var-200102-0028
Vulnerability from variot
The Cisco Web Management interface in routers running CBOS 2.4.1 and earlier does not log invalid logins, which allows remote attackers to guess passwords without detection. The Oracle LDAP Daemon (oidldapd version 2.1.1.1), which ships with Oracle version 8i for Linux version 8.1.7, does not check write permissions properly. This can allow a local user to delete or write to any file on the system. There is a buffer overflow in the IBM AIX setclock command that may allow local attackers to gain root privileges. Broadband Operating System is prone to a remote security vulnerability. A remote attacker can guess the password without even knowing it. -----BEGIN PGP SIGNED MESSAGE-----
Internet Security Systems Security Alert Summary January 1, 2001 Volume 6 Number 2
The following computer security issues have been publicly reported and documented in the X-Force Vulnerability and Threat Database (http://xforce.iss.net).
This document is available at http://xforce.iss.net/alerts/vol-06_num-02.php. To receive these Alert Summaries: - - Subscribe to the Alert mailing list from http://xforce.iss.net/maillists/index.php - - Or send an email to majordomo@iss.net, and within the body of the message type: - - 'subscribe alert' (without the quotes).
Contents
115 Reported Vulnerabilities
Risk Factor Key
Date Reported: 12/31/00 Vulnerability: exmh-error-symlink Platforms Affected: exmh 2.2 and earlier Risk Factor: High Attack Type: Host Based Brief Description: exmh error message symlink X-Force URL: http://xforce.iss.net/static/5829.php
Date Reported: 12/30/00 Vulnerability: informix-webdriver-symlink Platforms Affected: Informix Webdriver Risk Factor: High Attack Type: Host Based Brief Description: Informix Webdriver symbolic link X-Force URL: http://xforce.iss.net/static/5827.php
Date Reported: 12/30/00 Vulnerability: informix-webdriver-admin-access Platforms Affected: Informix Webdriver Risk Factor: High Attack Type: Network Based Brief Description: Informix Webdriver remote Admin access X-Force URL: http://xforce.iss.net/static/5833.php
Date Reported: 12/29/00 Vulnerability: zonealarm-mutex-dos Platforms Affected: ZoneAlarm Pro Risk Factor: Medium Attack Type: Host Based Brief Description: ZoneAlarm and ZoneAlarm Pro Mutex creation denial of service X-Force URL: http://xforce.iss.net/static/5821.php
Date Reported: 12/29/00 Vulnerability: zonealarm-batfile-dos Platforms Affected: ZoneAlarm Pro Risk Factor: Medium Attack Type: Host Based Brief Description: ZoneAlarm and ZoneAlarm Pro can be taken down with a batch file X-Force URL: http://xforce.iss.net/static/5822.php
Date Reported: 12/29/00 Vulnerability: shockwave-flash-swf-bo Platforms Affected: Shockwave Plugin 8.0 and prior Risk Factor: High Attack Type: Network/Host Based Brief Description: Shockwave Flash SWF file buffer overflow X-Force URL: http://xforce.iss.net/static/5826.php
Date Reported: 12/29/00 Vulnerability: macos-multiple-users Platforms Affected: MacOS 9.0 Risk Factor: High Attack Type: Host Based Brief Description: Mac OS 'Multiple Users' bypass password X-Force URL: http://xforce.iss.net/static/5830.php
Date Reported: 12/28/00 Vulnerability: http-cgi-ikonboard Platforms Affected: Ikonboard 2.1.7b and prior Risk Factor: High Attack Type: Host Based Brief Description: Ikonboard allows remote attacker to execute commands X-Force URL: http://xforce.iss.net/static/5819.php
Date Reported: 12/27/00 Vulnerability: http-cgi-technote-main Platforms Affected: TECH-NOTE (000, 2001, Pro) Risk Factor: High Attack Type: Network Based Brief Description: TECH-NOTE main.cgi reveals files X-Force URL: http://xforce.iss.net/static/5813.php
Date Reported: 12/26/00 Vulnerability: xwindows-char-dos Platforms Affected: XFree86 Risk Factor: Low Attack Type: Network/Host Based Brief Description: X Windows multiple character denial of service X-Force URL: http://xforce.iss.net/static/5834.php
Date Reported: 12/25/00 Vulnerability: 1stup-mail-server-bo Platforms Affected: 1st Up Mail Server 4.1 Risk Factor: Medium Attack Type: Network Based Brief Description: 1st Up Mail Server buffer overflow X-Force URL: http://xforce.iss.net/static/5808.php
Date Reported: 12/25/00 Vulnerability: dialog-symlink Platforms Affected: Linux Debian 2.2 Risk Factor: High Attack Type: Host Based Brief Description: Linux dialog package symlink attack X-Force URL: http://xforce.iss.net/static/5809.php
Date Reported: 12/25/00 Vulnerability: ibm-wcs-admin Platforms Affected: IBM Websphere Commerce Suite Risk Factor: High Attack Type: Host Based Brief Description: IBM WCS admin.config allows user to execute arbitrary commands X-Force URL: http://xforce.iss.net/static/5831.php
Date Reported: 12/23/00 Vulnerability: http-cgi-technote-print Platforms Affected: TECH-NOTE (2000, 2001, Pro) Risk Factor: Medium Attack Type: Network Based Brief Description: TECH-NOTE print.cgi reveals files X-Force URL: http://xforce.iss.net/static/5815.php
Date Reported: 12/22/00 Vulnerability: iis-web-form-submit Platforms Affected: IIS (4.0, 5.0) Risk Factor: Medium Attack Type: Network/Host Based Brief Description: IIS Web form submission X-Force URL: http://xforce.iss.net/static/5823.php
Date Reported: 12/21/00 Vulnerability: hpux-kermit-bo Platforms Affected: HPUX (10.01, 10.10, 10.20, 11.00) Risk Factor: Medium Attack Type: Host Based Brief Description: HP-UX kermit buffer overflow X-Force URL: http://xforce.iss.net/static/5793.php
Date Reported: 12/21/00 Vulnerability: bsguest-cgi-execute-commands Platforms Affected: Linux Risk Factor: Medium Attack Type: Network Based Brief Description: bsguest.cgi allows remote execution of commands on server X-Force URL: http://xforce.iss.net/static/5796.php
Date Reported: 12/21/00 Vulnerability: bslist-cgi-execute-commands Platforms Affected: Linux Risk Factor: Medium Attack Type: Network Based Brief Description: bslist.cgi allows remote execution of commands on server X-Force URL: http://xforce.iss.net/static/5797.php
Date Reported: 12/21/00 Vulnerability: infinite-interchange-dos Platforms Affected: Infinite Interchange 3.61 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Infinite InterChange denial of service X-Force URL: http://xforce.iss.net/static/5798.php
Date Reported: 12/21/00 Vulnerability: oracle-execute-plsql Platforms Affected: Oracle Application Server Risk Factor: Medium Attack Type: Network Based Brief Description: Oracle remote procedure execution X-Force URL: http://xforce.iss.net/static/5817.php
Date Reported: 12/21/00 Vulnerability: ksh-redirection-symlink Platforms Affected: IRIX (6.2, 6.5.x) Solaris (2.5.1, 2.6, 7) HPUX 9.00 Digital Unix 5.0 Risk Factor: High Attack Type: Host Based Brief Description: ksh redirection symlink attack X-Force URL: http://xforce.iss.net/static/5811.php
Date Reported: 12/21/00 Vulnerability: oracle-webdb-admin-access Platforms Affected: Oracle Internet Application Server 3.0.7 Risk Factor: High Attack Type: Network/Host Based Brief Description: Oracle IAS allows administrative access X-Force URL: http://xforce.iss.net/static/5818.php
Date Reported: 12/21/00 Vulnerability: infinite-interchange-dos Platforms Affected: Infinite Interchange 3.61 Risk Factor: Web Scan Attack Type: Network/Host Based Brief Description: Infinite InterChange denial of service X-Force URL: http://xforce.iss.net/static/5798.php
Date Reported: 12/20/00 Vulnerability: gnupg-detached-sig-modify Platforms Affected: GnuPG (1.0, 1.0.1, 1.0.2, 1.0.3) Risk Factor: Medium Attack Type: Host Based Brief Description: GnuPG allows users to modify signed messages with detached signatures X-Force URL: http://xforce.iss.net/static/5802.php
Date Reported: 12/20/00 Vulnerability: gnupg-reveal-private Platforms Affected: GnuPG (1.0, 1.0.1, 1.0.2, 1.0.3) Risk Factor: Medium Attack Type: Host Based Brief Description: GnuPG will import private keys along with public keys X-Force URL: http://xforce.iss.net/static/5803.php
Date Reported: 12/20/00 Vulnerability: zonealarm-nmap-scans Platforms Affected: ZoneAlarm Risk Factor: High Attack Type: Network Based Brief Description: ZoneAlarm does not detect NMAP scans X-Force URL: http://xforce.iss.net/static/5799.php
Date Reported: 12/20/00 Vulnerability: zonealarm-open-shares Platforms Affected: ZoneAlarm Risk Factor: High Attack Type: Network Based Brief Description: ZoneAlarm open shares X-Force URL: http://xforce.iss.net/static/5825.php
Date Reported: 12/19/00 Vulnerability: win2k-index-service-activex Platforms Affected: Windows 2000 Risk Factor: Low Attack Type: Network/Host Based Brief Description: Windows 2000 Index Service ActiveX controls allow unauthorized access to file information X-Force URL: http://xforce.iss.net/static/5800.php
Date Reported: 12/19/00 Vulnerability: proftpd-size-memory-leak Platforms Affected: Proftpd Risk Factor: Low Attack Type: Network/Host Based Brief Description: proftpd memory leak when using SIZE command X-Force URL: http://xforce.iss.net/static/5801.php
Date Reported: 12/19/00 Vulnerability: weblogic-dot-bo Platforms Affected: WebLogic Risk Factor: Medium Attack Type: Network Based Brief Description: BEA WebLogic Server "dotdot" URL buffer overflow X-Force URL: http://xforce.iss.net/static/5782.php
Date Reported: 12/19/00 Vulnerability: mdaemon-imap-dos Platforms Affected: MDaemon Risk Factor: Medium Attack Type: Network/Host Based Brief Description: MDaemon IMAP buffer overflow denial of service X-Force URL: http://xforce.iss.net/static/5805.php
Date Reported: 12/19/00 Vulnerability: zope-calculate-roles Platforms Affected: Zp[e Risk Factor: High Attack Type: Host Based Brief Description: zope package in Linux calculates local roles incorrectly X-Force URL: http://xforce.iss.net/static/5777.php
Date Reported: 12/19/00 Vulnerability: itetris-svgalib-path Platforms Affected: svgalib Risk Factor: High Attack Type: Host Based Brief Description: Itetris svgalib PATH X-Force URL: http://xforce.iss.net/static/5795.php
Date Reported: 12/18/00 Vulnerability: bsd-ftpd-replydirname-bo Platforms Affected: BSD Based Operating Systems Risk Factor: High Attack Type: Network Based Brief Description: BSD ftpd replydirname() function buffer overflow X-Force URL: http://xforce.iss.net/static/5776.php
Date Reported: 12/18/00 Vulnerability: sonata-command-execute Platforms Affected: Sonata Risk Factor: High Attack Type: Host Based Brief Description: Sonata argument command line execution X-Force URL: http://xforce.iss.net/static/5787.php
Date Reported: 12/18/00 Vulnerability: solaris-catman-symlink Platforms Affected: Solaris Risk Factor: High Attack Type: Host Based Brief Description: Solaris catman command symlink attack X-Force URL: http://xforce.iss.net/static/5788.php
