated": "2024-08-08T04:30:06.075Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-0641 (GCVE-0-2001-0641)
Vulnerability from nvd – Published: 2002-03-09 05:00 – Updated: 2024-08-08 04:30- n/a
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.redhat.com/support/errata/RHSA-2001-069.html | vendor-advisoryx_refsource_REDHAT |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/archive/1/190136 | mailing-listx_refsource_BUGTRAQ |
| http://www.novell.com/linux/security/advisories/2… | vendor-advisoryx_refsource_SUSE |
| http://www.securityfocus.com/bid/2711 | vdb-entryx_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:30:05.998Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "man-s-bo(6530)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6530"
},
{
"name": "RHSA-2001:069",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-069.html"
},
{
"name": "20010513 RH 7.0:/usr/bin/man exploit: gid man + more",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-05/0087.html"
},
{
"name": "20010612 man 1.5h10 + man 1.5i-4 exploits",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/190136"
},
{
"name": "SuSE-SA:2001:019",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2001_019_man_txt.html"
},
{
"name": "2711",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/2711"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-05-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in man program in various distributions of Linux allows local user to execute arbitrary code as group man via a long -S option."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-02-11T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "man-s-bo(6530)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6530"
},
{
"name": "RHSA-2001:069",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-069.html"
},
{
"name": "20010513 RH 7.0:/usr/bin/man exploit: gid man + more",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-05/0087.html"
},
{
"name": "20010612 man 1.5h10 + man 1.5i-4 exploits",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/190136"
},
{
"name": "SuSE-SA:2001:019",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2001_019_man_txt.html"
},
{
"name": "2711",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/2711"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0641",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in man program in various distributions of Linux allows local user to execute arbitrary code as group man via a long -S option."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "man-s-bo(6530)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6530"
},
{
"name": "RHSA-2001:069",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2001-069.html"
},
{
"name": "20010513 RH 7.0:/usr/bin/man exploit: gid man + more",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-05/0087.html"
},
{
"name": "20010612 man 1.5h10 + man 1.5i-4 exploits",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/190136"
},
{
"name": "SuSE-SA:2001:019",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2001_019_man_txt.html"
},
{
"name": "2711",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2711"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0641",
"datePublished": "2002-03-09T05:00:00.000Z",
"dateReserved": "2001-08-06T00:00:00.000Z",
"dateUpdated": "2024-08-08T04:30:05.998Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-1030 (GCVE-0-2001-1030)
Vulnerability from nvd – Published: 2002-06-25 04:00 – Updated: 2024-08-08 04:44- n/a
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/197727 | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.redhat.com/support/errata/RHSA-2001-097.html | vendor-advisoryx_refsource_REDHAT |
| http://download.immunix.org/ImmunixOS/7.0/updates… | vendor-advisoryx_refsource_IMMUNIX |
| http://www.linux-mandrake.com/en/security/2001/MD… | vendor-advisoryx_refsource_MANDRAKE |
| http://www.calderasystems.com/support/security/ad… | vendor-advisoryx_refsource_CALDERA |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:44:06.644Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20010718 Squid httpd acceleration acl bug enables portscanning",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/197727"
},
{
"name": "squid-http-accelerator-portscanning(6862)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6862"
},
{
"name": "RHSA-2001:097",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-097.html"
},
{
"name": "IMNX-2001-70-031-01",
"tags": [
"vendor-advisory",
"x_refsource_IMMUNIX",
"x_transferred"
],
"url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-031-01"
},
{
"name": "MDKSA-2001:066",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-066.php3"
},
{
"name": "CSSA-2001-029.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2001-029.0.txt"
},
{
"name": "20010719 TSLSA-2001-0013 - Squid",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0362.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-07-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-02-06T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20010718 Squid httpd acceleration acl bug enables portscanning",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/197727"
},
{
"name": "squid-http-accelerator-portscanning(6862)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6862"
},
{
"name": "RHSA-2001:097",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-097.html"
},
{
"name": "IMNX-2001-70-031-01",
"tags": [
"vendor-advisory",
"x_refsource_IMMUNIX"
],
"url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-031-01"
},
{
"name": "MDKSA-2001:066",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-066.php3"
},
{
"name": "CSSA-2001-029.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2001-029.0.txt"
},
{
"name": "20010719 TSLSA-2001-0013 - Squid",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0362.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1030",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010718 Squid httpd acceleration acl bug enables portscanning",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/197727"
},
{
"name": "squid-http-accelerator-portscanning(6862)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6862"
},
{
"name": "RHSA-2001:097",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2001-097.html"
},
{
"name": "IMNX-2001-70-031-01",
"refsource": "IMMUNIX",
"url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-031-01"
},
{
"name": "MDKSA-2001:066",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-066.php3"
},
{
"name": "CSSA-2001-029.0",
"refsource": "CALDERA",
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2001-029.0.txt"
},
{
"name": "20010719 TSLSA-2001-0013 - Squid",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0362.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1030",
"datePublished": "2002-06-25T04:00:00.000Z",
"dateReserved": "2002-01-31T00:00:00.000Z",
"dateUpdated": "2024-08-08T04:44:06.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-0473 (GCVE-0-2001-0473)
