Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2001-0427
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:21:38.518Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20010328 VPN3000 Concentrator TELNET Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/vpn3k-telnet-vuln-pub.shtml"
},
{
"name": "5643",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/5643"
},
{
"name": "cisco-vpn-telnet-dos(6298)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6298"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-03-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via a flood of invalid login requests to (1) the SSL service, or (2) the telnet service, which do not properly disconnect the user after several failed login attempts."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-09-02T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20010328 VPN3000 Concentrator TELNET Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/vpn3k-telnet-vuln-pub.shtml"
},
{
"name": "5643",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/5643"
},
{
"name": "cisco-vpn-telnet-dos(6298)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6298"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0427",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via a flood of invalid login requests to (1) the SSL service, or (2) the telnet service, which do not properly disconnect the user after several failed login attempts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010328 VPN3000 Concentrator TELNET Vulnerability",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/vpn3k-telnet-vuln-pub.shtml"
},
{
"name": "5643",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5643"
},
{
"name": "cisco-vpn-telnet-dos(6298)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6298"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0427",
"datePublished": "2001-09-18T04:00:00",
"dateReserved": "2001-05-24T00:00:00",
"dateUpdated": "2024-08-08T04:21:38.518Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:vpn_3000_concentrator:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"24BE2649-D823-486B-8F6C-4B8128EC2795\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:vpn_3005_concentrator:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E098419B-1B9E-4191-9C72-65CE43E38F3B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:vpn_3015_concentrator:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0A512328-2FD0-4B1D-9327-A13A0BCE9C0D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:vpn_3030_concentator:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6548F964-B8EE-4B39-87CF-99743D41C42C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:vpn_3060_concentrator:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E08810E6-33B6-45FF-91C7-EED10DC023EA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:vpn_3080_concentrator:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2BD1A1AC-980F-428E-8BAF-0FC821014868\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via a flood of invalid login requests to (1) the SSL service, or (2) the telnet service, which do not properly disconnect the user after several failed login attempts.\"}]",
"id": "CVE-2001-0427",
"lastModified": "2024-11-20T23:35:20.590",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:N/A:C\", \"baseScore\": 7.1, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2001-06-18T04:00:00.000",
"references": "[{\"url\": \"http://www.cisco.com/warp/public/707/vpn3k-telnet-vuln-pub.shtml\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.osvdb.org/5643\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/6298\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.cisco.com/warp/public/707/vpn3k-telnet-vuln-pub.shtml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.osvdb.org/5643\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/6298\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2001-0427\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2001-06-18T04:00:00.000\",\"lastModified\":\"2024-11-20T23:35:20.590\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via a flood of invalid login requests to (1) the SSL service, or (2) the telnet service, which do not properly disconnect the user after several failed login attempts.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:C\",\"baseScore\":7.1,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:vpn_3000_concentrator:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24BE2649-D823-486B-8F6C-4B8128EC2795\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:vpn_3005_concentrator:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E098419B-1B9E-4191-9C72-65CE43E38F3B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:vpn_3015_concentrator:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A512328-2FD0-4B1D-9327-A13A0BCE9C0D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:vpn_3030_concentator:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6548F964-B8EE-4B39-87CF-99743D41C42C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:vpn_3060_concentrator:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E08810E6-33B6-45FF-91C7-EED10DC023EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:vpn_3080_concentrator:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2BD1A1AC-980F-428E-8BAF-0FC821014868\"}]}]}],\"references\":[{\"url\":\"http://www.cisco.com/warp/public/707/vpn3k-telnet-vuln-pub.shtml\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.osvdb.org/5643\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/6298\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.cisco.com/warp/public/707/vpn3k-telnet-vuln-pub.shtml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.osvdb.org/5643\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/6298\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
gsd-2001-0427
Vulnerability from gsd
{
"GSD": {
"alias": "CVE-2001-0427",
"description": "Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via a flood of invalid login requests to (1) the SSL service, or (2) the telnet service, which do not properly disconnect the user after several failed login attempts.",
"id": "GSD-2001-0427"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2001-0427"
],
"details": "Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via a flood of invalid login requests to (1) the SSL service, or (2) the telnet service, which do not properly disconnect the user after several failed login attempts.",
"id": "GSD-2001-0427",
"modified": "2023-12-13T01:19:02.007280Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0427",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via a flood of invalid login requests to (1) the SSL service, or (2) the telnet service, which do not properly disconnect the user after several failed login attempts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010328 VPN3000 Concentrator TELNET Vulnerability",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/vpn3k-telnet-vuln-pub.shtml"
},
{
"name": "5643",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5643"
},
{
"name": "cisco-vpn-telnet-dos(6298)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6298"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:vpn_3030_concentator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:vpn_3060_concentrator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:vpn_3005_concentrator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:vpn_3015_concentrator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:vpn_3000_concentrator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:vpn_3080_concentrator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0427"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via a flood of invalid login requests to (1) the SSL service, or (2) the telnet service, which do not properly disconnect the user after several failed login attempts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010328 VPN3000 Concentrator TELNET Vulnerability",
"refsource": "CISCO",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/vpn3k-telnet-vuln-pub.shtml"
},
{
"name": "5643",
"refsource": "OSVDB",
"tags": [],
"url": "http://www.osvdb.org/5643"
},
{
"name": "cisco-vpn-telnet-dos(6298)",
"refsource": "XF",
"tags": [],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6298"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2017-10-10T01:29Z",
"publishedDate": "2001-06-18T04:00Z"
}
}
}
fkie_cve-2001-0427
Vulnerability from fkie_nvd
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | vpn_3000_concentrator | * | |
| cisco | vpn_3005_concentrator | * | |
| cisco | vpn_3015_concentrator | * | |
| cisco | vpn_3030_concentator | * | |
| cisco | vpn_3060_concentrator | * | |
| cisco | vpn_3080_concentrator | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:vpn_3000_concentrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24BE2649-D823-486B-8F6C-4B8128EC2795",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:vpn_3005_concentrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E098419B-1B9E-4191-9C72-65CE43E38F3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:vpn_3015_concentrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0A512328-2FD0-4B1D-9327-A13A0BCE9C0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:vpn_3030_concentator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6548F964-B8EE-4B39-87CF-99743D41C42C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:vpn_3060_concentrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E08810E6-33B6-45FF-91C7-EED10DC023EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:vpn_3080_concentrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2BD1A1AC-980F-428E-8BAF-0FC821014868",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via a flood of invalid login requests to (1) the SSL service, or (2) the telnet service, which do not properly disconnect the user after several failed login attempts."
}
],
"id": "CVE-2001-0427",
"lastModified": "2024-11-20T23:35:20.590",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-06-18T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/vpn3k-telnet-vuln-pub.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/5643"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6298"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/vpn3k-telnet-vuln-pub.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/5643"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6298"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
