[CLOSE] OSVDB ID : 7969 - Disclosed: 1997-07-21

Description:

A local overflow exists in AIX ping. The AIX ping fails to check command line arguments length resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary commands resulting in a loss of integrity.

[CLOSE] OSVDB ID : 7160 - Disclosed: 1997-07-21

Description:

(Description Provided by CVE) : Buffer overflow in Exim allows local users to gain root privileges via a long :include: option in a .forward file.

[CLOSE] OSVDB ID : 1450 - Disclosed: 1997-07-21

Description:

(Description Provided by CVE) : Buffer overflow in nnrpd program in INN up to version 1.6 allows remote users to execute arbitrary commands.

[CLOSE] OSVDB ID : 1247 - Disclosed: 1997-07-17

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 8218 - Disclosed: 1997-07-17

Description:

A local overflow exists in the 'ld.so' dynamic linkers in some Linux distributions. By forcing an error while calling a dynamically linked setuid program with a long program name (argv[0]), a local attacker can overflow a buffer and execute arbitrary code on the system and use this vulnerability to gain root privileges on the system.

[CLOSE] OSVDB ID : 8219 - Disclosed: 1997-07-17

Description:

A local overflow exists in the 'ld-linux.so' dynamic linkers in some Linux distributions. By forcing an error while calling a dynamically linked setuid program with a long program name (argv[0]), a local attacker can overflow a buffer and execute arbitrary code on the system gaining root privileges.

[CLOSE] OSVDB ID : 83126 - Disclosed: 1997-07-16

Description:

Microsoft Windows NT contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered by the HKeyLocalMachine\SECURITY\Policy\Secrets\ registry key containing plaintext passwords to running services. This may allow a local attacker to gain information to password information.

[CLOSE] OSVDB ID : 29 - Disclosed: 1997-07-15

Description:

(Description Provided by CVE) : The campas CGI program provided with some NCSA web servers allows an attacker to execute arbitrary commands via encoded carriage return characters in the query string, as demonstrated by reading the password file.

[CLOSE] OSVDB ID : 164 - Disclosed: 1997-07-14

Description:

IRIX contains a flaw that may allow a malicious attacker to obtain a complete listing of files and directories on vulnerable systems. The issue is triggered when the File Altercation Monitor (fam) daemon is instructed by a program to monitor the root directory. It is possible that the flaw may allow retrieval of all files under the root directory, resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 8423 - Disclosed: 1997-07-10

Description:

A local overflow exists in SGI IRIX. The pset program fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request, a malicious user can cause arbitrary commands execution with root privileges resulting in a loss of integrity.

[CLOSE] OSVDB ID : 236 - Disclosed: 1997-07-10

Description:

(Description Provided by CVE) : The Webgais program allows a remote user to execute arbitrary commands.

[CLOSE] OSVDB ID : 2917 - Disclosed: 1997-07-09

Description:

Microsoft Access has a flaw in the encryption used to protect databases. The RC4 based encryption uses the same key for both encryption and decryption with no password/phrase. By creating a database equal in size as the target database, an attacker can use the XOR'd key stream from the newly created database to decrypt the target database.

[CLOSE] OSVDB ID : 7873 - Disclosed: 1997-07-08

Description:

(Description Provided by CVE) : JavaScript in Internet Explorer 3.x and 4.x, and Netscape 2.x, 3.x and 4.x, allows remote attackers to monitor a user's web activities, aka the Bell Labs vulnerability.

[CLOSE] OSVDB ID : 11289 - Disclosed: 1997-07-08

Description:

(Description Provided by CVE) : A remote attacker can read information from a Netscape user's cache via JavaScript.

[CLOSE] OSVDB ID : 237 - Disclosed: 1997-07-04

Description:

(Description Provided by CVE) : websendmail in Webgais 1.0 allows a remote user to access arbitrary files and execute arbitrary code via the receiver parameter ($VAR_receiver variable).

[CLOSE] OSVDB ID : 82 - Disclosed: 1997-07-02

Description:

(Description Provided by CVE) : The aglimpse CGI program of the Glimpse package allows remote execution of arbitrary commands.

[CLOSE] OSVDB ID : 957 - Disclosed: 1997-07-01

Description:

(Description Provided by CVE) : Buffer overflow in FTP Serv-U 2.5 allows remote authenticated users to cause a denial of service (crash) via a long (1) CWD or (2) LS (list) command.

[CLOSE] OSVDB ID : 8422 - Disclosed: 1997-07-01

Description:

A local overflow exists in SGI IRIX. The df program fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request, a malicious user can cause arbitrary commands execution with root privileges resulting in a loss of integrity.

[CLOSE] OSVDB ID : 8426 - Disclosed: 1997-07-01

Description:

A local overflow exists in SGI IRIX. The ordist program fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request, a malicious user can cause arbitrary commands execution with root privileges resulting in a loss of integrity.

[CLOSE] OSVDB ID : 198 - Disclosed: 1997-07-01

Description:

Sendmail contains a flaw that may allow a remote attacker to relay mail through the server. In older versions of sendmail, default configurations allowed many methods of e-mail relay. This allowed a remote attacker to send mail through the server and cause the email to appear to come from the victim server. This makes it more difficult to easily spot where the mail comes from and allows basic e-mail spoofing. This practice is typically referred to "sending spam" or "spamming".

