Free Republic
Browse · Search		 News/Activism
Topics · Post Article

Skip to comments.

Hundreds of models of computer devices affected by new security hole
AP ^ | 2-12-02 | D. IAN HOPPER, AP Technology Writer

Posted on 02/12/2002 1:49:06 PM PST by Oldeconomybuyer

Edited on 04/13/2004 2:39:35 AM PDT by Jim Robinson. [history]

WASHINGTON (AP) -- A new security flaw that affects network devices made by hundreds of different companies could threaten the well-being of the Internet, a government-funded research group warned Tuesday.

The problem is most serious for Internet service providers, which use systems called routers to manage the flow of messages across computer networks and the Internet, security experts said. The hole could let malicious hackers shut down or take control of those routers.


(Excerpt) Read more at sfgate.com ...

TOPICS: Miscellaneous; News/Current Events
KEYWORDS: computersecurityin; techindex

1 posted on 02/12/2002 1:49:07 PM PST by Oldeconomybuyer
[ Post Reply | Private Reply | View Replies]
To: Oldeconomybuyer
Ouch.
2 posted on 02/12/2002 1:56:02 PM PST by PatrioticAmerican
[ Post Reply | Private Reply | To 1 | View Replies]
To: Bush2000, Dominic Harr
Another furball brewing.
3 posted on 02/12/2002 1:56:27 PM PST by PatrioticAmerican
[ Post Reply | Private Reply | To 1 | View Replies]
To: PatrioticAmerican
Where is Harr, anyway? In his little fantasy world, pretending that MS is the only one with security issues?
4 posted on 02/12/2002 1:58:23 PM PST by Bush2000
[ Post Reply | Private Reply | To 3 | View Replies]
To: Oldeconomybuyer
Isn't SNMP an "OPEN SOURCE" protocol???
5 posted on 02/12/2002 2:01:39 PM PST by E=MC<sup>2</sup>
[ Post Reply | Private Reply | To 1 | View Replies]
To: PatrioticAmerican
If you'd like, I'll repeat for the nth time . . .

Others also have bugs. The difference is that they don't hide them like MS does. And the *frequency* of new bugs.

No one ever said no one else's stuff has bugs. And of course, you know that. This is serious, and needs to be addressed. I read that many companies *already have patches available*.

Those are the companies to praise.

Some companies have more work to do. They need to be leaned on.

Just like we lean on MS when they are slow to respond to bugs.

6 posted on 02/12/2002 2:58:05 PM PST by Dominic Harr
[ Post Reply | Private Reply | To 3 | View Replies]
To: PatrioticAmerican
Who still believes that security is only a problem for Microsoft? If so, please assume the position...