Vulnerability from nvd – Published: 2001-09-18 04:00 – Updated: 2024-08-08 04:21- n/a
| URL | Tags |
|---|---|
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| http://www.osvdb.org/5615 | vdb-entryx_refsource_OSVDB |
| http://www.redhat.com/support/errata/RHSA-2001-029.html | vendor-advisoryx_refsource_REDHAT |
| http://marc.info/?l=bugtraq&m=98473109630421&w=2 | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://distro.conectiva.com.br/atualizacoes/?id=a… | vendor-advisoryx_refsource_CONECTIVA |
| http://www.linux-mandrake.com/en/security/2001/MD… | vendor-advisoryx_refsource_MANDRAKE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:21:38.677Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20010320 Trustix Security Advisory - mutt",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-03/0246.html"
},
{
"name": "5615",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/5615"
},
{
"name": "RHSA-2001:029",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-029.html"
},
{
"name": "20010315 Immunix OS Security update for mutt",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=98473109630421\u0026w=2"
},
{
"name": "mutt-imap-format-string(6235)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6235"
},
{
"name": "CLA-2001:385",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000385"
},
{
"name": "MDKSA-2001-031",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-031.php3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-03-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in Mutt before 1.2.5 allows a remote malicious IMAP server to execute arbitrary commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-09-02T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20010320 Trustix Security Advisory - mutt",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-03/0246.html"
},
{
"name": "5615",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/5615"
},
{
"name": "RHSA-2001:029",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-029.html"
},
{
"name": "20010315 Immunix OS Security update for mutt",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=98473109630421\u0026w=2"
},
{
"name": "mutt-imap-format-string(6235)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6235"
},
{
"name": "CLA-2001:385",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000385"
},
{
"name": "MDKSA-2001-031",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-031.php3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0473",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in Mutt before 1.2.5 allows a remote malicious IMAP server to execute arbitrary commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010320 Trustix Security Advisory - mutt",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-03/0246.html"
},
{
"name": "5615",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5615"
},
{
"name": "RHSA-2001:029",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2001-029.html"
},
{
"name": "20010315 Immunix OS Security update for mutt",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=98473109630421\u0026w=2"
},
{
"name": "mutt-imap-format-string(6235)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6235"
},
{
"name": "CLA-2001:385",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000385"
},
{
"name": "MDKSA-2001-031",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-031.php3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0473",
"datePublished": "2001-09-18T04:00:00.000Z",
"dateReserved": "2001-05-24T00:00:00.000Z",
"dateUpdated": "2024-08-08T04:21:38.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1565 (GCVE-0-2002-1565)
Vulnerability from cvelistv5 – Published: 2003-06-05 04:00 – Updated: 2024-08-08 03:26- n/a
| URL | Tags |
|---|---|
| ftp://patches.sgi.com/support/free/security/advis… | vendor-advisoryx_refsource_SGI |
| ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-200… | vendor-advisoryx_refsource_SCO |
| http://distro.conectiva.com.br/atualizacoes/?id=a… | vendor-advisoryx_refsource_CONECTIVA |
| http://www.debian.org/security/2002/dsa-209 | vendor-advisoryx_refsource_DEBIAN |
| http://marc.info/?l=bugtraq&m=105474357016184&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://www.redhat.com/support/errata/RHSA-2003-372.html | vendor-advisoryx_refsource_REDHAT |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:26:28.998Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20040202-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc"
},
{
"name": "CSSA-2003-003.0",
"tags": [
"vendor-advisory",
"x_refsource_SCO",
"x_transferred"
],
"url": "ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-003.0.txt"
},
{
"name": "CLA-2003:716",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000716"
},
{
"name": "DSA-209",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2002/dsa-209"
},
{
"name": "20030604 Immunix Secured OS 7+ wget update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105474357016184\u0026w=2"
},
{
"name": "RHSA-2003:372",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-372.html"
},
{
"name": "wget-url-filename-bo(10851)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10851"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-12-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in url_filename function for wget 1.8.1 allows attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a long URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20040202-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc"
},
{
"name": "CSSA-2003-003.0",
"tags": [
"vendor-advisory",
"x_refsource_SCO"
],
"url": "ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-003.0.txt"
},
{
"name": "CLA-2003:716",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000716"
},
{
"name": "DSA-209",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2002/dsa-209"
},
{
"name": "20030604 Immunix Secured OS 7+ wget update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105474357016184\u0026w=2"
},
{
"name": "RHSA-2003:372",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-372.html"
},
{
"name": "wget-url-filename-bo(10851)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10851"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1565",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in url_filename function for wget 1.8.1 allows attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a long URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040202-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc"
},
{
"name": "CSSA-2003-003.0",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-003.0.txt"
},
{
"name": "CLA-2003:716",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000716"
},
{
"name": "DSA-209",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2002/dsa-209"
},
{
"name": "20030604 Immunix Secured OS 7+ wget update",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=105474357016184\u0026w=2"
},
{
"name": "RHSA-2003:372",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-372.html"
},
{