Date Reported: 12/18/00 Vulnerability: solaris-patchadd-symlink Platforms Affected: Solaris Risk Factor: High Attack Type: Host Based Brief Description: Solaris patchadd symlink attack X-Force URL: http://xforce.iss.net/static/5789.php
Date Reported: 12/18/00 Vulnerability: stunnel-format-logfile Platforms Affected: Stunnel Risk Factor: High Attack Type: Network Based Brief Description: Stunnel format allows user to write to logfile X-Force URL: http://xforce.iss.net/static/5807.php
Date Reported: 12/17/00 Vulnerability: hp-top-sys-files Platforms Affected: HPUX Risk Factor: Low Attack Type: Host Based Brief Description: HP-UX top command could be used to overwrite files X-Force URL: http://xforce.iss.net/static/5773.php
Date Reported: 12/16/00 Vulnerability: zope-legacy-names Platforms Affected: Zope Risk Factor: Medium Attack Type: Network Based Brief Description: Linux zope package "legacy" names X-Force URL: http://xforce.iss.net/static/5824.php
Date Reported: 12/15/00 Vulnerability: mrj-runtime-malicious-applets Platforms Affected: MRJ Risk Factor: Low Attack Type: Host Based Brief Description: MRJ runtime environment could allow malicious applets to be executed X-Force URL: http://xforce.iss.net/static/5784.php
Date Reported: 12/14/00 Vulnerability: coffeecup-ftp-weak-encryption Platforms Affected: CoffeeCup FTP Risk Factor: Low Attack Type: Host Based Brief Description: CoffeeCup FTP client has weak password encryption X-Force URL: http://xforce.iss.net/static/5744.php
Date Reported: 12/14/00 Vulnerability: watchguard-soho-fragmented-packets Platforms Affected: WatchGuard Risk Factor: Medium Attack Type: Network Based Brief Description: WatchGuard SOHO Firewall fragmented IP packet attack X-Force URL: http://xforce.iss.net/static/5749.php
Date Reported: 12/14/00 Vulnerability: jpilot-perms Platforms Affected: J-Pilot Risk Factor: Medium Attack Type: Host Based Brief Description: J-Pilot permissions could reveal sensitive information X-Force URL: http://xforce.iss.net/static/5762.php
Date Reported: 12/14/00 Vulnerability: mediaservices-dropped-connection-dos Platforms Affected: Microsoft Media Services Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Microsoft Media Services dropped connection denial of service X-Force URL: http://xforce.iss.net/static/5785.php
Date Reported: 12/14/00 Vulnerability: watchguard-soho-web-auth Platforms Affected: WatchGuard Risk Factor: High Attack Type: Network Based Brief Description: WatchGuard SOHO Web config server could allow unauthenticated access X-Force URL: http://xforce.iss.net/static/5554.php
Date Reported: 12/14/00 Vulnerability: watchguard-soho-passcfg-reset Platforms Affected: WatchGuard Risk Factor: High Attack Type: Network Based Brief Description: WatchGuard SOHO administrator password can be remotely reset X-Force URL: http://xforce.iss.net/static/5742.php
Date Reported: 12/14/00 Vulnerability: http-cgi-simplestguest Platforms Affected: simplestguest.cgi Risk Factor: High Attack Type: Network Based Brief Description: simplestguest.cgi input validation error X-Force URL: http://xforce.iss.net/static/5743.php
Date Reported: 12/14/00 Vulnerability: safeword-palm-pin-extraction Platforms Affected: SafeWord e.iD Palm Authenticator Risk Factor: High Attack Type: Network/Host Based Brief Description: SafeWord and e.iD Palm Authenticator allows attacker to clone Palm device X-Force URL: http://xforce.iss.net/static/5753.php
Date Reported: 12/14/00 Vulnerability: mdaemon-lock-bypass-password Platforms Affected: MDaemon Risk Factor: High Attack Type: Host Based Brief Description: MDaemon "lock" bypass password X-Force URL: http://xforce.iss.net/static/5763.php
Date Reported: 12/13/00 Vulnerability: cisco-catalyst-ssh-mismatch Platforms Affected: Cisco Catalyst Risk Factor: Low Attack Type: Network Based Brief Description: Cisco Catalyst SSH protocol mismatch X-Force URL: http://xforce.iss.net/static/5760.php
Date Reported: 12/13/00 Vulnerability: microsoft-iis-file-disclosure Platforms Affected: IIS Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Microsoft IIS Far East editions file disclosure X-Force URL: http://xforce.iss.net/static/5729.php
Date Reported: 12/13/00 Vulnerability: ezshopper-cgi-file-disclosure Platforms Affected: loadpage.cgi Risk Factor: Medium Attack Type: Network Based Brief Description: EZshopper loadpage.cgi file disclosure X-Force URL: http://xforce.iss.net/static/5740.php
Date Reported: 12/13/00 Vulnerability: winnt-mstask-dos Platforms Affected: Windows NT Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Windows NT MSTask.exe denial of service X-Force URL: http://xforce.iss.net/static/5746.php
Date Reported: 12/13/00 Vulnerability: bftpd-site-chown-bo Platforms Affected: BFTPD Risk Factor: High Attack Type: Network Based Brief Description: BFTPD SITE CHOWN buffer overflow X-Force URL: http://xforce.iss.net/static/5775.php
Date Reported: 12/12/00 Vulnerability: aim-remote-bo Platforms Affected: AOL Instant Messenger Risk Factor: Medium Attack Type: Network Based Brief Description: AOL Instant Messenger buffer overflow X-Force URL: http://xforce.iss.net/static/5732.php
Date Reported: 12/12/00 Vulnerability: subscribemelite-gain-admin-access Platforms Affected: Subscribe Me Lite Risk Factor: Medium Attack Type: Network Based Brief Description: Subscribe Me Lite mailing list manager unauthorized access X-Force URL: http://xforce.iss.net/static/5735.php
Date Reported: 12/12/00 Vulnerability: zope-image-file Platforms Affected: Zope Risk Factor: Medium Attack Type: Host Based Brief Description: Linux zope package Image and File objects X-Force URL: http://xforce.iss.net/static/5778.php
Date Reported: 12/12/00 Vulnerability: http-cgi-everythingform Platforms Affected: everythingform.cgi Risk Factor: High Attack Type: Network Based Brief Description: everythingform.cgi input validation error X-Force URL: http://xforce.iss.net/static/5736.php
Date Reported: 12/12/00 Vulnerability: http-cgi-simplestmail Platforms Affected: simplestmail.cgi Risk Factor: High Attack Type: Network Based Brief Description: simplestmail.cgi input validation error X-Force URL: http://xforce.iss.net/static/5739.php
Date Reported: 12/12/00 Vulnerability: http-cgi-ad Platforms Affected: ad.cgi Risk Factor: High Attack Type: Network Based Brief Description: ad.cgi input validation error X-Force URL: http://xforce.iss.net/static/5741.php
Date Reported: 12/12/00 Vulnerability: kde-kmail-weak-encryption Platforms Affected: KDE KMail Risk Factor: High Attack Type: Network/Host Based Brief Description: KDE KMail weak password encryption X-Force URL: http://xforce.iss.net/static/5761.php
Date Reported: 12/12/00 Vulnerability: aolim-buddyicon-bo Platforms Affected: AOL Instant Messenger Risk Factor: High Attack Type: Network/Host Based Brief Description: AOL Instant Messenger Buddy Icon buffer overflow X-Force URL: http://xforce.iss.net/static/5786.php
Date Reported: 12/12/00 Vulnerability: aim-remote-bo Platforms Affected: AOL Instant Messenger Risk Factor: Medium Attack Type: Network Based Brief Description: AOL Instant Messenger buffer overflow X-Force URL: http://xforce.iss.net/static/5732.php
Date Reported: 12/11/00 Vulnerability: rppppoe-zero-length-dos Platforms Affected: rp-pppoe Risk Factor: Medium Attack Type: Network Based Brief Description: rp-pppoe "zero-length" option denial of service X-Force URL: http://xforce.iss.net/static/5727.php
Date Reported: 12/11/00 Vulnerability: proftpd-modsqlpw-unauth-access Platforms Affected: ProFTPd Risk Factor: Medium Attack Type: Network Based Brief Description: ProFTPD system using mod_sqlpw unauthorized access X-Force URL: http://xforce.iss.net/static/5737.php
Date Reported: 12/11/00 Vulnerability: gnu-ed-symlink Platforms Affected: GNU ed Risk Factor: High Attack Type: Host Based Brief Description: GNU ed symlink X-Force URL: http://xforce.iss.net/static/5723.php
Date Reported: 12/11/00 Vulnerability: oops-ftputils-bo Platforms Affected: Oops Proxy Server Risk Factor: High Attack Type: Network/Host Based Brief Description: Oops Proxy Server ftp_utils buffer overflow X-Force URL: http://xforce.iss.net/static/5725.php
Date Reported: 12/11/00 Vulnerability: oracle-oidldap-write-permission Platforms Affected: Oracle Internet Directory Risk Factor: High Attack Type: Host Based Brief Description: Oracle Internet Directory write permission X-Force URL: http://xforce.iss.net/static/5804.php
Date Reported: 12/9/00 Vulnerability: foolproof-security-bypass Platforms Affected: FoolProof Risk Factor: High Attack Type: Host Based Brief Description: FoolProof Security restriction bypass using FTP X-Force URL: http://xforce.iss.net/static/5758.php
Date Reported: 12/8/00 Vulnerability: broadvision-bv1to1-reveal-path Platforms Affected: BroadVision One-To-One Enterprise Server Risk Factor: Low Attack Type: Network Based Brief Description: BroadVision One-To-One Enterprise Server reveals path to server X-Force URL: http://xforce.iss.net/static/5661.php
Date Reported: 12/8/00 Vulnerability: ssldump-format-strings Platforms Affected: ssldump Risk Factor: Medium Attack Type: Network Based Brief Description: ssldump format string could allow arbitrary execution of code X-Force URL: http://xforce.iss.net/static/5717.php
Date Reported: 12/8/00 Vulnerability: coldfusion-sample-dos Platforms Affected: ColdFusion Risk Factor: Medium Attack Type: Network/Host Based Brief Description: ColdFusion sample script denial of service X-Force URL: http://xforce.iss.net/static/5755.php
Date Reported: 12/8/00 Vulnerability: kerberos4-arbitrary-proxy Platforms Affected: Kerberos 4 Risk Factor: High Attack Type: Network/Host Based Brief Description: KTH Kerberos 4 arbitrary proxy enviornment variable X-Force URL: http://xforce.iss.net/static/5733.php
Date Reported: 12/8/00 Vulnerability: kerberos4-auth-packet-overflow Platforms Affected: Kerberos 4 Risk Factor: High Attack Type: Network/Host Based Brief Description: KTH Kerberos 4 authentication packet buffer overflow X-Force URL: http://xforce.iss.net/static/5734.php
Date Reported: 12/8/00 Vulnerability: kerberos4-user-config Platforms Affected: Kerberos 4 Risk Factor: High Attack Type: Host Based Brief Description: KTH Kerberos 4 user supplied configuration files X-Force URL: http://xforce.iss.net/static/5738.php
Date Reported: 12/8/00 Vulnerability: kerberos4-tmpfile-dos Platforms Affected: Kerberos 4 Risk Factor: High Attack Type: Host Based Brief Description: KTH Kerberos 4 race condition X-Force URL: http://xforce.iss.net/static/5754.php
Date Reported: 12/7/00 Vulnerability: homeseer-directory-traversal Platforms Affected: HomeSeer Risk Factor: Low Attack Type: Network Based Brief Description: HomeSeer allows directory traversal X-Force URL: http://xforce.iss.net/static/5663.php