http://www.securityfocus.com/cgi-bin/vulns.pl

2002-01-31: Novell NetWare NDS Domain Admin Null Password Vulnerability
2002-01-30: Sun Java Virtual Machine Segmentation Violation Vulnerability
2002-01-21: Netscape/Mozilla Null Character Cookie Stealing Vulnerability
2002-01-20: Caldera UnixWare WebTop SCOAdminReg.CGI Arbitrary Command Execution Vulnerability
2002-01-17: Oracle SQL*Plus Unauthorized Shell Command Execution Vulnerability
2002-01-17: Oracle RDBMS Server Default Account Vulnerability
2002-01-17: Oracle Database Auditing Insecure Default Configuration Vulnerability
2002-01-17: Oracle 8i dbsnmp Command Remote Denial of Service Vulnerability
2002-01-08: UnixWare CDE DTLogin Log Directory Insecure Permissions Vulnerability
2002-01-02: Linux Encrypted Loop Filesystem Replay Attack Vulnerability
2001-12-29: Oracle9iAS Web Cache Privilege Escalation Vulnerability
2001-12-29: Oracle Oracle9iAS Web Cache World Readable Password File Vulnerability
2001-12-29: BugZilla BugList.CGI HTML Form SQL Query Manipulation Vulnerability
2001-12-28: Sun SMCBoot Insecure Temporary File Creation Directory Destruction Vulnerability
2001-12-28: Oracle9iAS Web Cache Null Character Denial Of Service Vulnerability
2001-12-28: Oracle9iAS Web Cache Multiple Periods Denial Of Service Vulnerability
2001-12-27: Mozilla Predictable Temporary File Symbolic Link Attack Vulnerability
2001-12-20: Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
2001-12-20: Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
2001-12-15: Novell Groupwise Servlet Gateway Default Authentication Vulnerability
2001-12-13: IBM WebSphere JSP Root Password Disclosure Vulnerability
2001-12-12: Multiple Vendor System V Derived 'login' Buffer Overflow Vulnerability
2001-12-12: Multiple Vendor System V Derived 'login' Buffer Overflow Vulnerability
2001-12-11: Multiple Vendor Image Count Denial of Service Vulnerability
2001-12-11: IBM Tivoli Policy Director WebSeal Denial Of Service Vulnerability
2001-12-09: BugZilla LDAP Authentication Bypass Vulnerability
2001-12-06: CDE XTerm Elevated Privilege Acquisition Vulnerability
2001-11-28: Apache Split-Logfile File Append Vulnerability
2001-11-26: Sun NetDynamics Session ID Hijacking Vulnerability
2001-11-23: Stronghold Secure Web Server Information Disclosure Vulnerability
2001-11-22: Oracle9iAS Web Cache HTTP Content Header Denial Of Service Vulnerability
2001-11-22: IBM Informix Web Datablade Directory Traversal Vulnerability
2001-11-21: Linux VMLinux Arbitrary Kernel Execution Denial of Service Vulnerability
2001-11-16: Caldera XLock Buffer Overflow Vulnerability
2001-11-13: RedHat Linux Korean Installation Insecure Default UMask Vulnerability
2001-11-11: BugZilla LongList.CGI SQL Query Manipulation Vulnerability
2001-11-08: Solaris PT_CHMOD Arbitrary Terminal Writing Vulnerability
2001-11-08: RedHat Linux IPTables Save Option Unrestorable Rules Vulnerability
2001-11-08: IBM HTTP Server Source Code Disclosure Vulnerability
2001-11-07: BugZilla UserPrefs.CGI Groupset Form Element Manipulation Vulnerability
2001-11-06: Multiple Vendor CDE dtspcd Buffer Overflow Vulnerability
2001-11-06: Multiple Vendor CDE dtspcd Buffer Overflow Vulnerability
2001-11-06: Multiple Vendor CDE dtspcd Buffer Overflow Vulnerability
2001-11-06: BugZilla BugList.CGI SQL Query Manipulation Vulnerability
2001-11-05: Red Hat TUX HTTP Server Oversized Host Denial of Service Vulnerability
2001-11-05: BugZilla Process_Bug.CGI Comment Spoofing Vulnerability
2001-11-05: BugZilla Post_Bug.CGI Bug Report Spoofing Vulnerability
2001-11-04: BugZilla DoEditVotes.CGI Login Error Information Leak Vulnerability
2001-11-02: ToolTalk Library Buffer Overflow Vulnerability
2001-11-02: Linux Syn Filter Evasion Vulnerability
2001-10-29: IBM CCA 3DES Exporter Key Generation Weakness
2001-10-29: CDE DTPrintInfo Session Option Buffer Overflow Vulnerability
2001-10-24: RedHat RPM Corrupt Query Vulnerability
2001-10-23: Oracle Label Security Unauthorized Access Vulnerability
2001-10-22: Solaris in.fingerd Information Disclosure Vulnerability
2001-10-19: Oracle9iAS Web Cache Buffer Overflow DoS Vulnerability
2001-10-18: Oracle9iAS Web Cache Buffer Overflow Vulnerability
2001-10-18: Linux Ptrace/Setuid Exec Vulnerability
2001-10-18: Linux Deep Symbolic Link Denial of Service Vulnerability
2001-10-15: Novell Groupwise Arbitrary File Retrieval Vulnerability
2001-10-10: Oracle Oracle9iAS Web Cache HTTP Header DoS Vulnerability
2001-10-10: Linux 2.4 Kernel MAC Module Filtering Bypassing Vulnerability
2001-10-02: Multiple CDE Vendor ToolTalk Database Server Format String Vulnerability
2001-10-02: Multiple CDE Vendor ToolTalk Database Server Format String Vulnerability
2001-10-02: Multiple CDE Vendor ToolTalk Database Server Format String Vulnerability
2001-09-28: BugZilla Show_Bug.CGI Product Pulldown Bug Disclosure Vulnerability
2001-09-26: RedHat Setserial Init Script Predictable Temporary File Vulnerability
2001-09-24: IBM HACMP Port Scan Denial of Service Vulnerability
2001-09-19: IBM WebSphere Application Server Predictable Session ID Vulnerability
2001-09-17: Oracle 9i Application Server Path Revealing Vulnerability
2001-09-12: Red Hat Linux Apache Remote Username Enumeration Vulnerability
2001-09-04: Informix SQL Temporary Log File Symbolic Link Vulnerability
2001-09-04: Informix SQL SNMPDM Predictable Temporary File Creation Vulnerability
2001-09-04: Informix SQL ONSRVAPD Predictable Temporary File Creation Vulnerability
2001-08-31: Solaris lpd Remote Command Execution Vulnerability
2001-08-29: Bugzilla showvotes.cgi Cross-Site Scripting Vulnerability
2001-08-29: Bugzilla showattachment.cgi Arbitrary Bug Viewing Vulnerability
2001-08-29: Bugzilla reports.cgi Cross-Site Scripting Vulnerability
2001-08-29: Bugzilla process_bug.cgi Information Disclosure Vulnerability
2001-08-29: Bugzilla process_bug.cgi Duplicate Bug Disclosure Vulnerability
2001-08-29: Bugzilla describecomponents.cgi Arbitrary Bug Viewing Vulnerability
2001-08-29: Bugzilla createaccount.cgi Cross-Site Scripting Vulnerability
2001-08-29: BugZilla Show_Activity.CGI Restricted Bug Comments Revealing Vulnerability
2001-08-29: BugZilla ShowVotes.CGI Restricted Bug Comments Revealing Vulnerability
2001-08-29: BugZilla ShowDependencyTree.CGI Restricted Bug Comments Revealing Vulnerability
2001-08-29: BugZilla ShowDependencyGraph.CGI Restricted Bug Comments Revealing Vulnerability
2001-08-29: BugZilla Process_Bug.CGI Restricted Bug Comments Revealing Vulnerability
2001-08-28: Caldera Open Unix LPSystem Buffer Overflow Vulnerability
2001-08-27: Lpd Remote Command Execution via DVI Printfilter Configuration Error
2001-08-27: Caldera Open Unix UIDAdmin Scheme Option Buffer Overflow Vulnerability
2001-08-24: Java Plug-In 1.4/JRE 1.3 Expired Certificate Vulnerability
2001-08-15: Novell Groupwise Directory Disclosure Vulnerability