"name": "wget-url-filename-bo(10851)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10851"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1565",
"datePublished": "2003-06-05T04:00:00.000Z",
"dateReserved": "2003-06-04T00:00:00.000Z",
"dateUpdated": "2024-08-08T03:26:28.998Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-1213 (GCVE-0-2000-1213)
Vulnerability from cvelistv5 – Published: 2002-08-31 04:00 – Updated: 2024-08-08 05:45- n/a
| URL | Tags |
|---|---|
| http://www.redhat.com/support/errata/RHSA-2000-087.html | vendor-advisoryx_refsource_REDHAT |
| http://marc.info/?l=bugtraq&m=97249980727834&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:45:37.360Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2000:087",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-087.html"
},
{
"name": "20001025 Immunix OS Security Update for ping package",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=97249980727834\u0026w=2"
},
{
"name": "20001030 Trustix Security Advisory - ping gnupg ypbind",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0429.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-10-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ping in iputils before 20001010, as distributed on Red Hat Linux 6.2 through 7J and other operating systems, does not drop privileges after acquiring a raw socket, which increases ping\u0027s exposure to bugs that otherwise would occur at lower privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2000:087",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-087.html"
},
{
"name": "20001025 Immunix OS Security Update for ping package",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=97249980727834\u0026w=2"
},
{
"name": "20001030 Trustix Security Advisory - ping gnupg ypbind",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0429.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-1213",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ping in iputils before 20001010, as distributed on Red Hat Linux 6.2 through 7J and other operating systems, does not drop privileges after acquiring a raw socket, which increases ping\u0027s exposure to bugs that otherwise would occur at lower privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2000:087",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2000-087.html"
},
{
"name": "20001025 Immunix OS Security Update for ping package",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=97249980727834\u0026w=2"
},
{
"name": "20001030 Trustix Security Advisory - ping gnupg ypbind",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0429.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-1213",
"datePublished": "2002-08-31T04:00:00.000Z",
"dateReserved": "2002-08-30T00:00:00.000Z",
"dateUpdated": "2024-08-08T05:45:37.360Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-1214 (GCVE-0-2000-1214)
Vulnerability from cvelistv5 – Published: 2002-08-31 04:00 – Updated: 2024-08-08 05:45- n/a
| URL | Tags |
|---|---|
| http://www.iss.net/security_center/static/5431.php | vdb-entryx_refsource_XF |
| http://www.redhat.com/support/errata/RHSA-2000-087.html | vendor-advisoryx_refsource_REDHAT |
| http://marc.info/?l=bugtraq&m=97249980727834&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/1813 | vdb-entryx_refsource_BID |
| http://marc.info/?l=bugtraq&m=97208562830613&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:45:37.335Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ping-buf-bo(5431)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/5431.php"
},
{
"name": "RHSA-2000:087",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-087.html"
},
{
"name": "20001025 Immunix OS Security Update for ping package",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=97249980727834\u0026w=2"
},
{
"name": "1813",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1813"
},
{
"name": "20001020 Re: [RHSA-2000:087-02] Potential security problems in ping fixed.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=97208562830613\u0026w=2"
},
{
"name": "20001030 Trustix Security Advisory - ping gnupg ypbind",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0429.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-10-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflows in the (1) outpack or (2) buf variables of ping in iputils before 20001010, as distributed on Red Hat Linux 6.2 through 7J and other operating systems, may allow local users to gain privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ping-buf-bo(5431)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/5431.php"
},
{
"name": "RHSA-2000:087",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-087.html"
},
{
"name": "20001025 Immunix OS Security Update for ping package",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=97249980727834\u0026w=2"
},
{
"name": "1813",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1813"
},
{
"name": "20001020 Re: [RHSA-2000:087-02] Potential security problems in ping fixed.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=97208562830613\u0026w=2"
},
{
"name": "20001030 Trustix Security Advisory - ping gnupg ypbind",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0429.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-1214",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflows in the (1) outpack or (2) buf variables of ping in iputils before 20001010, as distributed on Red Hat Linux 6.2 through 7J and other operating systems, may allow local users to gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ping-buf-bo(5431)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/5431.php"
},
{
"name": "RHSA-2000:087",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2000-087.html"
},
{
"name": "20001025 Immunix OS Security Update for ping package",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=97249980727834\u0026w=2"
},
{
"name": "1813",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1813"
},
{
"name": "20001020 Re: [RHSA-2000:087-02] Potential security problems in ping fixed.",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=97208562830613\u0026w=2"
},
{
"name": "20001030 Trustix Security Advisory - ping gnupg ypbind",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0429.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-1214",
"datePublished": "2002-08-31T04:00:00.000Z",
"dateReserved": "2002-08-30T00:00:00.000Z",
"dateUpdated": "2024-08-08T05:45:37.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-1208 (GCVE-0-2000-1208)
Vulnerability from cvelistv5 – Published: 2002-08-01 04:00 – Updated: 2024-08-08 05:45- n/a
| URL | Tags |
|---|---|
| http://marc.info/?l=bugtraq&m=96994604300675&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://www.iss.net/security_center/static/5286.php | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/1711 | vdb-entryx_refsource_BID |
| http://online.securityfocus.com/archive/1/137555 | mailing-listx_refsource_BUGTRAQ |
