Specifications
SAFER – Vol. 3, Issue 6 3 © 2000 The Relay Group
MICROSOFT IIS SHTML.EXE PATH DISCLOSURE VULNERABILITY....................................................................22
NETWIN DNEWS NEWS SERVER BUFFER OVERFLOW VULNERABILITY............................................................22
GOSSAMER THREADS DBMAN INFORMATION LEAKAGE VULNERABILITY ......................................................23
ALADDIN KNOWLEDGE SYSTEMS ETOKEN PIN EXTRACTION VULNERABILITY ...............................................23
NETWIN DMAILWEB SERVER UTOKEN BUFFER OVERFLOW VULNERABILITY...................................................23
ALADDIN ETOKEN 3.3.3.X HARDWARE USB KEY PRIVATE DATA EXTRACTION..............................................23
MULTIPLE LINUX VENDOR PAM_CONSOLE VULNERABILITY...........................................................................24
MULTIPLE VENDOR PREDICTABLE RESOLVER ID VULNERABILITY .................................................................24
CISCO ROUTER ONLINE HELP VULNERABILITY ..............................................................................................24
L-SOFT LISTSERV 1.8 WEB ARCHIVES BUFFER OVERFLOW VULNERABILITY ..................................................25
ULTRABOARD DIRECTORY TRAVERSAL VULNERABILITY...............................................................................25
APPLESHARE IP 6.X INVALID RANGE REQUEST VULNERABILITY....................................................................25
MICROSOFT WINDOWS 9X NETBIOS NULL NAME VULNERABILITY..............................................................25
FILEMAKER PRO 5.0 WEB COMPANION SOFTWARE MULTIPLE VULNERABILITIES ...........................................26
SNIFFIT '-L MAIL' REMOTE BUFFER OVERFLOW VULNERABILITY ...................................................................26
CASSANDRA NNTPSERVER V1.10 BUFFER OVERFLOW VULNERABILITY ........................................................26
SECURITY ADVISORIES ...........................................................................................................................27
RED HAT SECURITY ADVISORY 2000:005-05: NEW MAJORDOMO PACKAGES AVAILABLE ................................27
PGP SECURITY ADVISORY: PGP 5.0 VULNERABILITIES.................................................................................27
MICROSOFT SECURITY BULLETIN (MS00-038) ..............................................................................................27
MICROSOFT SECURITY BULLETIN (MS00-035) ..............................................................................................28
TURBOLINUX SECURITY ANNOUNCEMENT TLSA2000012-1: XLOCKMORE-4.16 AND EARLIER........................28
NAI SECURITY ADVISORY COVERT-2000-06: INITIALIZED DATA OVERFLOW IN XLOCK ..............................28
SUSE SECURITY ANNOUNCEMENT: MUFTI.....................................................................................................29
NETBSD SECURITY ADVISORY 2000-006: /ETC/FTPCHROOT PARSING BROKEN IN NETBSD-1.4.2....................29
NETBSD SECURITY ADVISORY 2000-005: LOCAL "CPU-HOG" DENIAL OF SERVICE .........................................29
NETBSD SECURITY ADVISORY 2000-004: SYSV SEMAPHORE DENIAL-OF-SERVICE.........................................29
NETBSD SECURITY ADVISORY 2000-003: EXPLOITABLE VULNERABILITY IN XLOCKMORE.............................30
FREEBSD SECURITY ADVISORY SA-00:20: KRB5..........................................................................................30
FREEBSD SECURITY ADVISORY SA-00:19: SEMICONFIG................................................................................30
TURBOLINUX SECURITY ANNOUNCEMENT TLSA2000011-1: GPM-1.19.1 AND EARLIER .................................31
CERT ADVISORY CA-2000-08: INCONSISTENT WARNING MESSAGES IN NETSCAPE NAVIGATOR ....................31
NAI SECURITY ADVISORY COVERT-2000-05: MICROSOFT WINDOWS COMPUTER BROWSER RESET..............31
COBALT NETWORKS SECURITY ADVISORY 5.25.2000....................................................................................31
MICROSOFT SECURITY BULLETIN (MS00-036) ..............................................................................................32
CERT ADVISORY CA-2000-07: MICROSOFT OFFICE 2000 UA ACTIVEX CONTROL........................................32
CALDERA SECURITY ADVISORY CSSA-2000-013.0: BUFFER OVERFLOW IN KDM ............................................32
SGI SECURITY ADVISORY 20000501-01-P: VULNERABILITY IN INFOSRCH.CGI................................................33
MICROSOFT SECURITY BULLETIN (MS00-029) ..............................................................................................33
IBM SECURITY ADVISORY ERS-OAR-E01-2000:087.1.................................................................................33
RATHAT SECURITY ADVISORY-2000:028-02: NETSCAPE 4.73 AVAILABLE......................................................34
CALDERA SECURITY ADVISORY CSSA-2000-011.0: SEVERAL PROBLEMS IN XEMACS......................................34
SUSE SECURITY ANNOUNCEMENT: KERNEL ..................................................................................................34
MICROSOFT SECURITY BULLETIN (MS00-033) ..............................................................................................35
FREEBSD SECURITY ADVISORY SA-00:08 REVISED: LYNX PORTS CONTAIN NUMEROUS BUFFER OVERFLOWS..35
TURBOLINUX SECURITY ANNOUNCEMENT TLSA2000010-1: OPENLDAP 1.2.9 AND EARLIER........................35
CERT ADVISORY CA-2000-06: MULTIPLE BUFFER OVERFLOWS IN KERBEROS AUTHENTICATED SERVICES ....36
HP SECURITY ADVISORY #00114: SEC. VULNERABILITY IN BIND.................................................................36
CISCO SECURITY ADVISORY: CISCO IOS HTTP SERVER VULNERABILITY ......................................................36
CERT ADVISORY CA-2000-05: NETSCAPE NAVIGATOR IMPROPERLY VALIDATES SSL SESSIONS...................36
MICROSOFT SECURITY BULLETIN (MS00-034) ..............................................................................................37
MICROSOFT SECURITY BULLETIN (MS00-030) ..............................................................................................37
ISS SECURITY ADVISORY: MICROSOFT IIS REMOTE DENIAL OF SERVICE ATTACK .........................................37
MICROSOFT SECURITY BULLETIN (MS00-031) ..............................................................................................38
FREEBSD SECURITY ADVISORY SA-00:17: BUFFER OVERFLOW IN LIBMYTINFO .............................................38
ALLAIRE SECURITY BULLETIN (ASB00-12): ALLAIRE CLUSTERCATS URL REDIRECT VULNERABILITY ........38
NETBSD SECURITY ADVISORY 2000-002: IP OPTIONS PROCESSING DENIAL OF SERVICE ................................39
FREEBSD SECURITY ADVISORY SA-00:18: GNAPSTER PORT ALLOWS REMOTE USERS TO VIEW LOCAL FILES ....39
FREEBSD SECURITY ADVISORY SA-00:16: GOLDDIG PORT ALLOWS USERS TO OVERWRITE LOCAL FILES .........39
HP SECURITY ADVISORY #00113: SEC. VULNERABILITY WITH SHUTDOWN COMMAND ...................................39
NAI SECURITY ADVISORY-MAY042000: TREND MICRO INTERSCAN VIRUSWALL REMOTE OVERFLOW..........40
ISS SECURITY ADVISORY: VULNERABILITY IN QUAKE3ARENA AUTO-DOWNLOAD FEATURE..........................40
SUSE SECURITY ANNOUNCEMENT:...............................................................................................................40