2001-08-14: Novell GroupWise Padlock Vulnerability
2001-08-10: Solaris xlock Heap Overflow Vulnerability
2001-08-03: IBM Tivoli RExec Dependency Vulnerability
2001-08-02: Oracle OTRCREP Oracle Home Environment Variable Buffer Overflow Vulnerability
2001-08-02: Oracle DBSNMP Oracle Home Environment Variable Buffer Overflow
2001-08-02: Oracle /tmp Race Condition Vulnerability
2001-08-02: IBM 8725 Ethernet Switch 'Code Red' Denial of Service Vulnerability
2001-08-02: CDE Utilities DT Library Buffer Overflow Vulnerability
2001-08-02: CDE Utilities DT Library Buffer Overflow Vulnerability
2001-08-01: Oracle DBSNMP Oracle Home Environment Variable Changing Vulnerability
2001-08-01: Oracle DBSNMP CHOwn Path Environment Variable Vulnerability
2001-07-30: Linux IRC IP Masquerading Module Arbitrary Firewall Rule Insertion Vulnerability
2001-07-25: Linux UDP Denial of Service Vulnerability
2001-07-24: Solaris DTMail Mail Environment Variable Buffer Overflow Vulnerability
2001-07-23: IBM Tivoli SecureWay Policy Director Directory Traversal Vulnerability
2001-07-19: Multiple Linux Vendor TCLTK Unsafe Library Searching Vulnerability
2001-07-19: Multiple Linux Vendor Expect Insecure Library Loading Vulnerability
2001-07-18: Multiple Vendor Telnetd Buffer Overflow Vulnerability
2001-07-18: Multiple Vendor Telnetd Buffer Overflow Vulnerability
2001-07-17: Multiple Ucd-Snmp Vulnerabilities
2001-07-17: Caldera OpenLinux DocView Meta-Character Filtering Vulnerability
2001-07-16: Oracle Internet Directory Format String Vulnerabilities
2001-07-16: Oracle Internet Directory Buffer Overflow Vulnerabilities
2001-07-16: Linux Init Default Umask Vulnerability
2001-07-16: IBM SecureWay Directory Denial of Service Vulnerabilities
2001-07-11: IBM DB2 Denial of Service Vulnerability
2001-07-10: Apache Possible Directory Index Disclosure Vulnerability
2001-07-07: Multiple Vendor Small TCP MSS Denial of Service Vulnerability
2001-07-07: Multiple Vendor Small TCP MSS Denial of Service Vulnerability
2001-07-05: Solaris whodo Buffer Overflow Vulnerability
2001-07-02: IBM WebSphere Cross-Site Scripting Vulnerability
2001-06-28: Unixware Cron Command Line Buffer Overflow Vulnerability
2001-06-28: Oracle 8i TNS Listener Buffer Overflow Vulnerability
2001-06-28: IBM AIX LANG Environment Variable Buffer Overflow Vulnerability
2001-06-27: Oracle 8i SQLNet Denial of Service Vulnerability
2001-06-27: Linux procfs Stream Redirection to Process Memory Vulnerability
2001-06-26: UnixWare SU Command Line Buffer Overflow Vulnerability
2001-06-26: Solaris libsldap Buffer Overflow Vulnerability
2001-06-21: Solaris PTExec Buffer Overflow Vulnerability
2001-06-20: Solaris cb_reset Buffer Overflow Vulnerability
2001-06-19: Multiple Vendor lpd Remote Buffer Overflow Vulnerability
2001-06-19: Multiple Vendor lpd Remote Buffer Overflow Vulnerability
2001-06-19: AIX diagrpt Arbitrary Privileged Program Execution Vulnerability
2001-06-12: Unixware Libcurses Buffer Overflow Vulnerability
2001-06-12: Linux Man Page Source Buffer Overflow Vulnerability
2001-06-08: Volution Client Authentication Failure Hijacking Vulnerability
2001-06-08: OVActionD SNMPNotify Command Execution Vulnerability
2001-06-04: SunOS mail HOME Buffer Overflow Vulnerability
2001-06-04: Linux Man Malicious Cache File Creation Vulnerability
2001-05-28: Solaris mailtool Buffer Overflow Vulnerability
2001-05-13: Man -S Heap Overflow Vulnerability
2001-05-10: Solaris rpc.yppasswdd Buffer Overflow Vulnerability
2001-05-07: Oracle ADI Plain Text Password Storage Vulnerability
2001-05-02: Solaris mailx -F Buffer Overflow Vulnerability
2001-05-02: RedHat Linux Swap File World Readable Permissions Vulnerability
2001-04-30: Bugzilla Sensitive Information Disclosure Vulnerability
2001-04-20: Novell BorderManager Remote DoS Vulnerability
2001-04-18: Oracle 8 Server 'TNSLSNR80.EXE' DoS Vulnerability
2001-04-17: Solaris FTP Core Dump Shadow Password Recovery Vulnerability
2001-04-16: IPTables FTP Stateful Inspection Arbitrary Filter Rule Insertion Vulnerability
2001-04-13: IBM Websphere/Net.Commerce Installation Directory Revealing Vulnerability
2001-04-13: IBM Websphere/Net.Commerce CGI-BIN Macro Denial of Service Vulnerability
2001-04-12: Solaris IPCS Timezone Buffer Overflow Vulnerability
2001-04-11: Solaris kcms_configure KCMS_PROFILES Buffer Overflow Vulnerability
2001-04-11: Solaris IN.FTPD CWD Username Enumeration Vulnerability
2001-04-11: Oracle Application Server ndwfn4.so buffer overflow
2001-04-11: CDE dtsession Buffer Overflow Vulnerability
2001-04-10: Solaris Xsun HOME Buffer Overflow Vulnerability
2001-04-09: Solaris ftpd glob() Expansion LIST Heap Overflow Vulnerability
2001-04-09: Solaris 7/8 kcms_configure Command-Line Buffer Overflow Vulnerability
2001-04-04: Ntpd Remote Buffer Overflow Vulnerability
2001-03-28: JavaServer Web Development Kit v1.0 Directory Traversal Vulnerability
2001-03-27: Solaris tip Buffer Overflow Vulnerability
2001-03-27: Linux ptrace/execve Race Condition Vulnerability
2001-03-15: Solaris snmpXdmid Buffer Overflow Vulnerability
2001-03-15: Multiple Vendor FTP glob Expansion Vulnerability
2001-03-15: Multiple Vendor FTP glob Expansion Vulnerability
2001-03-14: Multiple Vendor TCP Initial Sequence Number Statistical Vulnerability
2001-03-14: Multiple Vendor TCP Initial Sequence Number Statistical Vulnerability
2001-03-14: Multiple Vendor TCP Initial Sequence Number Statistical Vulnerability
2001-03-13: Solaris SSP SNMPD Argument Buffer Overflow Vulnerability
2001-03-12: timed Small Packet Denial of Service Vulnerability
2001-03-08: Novell Netware Print Server Passwordless Account Vulnerability
2001-03-07: IBM Net.Commerce WebSphere Weak Password Vulnerability
2001-02-28: Mailx Buffer Overflow Vulnerability
2001-02-21: Sun JRE Arbitrary Command Execution Vulnerability
2001-02-16: Multiple Vendor Call Gate Creation Input Validation Vulnerability
2001-02-10: Novell GroupWise Network Directory Browsing Vulnerability
2001-02-09: Sun JRE/SDK Clipboard Tapping Vulnerability
2001-02-09: Linux sysctl() Kernel Memory Reading Vulnerability
2001-02-05: IBM Net.Commerce Remote Arbitrary Command Execution Vulnerability
2001-02-02: IBM Websphere Directory Traversal Vulnerability
2001-02-01: gnuserv MIT-MAGIC-COOKIE Remote Buffer Overflow Vulnerability
2001-01-31: Solaris ximp40 Library Buffer Overflow Vulnerability
2001-01-30: Red Hat Linux Inetd Daytime Denial of Service Vulnerability
2001-01-29: sort Insecure Temporary File Denial of Service Vulnerability
2001-01-23: Oracle XSQL Servlet Arbitrary Java Code Vulnerability
2001-01-22: Oracle JSP/SQLJSP Servlet Execution Vulnerability
2001-01-17: Solaris cu Buffer Overflow Vulnerability
2001-01-16: glibc LD_PRELOAD File Overwriting Vulnerability
2001-01-15: Caldera DHCP Package Format String Vulnerabililty
2001-01-12: Solaris arp Buffer Overflow Vulnerability