ghsa-6868-m557-3x86
Vulnerability from github
Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via a flood of invalid login requests to (1) the SSL service, or (2) the telnet service, which do not properly disconnect the user after several failed login attempts.
{
"affected": [],
"aliases": [
"CVE-2001-0427"
],
"database_specific": {
"cwe_ids": [
"CWE-20"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2001-06-18T04:00:00Z",
"severity": "HIGH"
},
"details": "Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via a flood of invalid login requests to (1) the SSL service, or (2) the telnet service, which do not properly disconnect the user after several failed login attempts.",
"id": "GHSA-6868-m557-3x86",
"modified": "2022-04-30T18:16:02Z",
"published": "2022-04-30T18:16:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2001-0427"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6298"
},
{
"type": "WEB",
"url": "http://www.cisco.com/warp/public/707/vpn3k-telnet-vuln-pub.shtml"
},
{
"type": "WEB",
"url": "http://www.osvdb.org/5643"
}
],
"schema_version": "1.4.0",
"severity": []
}
var-200106-0176
Vulnerability from variot
Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via a flood of invalid login requests to (1) the SSL service, or (2) the telnet service, which do not properly disconnect the user after several failed login attempts. The SNMP proxy agent on certain large Solaris systems contains a buffer overflow. It may be possible, though it is unconfirmed, that an intruder could use this flaw to execute code with root privileges. Solaris is the Unix Operating System variant distributed and maintained by Sun Microsystems. Solaris is a freely available operating system designed to run on systems of varying size with maximum scalability. A problem with the SNMP Daemon included in the SUNWsspop package results in a buffer overflow, and potentially the execution of arbitrary code. Upon parsing the argv[0] variable from the command line, this information is stored in a static buffer. The static buffer is vulnerable to being overflowed at 700 bytes of data. This vulnerability is only present on systems acting as the System Service Processor for an E10000, or on any system with the SUNWsspop package installed. VPN 3060 Concentrator is prone to a denial-of-service vulnerability. Concentrators prior to Cisco VPN 3000 Series versions 2.5.2(F) have a vulnerability. -----BEGIN PGP SIGNED MESSAGE-----
Internet Security Systems Security Alert Summary April 5, 2001 Volume 6 Number 5
X-Force Vulnerability and Threat Database: http://xforce.iss.net/ To receive these Alert Summaries as well as other Alerts and Advisories, subscribe to the Internet Security Systems Alert mailing list at: http://xforce.iss.net/maillists/index.php
This summary can be found at http://xforce.iss.net/alerts/vol-6_num-5.php
Contents: * 80 Reported Vulnerabilities * Risk Factor Key
Date Reported: 03/01/2001 Brief Description: Palm OS Debug Mode allows attacker to bypass password Risk Factor: Low Attack Type: Host Based Platforms Affected: Palm OS 3.5.2, Palm OS 3.3 Vulnerability: palm-debug-bypass-password X-Force URL: http://xforce.iss.net/static/6196.php
Date Reported: 03/01/2001 Brief Description: Microsoft Exchange malformed URL request could cause a denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Microsoft Exchange 2000 Vulnerability: exchange-malformed-url-dos X-Force URL: http://xforce.iss.net/static/6172.php
Date Reported: 03/02/2001 Brief Description: Mailx buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: OpenLinux 2.4, OpenLinux 2.3, Linux Debian 2.2 Vulnerability: mailx-bo X-Force URL: http://xforce.iss.net/static/6181.php
Date Reported: 03/02/2001 Brief Description: SunFTP allows attackers to gain unauthorized file access Risk Factor: Low Attack Type: Host Based Platforms Affected: SunFTP 1.0 Build 9 Vulnerability: sunftp-gain-access X-Force URL: http://xforce.iss.net/static/6195.php
Date Reported: 03/02/2001 Brief Description: WinZip /zipandemail option buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: Windows 2000 All versions, Winzip 8.0, Windows NT All versions Vulnerability: winzip-zipandemail-bo X-Force URL: http://xforce.iss.net/static/6191.php
Date Reported: 03/04/2001 Brief Description: Broker FTP Server allows remote attacker to delete files outside the FTP root Risk Factor: Medium Attack Type: Network Based Platforms Affected: Broker FTP Server All versions Vulnerability: broker-ftp-delete-files X-Force URL: http://xforce.iss.net/static/6190.php
Date Reported: 03/04/2001 Brief Description: Broker FTP allows remote user to list directories outside the FTP root Risk Factor: High Attack Type: Network Based Platforms Affected: Broker FTP Server All versions Vulnerability: broker-ftp-list-directories X-Force URL: http://xforce.iss.net/static/6189.php
Date Reported: 03/04/2001 Brief Description: INDEXU allows attackers to gain unauthorized system access Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: INDEXU 2.0beta and earlier Vulnerability: indexu-gain-access X-Force URL: http://xforce.iss.net/static/6202.php
Date Reported: 03/04/2001 Brief Description: Fastream FTP++ Client allows user to download files outside of Web root directory Risk Factor: Medium Attack Type: Network Based Platforms Affected: Fastream FTP++ Server 2.0 Vulnerability: fastream-ftp-directory-traversal X-Force URL: http://xforce.iss.net/static/6187.php
Date Reported: 03/04/2001 Brief Description: SlimServe HTTPd directory traversal Risk Factor: Medium Attack Type: Network Based Platforms Affected: SlimServe HTTPd 1.1 and earlier Vulnerability: slimserve-httpd-directory-traversal X-Force URL: http://xforce.iss.net/static/6186.php
Date Reported: 03/04/2001 Brief Description: WFTPD Pro buffer overflow Risk Factor: Low Attack Type: Network Based Platforms Affected: WFTPD Pro 3.00 Vulnerability: wftpd-pro-bo X-Force URL: http://xforce.iss.net/static/6184.php
Date Reported: 03/05/2001 Brief Description: IRCd tkserv buffer overflow Risk Factor: Low Attack Type: Network Based Platforms Affected: IRCd All versions, tkserv 1.3.0 and earlier Vulnerability: irc-tkserv-bo X-Force URL: http://xforce.iss.net/static/6193.php
Date Reported: 03/06/2001 Brief Description: War FTPD could allow attackers to list directories outside the FTP root Risk Factor: High Attack Type: Network Based Platforms Affected: WarFTPD 1.67b4 Vulnerability: warftp-directory-traversal X-Force URL: http://xforce.iss.net/static/6197.php
Date Reported: 03/06/2001 Brief Description: Internet Explorer could allow execution of commands when used with Telnet Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Internet Explorer 5.5, Services for Unix 2.0, Windows NT All versions, Windows 2000 All versions, Internet Explorer 5.01 Vulnerability: ie-telnet-execute-commands X-Force URL: http://xforce.iss.net/static/6230.php
Date Reported: 03/07/2001 Brief Description: Cisco Aironet Web access allows remote attacker to view/modify configuration Risk Factor: Low Attack Type: Network Based Platforms Affected: Aironet 340 Series Wireless Bridge Firmware 8.07, Aironet 340 Series Wireless Bridge Firmware 8.24, Aironet 340 Series Wireless Bridge Firmware 7.x Vulnerability: cisco-aironet-web-access X-Force URL: http://xforce.iss.net/static/6200.php
Date Reported: 03/07/2001 Brief Description: Netscape Directory Server buffer overflow Risk Factor: Low Attack Type: Network Based Platforms Affected: Netscape Directory Server 4.1, Netscape Directory Server 4.12, Windows NT All versions Vulnerability: netscape-directory-server-bo X-Force URL: http://xforce.iss.net/static/6233.php
Date Reported: 03/07/2001 Brief Description: Proftpd contains configuration error in postinst script when running as root Risk Factor: Low Attack Type: Host Based Platforms Affected: Linux Debian 2.2 Vulnerability: proftpd-postinst-root X-Force URL: http://xforce.iss.net/static/6208.php
Date Reported: 03/07/2001 Brief Description: proftpd /var symlink Risk Factor: Medium Attack Type: Host Based Platforms Affected: Linux Debian 2.2 Vulnerability: proftpd-var-symlink X-Force URL: http://xforce.iss.net/static/6209.php
Date Reported: 03/07/2001 Brief Description: man2html remote denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: man2html prior to 1.5.23 Vulnerability: man2html-remote-dos X-Force URL: http://xforce.iss.net/static/6211.php
Date Reported: 03/07/2001 Brief Description: Linux ePerl buffer overflow Risk Factor: Medium Attack Type: Host Based / Network Based Platforms Affected: Linux Mandrake 7.2, Linux Mandrake Corporate Server 1.0.1, ePerl prior to 2.2.14, Linux Debian 2.2, Linux Mandrake 7.1 Vulnerability: linux-eperl-bo X-Force URL: http://xforce.iss.net/static/6198.php
Date Reported: 03/08/2001 Brief Description: Novell NetWare could allow attackers to gain unauthorized access Risk Factor: Medium Attack Type: Network Based Platforms Affected: Novell NetWare 4.01, Novell NetWare 5.1, Novell NetWare 3.1, Novell NetWare 4.11, Novell NetWare 5.0 Vulnerability: novell-netware-unauthorized-access X-Force URL: http://xforce.iss.net/static/6215.php
Date Reported: 03/08/2001 Brief Description: Linux sgml-tools symlink attack Risk Factor: Low Attack Type: Host Based Platforms Affected: Linux Mandrake Corporate Server 1.0.1, sgml-tools prior to 1.0.9-15, Linux Mandrake 7.2, Linux Immunix OS 6.2, Linux Immunix OS 7.0 Beta, Linux Mandrake 6.0, Linux Mandrake 6.1, Linux Red Hat 7.0, Linux Red Hat 6.2, Linux Debian 2.2, Linux Mandrake 7.1, Linux Red Hat 5.2 Vulnerability: sgmltools-symlink X-Force URL: http://xforce.iss.net/static/6201.php
Date Reported: 03/08/2001 Brief Description: HP-UX asecure denial of service Risk Factor: Medium Attack Type: Host Based Platforms Affected: HP-UX 10.10, HP-UX 10.20, HP-UX 11, HP-UX 10.01 Vulnerability: hp-asecure-dos X-Force URL: http://xforce.iss.net/static/6212.php
Date Reported: 03/08/2001 Brief Description: ascdc Afterstep buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: ascdc 0.3 Vulnerability: ascdc-afterstep-bo X-Force URL: http://xforce.iss.net/static/6204.php
Date Reported: 03/08/2001 Brief Description: Microsoft IIS WebDAV denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: IIS 5.0 Vulnerability: iis-webdav-dos X-Force URL: http://xforce.iss.net/static/6205.php
Date Reported: 03/08/2001 Brief Description: WEBsweeper HTTP request denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: WEBsweeper 4.0, Windows NT All versions Vulnerability: websweeper-http-dos X-Force URL: http://xforce.iss.net/static/6214.php