Date Reported: 12/7/00 Vulnerability: offline-explorer-reveal-files Platforms Affected: MetaProducts Offline Explorer Risk Factor: Low Attack Type: Network/Host Based Brief Description: MetaProducts Offline Explorer can reveal file system X-Force URL: http://xforce.iss.net/static/5728.php
Date Reported: 12/7/00 Vulnerability: imail-smtp-auth-dos Platforms Affected: IMail Risk Factor: Medium Attack Type: Network/Host Based Brief Description: IMail SMTP auth denial of service X-Force URL: http://xforce.iss.net/static/5674.php
Date Reported: 12/6/00 Vulnerability: apc-apcupsd-dos Platforms Affected: APC apcupsd Risk Factor: Medium Attack Type: Host Based Brief Description: APC apcupsd denial of service X-Force URL: http://xforce.iss.net/static/5654.php
Date Reported: 12/6/00 Vulnerability: cisco-catalyst-telnet-dos Platforms Affected: Cisco Catalyst Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Cisco Catalyst telnet server memory leak denial of service X-Force URL: http://xforce.iss.net/static/5656.php
Date Reported: 12/6/00 Vulnerability: apache-php-disclose-files Platforms Affected: Apache Web server Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Apache Web server discloses files when used with php script X-Force URL: http://xforce.iss.net/static/5659.php
Date Reported: 12/6/00 Vulnerability: ultraseek-reveal-path Platforms Affected: Ultraseek Risk Factor: Medium Attack Type: Network Based Brief Description: Ultraseek Server can reveal the path and source code to certain files X-Force URL: http://xforce.iss.net/static/5660.php
Date Reported: 12/6/00 Vulnerability: irc-dreamforge-dns-dos Platforms Affected: DreamForge IRCd Risk Factor: Medium Attack Type: Network Based Brief Description: DreamForge IRCd DNS denial of service X-Force URL: http://xforce.iss.net/static/5721.php
Date Reported: 12/6/00 Vulnerability: mailman-alternate-templates Platforms Affected: MailMan Risk Factor: High Attack Type: Network Based Brief Description: MailMan Alternate Templates form variable allows remote attacker to execute commands X-Force URL: http://xforce.iss.net/static/5649.php
Date Reported: 12/6/00 Vulnerability: phpgroupware-include-files Platforms Affected: Risk Factor: High Attack Type: Network Based Brief Description: phpGroupWare include files allows remote attacker to execute commands X-Force URL: http://xforce.iss.net/static/5650.php
Date Reported: 12/6/00 Vulnerability: markvision-printer-driver-bo Platforms Affected: Lexmark MarkVision Risk Factor: High Attack Type: Host Based Brief Description: Lexmark MarkVision printer drivers for Unix buffer overflows X-Force URL: http://xforce.iss.net/static/5651.php
Date Reported: 12/6/00 Vulnerability: nt-ras-reg-perms Platforms Affected: Windows NT Risk Factor: High Attack Type: Host Based Brief Description: Windows NT RAS registry permissions X-Force URL: http://xforce.iss.net/static/5671.php
Date Reported: 12/6/00 Vulnerability: nt-snmp-reg-perms Platforms Affected: Windows NT Risk Factor: High Attack Type: Network/Host Based Brief Description: Windows NT SNMP registry permissions X-Force URL: http://xforce.iss.net/static/5672.php
Date Reported: 12/6/00 Vulnerability: nt-mts-reg-perms Platforms Affected: Windows NT Risk Factor: High Attack Type: Network/Host Based Brief Description: Windows NT MTS registry permissions X-Force URL: http://xforce.iss.net/static/5673.php
Date Reported: 12/6/00 Vulnerability: irc-bitchx-dns-bo Platforms Affected: BitchX Risk Factor: High Attack Type: Network Based Brief Description: BitchX IRC DNS buffer overflow X-Force URL: http://xforce.iss.net/static/5701.php
Date Reported: 12/5/00 Vulnerability: ibm-db2-gain-access Platforms Affected: IBM DB2 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: IBM DB2 Universal Database can give access through default username and password X-Force URL: http://xforce.iss.net/static/5662.php
Date Reported: 12/5/00 Vulnerability: ibm-db2-dos Platforms Affected: IBM DB2 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: IBM DB2 Universal Database denial of service X-Force URL: http://xforce.iss.net/static/5664.php
Date Reported: 12/5/00 Vulnerability: vsu-source-routing Platforms Affected: VSU Risk Factor: Medium Attack Type: Network Based Brief Description: VPNet VSU gateways contain source routing X-Force URL: http://xforce.iss.net/static/5667.php
Date Reported: 12/5/00 Vulnerability: vsu-ip-bridging Platforms Affected: VSU Risk Factor: Medium Attack Type: Network Based Brief Description: VPNet VSU gateways contain bridging code X-Force URL: http://xforce.iss.net/static/5670.php
Date Reported: 12/5/00 Vulnerability: ftp-servu-homedir-travers Platforms Affected: Serv-U FTP Risk Factor: High Attack Type: Network/Host Based Brief Description: FTP Serv-U home directory traversal could allow access to FTProot X-Force URL: http://xforce.iss.net/static/5639.php
Date Reported: 12/4/00 Vulnerability: cisco-cbos-web-access Platforms Affected: CISCO CBOS Risk Factor: Medium Attack Type: Network Based Brief Description: Cisco CBOS Web access enabled denial of service X-Force URL: http://xforce.iss.net/static/5626.php
Date Reported: 12/4/00 Vulnerability: watchguard-soho-get-dos Platforms Affected: WatchGuard SOHO Risk Factor: Medium Attack Type: Network Based Brief Description: WatchGuard SOHO Firewall multiple GET requests denial of service X-Force URL: http://xforce.iss.net/static/5665.php
Date Reported: 12/4/00 Vulnerability: phone-book-service-bo Platforms Affected: Windows 2000 Windows NT Risk Factor: High Attack Type: Network Based Brief Description: Windows NT and 2000 Phone Book service buffer overflow X-Force URL: http://xforce.iss.net/static/5623.php
Date Reported: 12/4/00 Vulnerability: cisco-cbos-syn-packets Platforms Affected: CISCO CBOS Risk Factor: High Attack Type: Network Based Brief Description: Cisco CBOS SYN packets denial of service X-Force URL: http://xforce.iss.net/static/5627.php
Date Reported: 12/4/00 Vulnerability: cisco-cbos-invalid-login Platforms Affected: CISCO CBOS Risk Factor: High Attack Type: Network Based Brief Description: Cisco CBOS does not log invalid logins X-Force URL: http://xforce.iss.net/static/5628.php
Date Reported: 12/4/00 Vulnerability: cisco-cbos-icmp-echo Platforms Affected: CISCO CBOS Risk Factor: High Attack Type: Network Based Brief Description: Cisco CBOS large ICMP ECHO packet denial of service X-Force URL: http://xforce.iss.net/static/5629.php
Date Reported: 12/2/00 Vulnerability: phpweblog-bypass-authentication Platforms Affected: phpWebLog Risk Factor: High Attack Type: Host Based Brief Description: phpWebLog allows users to bypass authentication X-Force URL: http://xforce.iss.net/static/5625.php
Date Reported: 12/1/00 Vulnerability: linux-diskcheck-race-symlink Platforms Affected: Linux Risk Factor: Low Attack Type: Host Based Brief Description: Linux diskcheck race condition could allow a tmp file symbolic link attack X-Force URL: http://xforce.iss.net/static/5624.php
Date Reported: 12/1/00 Vulnerability: ie-form-file-upload Platforms Affected: Microsoft Internet Explorer Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Internet Explorer file upload form X-Force URL: http://xforce.iss.net/static/5615.php
Date Reported: 12/1/00 Vulnerability: mssql-xp-paraminfo-bo Platforms Affected: Risk Factor: Medium Attack Type: Host Based Brief Description: Microsoft SQL XP srv_paraminfo() buffer overflow X-Force URL: http://xforce.iss.net/static/5622.php
Date Reported: 12/1/00 Vulnerability: majordomo-auth-execute-commands Platforms Affected: Majordomo Risk Factor: High Attack Type: Network Based Brief Description: Majordomo allows administrative access without password X-Force URL: http://xforce.iss.net/static/5611.php
Date Reported: 12/1/00 Vulnerability: ie-print-template Platforms Affected: Microsoft Internet Explorer Risk Factor: High Attack Type: Network/Host Based Brief Description: Internet Explorer print template X-Force URL: http://xforce.iss.net/static/5614.php
Date Reported: 12/1/00 Vulnerability: aix-piobe-bo Platforms Affected: AIX Risk Factor: High Attack Type: Host Based Brief Description: AIX piobe buffer overflow X-Force URL: http://xforce.iss.net/static/5616.php
Date Reported: 12/1/00 Vulnerability: aix-pioout-bo Platforms Affected: AIX Risk Factor: High Attack Type: Host Based Brief Description: AIX pioout buffer overflow X-Force URL: http://xforce.iss.net/static/5617.php
Date Reported: 12/1/00 Vulnerability: aix-setclock-bo Platforms Affected: AIX Risk Factor: High Attack Type: Host Based Brief Description: AIX setclock buffer overflow X-Force URL: http://xforce.iss.net/static/5618.php
Date Reported: 12/1/00 Vulnerability: aix-enq-bo Platforms Affected: AIX Risk Factor: High Attack Type: Host Based Brief Description: AIX enq buffer overflow X-Force URL: http://xforce.iss.net/static/5619.php
Date Reported: 12/1/00 Vulnerability: aix-digest-bo Platforms Affected: AIX Risk Factor: High Attack Type: Host Based Brief Description: AIX digest buffer overflow X-Force URL: http://xforce.iss.net/static/5620.php
Date Reported: 12/1/00 Vulnerability: aix-setsenv-bo Platforms Affected: AIX Risk Factor: High Attack Type: Host Based Brief Description: AIX setsenv buffer overflow X-Force URL: http://xforce.iss.net/static/5621.php
Risk Factor Key:
High Any vulnerability that provides an attacker with immediate
access into a machine, gains superuser access, or bypasses
a firewall. Example: A vulnerable Sendmail 8.6.5 version
that allows an intruder to execute commands on mail
server.
Medium Any vulnerability that provides information that has a
high potential of giving system access to an intruder.
Example: A misconfigured TFTP or vulnerable NIS server
that allows an intruder to get the password file that
could contain an account with a guessable password.
Low Any vulnerability that provides information that
potentially could lead to a compromise. Example: A
finger that allows an intruder to find out who is online
and potential accounts to attempt to crack passwords
via brute force methods.
Additional Information
This document is available at http://xforce.iss.net/alerts/advisennn.php. To receive these Alerts and Advisories: - - Subscribe to the Alert mailing list from http://xforce.iss.net/maillists/index.php - - Or send an email to majordomo@iss.net, and within the body of the message type: 'subscribe alert' (without the quotes).
About Internet Security Systems (ISS) Internet Security Systems, Inc. (ISS) (NASDAQ: ISSX) is the leading global provider of security management solutions for the Internet. By combining best of breed products, security management services, aggressive research and development, and comprehensive educational and consulting services, ISS is the trusted security advisor for thousands of organizations around the world looking to protect their mission critical information and networks.
Copyright (c) 2001 by Internet Security Systems, Inc.