| http://www.redhat.com/support/errata/RHSA-2000-066.html | vendor-advisoryx_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:45:37.340Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20000925 Format strings: bug #1: BSD-lpr",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=96994604300675\u0026w=2"
},
{
"name": "lpr-checkremote-format-string(5286)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/5286.php"
},
{
"name": "1711",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1711"
},
{
"name": "20001004 Immunix OS Security Update for lpr",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/137555"
},
{
"name": "RHSA-2000:066",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-066.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-05-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in startprinting() function of printjob.c in BSD-based lpr lpd package may allow local users to gain privileges via an improper syslog call that uses format strings from the checkremote() call."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20000925 Format strings: bug #1: BSD-lpr",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=96994604300675\u0026w=2"
},
{
"name": "lpr-checkremote-format-string(5286)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/5286.php"
},
{
"name": "1711",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1711"
},
{
"name": "20001004 Immunix OS Security Update for lpr",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/137555"
},
{
"name": "RHSA-2000:066",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-066.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-1208",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in startprinting() function of printjob.c in BSD-based lpr lpd package may allow local users to gain privileges via an improper syslog call that uses format strings from the checkremote() call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20000925 Format strings: bug #1: BSD-lpr",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=96994604300675\u0026w=2"
},
{
"name": "lpr-checkremote-format-string(5286)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/5286.php"
},
{
"name": "1711",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1711"
},
{
"name": "20001004 Immunix OS Security Update for lpr",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/137555"
},
{
"name": "RHSA-2000:066",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2000-066.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-1208",
"datePublished": "2002-08-01T04:00:00.000Z",
"dateReserved": "2002-07-31T00:00:00.000Z",
"dateUpdated": "2024-08-08T05:45:37.340Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-0083 (GCVE-0-2002-0083)
Vulnerability from cvelistv5 – Published: 2002-06-25 04:00 – Updated: 2024-08-08 02:35- n/a
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:35:17.574Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020311 TSLSA-2002-0039 - openssh",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-03/0108.html"
},
{
"name": "CSSA-2002-SCO.10",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.10/CSSA-2002-SCO.10.txt"
},
{
"name": "730",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/730"
},
{
"name": "4241",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4241"
},
{
"name": "20020308 [OpenPKG-SA-2002.002] OpenPKG Security Advisory (openssh)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101561384821761\u0026w=2"
},
{
"name": "CSSA-2002-SCO.11",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.11/CSSA-2002-SCO.11.txt"
},
{
"name": "HPSBTL0203-029",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://online.securityfocus.com/advisories/3960"
},
{
"name": "DSA-119",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2002/dsa-119"
},
{
"name": "SuSE-SA:2002:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2002_009_openssh_txt.html"
},
{
"name": "CSSA-2002-012.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2002-012.0.txt"
},
{
"name": "20020310 OpenSSH 2.9.9p2 packages for Immunix 6.2 with latest fix",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101586991827622\u0026w=2"
},
{
"name": "ESA-20020307-007",
"tags": [
"vendor-advisory",
"x_refsource_ENGARDE",
"x_transferred"
],
"url": "http://www.linuxsecurity.com/advisories/other_advisory-1937.html"
},
{
"name": "CLA-2002:467",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000467"
},
{
"name": "NetBSD-SA2002-004",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD",
"x_transferred"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-004.txt.asc"
},
{
"name": "FreeBSD-SA-02:13",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:13.openssh.asc"
},
{
"name": "20020307 OpenSSH Security Advisory (adv.channelalloc)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101553908201861\u0026w=2"
},
{
"name": "20020307 [PINE-CERT-20020301] OpenSSH off-by-one",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101552065005254\u0026w=2"
},
{
"name": "MDKSA-2002:019",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-019.php"
},
{
"name": "RHSA-2002:043",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-043.html"
},
{
"name": "openssh-channel-error(8383)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/8383.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openbsd.org/advisories/ssh_channelalloc.txt"
},
{
"name": "20020328 OpenSSH channel_lookup() off by one exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/264657"
},
{
"name": "20020307 [VulnWatch] [PINE-CERT-20020301] OpenSSH off-by-one",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0060.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-03-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-06-16T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020311 TSLSA-2002-0039 - openssh",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-03/0108.html"
},
{
"name": "CSSA-2002-SCO.10",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.10/CSSA-2002-SCO.10.txt"
},
{
"name": "730",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/730"
},
{
"name": "4241",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4241"
},
{
"name": "20020308 [OpenPKG-SA-2002.002] OpenPKG Security Advisory (openssh)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101561384821761\u0026w=2"
},
{
"name": "CSSA-2002-SCO.11",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.11/CSSA-2002-SCO.11.txt"
},
{
"name": "HPSBTL0203-029",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://online.securityfocus.com/advisories/3960"
},
{
"name": "DSA-119",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2002/dsa-119"
},
{
"name": "SuSE-SA:2002:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2002_009_openssh_txt.html"
},
{
"name": "CSSA-2002-012.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2002-012.0.txt"
},
{
"name": "20020310 OpenSSH 2.9.9p2 packages for Immunix 6.2 with latest fix",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101586991827622\u0026w=2"
},
{
"name": "ESA-20020307-007",
"tags": [
"vendor-advisory",
"x_refsource_ENGARDE"
],
"url": "http://www.linuxsecurity.com/advisories/other_advisory-1937.html"