Date Reported: 03/09/2001 Brief Description: FOLDOC allows remote attackers to execute commands Risk Factor: Medium Attack Type: Network Based Platforms Affected: FOLDEC All versions Vulnerability: foldoc-cgi-execute-commands X-Force URL: http://xforce.iss.net/static/6217.php
Date Reported: 03/09/2001 Brief Description: slrn newsreader wrapping/unwrapping buffer overflow Risk Factor: Low Attack Type: Network Based Platforms Affected: Linux Immunix OS 7.0 Beta, Linux Debian 2.2, Linux Red Hat 7.0, Linux Immunix OS 6.2, Linux Red Hat 6.0, Linux Red Hat 6.1, Linux Red Hat 6.2 Vulnerability: slrn-wrapping-bo X-Force URL: http://xforce.iss.net/static/6213.php
Date Reported: 03/09/2001 Brief Description: Linux mutt package contains format string when using IMAP Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Linux Mandrake 7.2, Linux Mandrake Corporate Server 1.0.1, Linux Mandrake 6.0, Linux Mandrake 6.1, Linux Red Hat 7.0, Linux Mandrake 7.0, Linux Mandrake 7.1, Linux Conectiva, Linux Red Hat 6.0, Linux Red Hat 6.1, Linux Red Hat 6.2, Linux Red Hat 5.2 Vulnerability: mutt-imap-format-string X-Force URL: http://xforce.iss.net/static/6235.php
Date Reported: 03/10/2001 Brief Description: FormMail could be used to flood servers with anonymous email Risk Factor: High Attack Type: Network Based Platforms Affected: FormMail 1.0 to 1.6, Linux All versions Vulnerability: formmail-anonymous-flooding X-Force URL: http://xforce.iss.net/static/6242.php
Date Reported: 03/11/2001 Brief Description: Half-Life Server config file buffer overflow Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Half-Life Dedicated Server All versions Vulnerability: halflife-config-file-bo X-Force URL: http://xforce.iss.net/static/6221.php
Date Reported: 03/11/2001 Brief Description: Half-Life Server exec command buffer overflow Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Half-Life Dedicated Server All versions Vulnerability: halflife-exec-bo X-Force URL: http://xforce.iss.net/static/6219.php
Date Reported: 03/11/2001 Brief Description: Half-Life Server map command buffer overflow Risk Factor: Low Attack Type: Network Based Platforms Affected: Half-Life Dedicated Server All versions Vulnerability: halflife-map-bo X-Force URL: http://xforce.iss.net/static/6218.php
Date Reported: 03/11/2001 Brief Description: Half-Life Server 'map' command format string Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Half-Life Dedicated Server All versions Vulnerability: halflife-map-format-string X-Force URL: http://xforce.iss.net/static/6220.php
Date Reported: 03/11/2001 Brief Description: Ikonboard allows remote attackers to read files Risk Factor: Medium Attack Type: Network Based Platforms Affected: Ikonboard 2.1.7b and earlier Vulnerability: ikonboard-cgi-read-files X-Force URL: http://xforce.iss.net/static/6216.php
Date Reported: 03/12/2001 Brief Description: timed daemon remote denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Linux SuSE 7.1, Linux Mandrake 7.2, Linux SuSE 7.0, Linux- Mandrake Corporate Server 1.0.1, Linux Mandrake 6.0, Linux Mandrake 6.1, FreeBSD 4.x, Linux Mandrake 7.0, Linux SuSE 6.1, Linux Mandrake 7.1, FreeBSD 3.x, Linux SuSE 6.3, Linux SuSE 6.4, Linux SuSE 6.2 Vulnerability: timed-remote-dos X-Force URL: http://xforce.iss.net/static/6228.php
Date Reported: 03/12/2001 Brief Description: imap, ipop2d and ipop3d buffer overflows Risk Factor: Low Attack Type: Network Based Platforms Affected: OpenLinux eServer 2.3.1, OpenLinux eBuilder for ECential 3.0, OpenLinux eDesktop 2.4, OpenLinux 2.3, Linux SuSE 6.1, Linux Conectiva Vulnerability: imap-ipop2d-ipop3d-bo X-Force URL: http://xforce.iss.net/static/6269.php
Date Reported: 03/12/2001 Brief Description: rwhod remote denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: FreeBSD 3.x, FreeBSD 4.x, Unix All versions Vulnerability: rwhod-remote-dos X-Force URL: http://xforce.iss.net/static/6229.php
Date Reported: 03/13/2001 Brief Description: SunOS snmpd argv[0] buffer overflow Risk Factor: Medium Attack Type: Host Based / Network Based Platforms Affected: SunOS 5.8 Vulnerability: snmpd-argv-bo X-Force URL: http://xforce.iss.net/static/6239.php
Date Reported: 03/13/2001 Brief Description: Mesa utah-glx symbolic link Risk Factor: Medium Attack Type: Host Based Platforms Affected: Mesa prior to 3.3-14, Linux Mandrake 7.2 Vulnerability: mesa-utahglx-symlink X-Force URL: http://xforce.iss.net/static/6231.php
Date Reported: 03/14/2001 Brief Description: Linux FTPfs buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: Linux 2.2.x, FTPfs 0.1.1 Vulnerability: ftpfs-bo X-Force URL: http://xforce.iss.net/static/6234.php
Date Reported: 03/15/2001 Brief Description: Solaris snmpXdmid malformed DMI request buffer overflow Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Solaris 7, Solaris 8, Solaris 2.6 Vulnerability: solaris-snmpxdmid-bo X-Force URL: http://xforce.iss.net/static/6245.php
Date Reported: 03/15/2001 Brief Description: vBulletin PHP Web forum allows attackers to gain elevated privileges Risk Factor: Low Attack Type: Network Based Platforms Affected: vBulletin 1.1.5 and earlier, vBulletin 2.0beta2 and earlier, Windows All versions, Unix All versions Vulnerability: vbulletin-php-elevate-privileges X-Force URL: http://xforce.iss.net/static/6237.php
Date Reported: 03/15/2001 Brief Description: MDaemon WorldClient Web services denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Windows NT All versions, Windows 2000 All versions, Mdaemon 3.5.6 Vulnerability: mdaemon-webservices-dos X-Force URL: http://xforce.iss.net/static/6240.php
Date Reported: 03/16/2001 Brief Description: SSH ssheloop.c denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: SSH for Windows Server 2.4, SSH for Windows Server 2.5, Windows All versions Vulnerability: ssh-ssheloop-dos X-Force URL: http://xforce.iss.net/static/6241.php
Date Reported: 03/18/2001 Brief Description: Eudora HTML emails could allow remote execution of code Risk Factor: Low Attack Type: Network Based Platforms Affected: Windows All versions, Eudora 5.0.2 Vulnerability: eudora-html-execute-code X-Force URL: http://xforce.iss.net/static/6262.php
Date Reported: 03/19/2001 Brief Description: ASPSeek s.cgi buffer overflow Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Linux All versions, ASPSeek 1.0.3 and earlier Vulnerability: aspseek-scgi-bo X-Force URL: http://xforce.iss.net/static/6248.php
Date Reported: 03/20/2001 Brief Description: HSLCTF HTTP denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: AIX All versions, Unix All versions, HSLCTF 1.0 Vulnerability: hslctf-http-dos X-Force URL: http://xforce.iss.net/static/6250.php
Date Reported: 03/20/2001 Brief Description: LICQ received URL execute commands Risk Factor: Low Attack Type: Network Based Platforms Affected: Linux Mandrake Corporate Server 1.0.1, LICQ All, Linux Mandrake 7.1, Linux Red Hat 7.0, Linux Mandrake 7.2 Vulnerability: licq-url-execute-commands X-Force URL: http://xforce.iss.net/static/6261.php
Date Reported: 03/20/2001 Brief Description: SurfControl SuperScout allows user to bypass filtering rules Risk Factor: Medium Attack Type: Network Based Platforms Affected: SurfControl SuperScout 3.0.2 and prior, Windows NT 4.0, Windows 2000 All versions Vulnerability: superscout-bypass-filtering X-Force URL: http://xforce.iss.net/static/6300.php
Date Reported: 03/20/2001 Brief Description: DGUX lpsched buffer overflow Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: DG/UX All versions Vulnerability: dgux-lpsched-bo X-Force URL: http://xforce.iss.net/static/6258.php
Date Reported: 03/20/2001 Brief Description: REDIPlus stock trading software stores passwords in plaintext Risk Factor: Medium Attack Type: Host Based Platforms Affected: REDIPlus 1.0, Windows All versions Vulnerability: rediplus-weak-security X-Force URL: http://xforce.iss.net/static/6276.php
Date Reported: 03/20/2001 Brief Description: FCheck open() function allows the execution of commands Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO All versions, FCheck prior to 2.07.59, SunOS All versions, Windows All versions, Unix All versions, HP-UX All versions, Linux All versions, Solaris All versions, AIX All versions, BSD All versions Vulnerability: fcheck-open-execute-commands X-Force URL: http://xforce.iss.net/static/6256.php
Date Reported: 03/20/2001 Brief Description: NTMail long URL denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Windows 2000 All versions, NTMail 6, Windows NT 4.0 Vulnerability: ntmail-long-url-dos X-Force URL: http://xforce.iss.net/static/6249.php
Date Reported: 03/21/2001 Brief Description: VIM text editor allows attackers to gain elevated privileges Risk Factor: Low Attack Type: Host Based Platforms Affected: VIM All versions, Linux Red Hat 5.2, Linux Red Hat 6.2, Linux Red Hat 7.0 Vulnerability: vim-elevate-privileges X-Force URL: http://xforce.iss.net/static/6259.php
Date Reported: 03/22/2001 Brief Description: FreeBSD UFS/EXT2FS could allow disclosure of deleted data Risk Factor: Medium Attack Type: Host Based Platforms Affected: UFS All versions, EXT2FS All versions, FreeBSD All versions Vulnerability: ufs-ext2fs-data-disclosure X-Force URL: http://xforce.iss.net/static/6268.php
Date Reported: 03/22/2001 Brief Description: Microsoft invalid digital certificates could be used for spoofing Risk Factor: Low Attack Type: Host Based Platforms Affected: Windows ME All versions, Windows 95 All versions, Windows 98 All versions, Windows 2000 All versions, Windows NT All versions Vulnerability: microsoft-invalid-digital-certificates X-Force URL: http://xforce.iss.net/static/6265.php
Date Reported: 03/23/2001 Brief Description: Akopia Interchange could allow attacker to gain administrative access Risk Factor: Low Attack Type: Network Based Platforms Affected: Akopia Interchange 4.5.3 and 4.6.3 Vulnerability: akopia-interchange-gain-access X-Force URL: http://xforce.iss.net/static/6273.php
Date Reported: 03/23/2001 Brief Description: Solaris /opt/JSParm/bin/perfmon allows user to create files with root privileges Risk Factor: Low Attack Type: Host Based Platforms Affected: Solaris 2.x Vulnerability: solaris-perfmon-create-files X-Force URL: http://xforce.iss.net/static/6267.php
Date Reported: 03/23/2001 Brief Description: Windows user.dmp file insecure permissions Risk Factor: Medium Attack Type: Host Based Platforms Affected: Windows NT All versions, Windows 2000 All versions Vulnerability: win-userdmp-insecure-permission X-Force URL: http://xforce.iss.net/static/6275.php