Permission is hereby granted for the redistribution of this Alert electronically. It is not to be edited in any way without express consent of the X-Force. If you wish to reprint the whole or any part of this Alert in any other medium excluding electronic medium, please e-mail xforce@iss.net for permission.
Disclaimer
The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk.
X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as well as on MIT's PGP key server and PGP.com's key server.
Please send suggestions, updates, and comments to: X-Force xforce@iss.net of Internet Security Systems, Inc.
-----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: noconv
iQCVAwUBOmd8xjRfJiV99eG9AQHGkAQAgX36zVSxItnmE160WG5ws5c6tp0F0Sr0 LLmTWkj7iiYUNv2dKxsw0L4IxItVyilHBYDDrQtjpD76ABE1YhaU2qxlFCeNqMoL r21MXXYy0JZWfMCU+t7dk7VNtDzy/0EpbZIcBqziisvQJYgUin3viD54QK+gsYIw jbM10AXVSHw= =5U+8 -----END PGP SIGNATURE-----
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-200102-0028", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": null, "scope": null, "trust": 2.4, "vendor": "ibm", "version": null }, { "model": "broadband operating system", "scope": "lte", "trust": 1.0, "vendor": "cisco", "version": "2.4.1" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "oracle", "version": null }, { "model": "broadband operating system", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "2.4.1" } ], "sources": [ { "db": "CERT/CC", "id": "VU#610904" }, { "db": "CERT/CC", "id": "VU#739201" }, { "db": "CERT/CC", "id": "VU#808633" }, { "db": "CERT/CC", "id": "VU#886953" }, { "db": "CNNVD", "id": "CNNVD-200102-109" }, { "db": "NVD", "id": "CVE-2001-0056" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:cisco:broadband_operating_system:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "2.4.1", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2001-0056" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Unknown", "sources": [ { "db": "BID", "id": "88560" } ], "trust": 0.3 }, "cve": "CVE-2001-0056", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-2878", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2001-0056", "trust": 1.0, "value": "HIGH" }, { "author": "CARNEGIE MELLON", "id": "VU#610904", "trust": 0.8, "value": "3.00" }, { "author": "CARNEGIE MELLON", "id": "VU#739201", "trust": 0.8, "value": "7.09" }, { "author": "CARNEGIE MELLON", "id": "VU#808633", "trust": 0.8, "value": "5.36" }, { "author": "CARNEGIE MELLON", "id": "VU#872257", "trust": 0.8, "value": "7.09" }, { "author": "CARNEGIE MELLON", "id": "VU#886953", "trust": 0.8, "value": "15.19" }, { "author": "CNNVD", "id": "CNNVD-200102-109", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-2878", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "CERT/CC", "id": "VU#610904" }, { "db": "CERT/CC", "id": "VU#739201" }, { "db": "CERT/CC", "id": "VU#808633" }, { "db": "CERT/CC", "id": "VU#872257" }, { "db": "CERT/CC", "id": "VU#886953" }, { "db": "VULHUB", "id": "VHN-2878" }, { "db": "CNNVD", "id": "CNNVD-200102-109" }, { "db": "NVD", "id": "CVE-2001-0056" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The Cisco Web Management interface in routers running CBOS 2.4.1 and earlier does not log invalid logins, which allows remote attackers to guess passwords without detection. The Oracle LDAP Daemon (oidldapd version 2.1.1.1), which ships with Oracle version 8i for Linux version 8.1.7, does not check write permissions properly. This can allow a local user to delete or write to any file on the system. There is a buffer overflow in the IBM AIX setclock command that may allow local attackers to gain root privileges. Broadband Operating System is prone to a remote security vulnerability. A remote attacker can guess the password without even knowing it. -----BEGIN PGP SIGNED MESSAGE-----\n\nInternet Security Systems Security Alert Summary\nJanuary 1, 2001\nVolume 6 Number 2\n\nThe following computer security issues have been publicly reported and \ndocumented in the X-Force Vulnerability and Threat Database\n(http://xforce.iss.net). \n\nThis document is available at\nhttp://xforce.iss.net/alerts/vol-06_num-02.php. To receive these Alert\nSummaries:\n- - Subscribe to the Alert mailing list from \nhttp://xforce.iss.net/maillists/index.php\n- -\tOr send an email to majordomo@iss.net, and within the body of the\nmessage type: \n- -\t\u0027subscribe alert\u0027 (without the quotes). \n_____\n\nContents\n\n115 Reported Vulnerabilities\n\nRisk Factor Key\n\n_____\n\nDate Reported: 12/31/00\nVulnerability: exmh-error-symlink\nPlatforms Affected: exmh 2.2 and earlier\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: exmh error message symlink\nX-Force URL: http://xforce.iss.net/static/5829.php\n\n_____\n\nDate Reported: 12/30/00\nVulnerability: informix-webdriver-symlink\nPlatforms Affected: Informix Webdriver\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: Informix Webdriver symbolic link\nX-Force URL: http://xforce.iss.net/static/5827.php\n\n_____\n\nDate Reported: 12/30/00\nVulnerability: informix-webdriver-admin-access\nPlatforms Affected: Informix Webdriver\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Informix Webdriver remote Admin access\nX-Force URL: http://xforce.iss.net/static/5833.php\n\n_____\n\nDate Reported: 12/29/00\nVulnerability: zonealarm-mutex-dos\nPlatforms Affected: ZoneAlarm Pro\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: ZoneAlarm and ZoneAlarm Pro Mutex creation denial\nof service\nX-Force URL: http://xforce.iss.net/static/5821.php\n\n_____\n\nDate Reported: 12/29/00\nVulnerability: zonealarm-batfile-dos\nPlatforms Affected: ZoneAlarm Pro\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: ZoneAlarm and ZoneAlarm Pro can be taken down with\na batch file\nX-Force URL: http://xforce.iss.net/static/5822.php\n\n_____\n\nDate Reported: 12/29/00\nVulnerability: shockwave-flash-swf-bo\nPlatforms Affected: Shockwave Plugin 8.0 and prior\nRisk Factor: High\nAttack Type: Network/Host Based\nBrief Description: Shockwave Flash SWF file buffer overflow\nX-Force URL: http://xforce.iss.net/static/5826.php\n\n_____\n\nDate Reported: 12/29/00\nVulnerability: macos-multiple-users\nPlatforms Affected: MacOS 9.0\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: Mac OS \u0027Multiple Users\u0027 bypass password\nX-Force URL: http://xforce.iss.net/static/5830.php\n\n_____\n\nDate Reported: 12/28/00\nVulnerability: http-cgi-ikonboard\nPlatforms Affected: Ikonboard 2.1.7b and prior\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: Ikonboard allows remote attacker to execute\ncommands\nX-Force URL: http://xforce.iss.net/static/5819.php\n\n_____\n\nDate Reported: 12/27/00\nVulnerability: http-cgi-technote-main\nPlatforms Affected: TECH-NOTE (000, 2001, Pro)\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: TECH-NOTE main.cgi reveals files\nX-Force URL: http://xforce.iss.net/static/5813.php\n\n_____\n\nDate Reported: 12/26/00\nVulnerability: xwindows-char-dos\nPlatforms Affected: XFree86\nRisk Factor: Low\nAttack Type: Network/Host Based\nBrief Description: X Windows multiple character denial of service\nX-Force URL: http://xforce.iss.net/static/5834.php\n\n_____\n\nDate Reported: 12/25/00\nVulnerability: 1stup-mail-server-bo\nPlatforms Affected: 1st Up Mail Server 4.1\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: 1st Up Mail Server buffer overflow\nX-Force URL: http://xforce.iss.net/static/5808.php\n\n_____\n\nDate Reported: 12/25/00\nVulnerability: dialog-symlink\nPlatforms Affected: Linux Debian 2.2\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: Linux dialog package symlink attack\nX-Force URL: http://xforce.iss.net/static/5809.php\n\n_____\n\nDate Reported: 12/25/00\nVulnerability: ibm-wcs-admin\nPlatforms Affected: IBM Websphere Commerce Suite\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: IBM WCS admin.config allows user to execute\narbitrary commands\nX-Force URL: http://xforce.iss.net/static/5831.php\n\n_____\n\nDate Reported: 12/23/00\nVulnerability: http-cgi-technote-print\nPlatforms Affected: TECH-NOTE (2000, 2001, Pro)\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: TECH-NOTE print.cgi reveals files\nX-Force URL: http://xforce.iss.net/static/5815.php\n\n_____\n\nDate Reported: 12/22/00\nVulnerability: iis-web-form-submit\nPlatforms Affected: IIS (4.0, 5.0)\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: IIS Web form submission\nX-Force URL: http://xforce.iss.net/static/5823.php\n\n_____\n\nDate Reported: 12/21/00\nVulnerability: hpux-kermit-bo\nPlatforms Affected: HPUX (10.01, 10.10, 10.20, 11.00)\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: HP-UX kermit buffer overflow\nX-Force URL: http://xforce.iss.net/static/5793.php\n\n_____\n\nDate Reported: 12/21/00\nVulnerability: bsguest-cgi-execute-commands\nPlatforms Affected: Linux\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: bsguest.cgi allows remote execution of commands on\nserver\nX-Force URL: http://xforce.iss.net/static/5796.php\n\n_____\n\nDate Reported: 12/21/00\nVulnerability: bslist-cgi-execute-commands\nPlatforms Affected: Linux\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: bslist.cgi allows remote execution of commands on\nserver\nX-Force URL: http://xforce.iss.net/static/5797.php\n\n_____\n\nDate Reported: 12/21/00\nVulnerability: infinite-interchange-dos\nPlatforms Affected: Infinite Interchange 3.61\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Infinite InterChange denial of service\nX-Force URL: http://xforce.iss.net/static/5798.php\n\n_____\n\nDate Reported: 12/21/00\nVulnerability: oracle-execute-plsql\nPlatforms Affected: Oracle Application Server\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Oracle remote procedure execution\nX-Force URL: http://xforce.iss.net/static/5817.php\n\n_____\n\nDate Reported: 12/21/00\nVulnerability: ksh-redirection-symlink\nPlatforms Affected: IRIX (6.2, 6.5.x)\n Solaris (2.5.1, 2.6, 7)\n HPUX 9.00\n Digital Unix 5.0\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: ksh redirection symlink attack\nX-Force URL: http://xforce.iss.net/static/5811.php\n\n_____\n\nDate Reported: 12/21/00\nVulnerability: oracle-webdb-admin-access\nPlatforms Affected: Oracle Internet Application Server 3.0.7\nRisk Factor: High\nAttack Type: Network/Host Based\nBrief Description: Oracle IAS allows administrative access\nX-Force URL: http://xforce.iss.net/static/5818.php\n\n_____\n\nDate Reported: 12/21/00\nVulnerability: infinite-interchange-dos\nPlatforms Affected: Infinite Interchange 3.61\nRisk Factor: Web Scan\nAttack Type: Network/Host Based\nBrief Description: Infinite InterChange denial of service\nX-Force URL: http://xforce.iss.net/static/5798.php\n\n_____\n\nDate Reported: 12/20/00\nVulnerability: gnupg-detached-sig-modify\nPlatforms Affected: GnuPG (1.0, 1.0.1, 1.0.2, 1.0.3)\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: GnuPG allows users to modify signed messages with\ndetached signatures\nX-Force URL: http://xforce.iss.net/static/5802.php\n\n_____\n\nDate Reported: 12/20/00\nVulnerability: gnupg-reveal-private\nPlatforms Affected: GnuPG (1.0, 1.0.1, 1.0.2, 1.0.3)\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: GnuPG will import private keys along with public\nkeys\nX-Force URL: http://xforce.iss.net/static/5803.php\n\n_____\n\nDate Reported: 12/20/00\nVulnerability: zonealarm-nmap-scans\nPlatforms Affected: ZoneAlarm\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: ZoneAlarm