},
{
"name": "CLA-2002:467",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000467"
},
{
"name": "NetBSD-SA2002-004",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-004.txt.asc"
},
{
"name": "FreeBSD-SA-02:13",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:13.openssh.asc"
},
{
"name": "20020307 OpenSSH Security Advisory (adv.channelalloc)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101553908201861\u0026w=2"
},
{
"name": "20020307 [PINE-CERT-20020301] OpenSSH off-by-one",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101552065005254\u0026w=2"
},
{
"name": "MDKSA-2002:019",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-019.php"
},
{
"name": "RHSA-2002:043",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-043.html"
},
{
"name": "openssh-channel-error(8383)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/8383.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openbsd.org/advisories/ssh_channelalloc.txt"
},
{
"name": "20020328 OpenSSH channel_lookup() off by one exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/264657"
},
{
"name": "20020307 [VulnWatch] [PINE-CERT-20020301] OpenSSH off-by-one",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0060.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0083",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020311 TSLSA-2002-0039 - openssh",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-03/0108.html"
},
{
"name": "CSSA-2002-SCO.10",
"refsource": "CALDERA",
"url": "ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.10/CSSA-2002-SCO.10.txt"
},
{
"name": "730",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/730"
},
{
"name": "4241",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4241"
},
{
"name": "20020308 [OpenPKG-SA-2002.002] OpenPKG Security Advisory (openssh)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101561384821761\u0026w=2"
},
{
"name": "CSSA-2002-SCO.11",
"refsource": "CALDERA",
"url": "ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.11/CSSA-2002-SCO.11.txt"
},
{
"name": "HPSBTL0203-029",
"refsource": "HP",
"url": "http://online.securityfocus.com/advisories/3960"
},
{
"name": "DSA-119",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2002/dsa-119"
},
{
"name": "SuSE-SA:2002:009",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2002_009_openssh_txt.html"
},
{
"name": "CSSA-2002-012.0",
"refsource": "CALDERA",
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2002-012.0.txt"
},
{
"name": "20020310 OpenSSH 2.9.9p2 packages for Immunix 6.2 with latest fix",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101586991827622\u0026w=2"
},
{
"name": "ESA-20020307-007",
"refsource": "ENGARDE",
"url": "http://www.linuxsecurity.com/advisories/other_advisory-1937.html"
},
{
"name": "CLA-2002:467",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000467"
},
{
"name": "NetBSD-SA2002-004",
"refsource": "NETBSD",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-004.txt.asc"
},
{
"name": "FreeBSD-SA-02:13",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:13.openssh.asc"
},
{
"name": "20020307 OpenSSH Security Advisory (adv.channelalloc)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101553908201861\u0026w=2"
},
{
"name": "20020307 [PINE-CERT-20020301] OpenSSH off-by-one",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101552065005254\u0026w=2"
},
{
"name": "MDKSA-2002:019",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-019.php"
},
{
"name": "RHSA-2002:043",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-043.html"
},
{
"name": "openssh-channel-error(8383)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8383.php"
},
{
"name": "http://www.openbsd.org/advisories/ssh_channelalloc.txt",
"refsource": "CONFIRM",
"url": "http://www.openbsd.org/advisories/ssh_channelalloc.txt"
},
{
"name": "20020328 OpenSSH channel_lookup() off by one exploit",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/264657"
},
{
"name": "20020307 [VulnWatch] [PINE-CERT-20020301] OpenSSH off-by-one",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0060.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0083",
"datePublished": "2002-06-25T04:00:00.000Z",
"dateReserved": "2002-03-06T00:00:00.000Z",
"dateUpdated": "2024-08-08T02:35:17.574Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-1030 (GCVE-0-2001-1030)
Vulnerability from cvelistv5 – Published: 2002-06-25 04:00 – Updated: 2024-08-08 04:44- n/a
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/197727 | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.redhat.com/support/errata/RHSA-2001-097.html | vendor-advisoryx_refsource_REDHAT |
| http://download.immunix.org/ImmunixOS/7.0/updates… | vendor-advisoryx_refsource_IMMUNIX |
| http://www.linux-mandrake.com/en/security/2001/MD… | vendor-advisoryx_refsource_MANDRAKE |
| http://www.calderasystems.com/support/security/ad… | vendor-advisoryx_refsource_CALDERA |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:44:06.644Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20010718 Squid httpd acceleration acl bug enables portscanning",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/197727"
},
{
"name": "squid-http-accelerator-portscanning(6862)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6862"
},
{
"name": "RHSA-2001:097",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-097.html"
},
{
"name": "IMNX-2001-70-031-01",
"tags": [
"vendor-advisory",
"x_refsource_IMMUNIX",
"x_transferred"
],
"url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-031-01"
},
{
"name": "MDKSA-2001:066",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-066.php3"
},
{
"name": "CSSA-2001-029.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2001-029.0.txt"
},
{
"name": "20010719 TSLSA-2001-0013 - Squid",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0362.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-07-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-02-06T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20010718 Squid httpd acceleration acl bug enables portscanning",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/197727"
},
{
"name": "squid-http-accelerator-portscanning(6862)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6862"
},
{
"name": "RHSA-2001:097",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-097.html"
},
{
"name": "IMNX-2001-70-031-01",
"tags": [
"vendor-advisory",
"x_refsource_IMMUNIX"
],
"url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-031-01"
},
{
"name": "MDKSA-2001:066",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-066.php3"
},
{
"name": "CSSA-2001-029.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2001-029.0.txt"
},
{
"name": "20010719 TSLSA-2001-0013 - Squid",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0362.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1030",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010718 Squid httpd acceleration acl bug enables portscanning",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/197727"