[CLOSE] OSVDB ID : 958 - Disclosed: 1997-07-01

Description:

Remote attackers can cause a denial of service in FTP by issuing multiple PASV commands, causing the server to run out of available ports.

[CLOSE] OSVDB ID : 5873 - Disclosed: 1997-07-01

Description:

(Description Provided by CVE) : wu-ftpd FTP daemon allows any user and password combination.

[CLOSE] OSVDB ID : 8425 - Disclosed: 1997-07-01

Description:

A local overflow exists in SGI IRIX. The scheme program fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request, a malicious user can cause arbitrary commands execution with root privileges resulting in a loss of integrity.

[CLOSE] OSVDB ID : 9735 - Disclosed: 1997-07-01

Description:

(Description Provided by CVE) : When compiled with the -DALLOW_UPDATES option, bind allows dynamic updates to the DNS server, allowing for malicious modification of DNS records.

[CLOSE] OSVDB ID : 10604 - Disclosed: 1997-07-01

Description:

(Description Provided by CVE) : The PATH in Windows NT includes the current working directory (.), which could allow local users to gain privileges by placing Trojan horse programs with the same name as commonly used system programs into certain directories.

[CLOSE] OSVDB ID : 10616 - Disclosed: 1997-07-01

Description:

(Description Provided by CVE) : Windows NT 4.0 before SP3 allows remote attackers to bypass firewall restrictions or cause a denial of service (crash) by sending improperly fragmented IP packets without the first fragment, which the TCP/IP stack incorrectly reassembles into a valid session.

[CLOSE] OSVDB ID : 59250 - Disclosed: 1997-07-01

Description:

(Description Provided by CVE) : Windows NT TCP/IP processes fragmented IP packets improperly, causing a denial of service.

[CLOSE] OSVDB ID : 59251 - Disclosed: 1997-07-01

Description:

(Description Provided by CVE) : Buffer overflow in ircd allows arbitrary command execution.

[CLOSE] OSVDB ID : 830 - Disclosed: 1997-06-30

Description:

(Description Provided by CVE) : Buffer overflow in ircd allows arbitrary command execution.

[CLOSE] OSVDB ID : 59264 - Disclosed: 1997-06-29

Description:

(Description Provided by CVE) : Jolt ICMP attack causes a denial of service in Windows 95 and Windows NT systems.

[CLOSE] OSVDB ID : 11477 - Disclosed: 1997-06-28

Description:

Microsoft Windows NT 4.0 contains a flaw that may allow a remote denial of service. The issue is triggered when a remote attacker causes an access violation within LSASS.exe causing the process to stop running, and will result in loss of availability for the operating system.

[CLOSE] OSVDB ID : 83446 - Disclosed: 1997-06-27

Description:

Samba is prone to an overflow condition. This issue is triggered when smbmount fails to properly sanitize user-supplied input resulting in a buffer overflow. With a specially crafted multiple variable username, a local attacker can potentially execute arbitrary code.

[CLOSE] OSVDB ID : 11225 - Disclosed: 1997-06-27

Description:

A local overflow exists in SVGAlib/zgv. The product fails to verify the length of the HOME environment variable, resulting in a buffer overflow. By setting this variable to an overly long value, arbitrary code can be executed as root, resulting in a loss of availability.

[CLOSE] OSVDB ID : 935 - Disclosed: 1997-06-26

Description:

(Description Provided by CVE) : ping in Solaris 2.3 through 2.6 allows local users to cause a denial of service (crash) via a ping request to a multicast address through the loopback interface, e.g. via ping -i.

[CLOSE] OSVDB ID : 84074 - Disclosed: 1997-06-26

Description:

Ultrix contains a flaw that is triggered by dxterm being given setuid privileges. This may allow a remote attacker to log output data to arbitrary files, which will overwrite pre-existing data on that file.

[CLOSE] OSVDB ID : 7420 - Disclosed: 1997-06-25

Description:

(Description Provided by CVE) : Buffer overflow in bootpd 2.4.3 and earlier via a long boot file location.

[CLOSE] OSVDB ID : 8674 - Disclosed: 1997-06-25

Description:

(Description Provided by CVE) : Solaris Solstice AdminSuite (AdminSuite) 2.1 uses unsafe permissions when adding new users to the NIS+ password table, which allows local users to gain root access by modifying their password table entries.

[CLOSE] OSVDB ID : 8675 - Disclosed: 1997-06-25

Description:

(Description Provided by CVE) : Solaris Solstice AdminSuite (AdminSuite) 2.1 incorrectly sets write permissions on source files for NIS maps, which could allow local users to gain privileges by modifying /etc/passwd.

[CLOSE] OSVDB ID : 8676 - Disclosed: 1997-06-25

Description:

(Description Provided by CVE) : Solaris Solstice AdminSuite (AdminSuite) 2.1 follows symbolic links when updating an NIS database, which allows local users to overwrite arbitrary files.

[CLOSE] OSVDB ID : 8677 - Disclosed: 1997-06-25

Description:

(Description Provided by CVE) : Solaris Solstice AdminSuite (AdminSuite) 2.1 and 2.2 create lock files insecurely, which allows local users to gain root privileges.