does not detect NMAP scans\nX-Force URL: http://xforce.iss.net/static/5799.php\n\n_____\n\nDate Reported: 12/20/00\nVulnerability: zonealarm-open-shares\nPlatforms Affected: ZoneAlarm\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: ZoneAlarm open shares\nX-Force URL: http://xforce.iss.net/static/5825.php\n\n_____\n\nDate Reported: 12/19/00\nVulnerability: win2k-index-service-activex\nPlatforms Affected: Windows 2000\nRisk Factor: Low\nAttack Type: Network/Host Based\nBrief Description: Windows 2000 Index Service ActiveX controls allow\nunauthorized access to file information\nX-Force URL: http://xforce.iss.net/static/5800.php\n\n_____\n\nDate Reported: 12/19/00\nVulnerability: proftpd-size-memory-leak\nPlatforms Affected: Proftpd\nRisk Factor: Low\nAttack Type: Network/Host Based\nBrief Description: proftpd memory leak when using SIZE command\nX-Force URL: http://xforce.iss.net/static/5801.php\n\n_____\n\nDate Reported: 12/19/00\nVulnerability: weblogic-dot-bo\nPlatforms Affected: WebLogic\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: BEA WebLogic Server \"dotdot\" URL buffer overflow\nX-Force URL: http://xforce.iss.net/static/5782.php\n\n_____\n\nDate Reported: 12/19/00\nVulnerability: mdaemon-imap-dos\nPlatforms Affected: MDaemon\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: MDaemon IMAP buffer overflow denial of service\nX-Force URL: http://xforce.iss.net/static/5805.php\n\n_____\n\nDate Reported: 12/19/00\nVulnerability: zope-calculate-roles\nPlatforms Affected: Zp[e\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: zope package in Linux calculates local roles\nincorrectly\nX-Force URL: http://xforce.iss.net/static/5777.php\n\n_____\n\nDate Reported: 12/19/00\nVulnerability: itetris-svgalib-path\nPlatforms Affected: svgalib\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: Itetris svgalib PATH\nX-Force URL: http://xforce.iss.net/static/5795.php\n\n_____\n\nDate Reported: 12/18/00\nVulnerability: bsd-ftpd-replydirname-bo\nPlatforms Affected: BSD Based Operating Systems\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: BSD ftpd replydirname() function buffer overflow\nX-Force URL: http://xforce.iss.net/static/5776.php\n\n_____\n\nDate Reported: 12/18/00\nVulnerability: sonata-command-execute\nPlatforms Affected: Sonata\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: Sonata argument command line execution\nX-Force URL: http://xforce.iss.net/static/5787.php\n\n_____\n\nDate Reported: 12/18/00\nVulnerability: solaris-catman-symlink\nPlatforms Affected: Solaris\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: Solaris catman command symlink attack\nX-Force URL: http://xforce.iss.net/static/5788.php\n\n_____\n\nDate Reported: 12/18/00\nVulnerability: solaris-patchadd-symlink\nPlatforms Affected: Solaris\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: Solaris patchadd symlink attack\nX-Force URL: http://xforce.iss.net/static/5789.php\n\n_____\n\nDate Reported: 12/18/00\nVulnerability: stunnel-format-logfile\nPlatforms Affected: Stunnel\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Stunnel format allows user to write to logfile\nX-Force URL: http://xforce.iss.net/static/5807.php\n\n_____\n\nDate Reported: 12/17/00\nVulnerability: hp-top-sys-files\nPlatforms Affected: HPUX\nRisk Factor: Low\nAttack Type: Host Based\nBrief Description: HP-UX top command could be used to overwrite files\nX-Force URL: http://xforce.iss.net/static/5773.php\n\n_____\n\nDate Reported: 12/16/00\nVulnerability: zope-legacy-names\nPlatforms Affected: Zope\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Linux zope package \"legacy\" names\nX-Force URL: http://xforce.iss.net/static/5824.php\n\n_____\n\nDate Reported: 12/15/00\nVulnerability: mrj-runtime-malicious-applets\nPlatforms Affected: MRJ\nRisk Factor: Low\nAttack Type: Host Based\nBrief Description: MRJ runtime environment could allow malicious\napplets to be executed\nX-Force URL: http://xforce.iss.net/static/5784.php\n\n_____\n\nDate Reported: 12/14/00\nVulnerability: coffeecup-ftp-weak-encryption\nPlatforms Affected: CoffeeCup FTP\nRisk Factor: Low\nAttack Type: Host Based\nBrief Description: CoffeeCup FTP client has weak password encryption\nX-Force URL: http://xforce.iss.net/static/5744.php\n\n_____\n\nDate Reported: 12/14/00\nVulnerability: watchguard-soho-fragmented-packets\nPlatforms Affected: WatchGuard\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: WatchGuard SOHO Firewall fragmented IP packet\nattack\nX-Force URL: http://xforce.iss.net/static/5749.php\n\n_____\n\nDate Reported: 12/14/00\nVulnerability: jpilot-perms\nPlatforms Affected: J-Pilot\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: J-Pilot permissions could reveal sensitive\ninformation\nX-Force URL: http://xforce.iss.net/static/5762.php\n\n_____\n\nDate Reported: 12/14/00\nVulnerability: mediaservices-dropped-connection-dos\nPlatforms Affected: Microsoft Media Services\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Microsoft Media Services dropped connection denial\nof service\nX-Force URL: http://xforce.iss.net/static/5785.php\n\n_____\n\nDate Reported: 12/14/00\nVulnerability: watchguard-soho-web-auth\nPlatforms Affected: WatchGuard\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: WatchGuard SOHO Web config server could allow\nunauthenticated access\nX-Force URL: http://xforce.iss.net/static/5554.php\n\n_____\n\nDate Reported: 12/14/00\nVulnerability: watchguard-soho-passcfg-reset\nPlatforms Affected: WatchGuard\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: WatchGuard SOHO administrator password can be\nremotely reset\nX-Force URL: http://xforce.iss.net/static/5742.php\n\n_____\n\nDate Reported: 12/14/00\nVulnerability: http-cgi-simplestguest\nPlatforms Affected: simplestguest.cgi\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: simplestguest.cgi input validation error\nX-Force URL: http://xforce.iss.net/static/5743.php\n\n_____\n\nDate Reported: 12/14/00\nVulnerability: safeword-palm-pin-extraction\nPlatforms Affected: SafeWord\n e.iD Palm Authenticator\nRisk Factor: High\nAttack Type: Network/Host Based\nBrief Description: SafeWord and e.iD Palm Authenticator allows\nattacker to clone Palm device\nX-Force URL: http://xforce.iss.net/static/5753.php\n\n_____\n\nDate Reported: 12/14/00\nVulnerability: mdaemon-lock-bypass-password\nPlatforms Affected: MDaemon\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: MDaemon \"lock\" bypass password\nX-Force URL: http://xforce.iss.net/static/5763.php\n\n_____\n\nDate Reported: 12/13/00\nVulnerability: cisco-catalyst-ssh-mismatch\nPlatforms Affected: Cisco Catalyst\nRisk Factor: Low\nAttack Type: Network Based\nBrief Description: Cisco Catalyst SSH protocol mismatch\nX-Force URL: http://xforce.iss.net/static/5760.php\n\n_____\n\nDate Reported: 12/13/00\nVulnerability: microsoft-iis-file-disclosure\nPlatforms Affected: IIS\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Microsoft IIS Far East editions file disclosure\nX-Force URL: http://xforce.iss.net/static/5729.php\n\n_____\n\nDate Reported: 12/13/00\nVulnerability: ezshopper-cgi-file-disclosure\nPlatforms Affected: loadpage.cgi\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: EZshopper loadpage.cgi file disclosure\nX-Force URL: http://xforce.iss.net/static/5740.php\n\n_____\n\nDate Reported: 12/13/00\nVulnerability: winnt-mstask-dos\nPlatforms Affected: Windows NT\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Windows NT MSTask.exe denial of service\nX-Force URL: http://xforce.iss.net/static/5746.php\n\n_____\n\nDate Reported: 12/13/00\nVulnerability: bftpd-site-chown-bo\nPlatforms Affected: BFTPD\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: BFTPD SITE CHOWN buffer overflow\nX-Force URL: http://xforce.iss.net/static/5775.php\n\n_____\n\nDate Reported: 12/12/00\nVulnerability: aim-remote-bo\nPlatforms Affected: AOL Instant Messenger\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: AOL Instant Messenger buffer overflow\nX-Force URL: http://xforce.iss.net/static/5732.php\n\n_____\n\nDate Reported: 12/12/00\nVulnerability: subscribemelite-gain-admin-access\nPlatforms Affected: Subscribe Me Lite\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Subscribe Me Lite mailing list manager\nunauthorized access\nX-Force URL: http://xforce.iss.net/static/5735.php\n\n_____\n\nDate Reported: 12/12/00\nVulnerability: zope-image-file\nPlatforms Affected: Zope\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Linux zope package Image and File objects\nX-Force URL: http://xforce.iss.net/static/5778.php\n\n_____\n\nDate Reported: 12/12/00\nVulnerability: http-cgi-everythingform\nPlatforms Affected: everythingform.cgi\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: everythingform.cgi input validation error\nX-Force URL: http://xforce.iss.net/static/5736.php\n\n_____\n\nDate Reported: 12/12/00\nVulnerability: http-cgi-simplestmail\nPlatforms Affected: simplestmail.cgi\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: simplestmail.cgi input validation error\nX-Force URL: http://xforce.iss.net/static/5739.php\n\n_____\n\nDate Reported: 12/12/00\nVulnerability: http-cgi-ad\nPlatforms Affected: ad.cgi\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: ad.cgi input validation error\nX-Force URL: http://xforce.iss.net/static/5741.php\n\n_____\n\nDate Reported: 12/12/00\nVulnerability: kde-kmail-weak-encryption\nPlatforms Affected: KDE KMail\nRisk Factor: High\nAttack Type: Network/Host Based\nBrief Description: KDE KMail weak password encryption\nX-Force URL: http://xforce.iss.net/static/5761.php\n\n_____\n\nDate Reported: 12/12/00\nVulnerability: aolim-buddyicon-bo\nPlatforms Affected: AOL Instant Messenger\nRisk Factor: High\nAttack Type: Network/Host Based\nBrief Description: AOL Instant Messenger Buddy Icon buffer overflow\nX-Force URL: http://xforce.iss.net/static/5786.php\n\n_____\n\nDate Reported: 12/12/00\nVulnerability: aim-remote-bo\nPlatforms Affected: AOL Instant Messenger\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: AOL Instant Messenger buffer overflow\nX-Force URL: http://xforce.iss.net/static/5732.php\n\n_____\n\nDate Reported: 12/11/00\nVulnerability: rppppoe-zero-length-dos\nPlatforms Affected: rp-pppoe\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: rp-pppoe \"zero-length\" option denial of service\nX-Force URL: http://xforce.iss.net/static/5727.php\n\n_____\n\nDate Reported: 12/11/00\nVulnerability: proftpd-modsqlpw-unauth-access\nPlatforms Affected: ProFTPd\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: ProFTPD system using mod_sqlpw unauthorized access\nX-Force URL: http://xforce.iss.net/static/5737.php\n\n_____\n\nDate Reported: 12/11/00\nVulnerability: gnu-ed-symlink\nPlatforms Affected: GNU ed\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: GNU ed symlink\nX-Force URL: http://xforce.iss.net/static/5723.php\n\n_____\n\nDate Reported: 12/11/00\nVulnerability: oops-ftputils-bo\nPlatforms Affected: Oops Proxy Server\nRisk Factor: High\nAttack Type: Network/Host Based\nBrief Description: Oops Proxy Server ftp_utils buffer overflow\nX-Force URL: http://xforce.iss.net/static/5725.php\n\n_____\n\nDate Reported: 12/11/00\nVulnerability: oracle-oidldap-write-permission\nPlatforms Affected: Oracle Internet Directory\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: Oracle Internet Directory write permission\nX-Force URL: http://xforce.iss.net/static/5804.php\n\n_____\n\nDate