Date Reported: 03/23/2001 Brief Description: Compaq Web-enabled management software could allow users to bypass proxy settings Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Compaq Web-Enabled Management All versions Vulnerability: compaq-wbm-bypass-proxy X-Force URL: http://xforce.iss.net/static/6264.php
Date Reported: 03/25/2001 Brief Description: MDaemon IMAP SELECT and EXAMINE command denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Windows All versions, Mdaemon 3.5.6 Vulnerability: mdaemon-imap-command-dos X-Force URL: http://xforce.iss.net/static/6279.php
Date Reported: 03/25/2001 Brief Description: HP-UX 11.11 newgrp(1) command allows users to gain additional privileges Risk Factor: High Attack Type: Host Based Platforms Affected: HP-UX 11.11 Vulnerability: hp-newgrp-additional-privileges X-Force URL: http://xforce.iss.net/static/6282.php
Date Reported: 03/26/2001 Brief Description: 602Pro LAN SUITE webprox.dll denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Windows All versions, 602Pro LAN SUITE 2000a All versions Vulnerability: lan-suite-webprox-dos X-Force URL: http://xforce.iss.net/static/6281.php
Date Reported: 03/26/2001 Brief Description: BEA WebLogic Server could allow attackers to browse Web directories Risk Factor: High Attack Type: Network Based Platforms Affected: WebLogic Server 6.0, Windows All versions Vulnerability: weblogic-browse-directories X-Force URL: http://xforce.iss.net/static/6283.php
Date Reported: 03/27/2001 Brief Description: Solaris tip buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: Solaris 8, Solaris 2.5.1, Solaris 2.6, Solaris 7 Vulnerability: solaris-tip-bo X-Force URL: http://xforce.iss.net/static/6284.php
Date Reported: 03/27/2001 Brief Description: SonicWALL IKE pre-shared key is 48 bytes instead of 128 bytes Risk Factor: Medium Attack Type: Network Based Platforms Affected: SonicWALL TELE2 6.0.0, SonicWALL SOHO2 6.0.0 Vulnerability: sonicwall-ike-shared-keys X-Force URL: http://xforce.iss.net/static/6304.php
Date Reported: 03/27/2001 Brief Description: Anaconda Foundation Clipper directory traversal Risk Factor: Medium Attack Type: Network Based Platforms Affected: Anaconda Foundation Clipper 3.3 Vulnerability: anaconda-clipper-directory-traversal X-Force URL: http://xforce.iss.net/static/6286.php
Date Reported: 03/27/2001 Brief Description: Microsoft Visual Studio VB-TSQL buffer overflow Risk Factor: Low Attack Type: Network Based Platforms Affected: Windows 2000 All versions, Microsoft Visual Studio 6.0 Enterprise Ed., Windows NT All versions Vulnerability: visual-studio-vbtsql-bo X-Force URL: http://xforce.iss.net/static/6288.php
Date Reported: 03/27/2001 Brief Description: SCO OpenServer deliver buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO OpenServer 5.0.6 Vulnerability: sco-openserver-deliver-bo X-Force URL: http://xforce.iss.net/static/6302.php
Date Reported: 03/27/2001 Brief Description: SCO OpenServer lpadmin buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO OpenServer 5.0.6 Vulnerability: sco-openserver-lpadmin-bo X-Force URL: http://xforce.iss.net/static/6291.php
Date Reported: 03/27/2001 Brief Description: SCO OpenServer lpforms buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO OpenServer 5.0.6 Vulnerability: sco-openserver-lpforms-bo X-Force URL: http://xforce.iss.net/static/6293.php
Date Reported: 03/27/2001 Brief Description: SCO OpenServer lpshut buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO OpenServer 5.0.6 Vulnerability: sco-openserver-lpshut-bo X-Force URL: http://xforce.iss.net/static/6290.php
Date Reported: 03/27/2001 Brief Description: SCO OpenServer lpusers buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO OpenServer 5.0.6 Vulnerability: sco-openserver-lpusers-bo X-Force URL: http://xforce.iss.net/static/6292.php
Date Reported: 03/27/2001 Brief Description: SCO OpenServer recon buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO OpenServer 5.0.6 Vulnerability: sco-openserver-recon-bo X-Force URL: http://xforce.iss.net/static/6289.php
Date Reported: 03/27/2001 Brief Description: SCO OpenServer sendmail buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO OpenServer 5.0.6 Vulnerability: sco-openserver-sendmail-bo X-Force URL: http://xforce.iss.net/static/6303.php
Date Reported: 03/28/2001 Brief Description: Inframail POST command denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Windows All versions, Inframail 3.97a and earlier, Linux All versions Vulnerability: inframail-post-dos X-Force URL: http://xforce.iss.net/static/6297.php
Date Reported: 03/28/2001 Brief Description: Cisco VPN 3000 Concentrators Telnet denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Cisco VPN 3000 Concentrators prior to 3.0.00 Vulnerability: cisco-vpn-telnet-dos X-Force URL: http://xforce.iss.net/static/6298.php
Date Reported: 03/28/2001 Brief Description: WebSite Professional remote manager service denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: O'Reilly WebSite Pro 3.0.37 Vulnerability: website-pro-remote-dos X-Force URL: http://xforce.iss.net/static/6295.php
Date Reported: 03/28/2001 Brief Description: Windows Me and Plus! 98 could allow the recovery of Compressed Folder passwords Risk Factor: Medium Attack Type: Host Based Platforms Affected: Windows 98 All versions, Windows 98 Second Edition, Windows ME All versions Vulnerability: win-compressed-password-recovery X-Force URL: http://xforce.iss.net/static/6294.php
Risk Factor Key:
High Any vulnerability that provides an attacker with immediate
access into a machine, gains superuser access, or bypasses
a firewall. Example: A vulnerable Sendmail 8.6.5 version
that allows an intruder to execute commands on mail
server.
Medium Any vulnerability that provides information that has a
high potential of giving system access to an intruder.
Example: A misconfigured TFTP or vulnerable NIS server
that allows an intruder to get the password file that
could contain an account with a guessable password.
Low Any vulnerability that provides information that
potentially could lead to a compromise. Example: A
finger that allows an intruder to find out who is online
and potential accounts to attempt to crack passwords
via brute force methods.
Internet Security Systems is the leading global provider of security management solutions for the Internet, protecting digital assets and ensuring safe and uninterrupted e-business. With its industry-leading intrusion detection and vulnerability assessment, remote managed security services, and strategic consulting and education offerings, ISS is a trusted security provider to more than 8,000 customers worldwide including 21 of the 25 largest U.S. commercial banks and the top 10 U.S. telecommunications companies. Founded in 1994, ISS is headquartered in Atlanta, GA, with additional offices throughout North America and international operations in Asia, Australia, Europe, Latin America and the Middle East. For more information, visit the Internet Security Systems web site at www.iss.net or call 888-901-7477.
Copyright (c) 2001 by Internet Security Systems, Inc.
Permission is hereby granted for the redistribution of this Alert electronically. It is not to be edited in any way without express consent of the X-Force. If you wish to reprint the whole or any part of this Alert in any other medium excluding electronic medium, please e-mail xforce@iss.net for permission.
Disclaimer
The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk.
X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as well as on MIT's PGP key server and PGP.com's key server.
Please send suggestions, updates, and comments to: X-Force xforce@iss.net of Internet Security Systems, Inc.
-----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: noconv
iQCVAwUBOszkuDRfJiV99eG9AQFlewP8C6v84pW6UR171S6OThwkg/P7ylXIMY3P jO+w8ohAvbsa90iLFMlGo6YY0pIKSwlacQErryVFfVcRLQ1gIQhBxoIQlwrNkB6m XWnhroR/R7rzatML9cnHzpQKUK7Hax3LSxdxZQQwIDISxBZ4aeOTQwD+seuIos8t 8PVD8c9UO3g= =1xgg -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200106-0176",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vpn 3060 concentrator",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "vpn 3015 concentrator",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "vpn 3005 concentrator",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "vpn 3000 concentrator",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "vpn 3030 concentator",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "vpn 3080 concentrator",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sun",
"version": null
},
{
"model": "vpn 3060 concentrator",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "vpn 3015 concentrator",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "vpn 3005 concentrator",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "vpn 3000 concentrator",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "vpn 3080 concentrator",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "vpn 3030 concentator",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "solaris 8 sparc",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "vpn concentrator",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3080"
},
{
"model": "vpn concentrator",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3060"
},
{
"model": "vpn concentrator",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3015"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#154976"
},
{
"db": "BID",
"id": "2485"
},
{
"db": "BID",
"id": "88960"
},
{
"db": "NVD",
"id": "CVE-2001-0427"
},
{
"db": "CNNVD",
"id": "CNNVD-200106-090"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:vpn_3030_concentator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:vpn_3060_concentrator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:vpn_3005_concentrator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:vpn_3015_concentrator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:vpn_3000_concentrator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:vpn_3080_concentrator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0427"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This vulnerabililty was announced to Bugtraq by Pablo Sor \u003cpsor@afip.gov.ar\u003e on March 13, 2001.",
"sources": [
{
"db": "BID",
"id": "2485"
}
],
"trust": 0.3
},
"cve": "CVE-2001-0427",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-3246",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2001-0427",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#154976",