2001-01-10: wu-ftpd /tmp File Race Condition Vulnerability
2001-01-10: squid /tmp File Race Condition Vulnerability
2001-01-10: shadow-utils /etc/default Temp File Race Condition Vulnerability
2001-01-10: sdiff /tmp File Race Condition Vulnerability
2001-01-10: rdist /tmp File Race Condition Vulnerability
2001-01-10: mgetty /tmp File Race Condition Vulnerability
2001-01-10: mgetty /tmp File Race Condition Vulnerability
2001-01-10: linuxconf /tmp File Race Condition Vulnerability
2001-01-10: inn /tmp File Race Condition Vulnerability
2001-01-10: inn /tmp File Race Condition Vulnerability
2001-01-10: gpm /tmp File Race Condition Vulnerability
2001-01-10: glibc RESOLV_HOST_CONF File Read Access Vulnerability
2001-01-10: getty_ps /tmp File Race Condition Vulnerability
2001-01-10: arpwatch /tmp File Race Condition Vulnerability
2001-01-10: Apache /tmp File Race Vulnerability
2001-01-09: Solaris exrecover Buffer Overflow Vulnerability
2001-01-08: IBM HTTP Server AfpaCache/WebSphereNet.Data DoS Vulnerability
2000-12-30: Solaris mailx Lockfile Denial Of Service Vulnerability
2000-12-19: Oracle IAS PL/SQL Injection Vulnerabililty
2000-12-19: Oracle Apache+WebDB Documented Backdoor Vulnerability
2000-12-18: Solaris patchadd Race Condition Vulnerability
2000-12-18: Solaris catman Race Condition Vulnerability
2000-12-05: RedHat Linux diskcheck Race Condition Vulnerability
2000-12-05: IBM DB2 Universal Database for Windows NT SQL DoS Vulnerability
2000-12-05: IBM DB2 Universal Database Known Default Password Vulnerability
2000-12-01: AIX setsenv Buffer Overflow Vulnerability
2000-12-01: AIX setclock Buffer Overflow Vulnerability
2000-12-01: AIX pioout Buffer Overflow Vulnerability
2000-12-01: AIX piomkapqd Buffer Overflow Vulnerability
2000-12-01: AIX piobe Buffer Overflow Vulnerability
2000-12-01: AIX enq Buffer Overflow Vulnerability
2000-12-01: AIX digest Buffer Overflow Vulnerability
2000-11-30: Linux Non-Readable File Ptrace Vulnerability
2000-11-29: Sun JDK/JRE Disallowed Class Loading Vulnerability
2000-11-29: IBM Net.Data Path Disclosure Vulnerability
2000-11-23: IBM HTTP Server Denial of Service Vulnerability
2000-11-20: Oracle cmctl Buffer Overflow Vulnerability
2000-11-10: Multiple Vendor UNIX adduser/useradd Vulnerability
2000-11-08: StarOffice /tmp Directory Symbolic Link Vulnerability
2000-11-03: RedHat Linux restore Insecure Environment Variables Vulnerability
2000-11-01: Multiple Vendor top Format String Vulnerability
2000-11-01: Multiple Vendor Mail Reply-To Field Vulnerability
2000-11-01: Multiple Vendor Mail Reply-To Field Vulnerability
2000-11-01: Multiple Vendor Mail Reply-To Field Vulnerability
2000-10-31: Multiple Vendor dump Insecure Environment Variables Vulnerability
2000-10-25: Sun HotJava Browser Arbitrary DOM Access Vulnerability
2000-10-25: Oracle listener Input Validation Vulnerabilities
2000-10-18: RedHat Linux ping Buffer Overflow Vulnerability
2000-10-18: Oracle Internet Directory 2.0.6 oidldap Vulnerability
2000-10-09: Multiple Vendor libncurses Terminfo Buffer Overflow Vulnerability
2000-10-06: Tmpwatch Arbitrary Command Execution Vulnerability
2000-10-05: BSD talkd Remote Format String Vulnerability
2000-09-28: LBNL Traceroute Heap Corruption Vulnerability
2000-09-26: Multiple Vendor lpr Format String Vulnerability
2000-09-25: Multiple Vendor LPRng User-Supplied Format String Vulnerability
2000-09-25: Multiple Vendor LPRng User-Supplied Format String Vulnerability
2000-09-19: RedHat Glint /tmp Symbolic Link Vulnerability
2000-09-15: WebSphere Application Server Plugin DoS Vulnerability
2000-09-13: Multiple Linux Vendor klogd Vulnerability
2000-09-09: Tmpwatch Recursive Write DoS Vulnerability
2000-09-04: Multiple Vendor Locale Subsystem Format String Vulnerability
2000-09-04: Multiple Vendor Locale Subsystem Format String Vulnerability
2000-09-04: Multiple Vendor Locale Subsystem Format String Vulnerability
2000-09-04: Multiple Vendor Locale Subsystem Format String Vulnerability
2000-09-03: AIX netstat -Z Statistic Clearing Vulnerability
2000-08-22: Sun Java Web Server Web Admin / Bullettin Board Vulnerability
2000-08-16: OS/2 4.5 FTP Server Login DoS Vulnerability
2000-08-08: Solaris AnswerBook2 Administration Interface Access Vulnerability
2000-08-08: Multiple Vendor mopd User Inputted Data Used as Format String Vulnerability
2000-08-08: Multiple Vendor mopd Buffer Overflow Vulnerability
2000-08-07: Solaris AnswerBook2 Remote Command Execution Vulnerability
2000-07-28: Norton Antivirus with Novell Client Autoprotection Disabling Vulnerability
2000-07-27: Multiple Linux Vendor pam_console Remote User Vulnerability
2000-07-25: Netscape Communicator JPEG-Comment Heap Overwrite Vulnerability
2000-07-24: IBM WebSphere Showcode Vulnerability
2000-07-20: Default Sun Java Web Server Servlets Vulnerability
2000-07-18: Multiple Vendor Linux Usermode Package Vulnerability
2000-07-16: Multiple Linux Vendor rpc.statd Remote Format String Vulnerability
2000-07-12: Sun Java Web Server Vulnerability
2000-07-11: Novell Netware 5.0 port 40193 Denial of Service Vulnerability
2000-07-07: Novell BorderManager User Impersonation Vulnerability
2000-07-05: Oracle Web Listener Denial of Service Vulnerability
2000-07-05: Novell BorderManager URL Rule Restriction Bypass Vulnerability
2000-07-05: Multiple Vendor ftpd setproctitle() Format String Vulnerability
2000-07-03: Multiple Vendor man(1) 'makewhatis' Insecure /tmp Files Vulnerability
2000-07-03: Multiple Vendor man(1) 'makewhatis' Insecure /tmp Files Vulnerability
2000-06-26: Netscape Enterprise Server for Netware Buffer Overflow Vulnerability
2000-06-22: Wu-Ftpd Remote Format String Stack Overwrite Vulnerability
2000-06-22: Wu-Ftpd Remote Format String Stack Overwrite Vulnerability
2000-06-21: gkermit setgid uucp Vulnerability
2000-06-21: Multiple Linux Vendor KON (Kanji On Console) Buffer Overflow Vulnerability
2000-06-20: AIX cdmount Insecure External Program Call Vulnerability
2000-06-14: Solaris ufsrestore Buffer Overflow Vulnerability
2000-06-09: RedHat Piranha Virtual Server Package Plaintext Password Vulnerability
2000-06-08: Multiple Vendor JSP Source Code Disclosure Vulnerability
2000-06-08: Linux rpc.lockd Remote Denial Of Service Vulnerability
2000-06-07: Linux Capabilities Vulnerability
2000-05-31: KDE KApplication configfile vulnerability
2000-05-31: Apache HTTP Server (win32) Root Directory Access Vulnerability
2000-05-24: AIX Filesystem Vulnerability
2000-05-16: Multiple Vendor Kerberos 5/Kerberos 4 Compatibility krb_rd_req() Buffer Overflow Vulnerability
2000-05-12: Solaris netpr Buffer Overflow Vulnerability
2000-05-11: Bugzilla Remote Arbitrary Command Execution Vulnerability
2000-05-03: Multiple Linux Vendor pam_console Vulnerability
2000-05-01: Linux knfsd Denial of Service Vulnerability
2000-04-26: AIX frcactrl Insecure File Handling Vulnerability