Reported: 12/9/00\nVulnerability: foolproof-security-bypass\nPlatforms Affected: FoolProof\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: FoolProof Security restriction bypass using FTP\nX-Force URL: http://xforce.iss.net/static/5758.php\n\n_____\n\nDate Reported: 12/8/00\nVulnerability: broadvision-bv1to1-reveal-path\nPlatforms Affected: BroadVision One-To-One Enterprise Server\nRisk Factor: Low\nAttack Type: Network Based\nBrief Description: BroadVision One-To-One Enterprise Server reveals\npath to server\nX-Force URL: http://xforce.iss.net/static/5661.php\n\n_____\n\nDate Reported: 12/8/00\nVulnerability: ssldump-format-strings\nPlatforms Affected: ssldump\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: ssldump format string could allow arbitrary\nexecution of code\nX-Force URL: http://xforce.iss.net/static/5717.php\n\n_____\n\nDate Reported: 12/8/00\nVulnerability: coldfusion-sample-dos\nPlatforms Affected: ColdFusion\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: ColdFusion sample script denial of service\nX-Force URL: http://xforce.iss.net/static/5755.php\n\n_____\n\nDate Reported: 12/8/00\nVulnerability: kerberos4-arbitrary-proxy\nPlatforms Affected: Kerberos 4\nRisk Factor: High\nAttack Type: Network/Host Based\nBrief Description: KTH Kerberos 4 arbitrary proxy enviornment\nvariable\nX-Force URL: http://xforce.iss.net/static/5733.php\n\n_____\n\nDate Reported: 12/8/00\nVulnerability: kerberos4-auth-packet-overflow\nPlatforms Affected: Kerberos 4\nRisk Factor: High\nAttack Type: Network/Host Based\nBrief Description: KTH Kerberos 4 authentication packet buffer\noverflow\nX-Force URL: http://xforce.iss.net/static/5734.php\n\n_____\n\nDate Reported: 12/8/00\nVulnerability: kerberos4-user-config\nPlatforms Affected: Kerberos 4\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: KTH Kerberos 4 user supplied configuration files\nX-Force URL: http://xforce.iss.net/static/5738.php\n\n_____\n\nDate Reported: 12/8/00\nVulnerability: kerberos4-tmpfile-dos\nPlatforms Affected: Kerberos 4\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: KTH Kerberos 4 race condition\nX-Force URL: http://xforce.iss.net/static/5754.php\n\n_____\n\nDate Reported: 12/7/00\nVulnerability: homeseer-directory-traversal\nPlatforms Affected: HomeSeer\nRisk Factor: Low\nAttack Type: Network Based\nBrief Description: HomeSeer allows directory traversal\nX-Force URL: http://xforce.iss.net/static/5663.php\n\n_____\n\nDate Reported: 12/7/00\nVulnerability: offline-explorer-reveal-files\nPlatforms Affected: MetaProducts Offline Explorer\nRisk Factor: Low\nAttack Type: Network/Host Based\nBrief Description: MetaProducts Offline Explorer can reveal file\nsystem\nX-Force URL: http://xforce.iss.net/static/5728.php\n\n_____\n\nDate Reported: 12/7/00\nVulnerability: imail-smtp-auth-dos\nPlatforms Affected: IMail\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: IMail SMTP auth denial of service\nX-Force URL: http://xforce.iss.net/static/5674.php\n\n_____\n\nDate Reported: 12/6/00\nVulnerability: apc-apcupsd-dos\nPlatforms Affected: APC apcupsd\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: APC apcupsd denial of service\nX-Force URL: http://xforce.iss.net/static/5654.php\n\n_____\n\nDate Reported: 12/6/00\nVulnerability: cisco-catalyst-telnet-dos\nPlatforms Affected: Cisco Catalyst\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Cisco Catalyst telnet server memory leak denial of\nservice\nX-Force URL: http://xforce.iss.net/static/5656.php\n\n_____\n\nDate Reported: 12/6/00\nVulnerability: apache-php-disclose-files\nPlatforms Affected: Apache Web server\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Apache Web server discloses files when used with\nphp script\nX-Force URL: http://xforce.iss.net/static/5659.php\n\n_____\n\nDate Reported: 12/6/00\nVulnerability: ultraseek-reveal-path\nPlatforms Affected: Ultraseek\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Ultraseek Server can reveal the path and source\ncode to certain files\nX-Force URL: http://xforce.iss.net/static/5660.php\n\n_____\n\nDate Reported: 12/6/00\nVulnerability: irc-dreamforge-dns-dos\nPlatforms Affected: DreamForge IRCd\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: DreamForge IRCd DNS denial of service\nX-Force URL: http://xforce.iss.net/static/5721.php\n\n_____\n\nDate Reported: 12/6/00\nVulnerability: mailman-alternate-templates\nPlatforms Affected: MailMan\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: MailMan Alternate Templates form variable allows\nremote attacker to execute commands\nX-Force URL: http://xforce.iss.net/static/5649.php\n\n_____\n\nDate Reported: 12/6/00\nVulnerability: phpgroupware-include-files\nPlatforms Affected:\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: phpGroupWare include files allows remote attacker\nto execute commands\nX-Force URL: http://xforce.iss.net/static/5650.php\n\n_____\n\nDate Reported: 12/6/00\nVulnerability: markvision-printer-driver-bo\nPlatforms Affected: Lexmark MarkVision\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: Lexmark MarkVision printer drivers for Unix buffer\noverflows\nX-Force URL: http://xforce.iss.net/static/5651.php\n\n_____\n\nDate Reported: 12/6/00\nVulnerability: nt-ras-reg-perms\nPlatforms Affected: Windows NT\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: Windows NT RAS registry permissions\nX-Force URL: http://xforce.iss.net/static/5671.php\n\n_____\n\nDate Reported: 12/6/00\nVulnerability: nt-snmp-reg-perms\nPlatforms Affected: Windows NT\nRisk Factor: High\nAttack Type: Network/Host Based\nBrief Description: Windows NT SNMP registry permissions\nX-Force URL: http://xforce.iss.net/static/5672.php\n\n_____\n\nDate Reported: 12/6/00\nVulnerability: nt-mts-reg-perms\nPlatforms Affected: Windows NT\nRisk Factor: High\nAttack Type: Network/Host Based\nBrief Description: Windows NT MTS registry permissions\nX-Force URL: http://xforce.iss.net/static/5673.php\n\n_____\n\nDate Reported: 12/6/00\nVulnerability: irc-bitchx-dns-bo\nPlatforms Affected: BitchX\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: BitchX IRC DNS buffer overflow\nX-Force URL: http://xforce.iss.net/static/5701.php\n\n_____\n\nDate Reported: 12/5/00\nVulnerability: ibm-db2-gain-access\nPlatforms Affected: IBM DB2\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: IBM DB2 Universal Database can give access through\ndefault username and password\nX-Force URL: http://xforce.iss.net/static/5662.php\n\n_____\n\nDate Reported: 12/5/00\nVulnerability: ibm-db2-dos\nPlatforms Affected: IBM DB2\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: IBM DB2 Universal Database denial of service\nX-Force URL: http://xforce.iss.net/static/5664.php\n\n_____\n\nDate Reported: 12/5/00\nVulnerability: vsu-source-routing\nPlatforms Affected: VSU\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: VPNet VSU gateways contain source routing\nX-Force URL: http://xforce.iss.net/static/5667.php\n\n_____\n\nDate Reported: 12/5/00\nVulnerability: vsu-ip-bridging\nPlatforms Affected: VSU\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: VPNet VSU gateways contain bridging code\nX-Force URL: http://xforce.iss.net/static/5670.php\n\n_____\n\nDate Reported: 12/5/00\nVulnerability: ftp-servu-homedir-travers\nPlatforms Affected: Serv-U FTP\nRisk Factor: High\nAttack Type: Network/Host Based\nBrief Description: FTP Serv-U home directory traversal could allow\naccess to FTProot\nX-Force URL: http://xforce.iss.net/static/5639.php\n\n_____\n\nDate Reported: 12/4/00\nVulnerability: cisco-cbos-web-access\nPlatforms Affected: CISCO CBOS\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Cisco CBOS Web access enabled denial of service\nX-Force URL: http://xforce.iss.net/static/5626.php\n\n_____\n\nDate Reported: 12/4/00\nVulnerability: watchguard-soho-get-dos\nPlatforms Affected: WatchGuard SOHO\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: WatchGuard SOHO Firewall multiple GET requests\ndenial of service\nX-Force URL: http://xforce.iss.net/static/5665.php\n\n_____\n\nDate Reported: 12/4/00\nVulnerability: phone-book-service-bo\nPlatforms Affected: Windows 2000\n Windows NT\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Windows NT and 2000 Phone Book service buffer\noverflow\nX-Force URL: http://xforce.iss.net/static/5623.php\n\n_____\n\nDate Reported: 12/4/00\nVulnerability: cisco-cbos-syn-packets\nPlatforms Affected: CISCO CBOS\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Cisco CBOS SYN packets denial of service\nX-Force URL: http://xforce.iss.net/static/5627.php\n\n_____\n\nDate Reported: 12/4/00\nVulnerability: cisco-cbos-invalid-login\nPlatforms Affected: CISCO CBOS\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Cisco CBOS does not log invalid logins\nX-Force URL: http://xforce.iss.net/static/5628.php\n\n_____\n\nDate Reported: 12/4/00\nVulnerability: cisco-cbos-icmp-echo\nPlatforms Affected: CISCO CBOS\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Cisco CBOS large ICMP ECHO packet denial of\nservice\nX-Force URL: http://xforce.iss.net/static/5629.php\n\n_____\n\nDate Reported: 12/2/00\nVulnerability: phpweblog-bypass-authentication\nPlatforms Affected: phpWebLog\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: phpWebLog allows users to bypass authentication\nX-Force URL: http://xforce.iss.net/static/5625.php\n\n_____\n\nDate Reported: 12/1/00\nVulnerability: linux-diskcheck-race-symlink\nPlatforms Affected: Linux\nRisk Factor: Low\nAttack Type: Host Based\nBrief Description: Linux diskcheck race condition could allow a tmp\nfile symbolic link attack\nX-Force URL: http://xforce.iss.net/static/5624.php\n\n_____\n\nDate Reported: 12/1/00\nVulnerability: ie-form-file-upload\nPlatforms Affected: Microsoft Internet Explorer\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Internet Explorer file upload form\nX-Force URL: http://xforce.iss.net/static/5615.php\n\n_____\n\nDate Reported: 12/1/00\nVulnerability: mssql-xp-paraminfo-bo\nPlatforms Affected:\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Microsoft SQL XP srv_paraminfo() buffer overflow\nX-Force URL: http://xforce.iss.net/static/5622.php\n\n_____\n\nDate Reported: 12/1/00\nVulnerability: majordomo-auth-execute-commands\nPlatforms Affected: Majordomo\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Majordomo allows administrative access without\npassword\nX-Force URL: http://xforce.iss.net/static/5611.php\n\n_____\n\nDate Reported: 12/1/00\nVulnerability: ie-print-template\nPlatforms Affected: Microsoft Internet Explorer\nRisk Factor: High\nAttack Type: Network/Host Based\nBrief Description: Internet Explorer print template\nX-Force URL: http://xforce.iss.net/static/5614.php\n\n_____\n\nDate Reported: 12/1/00\nVulnerability: aix-piobe-bo\nPlatforms Affected: AIX\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: AIX piobe buffer overflow\nX-Force URL: http://xforce.iss.net/static/5616.php\n\n_____\n\nDate Reported: 12/1/00\nVulnerability: aix-pioout-bo\nPlatforms Affected: AIX\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: AIX pioout buffer overflow\nX-Force URL: http://xforce.iss.net/static/5617.php\n\n_____\n\nDate Reported: 12/1/00\nVulnerability: aix-setclock-bo\nPlatforms Affected: AIX\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: AIX setclock buffer overflow\nX-Force URL: http://xforce.iss.net/static/5618.php\n\n_____\n\nDate Reported: 12/1/00\nVulnerability: aix-enq-bo\nPlatforms