"trust": 0.8,
"value": "0.28"
},
{
"author": "CNNVD",
"id": "CNNVD-200106-090",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-3246",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#154976"
},
{
"db": "VULHUB",
"id": "VHN-3246"
},
{
"db": "NVD",
"id": "CVE-2001-0427"
},
{
"db": "CNNVD",
"id": "CNNVD-200106-090"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via a flood of invalid login requests to (1) the SSL service, or (2) the telnet service, which do not properly disconnect the user after several failed login attempts. The SNMP proxy agent on certain large Solaris systems contains a buffer overflow. It may be possible, though it is unconfirmed, that an intruder could use this flaw to execute code with root privileges. Solaris is the Unix Operating System variant distributed and maintained by Sun Microsystems. Solaris is a freely available operating system designed to run on systems of varying size with maximum scalability. \nA problem with the SNMP Daemon included in the SUNWsspop package results in a buffer overflow, and potentially the execution of arbitrary code. Upon parsing the argv[0] variable from the command line, this information is stored in a static buffer. The static buffer is vulnerable to being overflowed at 700 bytes of data. This vulnerability is only present on systems acting as the System Service Processor for an E10000, or on any system with the SUNWsspop package installed. VPN 3060 Concentrator is prone to a denial-of-service vulnerability. Concentrators prior to Cisco VPN 3000 Series versions 2.5.2(F) have a vulnerability. -----BEGIN PGP SIGNED MESSAGE-----\n\nInternet Security Systems Security Alert Summary\nApril 5, 2001\nVolume 6 Number 5\n\nX-Force Vulnerability and Threat Database: http://xforce.iss.net/ To\nreceive these Alert Summaries as well as other Alerts and Advisories,\nsubscribe to the Internet Security Systems Alert mailing list at:\nhttp://xforce.iss.net/maillists/index.php\n\nThis summary can be found at http://xforce.iss.net/alerts/vol-6_num-5.php\n\n_____\n\nContents:\n* 80 Reported Vulnerabilities\n* Risk Factor Key\n_____\n\nDate Reported: 03/01/2001\nBrief Description: Palm OS Debug Mode allows attacker to bypass password\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: Palm OS 3.5.2, Palm OS 3.3\nVulnerability: palm-debug-bypass-password\nX-Force URL: http://xforce.iss.net/static/6196.php\n\nDate Reported: 03/01/2001\nBrief Description: Microsoft Exchange malformed URL request could cause a\n denial of service\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Microsoft Exchange 2000\nVulnerability: exchange-malformed-url-dos\nX-Force URL: http://xforce.iss.net/static/6172.php\n\nDate Reported: 03/02/2001\nBrief Description: Mailx buffer overflow\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: OpenLinux 2.4, OpenLinux 2.3, Linux Debian 2.2\nVulnerability: mailx-bo\nX-Force URL: http://xforce.iss.net/static/6181.php\n\nDate Reported: 03/02/2001\nBrief Description: SunFTP allows attackers to gain unauthorized file access\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: SunFTP 1.0 Build 9\nVulnerability: sunftp-gain-access\nX-Force URL: http://xforce.iss.net/static/6195.php\n\nDate Reported: 03/02/2001\nBrief Description: WinZip /zipandemail option buffer overflow\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: Windows 2000 All versions, Winzip 8.0, Windows NT All\n versions\nVulnerability: winzip-zipandemail-bo\nX-Force URL: http://xforce.iss.net/static/6191.php\n\nDate Reported: 03/04/2001\nBrief Description: Broker FTP Server allows remote attacker to delete files\n outside the FTP root\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Broker FTP Server All versions\nVulnerability: broker-ftp-delete-files\nX-Force URL: http://xforce.iss.net/static/6190.php\n\nDate Reported: 03/04/2001\nBrief Description: Broker FTP allows remote user to list directories outside\n the FTP root\nRisk Factor: High\nAttack Type: Network Based\nPlatforms Affected: Broker FTP Server All versions\nVulnerability: broker-ftp-list-directories\nX-Force URL: http://xforce.iss.net/static/6189.php\n\nDate Reported: 03/04/2001\nBrief Description: INDEXU allows attackers to gain unauthorized system access\nRisk Factor: Low\nAttack Type: Host Based / Network Based\nPlatforms Affected: INDEXU 2.0beta and earlier\nVulnerability: indexu-gain-access\nX-Force URL: http://xforce.iss.net/static/6202.php\n\nDate Reported: 03/04/2001\nBrief Description: Fastream FTP++ Client allows user to download files outside\n of Web root directory\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Fastream FTP++ Server 2.0\nVulnerability: fastream-ftp-directory-traversal\nX-Force URL: http://xforce.iss.net/static/6187.php\n\nDate Reported: 03/04/2001\nBrief Description: SlimServe HTTPd directory traversal\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: SlimServe HTTPd 1.1 and earlier\nVulnerability: slimserve-httpd-directory-traversal\nX-Force URL: http://xforce.iss.net/static/6186.php\n\nDate Reported: 03/04/2001\nBrief Description: WFTPD Pro buffer overflow\nRisk Factor: Low\nAttack Type: Network Based\nPlatforms Affected: WFTPD Pro 3.00\nVulnerability: wftpd-pro-bo\nX-Force URL: http://xforce.iss.net/static/6184.php\n\nDate Reported: 03/05/2001\nBrief Description: IRCd tkserv buffer overflow\nRisk Factor: Low\nAttack Type: Network Based\nPlatforms Affected: IRCd All versions, tkserv 1.3.0 and earlier\nVulnerability: irc-tkserv-bo\nX-Force URL: http://xforce.iss.net/static/6193.php\n\nDate Reported: 03/06/2001\nBrief Description: War FTPD could allow attackers to list directories outside\n the FTP root\nRisk Factor: High\nAttack Type: Network Based\nPlatforms Affected: WarFTPD 1.67b4\nVulnerability: warftp-directory-traversal\nX-Force URL: http://xforce.iss.net/static/6197.php\n\nDate Reported: 03/06/2001\nBrief Description: Internet Explorer could allow execution of commands when\n used with Telnet\nRisk Factor: Low\nAttack Type: Host Based / Network Based\nPlatforms Affected: Internet Explorer 5.5, Services for Unix 2.0, Windows NT All\n versions, Windows 2000 All versions, Internet Explorer 5.01\nVulnerability: ie-telnet-execute-commands\nX-Force URL: http://xforce.iss.net/static/6230.php\n\nDate Reported: 03/07/2001\nBrief Description: Cisco Aironet Web access allows remote attacker to\n view/modify configuration\nRisk Factor: Low\nAttack Type: Network Based\nPlatforms Affected: Aironet 340 Series Wireless Bridge Firmware 8.07, Aironet\n 340 Series Wireless Bridge Firmware 8.24, Aironet 340 Series\n Wireless Bridge Firmware 7.x\nVulnerability: cisco-aironet-web-access\nX-Force URL: http://xforce.iss.net/static/6200.php\n\nDate Reported: 03/07/2001\nBrief Description: Netscape Directory Server buffer overflow\nRisk Factor: Low\nAttack Type: Network Based\nPlatforms Affected: Netscape Directory Server 4.1, Netscape Directory Server\n 4.12, Windows NT All versions\nVulnerability: netscape-directory-server-bo\nX-Force URL: http://xforce.iss.net/static/6233.php\n\nDate Reported: 03/07/2001\nBrief Description: Proftpd contains configuration error in postinst script when\n running as root\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: Linux Debian 2.2\nVulnerability: proftpd-postinst-root\nX-Force URL: http://xforce.iss.net/static/6208.php\n\nDate Reported: 03/07/2001\nBrief Description: proftpd /var symlink\nRisk Factor: Medium\nAttack Type: Host Based\nPlatforms Affected: Linux Debian 2.2\nVulnerability: proftpd-var-symlink\nX-Force URL: http://xforce.iss.net/static/6209.php\n\nDate Reported: 03/07/2001\nBrief Description: man2html remote denial of service\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: man2html prior to 1.5.23\nVulnerability: man2html-remote-dos\nX-Force URL: http://xforce.iss.net/static/6211.php\n\nDate Reported: 03/07/2001\nBrief Description: Linux ePerl buffer overflow\nRisk Factor: Medium\nAttack Type: Host Based / Network Based\nPlatforms Affected: Linux Mandrake 7.2, Linux Mandrake Corporate Server 1.0.1,\n ePerl prior to 2.2.14, Linux Debian 2.2, Linux Mandrake 7.1\nVulnerability: linux-eperl-bo\nX-Force URL: http://xforce.iss.net/static/6198.php\n\nDate Reported: 03/08/2001\nBrief Description: Novell NetWare could allow attackers to gain unauthorized\n access\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Novell NetWare 4.01, Novell NetWare 5.1, Novell NetWare 3.1,\n Novell NetWare 4.11, Novell NetWare 5.0\nVulnerability: novell-netware-unauthorized-access\nX-Force URL: http://xforce.iss.net/static/6215.php\n\nDate Reported: 03/08/2001\nBrief Description: Linux sgml-tools symlink attack\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: Linux Mandrake Corporate Server 1.0.1, sgml-tools prior to\n 1.0.9-15, Linux Mandrake 7.2, Linux Immunix OS 6.2, Linux\n Immunix OS 7.0 Beta, Linux Mandrake 6.0, Linux Mandrake 6.1,\n Linux Red Hat 7.0, Linux Red Hat 6.2, Linux Debian 2.2,\n Linux Mandrake 7.1, Linux Red Hat 5.2\nVulnerability: sgmltools-symlink\nX-Force URL: http://xforce.iss.net/static/6201.php\n\nDate Reported: 03/08/2001\nBrief Description: HP-UX asecure denial of service\nRisk Factor: Medium\nAttack Type: Host Based\nPlatforms Affected: HP-UX 10.10, HP-UX 10.20, HP-UX 11, HP-UX 10.01\nVulnerability: hp-asecure-dos\nX-Force URL: http://xforce.iss.net/static/6212.php\n\nDate Reported: 03/08/2001\nBrief Description: ascdc Afterstep buffer overflow\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: ascdc 0.3\nVulnerability: ascdc-afterstep-bo\nX-Force URL: http://xforce.iss.net/static/6204.php\n\nDate Reported: 03/08/2001\nBrief Description: Microsoft IIS WebDAV denial of service\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: IIS 5.0\nVulnerability: iis-webdav-dos\nX-Force URL: http://xforce.iss.net/static/6205.php\n\nDate Reported: 03/08/2001\nBrief Description: WEBsweeper HTTP request denial of service\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: WEBsweeper 4.0, Windows NT All versions\nVulnerability: websweeper-http-dos\nX-Force URL: http://xforce.iss.net/static/6214.php\n\nDate Reported: 03/09/2001\nBrief Description: FOLDOC allows remote attackers to execute commands\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: FOLDEC All versions\nVulnerability: foldoc-cgi-execute-commands\nX-Force URL: http://xforce.iss.net/static/6217.php\n\nDate Reported: 03/09/2001\nBrief Description: slrn newsreader wrapping/unwrapping buffer overflow\nRisk Factor: Low\nAttack Type: Network Based\nPlatforms Affected: Linux Immunix OS 7.0 Beta, Linux Debian 2.2, Linux Red Hat\n 7.0, Linux Immunix OS 6.2, Linux Red Hat 6.0, Linux Red Hat\n 6.1, Linux Red Hat 6.2\nVulnerability: slrn-wrapping-bo\nX-Force URL: http://xforce.iss.net/static/6213.php\n\nDate Reported: 03/09/2001\nBrief Description: Linux mutt package contains format string when using IMAP\nRisk Factor: Low\nAttack Type: Host Based / Network Based\nPlatforms Affected: Linux Mandrake 7.2, Linux Mandrake Corporate Server 1.0.1,\n Linux Mandrake 6.0, Linux Mandrake 6.1, Linux Red Hat 7.0,\n Linux Mandrake 7.0, Linux Mandrake 7.1, Linux Conectiva,\n Linux Red Hat 6.0, Linux Red Hat 6.1, Linux Red Hat 6.2,\n Linux Red Hat 5.2\nVulnerability: mutt-imap-format-string\nX-Force URL: http://xforce.iss.net/static/6235.php\n\nDate Reported: 03/10/2001\nBrief Description: FormMail could be used to flood servers with anonymous email\nRisk Factor: High\nAttack Type: Network Based\nPlatforms Affected: FormMail 1.0 to 1.6, Linux All versions\nVulnerability: formmail-anonymous-flooding\nX-Force URL: http://xforce.iss.net/static/6242.php\n\nDate Reported: 03/11/2001\nBrief Description: Half-Life Server config file buffer overflow\nRisk Factor: Low\nAttack Type: Host Based / Network Based\nPlatforms Affected: Half-Life Dedicated Server All versions\nVulnerability: halflife-config-file-bo\nX-Force URL: http://xforce.iss.net/static/6221.php\n\nDate Reported: 03/11/2001\nBrief Description: Half-Life Server exec command buffer overflow\nRisk Factor: Low\nAttack Type: Host Based / Network Based\nPlatforms Affected: Half-Life Dedicated Server All versions\nVulnerability: halflife-exec-bo\nX-Force URL: http://xforce.iss.net/static/6219.php\n\nDate Reported: 03/11/2001\nBrief Description: Half-Life Server map command buffer overflow\nRisk Factor: Low\nAttack Type: Network Based\nPlatforms Affected: Half-Life Dedicated Server All versions\nVulnerability: halflife-map-bo\nX-Force URL: http://xforce.iss.net/static/6218.php\n\nDate Reported: 03/11/2001\nBrief Description: Half-Life Server \u0027map\u0027 command format string\nRisk Factor: Low\nAttack Type: Host Based / Network Based\nPlatforms Affected: Half-Life Dedicated Server All versions\nVulnerability: halflife-map-format-string\nX-Force URL: http://xforce.iss.net/static/6220.php\n\nDate Reported: 03/11/2001\nBrief Description: Ikonboard allows remote attackers to read files\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Ikonboard 2.1.7b and earlier\nVulnerability: ikonboard-cgi-read-files\nX-Force URL: http://xforce.iss.net/static/6216.php\n\nDate Reported: 03/12/2001\nBrief Description: timed daemon remote denial of service\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Linux SuSE 7.1, Linux Mandrake 7.2, Linux SuSE 7.0, Linux-\n Mandrake Corporate Server 1.0.1, Linux Mandrake 6.0, Linux\n Mandrake 6.1, FreeBSD 4.x, Linux Mandrake 7.0, Linux SuSE\n 6.1, Linux Mandrake 7.1, FreeBSD 3.x, Linux SuSE 6.3, Linux\n SuSE 6.4, Linux SuSE 6.2\nVulnerability: timed-remote-dos\nX-Force URL: http://xforce.iss.net/static/6228.php\n\nDate Reported: 03/12/2001\nBrief Description: imap, ipop2d and ipop3d buffer overflows\nRisk Factor: Low\nAttack Type: Network Based\nPlatforms Affected: OpenLinux eServer 2.3.1, OpenLinux eBuilder for ECential\n 3.0, OpenLinux eDesktop 2.4, OpenLinux 2.3, Linux SuSE 6.1,\n Linux Conectiva\nVulnerability: imap-ipop2d-ipop3d-bo\nX-Force URL: http://xforce.iss.net/static/6269.php\n\nDate Reported: 03/12/2001\nBrief Description: rwhod remote denial of service\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: FreeBSD 3.x, FreeBSD 4.x, Unix All versions\nVulnerability: rwhod-remote-dos\nX-Force URL: http://xforce.iss.net/static/6229.php\n\nDate Reported: 03/13/2001\nBrief Description: SunOS snmpd argv[0] buffer overflow\nRisk Factor: Medium\nAttack Type: Host Based / Network Based\nPlatforms Affected: SunOS 5.8\nVulnerability: snmpd-argv-bo\nX-Force URL: http://xforce.iss.net/static/6239.php\n\nDate Reported: 03/13/2001\nBrief Description: Mesa utah-glx symbolic link\nRisk Factor: Medium\nAttack Type: Host Based\nPlatforms Affected: Mesa prior to 3.3-14, Linux Mandrake 7.2\nVulnerability: mesa-utahglx-symlink\nX-Force URL: http://xforce.iss.net/static/6231.php\n\nDate Reported: 03/14/2001\nBrief Description: Linux FTPfs buffer overflow\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: Linux 2.2.x, FTPfs 0.1.1\nVulnerability: ftpfs-bo\nX-Force URL: http://xforce.iss.net/static/6234.php\n\nDate Reported: 03/15/2001\nBrief Description: Solaris snmpXdmid malformed DMI request buffer overflow\nRisk Factor: Low\nAttack Type: Host Based / Network Based\nPlatforms Affected: Solaris 7, Solaris 8, Solaris 2.6\nVulnerability: solaris-snmpxdmid-bo\nX-Force URL: http://xforce.iss.net/static/6245.php\n\nDate Reported: 03/15/2001\nBrief Description: vBulletin PHP Web forum allows attackers to gain elevated\n privileges\nRisk Factor: Low\nAttack Type: Network Based\nPlatforms Affected: vBulletin 1.1.5 and earlier, vBulletin 2.0beta2 and earlier,\n Windows All versions, Unix All versions\nVulnerability: vbulletin-php-elevate-privileges\nX-Force URL: http://xforce.iss.net/static/6237.php\n\nDate Reported: 03/15/2001\nBrief Description: MDaemon WorldClient Web services denial of service\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Windows NT All versions, Windows 2000 All versions, Mdaemon\n 3.5.6\nVulnerability: mdaemon-webservices-dos\nX-Force URL: http://xforce.iss.net/static/6240.php\n\nDate Reported: 03/16/2001\nBrief Description: SSH ssheloop.c denial of service\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: SSH for Windows Server 2.4, SSH for Windows Server 2.5,\n Windows All versions\nVulnerability: ssh-ssheloop-dos\nX-Force URL: http://xforce.iss.net/static/6241.php\n\nDate Reported: 03/18/2001\nBrief Description: Eudora HTML emails could allow remote execution of code\nRisk Factor: Low\nAttack Type: Network Based\nPlatforms Affected: Windows All versions, Eudora 5.0.2\nVulnerability: eudora-html-execute-code\nX-Force URL: http://xforce.iss.net/static/6262.php\n\nDate Reported: 03/19/2001\nBrief Description: ASPSeek s.cgi buffer overflow\nRisk Factor: Low\nAttack Type: Host Based / Network Based\nPlatforms Affected: Linux All versions, ASPSeek 1.0.3 and earlier\nVulnerability: aspseek-scgi-bo\nX-Force URL: http://xforce.iss.net/static/6248.php\n\nDate Reported: 03/20/2001\nBrief Description: HSLCTF HTTP denial of service\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: AIX All versions, Unix All versions, HSLCTF 1.0\nVulnerability: hslctf-http-dos\nX-Force URL: http://xforce.iss.net/static/6250.php\n\nDate Reported: 03/20/2001\nBrief Description: LICQ received URL execute commands\nRisk Factor: Low\nAttack Type: Network Based\nPlatforms Affected: Linux Mandrake Corporate Server 1.0.1, LICQ All, Linux\n Mandrake 7.1, Linux Red Hat 7.0, Linux Mandrake 7.2\nVulnerability: licq-url-execute-commands\nX-Force URL: http://xforce.iss.net/static/6261.php\n\nDate Reported: 03/20/2001\nBrief Description: SurfControl SuperScout allows user to bypass filtering rules\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: SurfControl SuperScout 3.0.2 and prior, Windows NT 4.0,\n Windows 2000 All versions\nVulnerability: superscout-bypass-filtering\nX-Force URL: http://xforce.iss.net/static/6300.php\n\nDate Reported: 03/20/2001\nBrief Description: DGUX lpsched buffer overflow\nRisk Factor: Low\nAttack Type: Host Based / Network Based\nPlatforms Affected: DG/UX All versions\nVulnerability: dgux-lpsched-bo\nX-Force URL: http://xforce.iss.net/static/6258.php\n\nDate Reported: 03/20/2001\nBrief Description: REDIPlus stock trading software stores passwords in\n plaintext\nRisk Factor: Medium\nAttack Type: Host Based\nPlatforms Affected: REDIPlus 1.0, Windows All versions\nVulnerability: rediplus-weak-security\nX-Force URL: http://xforce.iss.net/static/6276.php\n\nDate Reported: 03/20/2001\nBrief Description: FCheck open() function allows the execution of commands\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: SCO All versions, FCheck prior to 2.07.59, SunOS All\n versions, Windows All versions, Unix All versions, HP-UX All\n versions, Linux All versions, Solaris All versions, AIX All\n versions, BSD All versions\nVulnerability: fcheck-open-execute-commands\nX-Force URL: http://xforce.iss.net/static/6256.php\n\nDate Reported: 03/20/2001\nBrief Description: NTMail long URL denial of service\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Windows 2000 All versions, NTMail 6, Windows NT 4.0\nVulnerability: ntmail-long-url-dos\nX-Force URL: http://xforce.iss.net/static/6249.php\n\nDate Reported: 03/21/2001\nBrief Description: VIM text editor allows attackers to gain elevated privileges\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: VIM All versions, Linux Red Hat 5.2, Linux Red Hat 6.2,\n Linux Red Hat 7.0\nVulnerability: vim-elevate-privileges\nX-Force URL: http://xforce.iss.net/static/6259.php\n\nDate Reported: 03/22/2001\nBrief Description: FreeBSD UFS/EXT2FS could allow disclosure of deleted data\nRisk Factor: Medium\nAttack Type: Host Based\nPlatforms Affected: UFS All versions, EXT2FS All versions, FreeBSD All versions\nVulnerability: ufs-ext2fs-data-disclosure\nX-Force URL: http://xforce.iss.net/static/6268.php\n\nDate Reported: 03/22/2001\nBrief Description: Microsoft invalid digital certificates could be used for\n spoofing\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: Windows ME All versions, Windows 95 All versions, Windows 98\n All versions, Windows 2000 All versions, Windows NT All\n versions\nVulnerability: microsoft-invalid-digital-certificates\nX-Force URL: http://xforce.iss.net/static/6265.php\n\nDate Reported: 03/23/2001\nBrief Description: Akopia Interchange could allow attacker to gain\n administrative access\nRisk Factor: Low\nAttack Type: Network Based\nPlatforms Affected: Akopia Interchange 4.5.3 and 4.6.3\nVulnerability: akopia-interchange-gain-access\nX-Force URL: http://xforce.iss.net/static/6273.php\n\nDate Reported: 03/23/2001\nBrief Description: Solaris /opt/JSParm/bin/perfmon allows user to create files\n with root privileges\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: Solaris 2.x\nVulnerability: solaris-perfmon-create-files\nX-Force URL: http://xforce.iss.net/static/6267.php\n\nDate Reported: 03/23/2001\nBrief Description: Windows user.dmp file insecure permissions\nRisk Factor: Medium\nAttack