2000-04-24: Solaris lpset -r Buffer Overflow Vulnerability
2000-04-24: Solaris lp -d Option Buffer Overflow Vulnerability
2000-04-24: Solaris Xsun Buffer Overrun Vulnerability
2000-04-24: RedHat Piranha Virtual Server Package passwd.php3 Arbitrary Command Execution Vulnerability
2000-04-24: RedHat Piranha Virtual Server Package Default Account and Password Vulnerability
2000-04-23: ncurses TERMCAP Buffer Overflow Vulnerability
2000-04-21: OpenLDAP /usr/tmp/ Symlink Vulnerability
2000-04-19: Netware 5.1 Remote Administration Buffer Overflow Vulnerability
2000-04-19: Multiple Vendor popd Lock File Denial of Service Vulnerability
2000-04-16: Star Office 5.1 Buffer Overflow Vulnerabilities
2000-04-16: Multiple Vendor X Font Server DoS and Buffer Overflow Vulnerabilities
2000-04-06: IBM ikeyman Java Class Creation Vulnerability
2000-04-04: IBM Net.Data Buffer Overflow Vulnerability
2000-03-27: Multiple Linux Vendor 2.2.x Kernel IP Masquerading Vulnerabilities
2000-03-27: Multiple Linux Vendor 2.2.x Kernel IP Masquerading Vulnerabilities
2000-03-23: Multiple Linux Vendor Domain Socket Denial of Service Vulnerability
2000-03-23: Multiple Linux Vendor Domain Socket Denial of Service Vulnerability
2000-03-22: Multiple Linux Vendor gpm Setgid Vulnerability
2000-03-15: Oracle Web Listener Batch File Vulnerability
2000-03-14: AIX ld -L Flag Potential Vulnerability
2000-03-13: Multiple Linux vendor imwheel Vulnerability
2000-03-09: StarOffice StarScheduler Remote Buffer Overflow Vulnerability
2000-03-09: StarOffice StarScheduler Arbitrary File Read Vulnerability
2000-03-09: Printtool Printer Share Password Compromise Vulnerability
2000-03-05: Oracle for Linux Installer Vulnerability
2000-03-05: Caldera OpenLinux 2.3 rpm_query CGI Vulnerability
2000-02-28: nmh Buffer Overflow Vulnerability
2000-02-28: Multiple Vendor "dump" Buffer Overflow Vulnerability
2000-02-26: Multiple Linux Vendor man Buffer Overrun Vulnerability
2000-02-23: RedHat Single User Mode Authentication Vulnerability
2000-02-21: Sun Licensing Manager Symlink Vulnerability
2000-02-19: Sun Internet Mail Server Cleartext Passwords During Installation Vulnerability
2000-02-15: Multiple Vendor SNMP World Writeable Community Vulnerability
2000-02-07: Novell GroupWise 5.5 Enhancement Pack DoS Vulnerability
2000-02-04: Novell Border Manager Audit Trail Proxy DoS Vulnerability
2000-01-22: Oracle JSP/JSPSQL Remote File Reading Vulnerability
2000-01-11: Redhat Linux lpd Vulnerabilities
2000-01-10: AIX techlibss Symbolic Link Vulnerability
2000-01-06: Solaris chkperm Buffer Overflow Vulnerability
2000-01-04: Multiple Linux Vendor userhelper/PAM Path Vulnerability
2000-01-02: Unix Shell Redirection Race Condition Vulnerability
2000-01-02: Unix Shell Redirection Race Condition Vulnerability
2000-01-02: Unix Shell Redirection Race Condition Vulnerability
1999-12-27: IBM Network Station Manager Race Condition Vulnerability
1999-12-22: Solaris DMI Denial of Service Vulnerabilities
1999-12-19: Novell GroupWise GWWEB.EXE Multiple Vulnerabilities
1999-12-10: Solaris sadmind Buffer Overflow Vulnerability
1999-12-09: Solaris snoop (GETQUOTA) Buffer Overflow Vulnerability
1999-12-09: Solaris sadmind Disabled Authentication Vulnerability
1999-12-08: Linux Packet Length with Options Vulnerability
1999-12-08: Linux Packet Length with Options Vulnerability
1999-12-07: Solaris snoop (print_domain_name) Buffer Overflow Vulnerability
1999-12-03: RedHat Linux 6.1 ORBit and gnome-session Remote DoS Vulnerability
1999-12-03: RedHat Linux 6.1 ORBit and esound Weak Authentication Vulnerability
1999-12-02: IBM Websphere Installation Permissions Vulnerability
1999-12-01: Solaris arp Vulnerabilities
1999-11-30: Solaris kcms_configure
1999-11-30: Multiple Vendor CDE dtmail/mailtool Buffer Overflow Vulnerability
1999-11-25: Oracle Web Listener URL Character Substitution Vulnerability
1999-11-23: Sun Java IDE Webserver IP Restriction Failure Vulnerability
1999-11-23: Linux gpm Denial of Service Vulnerability
1999-11-23: Linux gpm Denial of Service Vulnerability
1999-11-19: Solaris rpc.ttdbserver Denial of Service Vulnerability
1999-11-10: Multiple Vendor BIND (NXT Overflow & Denial of Service) Vulnerabilities
1999-11-09: Linux nfsd Remote Buffer Overflow Vulnerability
1999-11-08: RedHat Linux csh/tcsh Vulnerability
1999-11-03: Multiple Vendor CDE dtappgather Vulnerabilities
1999-11-03: Multiple Vendor CDE dtappgather Vulnerabilities
1999-11-02: IBM HomePagePrint Buffer Overflow Vulnerability
1999-11-02: Canna subsystem 'uum' Buffer Overflow Vulnerability
1999-11-01: Multiple Vendor Linux NIS Vulnerabilities
1999-11-01: Multiple Vendor Linux NIS Vulnerabilities
1999-10-26: AIX Filtering Vulnerability
1999-10-24: IBM WebSphere ikeyman Weak Encrypted Password Vulnerability
1999-10-21: RedHat screen pty(7) Vulnerability
1999-10-18: RedHat lpr/lpd Vulnerabilities
1999-10-13: RedHat PAM NIS Locked Accounts Vulnerability
1999-10-08: Novell Client Denial of Service Vulnerability
1999-10-08: Caldera IDENT daemon Denial of Service Vulnerability
1999-10-04: RPMMail Local/Remote Root Vulnerability
1999-09-28: AIX ftpd Remote Buffer Overflow
1999-09-27: Linux Predictable TCP Initial Sequence Number Vulnerability
1999-09-23: Solaris Recursive mutex_enter Panic Vulnerability
1999-09-23: AIX named-xfer File Overwrite Vulnerability
1999-09-22: Solaris Profiling File Creation Vulnerability
1999-09-13: Multiple Vendor CDE dtspcd Vulnerability
1999-09-13: Multiple Vendor CDE dtaction Userflag Buffer Overflow Vulnerability
1999-09-13: Multiple Vendor CDE dtaction Userflag Buffer Overflow Vulnerability
1999-09-13: Multiple Vendor CDE TTSession Buffer Overflow Vulnerability
1999-09-13: Multiple Vendor CDE TTSession Buffer Overflow Vulnerability
1999-09-12: Solaris /usr/bin/mail -m Local Buffer Overflow Vulnerability
1999-09-02: Multiple Vendor INN inews Buffer Overflow Vulnerability
1999-08-30: Multiple Vendor amd Buffer Overflow Vulnerability
1999-08-25: Vixie Cron MAILTO Sendmail Vulnerability
1999-08-25: Vixie Cron MAILTO Sendmail Vulnerability
1999-08-25: Vixie Cron Buffer Overflow Vulnerability
1999-08-23: IBM GINA for NT Privilege Escalation Vulnerability
1999-08-22: Multiple Vendor Wu-Ftpd Buffer Overflow Vulnerability
1999-08-22: Caldera kdm XDMCP Access Control Vulnerability
1999-08-19: Linux in.telnetd Denial of Service Vulnerability
1999-08-18: Multiple Vendor Termcap tgetent() Buffer Overflow
1999-08-18: AIX Source Code Browser Buffer Overflow Vulnerability
1999-08-17: AIX pdnsd Buffer Overflow Vulnerability
1999-08-16: Oracle Intelligent Agent Vulnerability
1999-08-11: Multiple Vendor IRDP Vulnerability
1999-08-09: Solaris sdtcm_convert File Creation Vulnerability
1999-08-09: Multiple Vendor profil(2) Vulnerability
1999-07-31: Linux Blind TCP Spoofing Vulnerability
1999-07-27: Linux IPChains Fragment Overlap Vulnerability