},
{
"name": "squid-http-accelerator-portscanning(6862)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6862"
},
{
"name": "RHSA-2001:097",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2001-097.html"
},
{
"name": "IMNX-2001-70-031-01",
"refsource": "IMMUNIX",
"url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-031-01"
},
{
"name": "MDKSA-2001:066",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-066.php3"
},
{
"name": "CSSA-2001-029.0",
"refsource": "CALDERA",
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2001-029.0.txt"
},
{
"name": "20010719 TSLSA-2001-0013 - Squid",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0362.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1030",
"datePublished": "2002-06-25T04:00:00.000Z",
"dateReserved": "2002-01-31T00:00:00.000Z",
"dateUpdated": "2024-08-08T04:44:06.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-0738 (GCVE-0-2001-0738)
Vulnerability from cvelistv5 – Published: 2002-03-09 05:00 – Updated: 2024-08-08 04:30- n/a
| URL | Tags |
|---|---|
| http://download.immunix.org/ImmunixOS/7.0/updates… | vendor-advisoryx_refsource_IMMUNIX |
| http://www.kb.cert.org/vuls/id/249579 | third-party-advisoryx_refsource_CERT-VN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://marc.info/?l=bugtraq&m=99258618906506&w=2 | mailing-listx_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:30:06.100Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "IMNX-2001-70-026-01",
"tags": [
"vendor-advisory",
"x_refsource_IMMUNIX",
"x_transferred"
],
"url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-026-01"
},
{
"name": "VU#249579",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/249579"
},
{
"name": "klogd-null-byte-dos(7098)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7098"
},
{
"name": "20010614 sysklogd update -- Immunix OS 6.2, 7.0-beta, 7.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=99258618906506\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-02-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "LogLine function in klogd in sysklogd 1.3 in various Linux distributions allows an attacker to cause a denial of service (hang) by causing null bytes to be placed in log messages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-02-26T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "IMNX-2001-70-026-01",
"tags": [
"vendor-advisory",
"x_refsource_IMMUNIX"
],
"url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-026-01"
},
{
"name": "VU#249579",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/249579"
},
{
"name": "klogd-null-byte-dos(7098)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7098"
},
{
"name": "20010614 sysklogd update -- Immunix OS 6.2, 7.0-beta, 7.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=99258618906506\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0738",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LogLine function in klogd in sysklogd 1.3 in various Linux distributions allows an attacker to cause a denial of service (hang) by causing null bytes to be placed in log messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "IMNX-2001-70-026-01",
"refsource": "IMMUNIX",
"url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-026-01"
},
{
"name": "VU#249579",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/249579"
},
{
"name": "klogd-null-byte-dos(7098)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7098"
},
{
"name": "20010614 sysklogd update -- Immunix OS 6.2, 7.0-beta, 7.0",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=99258618906506\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0738",
"datePublished": "2002-03-09T05:00:00.000Z",
"dateReserved": "2001-10-12T00:00:00.000Z",
"dateUpdated": "2024-08-08T04:30:06.100Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-1111 (GCVE-0-1999-1111)
Vulnerability from cvelistv5 – Published: 2002-03-09 05:00 – Updated: 2024-08-01 17:02- n/a
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/786 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://marc.info/?l=bugtraq&m=94218618329838&w=2 | mailing-listx_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:02:53.746Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "786",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/786"
},
{
"name": "immunix-stackguard-bo(3524)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/3524"
},
{
"name": "19911109 ImmuniX OS Security Alert: StackGuard 1.21 Released",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=94218618329838\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "1999-11-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in StackGuard before 1.21 allows remote attackers to bypass the Random and Terminator Canary security mechanisms by using a non-linear attack which directly modifies a pointer to a return address instead of using a buffer overflow to reach the return address entry itself."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2001-11-28T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "786",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/786"
},
{
"name": "immunix-stackguard-bo(3524)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/3524"
},
{
"name": "19911109 ImmuniX OS Security Alert: StackGuard 1.21 Released",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=94218618329838\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1111",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in StackGuard before 1.21 allows remote attackers to bypass the Random and Terminator Canary security mechanisms by using a non-linear attack which directly modifies a pointer to a return address instead of using a buffer overflow to reach the return address entry itself."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "786",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/786"
},
{
"name": "immunix-stackguard-bo(3524)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/3524"
},
{
"name": "19911109 ImmuniX OS Security Alert: StackGuard 1.21 Released",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=94218618329838\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-1111",
"datePublished": "2002-03-09T05:00:00.000Z",
"dateReserved": "2001-08-31T00:00:00.000Z",
"dateUpdated": "2024-08-01T17:02:53.746Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-0641 (GCVE-0-2001-0641)
Vulnerability from cvelistv5 – Published: 2002-03-09 05:00 – Updated: 2024-08-08 04:30- n/a
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.redhat.com/support/errata/RHSA-2001-069.html | vendor-advisoryx_refsource_REDHAT |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/archive/1/190136 | mailing-listx_refsource_BUGTRAQ |
| http://www.novell.com/linux/security/advisories/2… | vendor-advisoryx_refsource_SUSE |
| http://www.securityfocus.com/bid/2711 | vdb-entryx_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:30:05.998Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "man-s-bo(6530)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6530"
},
{