Affected: AIX\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: AIX enq buffer overflow\nX-Force URL: http://xforce.iss.net/static/5619.php\n\n_____\n\nDate Reported: 12/1/00\nVulnerability: aix-digest-bo\nPlatforms Affected: AIX\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: AIX digest buffer overflow\nX-Force URL: http://xforce.iss.net/static/5620.php\n\n_____\n\nDate Reported: 12/1/00\nVulnerability: aix-setsenv-bo\nPlatforms Affected: AIX\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: AIX setsenv buffer overflow\nX-Force URL: http://xforce.iss.net/static/5621.php\n\n\n\nRisk Factor Key:\n\n High Any vulnerability that provides an attacker with immediate\n access into a machine, gains superuser access, or bypasses\n a firewall. Example: A vulnerable Sendmail 8.6.5 version\n that allows an intruder to execute commands on mail\n server. \n Medium Any vulnerability that provides information that has a\n high potential of giving system access to an intruder. \n Example: A misconfigured TFTP or vulnerable NIS server\n that allows an intruder to get the password file that\n could contain an account with a guessable password. \n Low Any vulnerability that provides information that\n potentially could lead to a compromise. Example: A\n finger that allows an intruder to find out who is online\n and potential accounts to attempt to crack passwords\n via brute force methods. \n\n\n_____\n\nAdditional Information\n\nThis document is available at http://xforce.iss.net/alerts/advisennn.php. \nTo receive these Alerts and Advisories:\n- - Subscribe to the Alert mailing list from\nhttp://xforce.iss.net/maillists/index.php\n- - Or send an email to majordomo@iss.net, and within the body of the\nmessage type: \n\u0027subscribe alert\u0027 (without the quotes). \n\n\nAbout Internet Security Systems (ISS)\nInternet Security Systems, Inc. (ISS) (NASDAQ: ISSX) is the leading\nglobal provider of security management solutions for the Internet. \nBy combining best of breed products, security management services, \naggressive research and development, and comprehensive educational \nand consulting services, ISS is the trusted security advisor for \nthousands of organizations around the world looking to protect their \nmission critical information and networks. \n\nCopyright (c) 2001 by Internet Security Systems, Inc. \n\nPermission is hereby granted for the redistribution of this Alert\nelectronically. It is not to be edited in any way without express consent\nof the X-Force. If you wish to reprint the whole or any part of this\nAlert in any other medium excluding electronic medium, please e-mail\nxforce@iss.net for permission. \n\nDisclaimer\n\nThe information within this paper may change without notice. Use of this\ninformation constitutes acceptance for use in an AS IS condition. There\nare NO warranties with regard to this information. In no event shall the\nauthor be liable for any damages whatsoever arising out of or in\nconnection with the use or spread of this information. Any use of this\ninformation is at the user\u0027s own risk. \n\n\n\n\nX-Force PGP Key available at: http://xforce.iss.net/sensitive.php as \nwell as on MIT\u0027s PGP key server and PGP.com\u0027s key server. \n\nPlease send suggestions, updates, and comments to: X-Force xforce@iss.net\nof Internet Security Systems, Inc. \n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: 2.6.3a\nCharset: noconv\n\niQCVAwUBOmd8xjRfJiV99eG9AQHGkAQAgX36zVSxItnmE160WG5ws5c6tp0F0Sr0\nLLmTWkj7iiYUNv2dKxsw0L4IxItVyilHBYDDrQtjpD76ABE1YhaU2qxlFCeNqMoL\nr21MXXYy0JZWfMCU+t7dk7VNtDzy/0EpbZIcBqziisvQJYgUin3viD54QK+gsYIw\njbM10AXVSHw=\n=5U+8\n-----END PGP SIGNATURE-----\n\n\n\n\n", "sources": [ { "db": "NVD", "id": "CVE-2001-0056" }, { "db": "CERT/CC", "id": "VU#610904" }, { "db": "CERT/CC", "id": "VU#739201" }, { "db": "CERT/CC", "id": "VU#808633" }, { "db": "CERT/CC", "id": "VU#872257" }, { "db": "CERT/CC", "id": "VU#886953" }, { "db": "BID", "id": "88560" }, { "db": "VULHUB", "id": "VHN-2878" }, { "db": "PACKETSTORM", "id": "24096" } ], "trust": 4.95 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2001-0056", "trust": 2.0 }, { "db": "XF", "id": "5628", "trust": 1.0 }, { "db": "XF", "id": "5804", "trust": 0.9 }, { "db": "XF", "id": "5618", "trust": 0.9 }, { "db": "XF", "id": "5620", "trust": 0.9 }, { "db": "XF", "id": "5619", "trust": 0.9 }, { "db": "XF", "id": "5621", "trust": 0.9 }, { "db": "CERT/CC", "id": "VU#610904", "trust": 0.8 }, { "db": "BID", "id": "2035", "trust": 0.8 }, { "db": "CERT/CC", "id": "VU#739201", "trust": 0.8 }, { "db": "BID", "id": "2033", "trust": 0.8 }, { "db": "CERT/CC", "id": "VU#808633", "trust": 0.8 }, { "db": "BID", "id": "2034", "trust": 0.8 }, { "db": "CERT/CC", "id": "VU#872257", "trust": 0.8 }, { "db": "BID", "id": "2032", "trust": 0.8 }, { "db": "CERT/CC", "id": "VU#886953", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-200102-109", "trust": 0.7 }, { "db": "CISCO", "id": "20001204 MULTIPLE VULNERABILITIES IN CBOS", "trust": 0.6 }, { "db": "BID", "id": "88560", "trust": 0.4 }, { "db": "VULHUB", "id": "VHN-2878", "trust": 0.1 }, { "db": "XF", "id": "5629", "trust": 0.1 }, { "db": "XF", "id": "5825", "trust": 0.1 }, { "db": "XF", "id": "5626", "trust": 0.1 }, { "db": "XF", "id": "5776", "trust": 0.1 }, { "db": "XF", "id": "5616", "trust": 0.1 }, { "db": "XF", "id": "5797", "trust": 0.1 }, { "db": "XF", "id": "5740", "trust": 0.1 }, { "db": "XF", "id": "5831", "trust": 0.1 }, { "db": "XF", "id": "5827", "trust": 0.1 }, { "db": "XF", "id": "5823", "trust": 0.1 }, { "db": "XF", "id": "5758", "trust": 0.1 }, { "db": "XF", "id": "5777", "trust": 0.1 }, { "db": "XF", "id": "5664", "trust": 0.1 }, { "db": "XF", "id": "5611", "trust": 0.1 }, { "db": "XF", "id": "5650", "trust": 0.1 }, { "db": "XF", "id": "5818", "trust": 0.1 }, { "db": "XF", "id": "5738", "trust": 0.1 }, { "db": "XF", "id": "5662", "trust": 0.1 }, { "db": "XF", "id": "5732", "trust": 0.1 }, { "db": "XF", "id": "5739", "trust": 0.1 }, { "db": "XF", "id": "5785", "trust": 0.1 }, { "db": "XF", "id": "5787", "trust": 0.1 }, { "db": "XF", "id": "5734", "trust": 0.1 }, { "db": "XF", "id": "5743", "trust": 0.1 }, { "db": "XF", "id": "5821", "trust": 0.1 }, { "db": "XF", "id": "5639", "trust": 0.1 }, { "db": "XF", "id": "5622", "trust": 0.1 }, { "db": "XF", "id": "5796", "trust": 0.1 }, { "db": "XF", "id": "5829", "trust": 0.1 }, { "db": "XF", "id": "5755", "trust": 0.1 }, { "db": "XF", "id": "5625", "trust": 0.1 }, { "db": "XF", "id": "5833", "trust": 0.1 }, { "db": "XF", "id": "5778", "trust": 0.1 }, { "db": "XF", "id": "5773", "trust": 0.1 }, { "db": "XF", "id": "5717", "trust": 0.1 }, { "db": "XF", "id": "5617", "trust": 0.1 }, { "db": "XF", "id": "5728", "trust": 0.1 }, { "db": "XF", "id": "5736", "trust": 0.1 }, { "db": "XF", "id": "5753", "trust": 0.1 }, { "db": "XF", "id": "5627", "trust": 0.1 }, { "db": "XF", "id": "5651", "trust": 0.1 }, { "db": "XF", "id": "5815", "trust": 0.1 }, { "db": "XF", "id": "5822", "trust": 0.1 }, { "db": "XF", "id": "5744", "trust": 0.1 }, { "db": "XF", "id": "5834", "trust": 0.1 }, { "db": "XF", "id": "5554", "trust": 0.1 }, { "db": "XF", "id": "5789", "trust": 0.1 }, { "db": "XF", "id": "5615", "trust": 0.1 }, { "db": "XF", "id": "5742", "trust": 0.1 }, { "db": "XF", "id": "5741", "trust": 0.1 }, { "db": "XF", "id": "5824", "trust": 0.1 }, { "db": "XF", "id": "5793", "trust": 0.1 }, { "db": "XF", "id": "5614", "trust": 0.1 }, { "db": "XF", "id": "5763", "trust": 0.1 }, { "db": "XF", "id": "5674", "trust": 0.1 }, { "db": "XF", "id": "5723", "trust": 0.1 }, { "db": "XF", "id": "5654", "trust": 0.1 }, { "db": "XF", "id": "5826", "trust": 0.1 }, { "db": "XF", "id": "5782", "trust": 0.1 }, { "db": "XF", "id": "5663", "trust": 0.1 }, { "db": "XF", "id": "5805", "trust": 0.1 }, { "db": "XF", "id": "5798", "trust": 0.1 }, { "db": "XF", "id": "5762", "trust": 0.1 }, { "db": "XF", "id": "5721", "trust": 0.1 }, { "db": "XF", "id": "5784", "trust": 0.1 }, { "db": "XF", "id": "5671", "trust": 0.1 }, { "db": "XF", "id": "5623", "trust": 0.1 }, { "db": "XF", "id": "5725", "trust": 0.1 }, { "db": "XF", "id": "5809", "trust": 0.1 }, { "db": "XF", "id": "5795", "trust": 0.1 }, { "db": "XF", "id": "5673", "trust": 0.1 }, { "db": "XF", "id": "5801", "trust": 0.1 }, { "db": "XF", "id": "5729", "trust": 0.1 }, { "db": "XF", "id": "5830", "trust": 0.1 }, { "db": "XF", "id": "5817", "trust": 0.1 }, { "db": "XF", "id": "5701", "trust": 0.1 }, { "db": "XF", "id": "5788", "trust": 0.1 }, { "db": "XF", "id": "5808", "trust": 0.1 }, { "db": "XF", "id": "5735", "trust": 0.1 }, { "db": "XF", "id": "5819", "trust": 0.1 }, { "db": "XF", "id": "5754", "trust": 0.1 }, { "db": "XF", "id": "5649", "trust": 0.1 }, { "db": "XF", "id": "5807", "trust": 0.1 }, { "db": "XF", "id": "5660", "trust": 0.1 }, { "db": "XF", "id": "5661", "trust": 0.1 }, { "db": "XF", "id": "5746", "trust": 0.1 }, { "db": "XF", "id": "5624", "trust": 0.1 }, { "db": "XF", "id": "5775", "trust": 0.1 }, { "db": "XF", "id": "5761", "trust": 0.1 }, { "db": "XF", "id": "5733", "trust": 0.1 }, { "db": "XF", "id": "5727", "trust": 0.1 }, { "db": "XF", "id": "5813", "trust": 0.1 }, { "db": "XF", "id": "5656", "trust": 0.1 }, { "db": "XF", "id": "5799", "trust": 0.1 }, { "db": "XF", "id": "5665", "trust": 0.1 }, { "db": "XF", "id": "5737", "trust": 0.1 }, { "db": "XF", "id": "5659", "trust": 0.1 }, { "db": "XF", "id": "5667", "trust": 0.1 }, { "db": "XF", "id": "5672", "trust": 0.1 }, { "db": "XF", "id": "5749", "trust": 0.1 }, { "db": "XF", "id": "5803", "trust": 0.1 }, { "db": "XF", "id": "5811", "trust": 0.1 }, { "db": "XF", "id": "5786", "trust": 0.1 }, { "db": "XF", "id": "5802", "trust": 0.1 }, { "db": "XF", "id": "5760", "trust": 0.1 }, { "db": "XF", "id": "5800", "trust": 0.1 }, { "db": "XF", "id": "5670", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "24096", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#610904" }, { "db": "CERT/CC", "id": "VU#739201" }, { "db": "CERT/CC", "id": "VU#808633" }, { "db": "CERT/CC", "id": "VU#872257" }, { "db": "CERT/CC", "id": "VU#886953" }, { "db": "VULHUB", "id": "VHN-2878" }, { "db": "BID", "id": "88560" }, { "db": "PACKETSTORM", "id": "24096" }, { "db": "CNNVD", "id": "CNNVD-200102-109" }, { "db": "NVD", "id": "CVE-2001-0056" } ] }, "id": "VAR-200102-0028", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-2878" } ], "trust": 0.01 }, "last_update_date": "2024-07-23T21:45:05.204000Z", "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-Other", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2001-0056" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.0, "url": "http://www.cisco.com/warp/public/707/cbos-multiple.shtml" }, { "trust": 1.6, "url": "http://techsupport.services.ibm.com/rs6000/aix.uhuic_getrec?args=dvhuron.boulder.ibm.com+dbaix+da139925+stiy08143+usbin" }, { "trust": 1.6, "url": "http://techsupport.services.ibm.com/support/rs6000.support/fixsearch?fixdb=aix4\u0026srchtype=apar\u0026query=iy08143" }, { "trust": 1.6, "url": "http://techsupport.services.ibm.com/rs6000/aix.uhuic_getrec?args=dvhuron.boulder.ibm.com+dbaix+da137627+stiy08287+usbin" }, { "trust": 1.6, "url": "http://techsupport.services.ibm.com/support/rs6000.support/fixsearch?fixdb=aix4\u0026srchtype=apar\u0026query=iy08287" }, { "trust": 1.1, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5628" }, { "trust": 1.0, "url": "http://xforce.iss.net/static/5628.php" }, { "trust": 