1999-07-15: Netware IPX Admin Session Spoof Vulnerability
1999-07-15: Multiple Vendor Shared Memory Denial of Service Vulnerability
1999-07-13: Multiple Vendor rpc.cmsd Buffer Overflow Vulnerability
1999-07-13: Linux Segment Limit Vulnerability
1999-07-12: AIX adb Vulnerability
1999-07-06: Sun Java HotSpot DoS Vulnerability
1999-06-24: RedHat Linux nfs-server Vulnerabilities
1999-06-23: KDE klock Vulnerability
1999-06-17: RedHat X Authentication Vulnerability
1999-06-10: Solaris useradd expiration date Vulnerability
1999-06-09: RedHat su No Logging Vulnerability
1999-06-09: Multiple Vendor Automountd Vulnerability
1999-06-09: KDE K-Mail File Creation Vulnerability
1999-06-09: KDE K-Mail File Creation Vulnerability
1999-06-08: Sudo Private File Existance Information Leakage Vulnerability
1999-06-07: Solaris rpc.statd rpc Call Relaying Vulnerability
1999-06-06: Terminal Programs Set Incorrect Terminal Permissions Vulnerability
1999-06-06: RedHat Linux /dev/pts Filesystem Permission Vulnerability
1999-06-01: Multiple Linux Vendor IP Options Vulnerability
1999-06-01: Multiple Linux Vendor IP Options Vulnerability
1999-05-28: Linux xosview Vulnerability
1999-05-28: Linux Sendmail Denial of Service Vulnerability
1999-05-26: Univ. of Washington pop2d Buffer Overflow Vulnerability
1999-05-25: AIX eNetwork Firewall Insecure Temporary File Creation Vulnerabilities
1999-05-22: Multiple Vendor LC_MESSAGES libc Buffer Overflow Vulnerability
1999-05-22: Multiple Vendor LC_MESSAGES libc Buffer Overflow Vulnerability
1999-05-18: Solaris libX11 Vulnerabilities
1999-05-12: Netware 4.x's Transaction Tracking System Vulnerability
1999-05-11: Solaris lpset Buffer Overflow Vulnerability
1999-05-10: Solaris rmmount Setuid Files Vulnerability
1999-05-10: Solaris dtprintinfo Buffer Overflow Vulnerability
1999-05-10: NT IBM Netfinity Remote Control Software Vulnerability
1999-05-08: Caldera OpenLinux "help" Root User Vulnerability
1999-05-06: Oracle 8 File Access Vulnerabilities
1999-05-04: Caldera rsync Vulnerability
1999-04-29: Oracle 8 oratclsh Suid Vulnerability
1999-04-26: Caldera Open Administration System Vulnerability
1999-04-14: IBM WebSphere Net.Commerce Unprotected Configuration File Vulnerability
1999-04-09: Netware Remote.NLM Weak Encryption Vulnerability
1999-04-09: Netware NDS Default Rights Vulnerability
1999-04-05: Multiple Vendor Java Virtual Machine Type Confusion Attack Vulnerability
1999-03-30: Multiple Vendor xfs Symlink Vulnerability
1999-03-30: Multiple Vendor xfs Symlink Vulnerability
1999-03-30: Linux insmod Vulnerability
1999-03-30: Linux insmod Vulnerability
1999-03-21: X11R6 3.3.3 Symlink Vulnerability
1999-03-09: Solaris procfs Vulnerability
1999-03-05: Solaris cancel Vulnerability
1999-02-26: Multiple Vendor Linux klogd Buffer Overflow Vulnerability
1999-02-19: Linux autofs Vulnerability
1999-02-17: Multiple Vendor Lsof Buffer Overflow Vulnerability
1999-02-17: AIX snap Insecure Temporary File Creation Vulnerability
1999-02-10: Solaris/SunOS man/catman Vulnerability
1999-02-09: Multiple Vendor FTPD realpath Vulnerability
1999-02-09: Multiple Vendor FTPD realpath Vulnerability
1999-01-29: Caldera OpenLinux 'smail -D' Command Vulnerability
1999-01-26: Linux ldd core Vulnerability
1999-01-19: Linux TCP Port DoS Vulnerability
1999-01-07: Solaris ff.core Vulnerability
1999-01-04: Dosemu S-Lang Vulnerability
1998-12-24: Solaris kcms Buffer Overflow Vulnerability
1998-12-17: Solaris passwd DoS Vulnerability
1998-12-17: Solaris dtmail Vulnerability
1998-12-09: AIX dtmail(1) Insecure Temporary File Creation Vulnerability
1998-12-01: Novell Netware Web Server 3.x files.pl Vulnerability
1998-11-13: Multiple Vendor RPC Denial of Service Vulnerability
1998-11-13: Multiple Vendor RPC Denial of Service Vulnerability
1998-11-12: AIX infod Vulnerability
1998-10-23: Solaris sdtcm_convert Vulnerability
1998-10-21: Solaris Tape Device Permissions Vulnerability
1998-10-21: Solaris License Manager Vulnerability
1998-10-21: Multiple Vendor routed traceon Vulnerability
1998-10-21: Multiple Vendor Autofsd Vulnerability
1998-10-12: Solaris CDE/NIS+ screenlock Vulnerability
1998-10-02: IBM/Tivoli OPC Tracker Agent Multiple Vulnerabilities
1998-09-30: Solaris / SunOS FTP Vulnerability
1998-09-13: RedHat Linux printfilter Vulnerability
1998-08-31: Multiple Vendor ToolTalk RPC Service Overflow Vulnerability
1998-08-31: Multiple Vendor ToolTalk RPC Service Overflow Vulnerability
1998-08-28: Multiple Vendor Linux Mountd Vulnerability
1998-08-28: Multiple Vendor Linux Mountd Vulnerability
1998-08-12: Solaris SNMP Vulnerability
1998-08-06: AIX ttylock(3) Buffer Overflow Vulnerability
1998-08-05: IBM SP2 sdrd Vulnerability
1998-08-04: Solaris libauth Buffer Overflow vulnerabilities
1998-07-29: RedHat 5.1 dumpreg Vulnerability
1998-07-28: AIX vi(1) Insecure Temporary File Creation Vulnerability
1998-07-21: AIX more(1) Insecure Temporary File Creation Vulnerability
1998-07-21: AIX RAS trcfile Insecure Temporary File Creation Vulnerability
1998-07-17: AIX ptrace() Vulnerability
1998-07-16: Solaris power management Vulnerability
1998-07-16: Solaris SUNWadmap Vulnerability
1998-07-09: AIX Cron Lockfile Insecure Temporary File Creation Vulnerability
1998-07-03: Multiple Vendor Buffer Overflow in MIME-aware Mail and News Clients Vulnerability
1998-07-02: AIX Kerberos 5 Vulnerability
1998-07-01: Multiple Vendor libnsl Vulnerabilities
1998-07-01: Multiple Vendor libnsl Vulnerabilities
1998-06-30: Multiple Vendor Linux SIGIO Vulnerability
1998-06-30: AIX sccsdiff Insecure Temporary File Creation Vulnerability
1998-06-30: AIX chtz Insecure Temporary File Creation Vulnerability
1998-06-30: AIX chlang Insecure Temporary File Creation Vulnerability
1998-06-30: AIX RCP Insecure Copy Vulnerability
1998-06-25: Multiple Vendor mailx Vulnerability
1998-06-25: Multiple Vendor mailx Vulnerability
1998-06-11: AIX diagsup Insecure Temporary File Creation Vulnerability
1998-06-11: AIX acledit & aclput Race Condition Vulnerability
1998-06-10: Solaris rpc.nisd Vulnerability
1998-06-10: Solaris in.ftpd Denial of Service Vulnerability
1998-06-10: Multiple Vendor BIND Cache Poisoning Vulnerability
1998-06-10: Multiple Vendor BIND Cache Poisoning Vulnerability
1998-06-09: Multiple Vendor NIS+ Buffer Overflow Vulnerability
1998-05-29: AIX CDE Login Insecure Temporary File Creation Vulnerability
1998-05-22: AIX fontserver Buffer Overflow Vulnerability
1998-05-15: AIX /etc/security/login.cfg Vulnerability
1998-05-07: Admintool mode 0777 Vulnerability
1998-05-05: AIX rc.net.serial Insecure Temporary Files Vulnerability
1998-04-30: Solaris ab2 (DynaWeb) Server DoS & Possible Trojan Vulnerability
1998-04-29: Solaris ufsrestore Vulnerability
1998-04-29: Solaris mountd Vulnerablity
1998-04-23: Solaris ufsdump Local Buffer Overflow Vulnerability
1998-04-21: Multiple Vendor BNU uucpd Buffer Overflow Vulnerability