"name": "RHSA-2001:069",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-069.html"
},
{
"name": "20010513 RH 7.0:/usr/bin/man exploit: gid man + more",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-05/0087.html"
},
{
"name": "20010612 man 1.5h10 + man 1.5i-4 exploits",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/190136"
},
{
"name": "SuSE-SA:2001:019",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2001_019_man_txt.html"
},
{
"name": "2711",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/2711"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-05-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in man program in various distributions of Linux allows local user to execute arbitrary code as group man via a long -S option."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-02-11T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "man-s-bo(6530)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6530"
},
{
"name": "RHSA-2001:069",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-069.html"
},
{
"name": "20010513 RH 7.0:/usr/bin/man exploit: gid man + more",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-05/0087.html"
},
{
"name": "20010612 man 1.5h10 + man 1.5i-4 exploits",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/190136"
},
{
"name": "SuSE-SA:2001:019",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2001_019_man_txt.html"
},
{
"name": "2711",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/2711"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0641",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in man program in various distributions of Linux allows local user to execute arbitrary code as group man via a long -S option."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "man-s-bo(6530)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6530"
},
{
"name": "RHSA-2001:069",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2001-069.html"
},
{
"name": "20010513 RH 7.0:/usr/bin/man exploit: gid man + more",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-05/0087.html"
},
{
"name": "20010612 man 1.5h10 + man 1.5i-4 exploits",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/190136"
},
{
"name": "SuSE-SA:2001:019",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2001_019_man_txt.html"
},
{
"name": "2711",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2711"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0641",
"datePublished": "2002-03-09T05:00:00.000Z",
"dateReserved": "2001-08-06T00:00:00.000Z",
"dateUpdated": "2024-08-08T04:30:05.998Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-0416 (GCVE-0-2001-0416)
Vulnerability from cvelistv5 – Published: 2002-03-09 05:00 – Updated: 2024-08-08 04:21- n/a
| URL | Tags |
|---|---|
| http://www.redhat.com/support/errata/RHSA-2001-027.html | vendor-advisoryx_refsource_REDHAT |
| http://www.securityfocus.com/bid/2506 | vdb-entryx_refsource_BID |
| http://www.linux-mandrake.com/en/security/2001/MD… | vendor-advisoryx_refsource_MANDRAKE |
| http://www.debian.org/security/2001/dsa-038 | vendor-advisoryx_refsource_DEBIAN |
| http://www.securityfocus.com/bid/2683 | vdb-entryx_refsource_BID |
| http://www.novell.com/linux/security/advisories/2… | vendor-advisoryx_refsource_SUSE |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://marc.info/?l=bugtraq&m=98477491130367&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://distro.conectiva.com.br/atualizacoes/?id=a… | vendor-advisoryx_refsource_CONECTIVA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:21:37.799Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2001:027",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-027.html"
},
{
"name": "2506",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/2506"
},
{
"name": "MDKSA-2001:030",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-030.php3"
},
{
"name": "DSA-038",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2001/dsa-038"
},
{
"name": "2683",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/2683"
},
{
"name": "SuSE-SA:2001:16",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2001_016_sgmltool_txt.html"
},
{
"name": "sgmltools-symlink(6201)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6201"
},
{
"name": "20010316 Immunix OS Security update for sgml-tools",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=98477491130367\u0026w=2"
},
{
"name": "CLA-2001:390",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000390"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-03-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "sgml-tools (aka sgmltools) before 1.0.9-15 creates temporary files with insecure permissions, which allows other users to read files that are being processed by sgml-tools."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-02-26T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2001:027",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-027.html"
},
{
"name": "2506",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/2506"
},
{
"name": "MDKSA-2001:030",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-030.php3"
},
{
"name": "DSA-038",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2001/dsa-038"
},
{
"name": "2683",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/2683"
},
{
"name": "SuSE-SA:2001:16",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2001_016_sgmltool_txt.html"
},
{
"name": "sgmltools-symlink(6201)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6201"
},
{
"name": "20010316 Immunix OS Security update for sgml-tools",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=98477491130367\u0026w=2"
},
{
"name": "CLA-2001:390",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000390"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0416",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "sgml-tools (aka sgmltools) before 1.0.9-15 creates temporary files with insecure permissions, which allows other users to read files that are being processed by sgml-tools."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2001:027",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2001-027.html"
},
{
"name": "2506",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2506"
},
{
"name": "MDKSA-2001:030",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-030.php3"
},
{
"name": "DSA-038",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2001/dsa-038"
},
{
"name": "2683",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2683"
},
{
"name": "SuSE-SA:2001:16",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2001_016_sgmltool_txt.html"
},
{
"name": "sgmltools-symlink(6201)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6201"
},
{
"name": "20010316 Immunix OS Security update for sgml-tools",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=98477491130367\u0026w=2"
},
{
"name": "CLA-2001:390",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000390"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0416",
"datePublished": "2002-03-09T05:00:00.000Z",
"dateReserved": "2001-05-24T00:00:00.000Z",
"dateUpdated": "2024-08-08T04:21:37.799Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-0736 (GCVE-0-2001-0736)
Vulnerability from cvelistv5 – Published: 2001-10-12 04:00 – Updated: 2024-08-08 04:30- n/a
| URL | Tags |
|---|---|
| http://marc.info/?l=bugtraq&m=98749102621604&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://marc.info/?l=bugtraq&m=99106787825229&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://www.linux-mandrake.com/en/security/2001/MD… | vendor-advisoryx_refsource_MANDRAKE |
| http://www.redhat.com/support/errata/RHSA-2001-042.html | vendor-advisoryx_refsource_REDHAT |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:30:06.075Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20010416 Immunix OS Security update for pine",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=98749102621604\u0026w=2"
},
{
"name": "20010527 [ESA-20010509-01] pine temporary file handling vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=99106787825229\u0026w=2"
},
{
"name": "MDKSA-2001:047",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-047.php3?dis=8.0"
},
{
"name": "RHSA-2001:042",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-042.html"
},
{
"name": "pine-tmp-file-symlink(6367)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6367"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-03-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in (1) pine before 4.33 and (2) the pico editor, included with pine, allows local users local users to overwrite arbitrary files via a symlink attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-18T21:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20010416 Immunix OS Security update for pine",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=98749102621604\u0026w=2"
},
{
"name": "20010527 [ESA-20010509-01] pine temporary file handling vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=99106787825229\u0026w=2"
},
{
"name": "MDKSA-2001:047",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-047.php3?dis=8.0"
},
{
"name": "RHSA-2001:042",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-042.html"
},
{
"name": "pine-tmp-file-symlink(6367)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6367"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0736",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in (1) pine before 4.33 and (2) the pico editor, included with pine, allows local users local users to overwrite arbitrary files via a symlink attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010416 Immunix OS Security update for pine",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=98749102621604\u0026w=2"
},
{
"name": "20010527 [ESA-20010509-01] pine temporary file handling vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=99106787825229\u0026w=2"
},
{
"name": "MDKSA-2001:047",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-047.php3?dis=8.0"
},
{
"name": "RHSA-2001:042",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2001-042.html"
},
{
"name": "pine-tmp-file-symlink(6367)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6367"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0736",
"datePublished": "2001-10-12T04:00:00.000Z",
"dateReserved": "2001-10-12T00:00:00.000Z",
"dateUpdated": "2024-08-08T04:30:06.075Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-0473 (GCVE-0-2001-0473)
Vulnerability from cvelistv5 – Published: 2001-09-18 04:00 – Updated: 2024-08-08 04:21- n/a
| URL | Tags |
|---|---|
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| http://www.osvdb.org/5615 | vdb-entryx_refsource_OSVDB |
| http://www.redhat.com/support/errata/RHSA-2001-029.html | vendor-advisoryx_refsource_REDHAT |
| http://marc.info/?l=bugtraq&m=98473109630421&w=2 | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://distro.conectiva.com.br/atualizacoes/?id=a… | vendor-advisoryx_refsource_CONECTIVA |
| http://www.linux-mandrake.com/en/security/2001/MD… | vendor-advisoryx_refsource_MANDRAKE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:21:38.677Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20010320 Trustix Security Advisory - mutt",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-03/0246.html"
},
{
"name": "5615",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/5615"
},
{
"name": "RHSA-2001:029",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-029.html"
},
{
"name": "20010315 Immunix OS Security update for mutt",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=98473109630421\u0026w=2"
},
{
"name": "mutt-imap-format-string(6235)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6235"
},
{
"name": "CLA-2001:385",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000385"
},
{
"name": "MDKSA-2001-031",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-031.php3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-03-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in Mutt before 1.2.5 allows a remote malicious IMAP server to execute arbitrary commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-09-02T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20010320 Trustix Security Advisory - mutt",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-03/0246.html"
},
{
"name": "5615",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/5615"
},
{
"name": "RHSA-2001:029",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-029.html"
},
{
"name": "20010315 Immunix OS Security update for mutt",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=98473109630421\u0026w=2"
},
{
"name": "mutt-imap-format-string(6235)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6235"
},
{
"name": "CLA-2001:385",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000385"
},
{
"name": "MDKSA-2001-031",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-031.php3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0473",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in Mutt before 1.2.5 allows a remote malicious IMAP server to execute arbitrary commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010320 Trustix Security Advisory - mutt",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-03/0246.html"
},
{
"name": "5615",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5615"
},
{
"name": "RHSA-2001:029",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2001-029.html"
},
{
"name": "20010315 Immunix OS Security update for mutt",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=98473109630421\u0026w=2"
},
{
"name": "mutt-imap-format-string(6235)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6235"
},
{
"name": "CLA-2001:385",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000385"
},
{
"name": "MDKSA-2001-031",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-031.php3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0473",
"datePublished": "2001-09-18T04:00:00.000Z",
"dateReserved": "2001-05-24T00:00:00.000Z",
"dateUpdated": "2024-08-08T04:21:38.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}