Type: Host Based\nPlatforms Affected: Windows NT All versions, Windows 2000 All versions\nVulnerability: win-userdmp-insecure-permission\nX-Force URL: http://xforce.iss.net/static/6275.php\n\nDate Reported: 03/23/2001\nBrief Description: Compaq Web-enabled management software could allow users to\n bypass proxy settings\nRisk Factor: Low\nAttack Type: Host Based / Network Based\nPlatforms Affected: Compaq Web-Enabled Management All versions\nVulnerability: compaq-wbm-bypass-proxy\nX-Force URL: http://xforce.iss.net/static/6264.php\n\nDate Reported: 03/25/2001\nBrief Description: MDaemon IMAP SELECT and EXAMINE command denial of service\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Windows All versions, Mdaemon 3.5.6\nVulnerability: mdaemon-imap-command-dos\nX-Force URL: http://xforce.iss.net/static/6279.php\n\nDate Reported: 03/25/2001\nBrief Description: HP-UX 11.11 newgrp(1) command allows users to gain additional privileges\nRisk Factor: High\nAttack Type: Host Based\nPlatforms Affected: HP-UX 11.11\nVulnerability: hp-newgrp-additional-privileges\nX-Force URL: http://xforce.iss.net/static/6282.php\n\nDate Reported: 03/26/2001\nBrief Description: 602Pro LAN SUITE webprox.dll denial of service\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Windows All versions, 602Pro LAN SUITE 2000a All versions\nVulnerability: lan-suite-webprox-dos\nX-Force URL: http://xforce.iss.net/static/6281.php\n\nDate Reported: 03/26/2001\nBrief Description: BEA WebLogic Server could allow attackers to browse Web\n directories\nRisk Factor: High\nAttack Type: Network Based\nPlatforms Affected: WebLogic Server 6.0, Windows All versions\nVulnerability: weblogic-browse-directories\nX-Force URL: http://xforce.iss.net/static/6283.php\n\nDate Reported: 03/27/2001\nBrief Description: Solaris tip buffer overflow\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: Solaris 8, Solaris 2.5.1, Solaris 2.6, Solaris 7\nVulnerability: solaris-tip-bo\nX-Force URL: http://xforce.iss.net/static/6284.php\n\nDate Reported: 03/27/2001\nBrief Description: SonicWALL IKE pre-shared key is 48 bytes instead of 128\n bytes\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: SonicWALL TELE2 6.0.0, SonicWALL SOHO2 6.0.0\nVulnerability: sonicwall-ike-shared-keys\nX-Force URL: http://xforce.iss.net/static/6304.php\n\nDate Reported: 03/27/2001\nBrief Description: Anaconda Foundation Clipper directory traversal\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Anaconda Foundation Clipper 3.3\nVulnerability: anaconda-clipper-directory-traversal\nX-Force URL: http://xforce.iss.net/static/6286.php\n\nDate Reported: 03/27/2001\nBrief Description: Microsoft Visual Studio VB-TSQL buffer overflow\nRisk Factor: Low\nAttack Type: Network Based\nPlatforms Affected: Windows 2000 All versions, Microsoft Visual Studio 6.0\n Enterprise Ed., Windows NT All versions\nVulnerability: visual-studio-vbtsql-bo\nX-Force URL: http://xforce.iss.net/static/6288.php\n\nDate Reported: 03/27/2001\nBrief Description: SCO OpenServer deliver buffer overflow\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: SCO OpenServer 5.0.6\nVulnerability: sco-openserver-deliver-bo\nX-Force URL: http://xforce.iss.net/static/6302.php\n\nDate Reported: 03/27/2001\nBrief Description: SCO OpenServer lpadmin buffer overflow\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: SCO OpenServer 5.0.6\nVulnerability: sco-openserver-lpadmin-bo\nX-Force URL: http://xforce.iss.net/static/6291.php\n\nDate Reported: 03/27/2001\nBrief Description: SCO OpenServer lpforms buffer overflow\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: SCO OpenServer 5.0.6\nVulnerability: sco-openserver-lpforms-bo\nX-Force URL: http://xforce.iss.net/static/6293.php\n\nDate Reported: 03/27/2001\nBrief Description: SCO OpenServer lpshut buffer overflow\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: SCO OpenServer 5.0.6\nVulnerability: sco-openserver-lpshut-bo\nX-Force URL: http://xforce.iss.net/static/6290.php\n\nDate Reported: 03/27/2001\nBrief Description: SCO OpenServer lpusers buffer overflow\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: SCO OpenServer 5.0.6\nVulnerability: sco-openserver-lpusers-bo\nX-Force URL: http://xforce.iss.net/static/6292.php\n\nDate Reported: 03/27/2001\nBrief Description: SCO OpenServer recon buffer overflow\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: SCO OpenServer 5.0.6\nVulnerability: sco-openserver-recon-bo\nX-Force URL: http://xforce.iss.net/static/6289.php\n\nDate Reported: 03/27/2001\nBrief Description: SCO OpenServer sendmail buffer overflow\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: SCO OpenServer 5.0.6\nVulnerability: sco-openserver-sendmail-bo\nX-Force URL: http://xforce.iss.net/static/6303.php\n\nDate Reported: 03/28/2001\nBrief Description: Inframail POST command denial of service\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Windows All versions, Inframail 3.97a and earlier, Linux All\n versions\nVulnerability: inframail-post-dos\nX-Force URL: http://xforce.iss.net/static/6297.php\n\nDate Reported: 03/28/2001\nBrief Description: Cisco VPN 3000 Concentrators Telnet denial of service\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Cisco VPN 3000 Concentrators prior to 3.0.00\nVulnerability: cisco-vpn-telnet-dos\nX-Force URL: http://xforce.iss.net/static/6298.php\n\nDate Reported: 03/28/2001\nBrief Description: WebSite Professional remote manager service denial of\n service\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: O\u0027Reilly WebSite Pro 3.0.37\nVulnerability: website-pro-remote-dos\nX-Force URL: http://xforce.iss.net/static/6295.php\n\nDate Reported: 03/28/2001\nBrief Description: Windows Me and Plus! 98 could allow the recovery of\n Compressed Folder passwords\nRisk Factor: Medium\nAttack Type: Host Based\nPlatforms Affected: Windows 98 All versions, Windows 98 Second Edition, Windows\n ME All versions\nVulnerability: win-compressed-password-recovery\nX-Force URL: http://xforce.iss.net/static/6294.php\n\n_____\n\nRisk Factor Key:\n\n High Any vulnerability that provides an attacker with immediate\n access into a machine, gains superuser access, or bypasses\n a firewall. Example: A vulnerable Sendmail 8.6.5 version\n that allows an intruder to execute commands on mail\n server. \n Medium Any vulnerability that provides information that has a\n high potential of giving system access to an intruder. \n Example: A misconfigured TFTP or vulnerable NIS server\n that allows an intruder to get the password file that\n could contain an account with a guessable password. \n Low Any vulnerability that provides information that\n potentially could lead to a compromise. Example: A\n finger that allows an intruder to find out who is online\n and potential accounts to attempt to crack passwords\n via brute force methods. \n\n________\n\n\nInternet Security Systems is the leading global provider of security \nmanagement solutions for the Internet, protecting digital assets and \nensuring safe and uninterrupted e-business. With its industry-leading \nintrusion detection and vulnerability assessment, remote managed security \nservices, and strategic consulting and education offerings, ISS is a \ntrusted security provider to more than 8,000 customers worldwide including\n21 of the 25 largest U.S. commercial banks and the top 10 U.S. \ntelecommunications companies. Founded in 1994, ISS is headquartered in \nAtlanta, GA, with additional offices throughout North America and \ninternational operations in Asia, Australia, Europe, Latin America and the \nMiddle East. For more information, visit the Internet Security Systems web\nsite at www.iss.net or call 888-901-7477. \n\nCopyright (c) 2001 by Internet Security Systems, Inc. \n\nPermission is hereby granted for the redistribution of this Alert\nelectronically. It is not to be edited in any way without express consent\nof the X-Force. If you wish to reprint the whole or any part of this Alert\nin any other medium excluding electronic medium, please e-mail\nxforce@iss.net for permission. \n\nDisclaimer\n\nThe information within this paper may change without notice. Use of this\ninformation constitutes acceptance for use in an AS IS condition. There are\nNO warranties with regard to this information. In no event shall the author\nbe liable for any damages whatsoever arising out of or in connection with\nthe use or spread of this information. Any use of this information is at the\nuser\u0027s own risk. \n\n\n\nX-Force PGP Key available at: http://xforce.iss.net/sensitive.php as \nwell as on MIT\u0027s PGP key server and PGP.com\u0027s key server. \n\nPlease send suggestions, updates, and comments to: X-Force xforce@iss.net\nof Internet Security Systems, Inc. \n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: 2.6.3a\nCharset: noconv\n\niQCVAwUBOszkuDRfJiV99eG9AQFlewP8C6v84pW6UR171S6OThwkg/P7ylXIMY3P\njO+w8ohAvbsa90iLFMlGo6YY0pIKSwlacQErryVFfVcRLQ1gIQhBxoIQlwrNkB6m\nXWnhroR/R7rzatML9cnHzpQKUK7Hax3LSxdxZQQwIDISxBZ4aeOTQwD+seuIos8t\n8PVD8c9UO3g=\n=1xgg\n-----END PGP SIGNATURE-----\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0427"
},
{
"db": "CERT/CC",
"id": "VU#154976"
},
{
"db": "BID",
"id": "2485"
},
{
"db": "BID",
"id": "88960"
},
{
"db": "VULHUB",
"id": "VHN-3246"
},
{
"db": "PACKETSTORM",
"id": "24597"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2001-0427",
"trust": 2.0
},
{
"db": "OSVDB",
"id": "5643",
"trust": 1.7
},
{
"db": "BID",
"id": "2485",
"trust": 1.1
},
{
"db": "XF",
"id": "6298",
"trust": 1.0
},
{
"db": "XF",
"id": "6239",
"trust": 0.9
},
{
"db": "CERT/CC",
"id": "VU#154976",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200106-090",
"trust": 0.7
},
{
"db": "CISCO",
"id": "20010328 VPN3000 CONCENTRATOR TELNET VULNERABILITY",
"trust": 0.6
},
{
"db": "BID",
"id": "88960",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-3246",
"trust": 0.1
},
{
"db": "XF",
"id": "6186",
"trust": 0.1
},
{
"db": "XF",
"id": "6282",
"trust": 0.1
},
{
"db": "XF",
"id": "6218",
"trust": 0.1
},
{
"db": "XF",
"id": "6250",
"trust": 0.1
},
{
"db": "XF",
"id": "6286",
"trust": 0.1
},
{
"db": "XF",
"id": "6289",
"trust": 0.1
},
{
"db": "XF",
"id": "6190",
"trust": 0.1
},
{
"db": "XF",
"id": "6234",
"trust": 0.1
},
{
"db": "XF",
"id": "6258",
"trust": 0.1
},
{
"db": "XF",
"id": "6195",
"trust": 0.1
},
{
"db": "XF",
"id": "6196",
"trust": 0.1
},
{
"db": "XF",
"id": "6284",
"trust": 0.1
},
{
"db": "XF",
"id": "6262",
"trust": 0.1
},
{
"db": "XF",
"id": "6172",
"trust": 0.1
},
{
"db": "XF",
"id": "6269",
"trust": 0.1
},
{
"db": "XF",
"id": "6200",
"trust": 0.1
},
{
"db": "XF",
"id": "6230",
"trust": 0.1
},
{
"db": "XF",
"id": "6293",
"trust": 0.1
},
{
"db": "XF",
"id": "6229",
"trust": 0.1
},
{
"db": "XF",
"id": "6215",
"trust": 0.1
},
{
"db": "XF",
"id": "6248",
"trust": 0.1
},
{
"db": "XF",
"id": "6240",
"trust": 0.1
},
{
"db": "XF",
"id": "6209",
"trust": 0.1
},
{
"db": "XF",
"id": "6288",
"trust": 0.1
},
{
"db": "XF",
"id": "6208",
"trust": 0.1
},
{
"db": "XF",
"id": "6245",
"trust": 0.1
},
{
"db": "XF",
"id": "6261",
"trust": 0.1
},
{
"db": "XF",
"id": "6279",
"trust": 0.1
},
{
"db": "XF",
"id": "6217",
"trust": 0.1
},
{
"db": "XF",
"id": "6219",
"trust": 0.1
},
{
"db": "XF",
"id": "6268",
"trust": 0.1
},
{
"db": "XF",
"id": "6191",
"trust": 0.1
},
{
"db": "XF",
"id": "6303",
"trust": 0.1
},
{
"db": "XF",
"id": "6221",
"trust": 0.1
},
{
"db": "XF",
"id": "6213",
"trust": 0.1
},
{
"db": "XF",
"id": "6201",
"trust": 0.1
},
{
"db": "XF",
"id": "6184",
"trust": 0.1
},
{
"db": "XF",
"id": "6297",
"trust": 0.1
},
{
"db": "XF",
"id": "6295",
"trust": 0.1
},
{
"db": "XF",
"id": "6235",
"trust": 0.1
},
{
"db": "XF",
"id": "6281",
"trust": 0.1
},
{
"db": "XF",
"id": "6212",
"trust": 0.1
},
{
"db": "XF",
"id": "6291",
"trust": 0.1
},
{
"db": "XF",
"id": "6189",
"trust": 0.1
},
{
"db": "XF",
"id": "6220",
"trust": 0.1
},
{
"db": "XF",
"id": "6283",
"trust": 0.1
},
{
"db": "XF",
"id": "6205",
"trust": 0.1
},
{
"db": "XF",
"id": "6197",
"trust": 0.1
},
{
"db": "XF",
"id": "6198",
"trust": 0.1
},
{
"db": "XF",
"id": "6181",
"trust": 0.1
},
{
"db": "XF",
"id": "6228",
"trust": 0.1
},
{
"db": "XF",
"id": "6241",
"trust": 0.1
},
{
"db": "XF",
"id": "6294",
"trust": 0.1
},
{
"db": "XF",
"id": "6304",
"trust": 0.1
},
{
"db": "XF",
"id": "6233",
"trust": 0.1
},
{
"db": "XF",
"id": "6214",
"trust": 0.1
},
{
"db": "XF",
"id": "6300",
"trust": 0.1
},
{
"db": "XF",
"id": "6273",
"trust": 0.1
},
{
"db": "XF",
"id": "6267",
"trust": 0.1
},
{
"db": "XF",
"id": "6264",
"trust": 0.1
},
{
"db": "XF",
"id": "6256",
"trust": 0.1
},
{
"db": "XF",
"id": "6275",
"trust": 0.1
},
{
"db": "XF",
"id": "6292",
"trust": 0.1
},
{
"db": "XF",
"id": "6302",
"trust": 0.1
},
{
"db": "XF",
"id": "6276",
"trust": 0.1
},
{
"db": "XF",
"id": "6204",
"trust": 0.1
},
{
"db": "XF",
"id": "6216",
"trust": 0.1
},
{
"db": "XF",
"id": "6187",
"trust": 0.1
},
{
"db": "XF",
"id": "6231",
"trust": 0.1
},
{
"db": "XF",
"id": "6290",
"trust": 0.1
},
{
"db": "XF",
"id": "6259",
"trust": 0.1
},
{
"db": "XF",
"id": "6265",
"trust": 0.1
},
{
"db": "XF",
"id": "6242",
"trust": 0.1
},
{
"db": "XF",
"id": "6193",
"trust": 0.1
},
{
"db": "XF",
"id": "6237",
"trust": 0.1
},
{
"db": "XF",
"id": "6202",
"trust": 0.1
},
{
"db": "XF",
"id": "6249",
"trust": 0.1
},
{
"db": "XF",
"id": "6211",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "24597",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#154976"
},
{
"db": "VULHUB",
"id": "VHN-3246"
},
{
"db": "BID",
"id": "2485"
},
{
"db": "BID",
"id": "88960"
},
{
"db": "PACKETSTORM",
"id": "24597"
},
{
"db": "NVD",
"id": "CVE-2001-0427"
},
{
"db": "CNNVD",
"id": "CNNVD-200106-090"
}
]
},
"id": "VAR-200106-0176",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-3246"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:19:40.469000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-3246"
},
{
"db": "NVD",
"id": "CVE-2001-0427"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.cisco.com/warp/public/707/vpn3k-telnet-vuln-pub.shtml"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/5643"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6298"
},
{
"trust": 1.0,
"url": "http://xforce.iss.net/static/6298.php"
},
{
"trust": 0.9,
"url": "http://xforce.iss.net/static/6239.php"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/2485"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6293.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6196.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6237.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6234.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6204.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6269.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6264.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6221.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6216.php"
},
{
"trust": 0.1,
"url": "https://www.iss.net"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6191.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6289.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6275.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6215.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6228.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6261.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6214.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6295.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6193.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/alerts/vol-6_num-5.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6219.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6284.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6242.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6259.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6198.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6218.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6195.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6258.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6267.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6229.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6281.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6249.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6184.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6181.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6288.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6233.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6279.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6291.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6262.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6294.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6213.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6276.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6186.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6250.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6268.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6248.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6190.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6201.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6220.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6197.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6256.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6230.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6208.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6212.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6200.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6205.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6265.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6202.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6240.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6304.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6297.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6300.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6292.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6231.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6283.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6172.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6211.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6217.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6235.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6209.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6241.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/maillists/index.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6302.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6303.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6282.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6286.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/sensitive.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6273.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6187.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6245.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6189.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6290.php"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#154976"
},
{
"db": "VULHUB",
"id": "VHN-3246"
},
{
"db": "BID",
"id": "88960"
},
{
"db": "PACKETSTORM",
"id": "24597"
},
{
"db": "NVD",
"id": "CVE-2001-0427"
},
{
"db": "CNNVD",
"id": "CNNVD-200106-090"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#154976"
},
{
"db": "VULHUB",
"id": "VHN-3246"
},
{
"db": "BID",
"id": "2485"
},
{
"db": "BID",
"id": "88960"
},
{
"db": "PACKETSTORM",
"id": "24597"
},
{
"db": "NVD",
"id": "CVE-2001-0427"
},
{
"db": "CNNVD",
"id": "CNNVD-200106-090"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-05-06T00:00:00",
"db": "CERT/CC",
"id": "VU#154976"
},
{
"date": "2001-06-18T00:00:00",
"db": "VULHUB",
"id": "VHN-3246"
},
{
"date": "2001-03-13T00:00:00",
"db": "BID",
"id": "2485"
},
{
"date": "2001-06-18T00:00:00",
"db": "BID",
"id": "88960"
},
{
"date": "2001-04-09T05:30:06",
"db": "PACKETSTORM",
"id": "24597"
},
{
"date": "2001-06-18T04:00:00",
"db": "NVD",
"id": "CVE-2001-0427"
},
{
"date": "2001-06-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200106-090"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-04-02T00:00:00",
"db": "CERT/CC",
"id": "VU#154976"
},
{
"date": "2017-10-10T00:00:00",
"db": "VULHUB",
"id": "VHN-3246"
},
{
"date": "2001-03-13T00:00:00",
"db": "BID",
"id": "2485"
},
{
"date": "2001-06-18T00:00:00",
"db": "BID",
"id": "88960"
},
{
"date": "2017-10-10T01:29:43.407000",
"db": "NVD",
"id": "CVE-2001-0427"
},
{
"date": "2006-09-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200106-090"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "24597"
},
{
"db": "CNNVD",
"id": "CNNVD-200106-090"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sun Solaris SNMP proxy agent /opt/SUNWssp/bin/snmpd contains buffer overflow",
"sources": [
{
"db": "CERT/CC",
"id": "VU#154976"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200106-090"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.