1998-04-17: Linux IP Fragment Overlap Vulnerability
1998-04-15: AIX sort Insecure Temporary File Creation Vulnerability
1998-04-11: Linux libc's mktemp() Vulnerability
1998-04-08: Solaris rpcbind file overwrite Vulnerability
1998-04-08: Multiple Vendor BIND iquery buffer overflow Vulnerability
1998-04-08: Multiple Vendor BIND iquery buffer overflow Vulnerability
1998-04-08: Multiple Vendor BIND iquery buffer overflow Vulnerability
1998-04-08: Multiple Vendor BIND iquery buffer overflow Vulnerability
1998-04-01: Solaris x86 nlps_server Buffer Overflow Vulnerability
1998-03-11: Solaris ndd Vulnerability
1998-03-10: AIX snmpd Insecure Temporary File Creation Vulnerability
1998-03-09: RedHat dhcp Symbolic Link Vulnerability
1998-03-06: AIX ifconfig.at Vulnerability
1998-03-04: AIX man(1) Insecure Temporary File Creation Vulnerability
1998-03-04: AIX dead.letter Insecure Temporary File Creation Vulnerability
1998-03-03: AIX dpid2 Core Dump Insecure Temporary File Creation Vulnerability
1998-02-25: AIX sadc Insecure Temporary File Creation Vulnerability
1998-02-25: AIX Ethernet Driver Denial of Service Attack Vulnerability
1998-02-17: AIX logsymptom Insecure Temporary File Creation Vulnerability
1998-02-02: AIX tn3270 Core Dump Vulnerability
1998-01-21: AIX lex Core Dump Vulnerability
1998-01-21: AIX digest Vulnernability
1998-01-19: RedHat Linux 5.0 mh Vulnerability
1998-01-19: RedHat 5.0 msgchk Vulnerability
1998-01-19: Linux libc NLSPATH Vulnerability
1998-01-19: Linux libc NLSPATH Vulnerability
1998-01-14: Linux i_count Overflow Vulnerability
1998-01-12: Solaris security logging Vulnerability
1998-01-05: Multiple Vendor Smurf Denial of Service Vulnerability
1998-01-05: Multiple Vendor Smurf Denial of Service Vulnerability
1998-01-05: Multiple Vendor Smurf Denial of Service Vulnerability
1998-01-05: AIX hosts.equiv Vulnerability
1997-12-21: Linux vsyslog() Buffer Overflow Vulnerability
1997-12-21: Linux vsyslog() Buffer Overflow Vulnerability
1997-12-16: GNU libc2 Vulnerability
1997-12-16: AIX ftp tftp and utftp Core Dump Vulnerability
1997-12-08: Multiple Linux Vendor Zero-Length Fragment Vulnerability
1997-12-03: SunOS V8 Sendmail Vulnerability
1997-11-26: Solaris automount Vulnerability
1997-11-24: Multiple Vendor Statd Buffer Overflow Vulnerability
1997-11-24: Multiple Vendor Statd Buffer Overflow Vulnerability
1997-11-20: Multiple Vendor loopback (land.c) Denial of Service Vulnerability
1997-11-20: Multiple Vendor loopback (land.c) Denial of Service Vulnerability
1997-11-20: Multiple Vendor loopback (land.c) Denial of Service Vulnerability
1997-11-13: Multiple Vendor Teardrop Denial of Service Vulnerability
1997-11-11: AIX SIGIO and SIGURG Signals Vulnerability
1997-11-10: Solaris Solstice AdminSuite Vulnerabilities
1997-10-29: Multiple Vendor FTP pipe Vulnerability
1997-10-29: Multiple Vendor FTP pipe Vulnerability
1997-10-29: AIX portmir Buffer Overflow & Insecure Temporary File Creation Vulnerabilities
1997-10-29: AIX piodmgrsu Vulnerability
1997-10-29: AIX nslookup Vulnerability
1997-10-28: Solaris sysdef Vulnerability
1997-10-28: Solaris rlogind FTP bounce Vulnerability
1997-10-28: AIX writesrv Buffer Overflow Vulnerability
1997-10-28: AIX rcp Buffer Overflow Vulnerability
1997-10-22: AIX xdat Buffer Overflow Vulnerability
1997-09-08: AIX 3.x bugfiler Arbitrary File Creation Vulnerability
1997-09-01: Multiple Vendor vacation(1) Vulnerability
1997-09-01: Multiple Vendor vacation(1) Vulnerability
1997-08-25: Solaris ifconfig ioctls Vulnerability
1997-08-25: Multiple Vendor libXt library Vulnerability
1997-08-25: Multiple Vendor libXt library Vulnerability
1997-08-25: Multiple Vendor libXt library Vulnerability
1997-07-21: AIX ping Buffer Overflow Vulnerability
1997-07-21: AIX lchangelv Buffer Overflow Vulnerability
1997-07-16: Sun JavaWebServer Viewable .jhtml Source Vulnerability
1997-06-29: Solaris nss_nisplus.so.1 NIS+ Buffer Overflow Vulnerability
1997-06-24: Solaris eeprom Vulnerability
1997-06-19: Solaris rsh socket descriptor Vulnerability
1997-06-19: Multiple Vendor Unix Domain Socket Vulnerability
1997-06-15: Solaris Ping Vulnerability
1997-06-10: AIX dtaction Vulnerability
1997-06-04: Solaris rpcbind Listening on a Non-Standard Port Vulnerability
1997-05-26: AIX lquerylv Buffer Overflow Vulnerability
1997-05-19: Solaris chkey Vulnerability
1997-05-03: Solaris LpNet temp file Vulnerability
1997-04-28: Solaris ps(1) Buffer Overlflow Vulnerability
1997-04-26: Multiple Vendor xlock Vulnerability
1997-04-26: Multiple Vendor xlock Vulnerability
1997-04-23: Multiple Vendor DNS Cache corruption through caching additional records Vulnerability
1997-04-17: Multiple Vendor suidperl Overflow Vulnerability
1997-04-05: Solaris libvolmgt.so.1 (volume management, eject, fdformat) Vulnerability
1997-03-27: Solaris nis_cachemgr Vulnerability
1997-03-05: Multiple Vendor connect() Denial of Service Vulnerability
1997-02-25: Solaris PAM & unix_scheme Vulnerability
1997-02-13: Multiple Vendor Natural Language Service (NLS) Vulnerability
1997-02-13: Multiple Vendor Natural Language Service (NLS) Vulnerability
1997-02-13: Multiple Vendor Natural Language Service (NLS) Vulnerability
1997-02-10: Solaris ffbconfig Vulnerability
1997-02-05: Ypbind -ypset/-ypsetme Vulnerability
1997-01-26: Solaris getopt Vulnerability
1997-01-20: Berkeley Sendmail MIME Vulnerability
1997-01-18: Multiple Vendor talkd(8) Vulnerability
1997-01-18: Multiple Vendor talkd(8) Vulnerability
1996-12-20: Solaris aspppd Insecure Temporary File Creation Vulnerability
1996-12-05: Solaris chkperm Vulnerability
1996-12-04: Multiple Vendor rlogin Vulnerability
1996-12-04: Multiple Vendor rlogin Vulnerability
1996-12-04: Multiple Vendor INN remote Vulnerability
1996-12-04: Multiple Vendor INN remote Vulnerability
1996-12-04: AIX login(1) Vulnerability
1996-12-03: Berkeley Sendmail Group Permissions Vulnerability
1996-12-03: Berkeley Sendmail Group Permissions Vulnerability
1996-12-01: AIX Gradient iFOR/LS Insecure Temporary File Creation Vulnerability
1996-11-24: AIX lquerypv Vulnerability
1996-11-16: Berkeley Sendmail Daemon Mode Vulnerability
1996-11-16: Berkeley Sendmail Daemon Mode Vulnerability
1996-11-16: Berkeley Sendmail Daemon Mode Vulnerability
1996-11-09: Solaris syslogd Unresolvable Address Remote Denial of Service Vulnerability
1996-10-25: Multiple Vendor lpr Buffer Overrun Vulnerability
1996-09-26: Multiple Vendor FLEXlm Vulnerability
1996-09-11: Berkeley Sendmail Starvation and Overflow Vulnerabilities
1996-09-11: Berkeley Sendmail Starvation and Overflow Vulnerabilities
1996-08-26: rwhod Buffer Overflow Vulnerability
1996-08-26: rwhod Buffer Overflow Vulnerability
7 posted on 02/12/2002 3:16:08 PM PST by Bush2000
[ Post Reply | Private Reply | To 3 | View Replies]
To: Bush2000
Let's not leave out Apple. A new one discovered within the past week ...

