Download
| Alert*
CVE-1999-0009
Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases. CVE-1999-0769 Vixie Cron on Linux systems allows local users to set parameters of sendmail commands via the MAILTO environmental variable. CVE-1999-0868 ucbmail allows remote attackers to execute commands via shell metacharacters that are passed to it from INN. CVE-1999-0706 Linux xmonisdn package allows local users to gain root privileges by modifying the IFS or PATH environmental variables. CVE-1999-0043 Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others. CVE-1999-0034 Buffer overflow in suidperl (sperl), Perl 4.x and 5.x. CVE-1999-0872 Buffer overflow in Vixie cron allows local users to gain root access via a long MAILTO environment variable in a crontab file. CVE-1999-0002 Buffer overflow in NFS mountd gives root access to remote attackers, mostly in Linux systems. CVE-1999-0192 Buffer overflow in telnet daemon tgetent routing allows remote attackers to gain root access via the TERMCAP environmental variable. CVE-1999-0390 Buffer overflow in Dosemu Slang library in Linux. CVE-1999-1182 Buffer overflow in run-time linkers (1) ld.so or (2) ld-linux.so for Linux systems allows local users to gain privileges by calling a setuid program with a long program name (argv[0]) and forcing ld.so/ld-linux.so to report an error. CVE-1999-1095 sort creates temporary files and follows symbolic links, which allows local users to modify arbitrary files that are writable by the user running sort, as observed in updatedb and other programs that use sort. CVE-2000-0118 The Red Hat Linux su program does not log failed password guesses if the su process is killed before it times out, which allows local attackers to conduct brute force password guessing. CVE-2000-0170 Buffer overflow in the man program in Linux allows local users to gain privileges via the MANPAGER environmental variable. CVE-2000-1220 The line printer daemon (lpd) in the lpr package in multiple Linux operating systems allows local users to gain root privileges by causing sendmail to execute with arbitrary command line arguments, as demonstrated using the -C option to specify a configuration file. CVE-2000-1221 The line printer daemon (lpd) in the lpr package in multiple Linux operating systems authenticates by comparing the reverse-resolved hostname of the local machine to the hostname of the print server as returned by gethostname, which allows remote attackers to bypass intended access controls by modif ... |