0.9, "url": "http://xforce.iss.net/static/5804.php" }, { "trust": 0.9, "url": "http://xforce.iss.net/static/5618.php" }, { "trust": 0.9, "url": "http://xforce.iss.net/static/5620.php" }, { "trust": 0.9, "url": "http://xforce.iss.net/static/5619.php" }, { "trust": 0.9, "url": "http://xforce.iss.net/static/5621.php" }, { "trust": 0.8, "url": "http://www.securityfocus.com/templates/archive.pike?list=1\u0026mid=152620" }, { "trust": 0.8, "url": "http://www.securityfocus.com/bid/2035" }, { "trust": 0.8, "url": "http://techsupport.services.ibm.com/rs6000/aix.uhuic_getrec?args=dvhuron.boulder.ibm.com+dbaix+da139817+stiy07831+usbin" }, { "trust": 0.8, "url": "http://techsupport.services.ibm.com/support/rs6000.support/fixsearch?fixdb=aix4\u0026srchtype=apar\u0026query=iy07831" }, { "trust": 0.8, "url": "http://techsupport.services.ibm.com/rs6000/aix.uhuic_getrec?args=dvhuron.boulder.ibm.com+dbaix+da137621+stiy07790+usbin" }, { "trust": 0.8, "url": "http://techsupport.services.ibm.com/support/rs6000.support/fixsearch?fixdb=aix4\u0026srchtype=apar\u0026query=iy07790" }, { "trust": 0.8, "url": "http://www.securityfocus.com/bid/2033" }, { "trust": 0.8, "url": "http://www.rs6000.ibm.com/idd500/usr/share/man/info/en_us/a_doc_lib/cmds/aixcmds2/digest.htm#a26p05a6" }, { "trust": 0.8, "url": "http://www.securityfocus.com/bid/2034" }, { "trust": 0.8, "url": "http://www.rs6000.ibm.com/idd500/usr/share/man/info/en_us/a_doc_lib/cmds/aixcmds2/enq.htm#a200977f" }, { "trust": 0.8, "url": "http://www.securityfocus.com/bid/2032" }, { "trust": 0.8, "url": "http://techsupport.services.ibm.com/rs6000/aix.uhuic_getrec?args=dvhuron.boulder.ibm.com+dbaix+da114623+stiy10721+usbin" }, { "trust": 0.8, "url": "http://techsupport.services.ibm.com/support/rs6000.support/fixsearch?fixdb=aix4\u0026srchtype=apar\u0026query=iy10721" }, { "trust": 0.8, "url": "http://techsupport.services.ibm.com/rs6000/aix.uhuic_getrec?args=dvhuron.boulder.ibm.com+dbaix+da123587+stiy08812+usbin" }, { "trust": 0.8, "url": "http://techsupport.services.ibm.com/support/rs6000.support/fixsearch?fixdb=aix4\u0026srchtype=apar\u0026query=iy08812" }, { "trust": 0.8, "url": "http://www.rs6000.ibm.com/doc_link/en_us/a_doc_lib/cmds/aixcmds5/setsenv.htm#wpg2f0frit" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5742.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5775.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5795.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5701.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5813.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5639.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5762.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5830.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5754.php" }, { "trust": 0.1, "url": "http://xforce.iss.net)." }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5778.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5624.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5739.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5802.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5650.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5651.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5793.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5788.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5717.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5800.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5773.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5822.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5728.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5789.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5815.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5625.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5662.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5760.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5663.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5721.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5626.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5805.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5799.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5827.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5777.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5649.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5819.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5786.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5744.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5808.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5797.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5738.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5664.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5809.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5622.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5732.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5740.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5670.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5776.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5784.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5803.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5659.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5671.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5734.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5611.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5785.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5616.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5672.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5743.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5674.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5614.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5763.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/alerts/vol-06_num-02.php." }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5627.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5617.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5727.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5824.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5818.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5660.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5796.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5615.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5725.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5833.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5787.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5761.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5811.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5729.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5629.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5723.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5829.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5749.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5801.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5755.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5821.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5656.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5834.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5736.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5623.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5735.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5673.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5825.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5753.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5798.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5667.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/maillists/index.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5654.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5817.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/alerts/advisennn.php." }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5823.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5826.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/sensitive.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5554.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5831.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5665.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5741.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5733.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5782.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5807.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5758.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5661.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5737.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/5746.php" } ], "sources": [ { "db": "CERT/CC", "id": "VU#610904" }, { "db": "CERT/CC", "id": "VU#739201" }, { "db": "CERT/CC", "id": "VU#808633" }, { "db": "CERT/CC", "id": "VU#872257" }, { "db": "CERT/CC", "id": "VU#886953" }, { "db": "VULHUB", "id": "VHN-2878" }, { "db": "BID", "id": "88560" }, { "db": "PACKETSTORM", "id": "24096" }, { "db": "CNNVD", "id": "CNNVD-200102-109" }, { "db": "NVD", "id": "CVE-2001-0056" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#610904" }, { "db": "CERT/CC", "id": "VU#739201" }, { "db": "CERT/CC", "id": "VU#808633" }, { "db": "CERT/CC", "id": "VU#872257" }, { "db": "CERT/CC", "id": "VU#886953" }, { "db": "VULHUB", "id": "VHN-2878" }, { "db": "BID", "id": "88560" }, { "db": "PACKETSTORM", "id": "24096" }, { "db": "CNNVD", "id": "CNNVD-200102-109" }, { "db": "NVD", "id": "CVE-2001-0056" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2001-07-09T00:00:00", "db": "CERT/CC", "id": "VU#610904" }, { "date": "2001-09-28T00:00:00", "db": "CERT/CC", "id": "VU#739201" }, { "date": "2001-09-28T00:00:00", "db": "CERT/CC", "id": "VU#808633" }, { "date": "2001-09-28T00:00:00", "db": "CERT/CC", "id": "VU#872257" }, { "date": "2001-09-28T00:00:00", "db": "CERT/CC", "id": "VU#886953" }, { "date": "2001-02-16T00:00:00", "db": "VULHUB", "id": "VHN-2878" }, { "date": "2001-02-16T00:00:00", "db": "BID", "id": "88560" }, { "date": "2001-01-22T23:24:05", "db": "PACKETSTORM", "id": "24096" }, { "date": "2001-02-16T00:00:00", "db": "CNNVD", "id": "CNNVD-200102-109" }, { "date": "2001-02-16T05:00:00", "db": "NVD", "id": "CVE-2001-0056" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2001-07-09T00:00:00", "db": "CERT/CC", "id": "VU#610904" }, { "date": "2001-09-28T00:00:00", "db": "CERT/CC", "id": "VU#739201" }, { "date": "2001-09-28T00:00:00", "db": "CERT/CC", "id": "VU#808633" }, { "date": "2001-09-28T00:00:00", "db": "CERT/CC", "id": "VU#872257" }, { "date": "2001-09-28T00:00:00", "db": "CERT/CC", "id": "VU#886953" }, { "date": "2017-10-10T00:00:00", "db": "VULHUB", "id": "VHN-2878" }, { "date": "2001-02-16T00:00:00", "db": "BID", "id": "88560" }, { "date": "2005-05-02T00:00:00", "db": "CNNVD", "id": "CNNVD-200102-109" }, { "date": "2017-10-10T01:29:33.843000", "db": "NVD", "id": "CVE-2001-0056" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "24096" }, { "db": "CNNVD", "id": "CNNVD-200102-109" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Oracle Internet Directory LDAP Daemon does not check write permissions properly", "sources": [ { "db": "CERT/CC", "id": "VU#610904" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "unknown", "sources": [ { "db": "CNNVD", "id": "CNNVD-200102-109" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.