http://www.securityfocus.com/cgi-bin/vulns.pl?vendor=apple

2002-02-08: Apple QuickTime Content-Type Remote Buffer Overflow Vulnerability
2002-01-12: Palm Desktop For MacOS X Hotsync Insecure Backup Permissions Vulnerability
2001-12-28: Apple Mac OS X PPP Authentication Credentials Disclosure Vulnerability
2001-10-17: MacOS X NetInfo Manager Privilege Escalation Vulnerability
2001-09-11: Apple Macintosh OS X .DS_Store Directory Listing Disclosure Vulnerability
2001-09-11: Apple Macintosh OS X FBCIndex File Contents Disclosure Vulnerability
2001-08-15: Apple Open Firmware Insecure Password Vulnerability
2001-07-18: Multiple Vendor Telnetd Buffer Overflow Vulnerability
2001-06-28: MacOS Personal Web Sharing Authentication DoS Vulnerability
2001-06-26: Apple MacOS X Insecure Default Permissions Vulnerability
2001-06-26: Apple Mac OS X nidump Password File Disclosure Vulnerability
2001-06-14: Windows 2000 Active Directory Authentication Vulnerability
2001-05-10: MacOS 9 Personal Web Sharing Remote DoS Vulnerability
2001-05-03: Apple MacOS Multiple Users Password Bypass Vulnerability
2001-04-04: Ntpd Remote Buffer Overflow Vulnerability
2001-03-15: Multiple Vendor FTP glob Expansion Vulnerability
2001-03-14: Multiple Vendor TCP Initial Sequence Number Statistical Vulnerability
2001-03-12: rwhod Remote Denial of Service Vulnerability
2001-03-12: timed Small Packet Denial of Service Vulnerability
2001-02-09: Sun JRE/SDK Clipboard Tapping Vulnerability
2001-01-31: Apple Quicktime Plugin Remote Overflow Vulnerability
2001-01-29: sort Insecure Temporary File Denial of Service Vulnerability
2001-01-23: Crontab File Disclosure Vulnerability
2000-12-15: Apple Macintosh MRJ Unauthorized File Access Vulnerability
2000-06-10: Multiple Vendors HTTP Redirect Java Applet Vulnerability
2000-05-02: AppleShare IP 6.x Invalid Range Request Vulnerability
2000-04-04: WebObjects Remote Overflow Vulnerability
2000-01-02: Unix Shell Redirection Race Condition Vulnerability
1999-12-29: MacOS 9 Open Transport ICMP Vulnerability
1999-11-01: MacOS Programmer's Window Vulnerability
1999-10-26: MacOS 9 Console Lock Bypass Vulnerability
1999-07-10: MacOS Weak Password Encryption Vulnerability
1999-06-03: MacOS X Server Overload Vulnerability
1999-05-21: Apple PowerBook Password Security Control Panel Vulnerability
1999-05-13: Apple At Ease Vulnerability
1998-04-10: Apple Personal Web Sharing Vulnerability
1998-04-07: AppleShare IP Mail Server Buffer Overflow Vulnerability
8 posted on 02/12/2002 3:21:49 PM PST by Bush2000
[ Post Reply | Private Reply | To 7 | View Replies]
To: *tech_index;*Computer Security in
Bump List
9 posted on 02/12/2002 3:26:20 PM PST by Free the USA
[ Post Reply | Private Reply | To 1 | View Replies]
To: Bush2000
You forgot Amiga.
10 posted on 02/12/2002 3:32:41 PM PST by Justa
[ Post Reply | Private Reply | To 8 | View Replies]
To: E=mc ²;GT
SNMP is an open protocol, yes. The implementations are not necessarily open source, however. Some are; most aren't. This problem is not with the protocol itself, but with the implementation, or so I've read.

Personally, I don't allow any SNMP traffic to be exposed to the Internet. Whether Qwest has anything vulnerable upstream is another story. :-P

11 posted on 02/12/2002 3:33:00 PM PST by B Knotts
[ Post Reply | Private Reply | To 5 | View Replies]
To: Bush2000
Holy Smoke! Gettin' your second wind tonight? ;-)
12 posted on 02/12/2002 3:37:28 PM PST by TomServo
[ Post Reply | Private Reply | To 8 | View Replies]
To: All
Details posted here by oc-flyfish.

If anyone's hardware is made by a company who hasn't yet released a patch, mention it and perhaps we can get together and FReep them to stand behind their product.

Some of these companies treat bugs like a PR problem, and won't patch things until it's they get negative feedback.

I think we can provide that.

13 posted on 02/12/2002 3:57:07 PM PST by Dominic Harr
[ Post Reply | Private Reply | To 12 | View Replies]
"OPEN SOURCE" protocol???

You want some orange-flavored apples with that?

14 posted on 02/12/2002 6:11:20 PM PST by TechJunkYard
[ Post Reply | Private Reply | To 5 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search		 News/Activism
Topics · Post Article
FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson