ID

VAR-200102-0001


CVE

CVE-2000-1090


TITLE

Oracle Internet Directory LDAP Daemon does not check write permissions properly

Trust: 0.8

sources: CERT/CC: VU#610904

DESCRIPTION

Microsoft IIS for Far East editions 4.0 and 5.0 allows remote attackers to read source code for parsed pages via a malformed URL that uses the lead-byte of a double-byte character. The Oracle LDAP Daemon (oidldapd version 2.1.1.1), which ships with Oracle version 8i for Linux version 8.1.7, does not check write permissions properly. This can allow a local user to delete or write to any file on the system. There is a buffer overflow in the IBM AIX setclock command that may allow local attackers to gain root privileges. 2 Byte character (DBCS) Of the language-speaking version using Microsoft IIS Has a specific 2 A vulnerability exists in which a request containing a byte character discloses a file with a file name that cannot be viewed normally.Any file in the system may be viewed. The editions that are affected include Traditional Chinese, Simplified Chinese, Japanese, and Korean (Hangeul). This vulnerability affects IIS prior to SP6. The problem was resolved with the release of SP6, however it has resurfaced in IIS 5.0. Non-Far East editions of IIS such as English are not affected by this vulnerability. If a lead-byte exists, IIS will proceed to check for a trail-byte. If a trail-byte is not present, IIS will automatically drop the lead-byte. Problems can arise due to the exclusion of the lead-byte because it will result in the opening of a different file from the one specified. A malicious user may create a specially formed HTTP request containing DBCS to retrieve the contents of files located inside the web root. This may lead to the disclosure of sensitive information such as usernames and passwords. -----BEGIN PGP SIGNED MESSAGE----- Internet Security Systems Security Alert Summary January 1, 2001 Volume 6 Number 2 The following computer security issues have been publicly reported and documented in the X-Force Vulnerability and Threat Database (http://xforce.iss.net). This document is available at http://xforce.iss.net/alerts/vol-06_num-02.php. To receive these Alert Summaries: - - Subscribe to the Alert mailing list from http://xforce.iss.net/maillists/index.php - - Or send an email to majordomo@iss.net, and within the body of the message type: - - 'subscribe alert' (without the quotes). _____ Contents 115 Reported Vulnerabilities Risk Factor Key _____ Date Reported: 12/31/00 Vulnerability: exmh-error-symlink Platforms Affected: exmh 2.2 and earlier Risk Factor: High Attack Type: Host Based Brief Description: exmh error message symlink X-Force URL: http://xforce.iss.net/static/5829.php _____ Date Reported: 12/30/00 Vulnerability: informix-webdriver-symlink Platforms Affected: Informix Webdriver Risk Factor: High Attack Type: Host Based Brief Description: Informix Webdriver symbolic link X-Force URL: http://xforce.iss.net/static/5827.php _____ Date Reported: 12/30/00 Vulnerability: informix-webdriver-admin-access Platforms Affected: Informix Webdriver Risk Factor: High Attack Type: Network Based Brief Description: Informix Webdriver remote Admin access X-Force URL: http://xforce.iss.net/static/5833.php _____ Date Reported: 12/29/00 Vulnerability: zonealarm-mutex-dos Platforms Affected: ZoneAlarm Pro Risk Factor: Medium Attack Type: Host Based Brief Description: ZoneAlarm and ZoneAlarm Pro Mutex creation denial of service X-Force URL: http://xforce.iss.net/static/5821.php _____ Date Reported: 12/29/00 Vulnerability: zonealarm-batfile-dos Platforms Affected: ZoneAlarm Pro Risk Factor: Medium Attack Type: Host Based Brief Description: ZoneAlarm and ZoneAlarm Pro can be taken down with a batch file X-Force URL: http://xforce.iss.net/static/5822.php _____ Date Reported: 12/29/00 Vulnerability: shockwave-flash-swf-bo Platforms Affected: Shockwave Plugin 8.0 and prior Risk Factor: High Attack Type: Network/Host Based Brief Description: Shockwave Flash SWF file buffer overflow X-Force URL: http://xforce.iss.net/static/5826.php _____ Date Reported: 12/29/00 Vulnerability: macos-multiple-users Platforms Affected: MacOS 9.0 Risk Factor: High Attack Type: Host Based Brief Description: Mac OS 'Multiple Users' bypass password X-Force URL: http://xforce.iss.net/static/5830.php _____ Date Reported: 12/28/00 Vulnerability: http-cgi-ikonboard Platforms Affected: Ikonboard 2.1.7b and prior Risk Factor: High Attack Type: Host Based Brief Description: Ikonboard allows remote attacker to execute commands X-Force URL: http://xforce.iss.net/static/5819.php _____ Date Reported: 12/27/00 Vulnerability: http-cgi-technote-main Platforms Affected: TECH-NOTE (000, 2001, Pro) Risk Factor: High Attack Type: Network Based Brief Description: TECH-NOTE main.cgi reveals files X-Force URL: http://xforce.iss.net/static/5813.php _____ Date Reported: 12/26/00 Vulnerability: xwindows-char-dos Platforms Affected: XFree86 Risk Factor: Low Attack Type: Network/Host Based Brief Description: X Windows multiple character denial of service X-Force URL: http://xforce.iss.net/static/5834.php _____ Date Reported: 12/25/00 Vulnerability: 1stup-mail-server-bo Platforms Affected: 1st Up Mail Server 4.1 Risk Factor: Medium Attack Type: Network Based Brief Description: 1st Up Mail Server buffer overflow X-Force URL: http://xforce.iss.net/static/5808.php _____ Date Reported: 12/25/00 Vulnerability: dialog-symlink Platforms Affected: Linux Debian 2.2 Risk Factor: High Attack Type: Host Based Brief Description: Linux dialog package symlink attack X-Force URL: http://xforce.iss.net/static/5809.php _____ Date Reported: 12/25/00 Vulnerability: ibm-wcs-admin Platforms Affected: IBM Websphere Commerce Suite Risk Factor: High Attack Type: Host Based Brief Description: IBM WCS admin.config allows user to execute arbitrary commands X-Force URL: http://xforce.iss.net/static/5831.php _____ Date Reported: 12/23/00 Vulnerability: http-cgi-technote-print Platforms Affected: TECH-NOTE (2000, 2001, Pro) Risk Factor: Medium Attack Type: Network Based Brief Description: TECH-NOTE print.cgi reveals files X-Force URL: http://xforce.iss.net/static/5815.php _____ Date Reported: 12/22/00 Vulnerability: iis-web-form-submit Platforms Affected: IIS (4.0, 5.0) Risk Factor: Medium Attack Type: Network/Host Based Brief Description: IIS Web form submission X-Force URL: http://xforce.iss.net/static/5823.php _____ Date Reported: 12/21/00 Vulnerability: hpux-kermit-bo Platforms Affected: HPUX (10.01, 10.10, 10.20, 11.00) Risk Factor: Medium Attack Type: Host Based Brief Description: HP-UX kermit buffer overflow X-Force URL: http://xforce.iss.net/static/5793.php _____ Date Reported: 12/21/00 Vulnerability: bsguest-cgi-execute-commands Platforms Affected: Linux Risk Factor: Medium Attack Type: Network Based Brief Description: bsguest.cgi allows remote execution of commands on server X-Force URL: http://xforce.iss.net/static/5796.php _____ Date Reported: 12/21/00 Vulnerability: bslist-cgi-execute-commands Platforms Affected: Linux Risk Factor: Medium Attack Type: Network Based Brief Description: bslist.cgi allows remote execution of commands on server X-Force URL: http://xforce.iss.net/static/5797.php _____ Date Reported: 12/21/00 Vulnerability: infinite-interchange-dos Platforms Affected: Infinite Interchange 3.61 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Infinite InterChange denial of service X-Force URL: http://xforce.iss.net/static/5798.php _____ Date Reported: 12/21/00 Vulnerability: oracle-execute-plsql Platforms Affected: Oracle Application Server Risk Factor: Medium Attack Type: Network Based Brief Description: Oracle remote procedure execution X-Force URL: http://xforce.iss.net/static/5817.php _____ Date Reported: 12/21/00 Vulnerability: ksh-redirection-symlink Platforms Affected: IRIX (6.2, 6.5.x) Solaris (2.5.1, 2.6, 7) HPUX 9.00 Digital Unix 5.0 Risk Factor: High Attack Type: Host Based Brief Description: ksh redirection symlink attack X-Force URL: http://xforce.iss.net/static/5811.php _____ Date Reported: 12/21/00 Vulnerability: oracle-webdb-admin-access Platforms Affected: Oracle Internet Application Server 3.0.7 Risk Factor: High Attack Type: Network/Host Based Brief Description: Oracle IAS allows administrative access X-Force URL: http://xforce.iss.net/static/5818.php _____ Date Reported: 12/21/00 Vulnerability: infinite-interchange-dos Platforms Affected: Infinite Interchange 3.61 Risk Factor: Web Scan Attack Type: Network/Host Based Brief Description: Infinite InterChange denial of service X-Force URL: http://xforce.iss.net/static/5798.php _____ Date Reported: 12/20/00 Vulnerability: gnupg-detached-sig-modify Platforms Affected: GnuPG (1.0, 1.0.1, 1.0.2, 1.0.3) Risk Factor: Medium Attack Type: Host Based Brief Description: GnuPG allows users to modify signed messages with detached signatures X-Force URL: http://xforce.iss.net/static/5802.php _____ Date Reported: 12/20/00 Vulnerability: gnupg-reveal-private Platforms Affected: GnuPG (1.0, 1.0.1, 1.0.2, 1.0.3) Risk Factor: Medium Attack Type: Host Based Brief Description: GnuPG will import private keys along with public keys X-Force URL: http://xforce.iss.net/static/5803.php _____ Date Reported: 12/20/00 Vulnerability: zonealarm-nmap-scans Platforms Affected: ZoneAlarm Risk Factor: High Attack Type: Network Based Brief Description: ZoneAlarm does not detect NMAP scans X-Force URL: http://xforce.iss.net/static/5799.php _____ Date Reported: 12/20/00 Vulnerability: zonealarm-open-shares Platforms Affected: ZoneAlarm Risk Factor: High Attack Type: Network Based Brief Description: ZoneAlarm open shares X-Force URL: http://xforce.iss.net/static/5825.php _____ Date Reported: 12/19/00 Vulnerability: win2k-index-service-activex Platforms Affected: Windows 2000 Risk Factor: Low Attack Type: Network/Host Based Brief Description: Windows 2000 Index Service ActiveX controls allow unauthorized access to file information X-Force URL: http://xforce.iss.net/static/5800.php _____ Date Reported: 12/19/00 Vulnerability: proftpd-size-memory-leak Platforms Affected: Proftpd Risk Factor: Low Attack Type: Network/Host Based Brief Description: proftpd memory leak when using SIZE command X-Force URL: http://xforce.iss.net/static/5801.php _____ Date Reported: 12/19/00 Vulnerability: weblogic-dot-bo Platforms Affected: WebLogic Risk Factor: Medium Attack Type: Network Based Brief Description: BEA WebLogic Server "dotdot" URL buffer overflow X-Force URL: http://xforce.iss.net/static/5782.php _____ Date Reported: 12/19/00 Vulnerability: mdaemon-imap-dos Platforms Affected: MDaemon Risk Factor: Medium Attack Type: Network/Host Based Brief Description: MDaemon IMAP buffer overflow denial of service X-Force URL: http://xforce.iss.net/static/5805.php _____ Date Reported: 12/19/00 Vulnerability: zope-calculate-roles Platforms Affected: Zp[e Risk Factor: High Attack Type: Host Based Brief Description: zope package in Linux calculates local roles incorrectly X-Force URL: http://xforce.iss.net/static/5777.php _____ Date Reported: 12/19/00 Vulnerability: itetris-svgalib-path Platforms Affected: svgalib Risk Factor: High Attack Type: Host Based Brief Description: Itetris svgalib PATH X-Force URL: http://xforce.iss.net/static/5795.php _____ Date Reported: 12/18/00 Vulnerability: bsd-ftpd-replydirname-bo Platforms Affected: BSD Based Operating Systems Risk Factor: High Attack Type: Network Based Brief Description: BSD ftpd replydirname() function buffer overflow X-Force URL: http://xforce.iss.net/static/5776.php _____ Date Reported: 12/18/00 Vulnerability: sonata-command-execute Platforms Affected: Sonata Risk Factor: High Attack Type: Host Based Brief Description: Sonata argument command line execution X-Force URL: http://xforce.iss.net/static/5787.php _____ Date Reported: 12/18/00 Vulnerability: solaris-catman-symlink Platforms Affected: Solaris Risk Factor: High Attack Type: Host Based Brief Description: Solaris catman command symlink attack X-Force URL: http://xforce.iss.net/static/5788.php _____ Date Reported: 12/18/00 Vulnerability: solaris-patchadd-symlink Platforms Affected: Solaris Risk Factor: High Attack Type: Host Based Brief Description: Solaris patchadd symlink attack X-Force URL: http://xforce.iss.net/static/5789.php _____ Date Reported: 12/18/00 Vulnerability: stunnel-format-logfile Platforms Affected: Stunnel Risk Factor: High Attack Type: Network Based Brief Description: Stunnel format allows user to write to logfile X-Force URL: http://xforce.iss.net/static/5807.php _____ Date Reported: 12/17/00 Vulnerability: hp-top-sys-files Platforms Affected: HPUX Risk Factor: Low Attack Type: Host Based Brief Description: HP-UX top command could be used to overwrite files X-Force URL: http://xforce.iss.net/static/5773.php _____ Date Reported: 12/16/00 Vulnerability: zope-legacy-names Platforms Affected: Zope Risk Factor: Medium Attack Type: Network Based Brief Description: Linux zope package "legacy" names X-Force URL: http://xforce.iss.net/static/5824.php _____ Date Reported: 12/15/00 Vulnerability: mrj-runtime-malicious-applets Platforms Affected: MRJ Risk Factor: Low Attack Type: Host Based Brief Description: MRJ runtime environment could allow malicious applets to be executed X-Force URL: http://xforce.iss.net/static/5784.php _____ Date Reported: 12/14/00 Vulnerability: coffeecup-ftp-weak-encryption Platforms Affected: CoffeeCup FTP Risk Factor: Low Attack Type: Host Based Brief Description: CoffeeCup FTP client has weak password encryption X-Force URL: http://xforce.iss.net/static/5744.php _____ Date Reported: 12/14/00 Vulnerability: watchguard-soho-fragmented-packets Platforms Affected: WatchGuard Risk Factor: Medium Attack Type: Network Based Brief Description: WatchGuard SOHO Firewall fragmented IP packet attack X-Force URL: http://xforce.iss.net/static/5749.php _____ Date Reported: 12/14/00 Vulnerability: jpilot-perms Platforms Affected: J-Pilot Risk Factor: Medium Attack Type: Host Based Brief Description: J-Pilot permissions could reveal sensitive information X-Force URL: http://xforce.iss.net/static/5762.php _____ Date Reported: 12/14/00 Vulnerability: mediaservices-dropped-connection-dos Platforms Affected: Microsoft Media Services Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Microsoft Media Services dropped connection denial of service X-Force URL: http://xforce.iss.net/static/5785.php _____ Date Reported: 12/14/00 Vulnerability: watchguard-soho-web-auth Platforms Affected: WatchGuard Risk Factor: High Attack Type: Network Based Brief Description: WatchGuard SOHO Web config server could allow unauthenticated access X-Force URL: http://xforce.iss.net/static/5554.php _____ Date Reported: 12/14/00 Vulnerability: watchguard-soho-passcfg-reset Platforms Affected: WatchGuard Risk Factor: High Attack Type: Network Based Brief Description: WatchGuard SOHO administrator password can be remotely reset X-Force URL: http://xforce.iss.net/static/5742.php _____ Date Reported: 12/14/00 Vulnerability: http-cgi-simplestguest Platforms Affected: simplestguest.cgi Risk Factor: High Attack Type: Network Based Brief Description: simplestguest.cgi input validation error X-Force URL: http://xforce.iss.net/static/5743.php _____ Date Reported: 12/14/00 Vulnerability: safeword-palm-pin-extraction Platforms Affected: SafeWord e.iD Palm Authenticator Risk Factor: High Attack Type: Network/Host Based Brief Description: SafeWord and e.iD Palm Authenticator allows attacker to clone Palm device X-Force URL: http://xforce.iss.net/static/5753.php _____ Date Reported: 12/14/00 Vulnerability: mdaemon-lock-bypass-password Platforms Affected: MDaemon Risk Factor: High Attack Type: Host Based Brief Description: MDaemon "lock" bypass password X-Force URL: http://xforce.iss.net/static/5763.php _____ Date Reported: 12/13/00 Vulnerability: cisco-catalyst-ssh-mismatch Platforms Affected: Cisco Catalyst Risk Factor: Low Attack Type: Network Based Brief Description: Cisco Catalyst SSH protocol mismatch X-Force URL: http://xforce.iss.net/static/5760.php _____ Date Reported: 12/13/00 Vulnerability: microsoft-iis-file-disclosure Platforms Affected: IIS Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Microsoft IIS Far East editions file disclosure X-Force URL: http://xforce.iss.net/static/5729.php _____ Date Reported: 12/13/00 Vulnerability: ezshopper-cgi-file-disclosure Platforms Affected: loadpage.cgi Risk Factor: Medium Attack Type: Network Based Brief Description: EZshopper loadpage.cgi file disclosure X-Force URL: http://xforce.iss.net/static/5740.php _____ Date Reported: 12/13/00 Vulnerability: winnt-mstask-dos Platforms Affected: Windows NT Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Windows NT MSTask.exe denial of service X-Force URL: http://xforce.iss.net/static/5746.php _____ Date Reported: 12/13/00 Vulnerability: bftpd-site-chown-bo Platforms Affected: BFTPD Risk Factor: High Attack Type: Network Based Brief Description: BFTPD SITE CHOWN buffer overflow X-Force URL: http://xforce.iss.net/static/5775.php _____ Date Reported: 12/12/00 Vulnerability: aim-remote-bo Platforms Affected: AOL Instant Messenger Risk Factor: Medium Attack Type: Network Based Brief Description: AOL Instant Messenger buffer overflow X-Force URL: http://xforce.iss.net/static/5732.php _____ Date Reported: 12/12/00 Vulnerability: subscribemelite-gain-admin-access Platforms Affected: Subscribe Me Lite Risk Factor: Medium Attack Type: Network Based Brief Description: Subscribe Me Lite mailing list manager unauthorized access X-Force URL: http://xforce.iss.net/static/5735.php _____ Date Reported: 12/12/00 Vulnerability: zope-image-file Platforms Affected: Zope Risk Factor: Medium Attack Type: Host Based Brief Description: Linux zope package Image and File objects X-Force URL: http://xforce.iss.net/static/5778.php _____ Date Reported: 12/12/00 Vulnerability: http-cgi-everythingform Platforms Affected: everythingform.cgi Risk Factor: High Attack Type: Network Based Brief Description: everythingform.cgi input validation error X-Force URL: http://xforce.iss.net/static/5736.php _____ Date Reported: 12/12/00 Vulnerability: http-cgi-simplestmail Platforms Affected: simplestmail.cgi Risk Factor: High Attack Type: Network Based Brief Description: simplestmail.cgi input validation error X-Force URL: http://xforce.iss.net/static/5739.php _____ Date Reported: 12/12/00 Vulnerability: http-cgi-ad Platforms Affected: ad.cgi Risk Factor: High Attack Type: Network Based Brief Description: ad.cgi input validation error X-Force URL: http://xforce.iss.net/static/5741.php _____ Date Reported: 12/12/00 Vulnerability: kde-kmail-weak-encryption Platforms Affected: KDE KMail Risk Factor: High Attack Type: Network/Host Based Brief Description: KDE KMail weak password encryption X-Force URL: http://xforce.iss.net/static/5761.php _____ Date Reported: 12/12/00 Vulnerability: aolim-buddyicon-bo Platforms Affected: AOL Instant Messenger Risk Factor: High Attack Type: Network/Host Based Brief Description: AOL Instant Messenger Buddy Icon buffer overflow X-Force URL: http://xforce.iss.net/static/5786.php _____ Date Reported: 12/12/00 Vulnerability: aim-remote-bo Platforms Affected: AOL Instant Messenger Risk Factor: Medium Attack Type: Network Based Brief Description: AOL Instant Messenger buffer overflow X-Force URL: http://xforce.iss.net/static/5732.php _____ Date Reported: 12/11/00 Vulnerability: rppppoe-zero-length-dos Platforms Affected: rp-pppoe Risk Factor: Medium Attack Type: Network Based Brief Description: rp-pppoe "zero-length" option denial of service X-Force URL: http://xforce.iss.net/static/5727.php _____ Date Reported: 12/11/00 Vulnerability: proftpd-modsqlpw-unauth-access Platforms Affected: ProFTPd Risk Factor: Medium Attack Type: Network Based Brief Description: ProFTPD system using mod_sqlpw unauthorized access X-Force URL: http://xforce.iss.net/static/5737.php _____ Date Reported: 12/11/00 Vulnerability: gnu-ed-symlink Platforms Affected: GNU ed Risk Factor: High Attack Type: Host Based Brief Description: GNU ed symlink X-Force URL: http://xforce.iss.net/static/5723.php _____ Date Reported: 12/11/00 Vulnerability: oops-ftputils-bo Platforms Affected: Oops Proxy Server Risk Factor: High Attack Type: Network/Host Based Brief Description: Oops Proxy Server ftp_utils buffer overflow X-Force URL: http://xforce.iss.net/static/5725.php _____ Date Reported: 12/11/00 Vulnerability: oracle-oidldap-write-permission Platforms Affected: Oracle Internet Directory Risk Factor: High Attack Type: Host Based Brief Description: Oracle Internet Directory write permission X-Force URL: http://xforce.iss.net/static/5804.php _____ Date Reported: 12/9/00 Vulnerability: foolproof-security-bypass Platforms Affected: FoolProof Risk Factor: High Attack Type: Host Based Brief Description: FoolProof Security restriction bypass using FTP X-Force URL: http://xforce.iss.net/static/5758.php _____ Date Reported: 12/8/00 Vulnerability: broadvision-bv1to1-reveal-path Platforms Affected: BroadVision One-To-One Enterprise Server Risk Factor: Low Attack Type: Network Based Brief Description: BroadVision One-To-One Enterprise Server reveals path to server X-Force URL: http://xforce.iss.net/static/5661.php _____ Date Reported: 12/8/00 Vulnerability: ssldump-format-strings Platforms Affected: ssldump Risk Factor: Medium Attack Type: Network Based Brief Description: ssldump format string could allow arbitrary execution of code X-Force URL: http://xforce.iss.net/static/5717.php _____ Date Reported: 12/8/00 Vulnerability: coldfusion-sample-dos Platforms Affected: ColdFusion Risk Factor: Medium Attack Type: Network/Host Based Brief Description: ColdFusion sample script denial of service X-Force URL: http://xforce.iss.net/static/5755.php _____ Date Reported: 12/8/00 Vulnerability: kerberos4-arbitrary-proxy Platforms Affected: Kerberos 4 Risk Factor: High Attack Type: Network/Host Based Brief Description: KTH Kerberos 4 arbitrary proxy enviornment variable X-Force URL: http://xforce.iss.net/static/5733.php _____ Date Reported: 12/8/00 Vulnerability: kerberos4-auth-packet-overflow Platforms Affected: Kerberos 4 Risk Factor: High Attack Type: Network/Host Based Brief Description: KTH Kerberos 4 authentication packet buffer overflow X-Force URL: http://xforce.iss.net/static/5734.php _____ Date Reported: 12/8/00 Vulnerability: kerberos4-user-config Platforms Affected: Kerberos 4 Risk Factor: High Attack Type: Host Based Brief Description: KTH Kerberos 4 user supplied configuration files X-Force URL: http://xforce.iss.net/static/5738.php _____ Date Reported: 12/8/00 Vulnerability: kerberos4-tmpfile-dos Platforms Affected: Kerberos 4 Risk Factor: High Attack Type: Host Based Brief Description: KTH Kerberos 4 race condition X-Force URL: http://xforce.iss.net/static/5754.php _____ Date Reported: 12/7/00 Vulnerability: homeseer-directory-traversal Platforms Affected: HomeSeer Risk Factor: Low Attack Type: Network Based Brief Description: HomeSeer allows directory traversal X-Force URL: http://xforce.iss.net/static/5663.php _____ Date Reported: 12/7/00 Vulnerability: offline-explorer-reveal-files Platforms Affected: MetaProducts Offline Explorer Risk Factor: Low Attack Type: Network/Host Based Brief Description: MetaProducts Offline Explorer can reveal file system X-Force URL: http://xforce.iss.net/static/5728.php _____ Date Reported: 12/7/00 Vulnerability: imail-smtp-auth-dos Platforms Affected: IMail Risk Factor: Medium Attack Type: Network/Host Based Brief Description: IMail SMTP auth denial of service X-Force URL: http://xforce.iss.net/static/5674.php _____ Date Reported: 12/6/00 Vulnerability: apc-apcupsd-dos Platforms Affected: APC apcupsd Risk Factor: Medium Attack Type: Host Based Brief Description: APC apcupsd denial of service X-Force URL: http://xforce.iss.net/static/5654.php _____ Date Reported: 12/6/00 Vulnerability: cisco-catalyst-telnet-dos Platforms Affected: Cisco Catalyst Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Cisco Catalyst telnet server memory leak denial of service X-Force URL: http://xforce.iss.net/static/5656.php _____ Date Reported: 12/6/00 Vulnerability: apache-php-disclose-files Platforms Affected: Apache Web server Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Apache Web server discloses files when used with php script X-Force URL: http://xforce.iss.net/static/5659.php _____ Date Reported: 12/6/00 Vulnerability: ultraseek-reveal-path Platforms Affected: Ultraseek Risk Factor: Medium Attack Type: Network Based Brief Description: Ultraseek Server can reveal the path and source code to certain files X-Force URL: http://xforce.iss.net/static/5660.php _____ Date Reported: 12/6/00 Vulnerability: irc-dreamforge-dns-dos Platforms Affected: DreamForge IRCd Risk Factor: Medium Attack Type: Network Based Brief Description: DreamForge IRCd DNS denial of service X-Force URL: http://xforce.iss.net/static/5721.php _____ Date Reported: 12/6/00 Vulnerability: mailman-alternate-templates Platforms Affected: MailMan Risk Factor: High Attack Type: Network Based Brief Description: MailMan Alternate Templates form variable allows remote attacker to execute commands X-Force URL: http://xforce.iss.net/static/5649.php _____ Date Reported: 12/6/00 Vulnerability: phpgroupware-include-files Platforms Affected: Risk Factor: High Attack Type: Network Based Brief Description: phpGroupWare include files allows remote attacker to execute commands X-Force URL: http://xforce.iss.net/static/5650.php _____ Date Reported: 12/6/00 Vulnerability: markvision-printer-driver-bo Platforms Affected: Lexmark MarkVision Risk Factor: High Attack Type: Host Based Brief Description: Lexmark MarkVision printer drivers for Unix buffer overflows X-Force URL: http://xforce.iss.net/static/5651.php _____ Date Reported: 12/6/00 Vulnerability: nt-ras-reg-perms Platforms Affected: Windows NT Risk Factor: High Attack Type: Host Based Brief Description: Windows NT RAS registry permissions X-Force URL: http://xforce.iss.net/static/5671.php _____ Date Reported: 12/6/00 Vulnerability: nt-snmp-reg-perms Platforms Affected: Windows NT Risk Factor: High Attack Type: Network/Host Based Brief Description: Windows NT SNMP registry permissions X-Force URL: http://xforce.iss.net/static/5672.php _____ Date Reported: 12/6/00 Vulnerability: nt-mts-reg-perms Platforms Affected: Windows NT Risk Factor: High Attack Type: Network/Host Based Brief Description: Windows NT MTS registry permissions X-Force URL: http://xforce.iss.net/static/5673.php _____ Date Reported: 12/6/00 Vulnerability: irc-bitchx-dns-bo Platforms Affected: BitchX Risk Factor: High Attack Type: Network Based Brief Description: BitchX IRC DNS buffer overflow X-Force URL: http://xforce.iss.net/static/5701.php _____ Date Reported: 12/5/00 Vulnerability: ibm-db2-gain-access Platforms Affected: IBM DB2 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: IBM DB2 Universal Database can give access through default username and password X-Force URL: http://xforce.iss.net/static/5662.php _____ Date Reported: 12/5/00 Vulnerability: ibm-db2-dos Platforms Affected: IBM DB2 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: IBM DB2 Universal Database denial of service X-Force URL: http://xforce.iss.net/static/5664.php _____ Date Reported: 12/5/00 Vulnerability: vsu-source-routing Platforms Affected: VSU Risk Factor: Medium Attack Type: Network Based Brief Description: VPNet VSU gateways contain source routing X-Force URL: http://xforce.iss.net/static/5667.php _____ Date Reported: 12/5/00 Vulnerability: vsu-ip-bridging Platforms Affected: VSU Risk Factor: Medium Attack Type: Network Based Brief Description: VPNet VSU gateways contain bridging code X-Force URL: http://xforce.iss.net/static/5670.php _____ Date Reported: 12/5/00 Vulnerability: ftp-servu-homedir-travers Platforms Affected: Serv-U FTP Risk Factor: High Attack Type: Network/Host Based Brief Description: FTP Serv-U home directory traversal could allow access to FTProot X-Force URL: http://xforce.iss.net/static/5639.php _____ Date Reported: 12/4/00 Vulnerability: cisco-cbos-web-access Platforms Affected: CISCO CBOS Risk Factor: Medium Attack Type: Network Based Brief Description: Cisco CBOS Web access enabled denial of service X-Force URL: http://xforce.iss.net/static/5626.php _____ Date Reported: 12/4/00 Vulnerability: watchguard-soho-get-dos Platforms Affected: WatchGuard SOHO Risk Factor: Medium Attack Type: Network Based Brief Description: WatchGuard SOHO Firewall multiple GET requests denial of service X-Force URL: http://xforce.iss.net/static/5665.php _____ Date Reported: 12/4/00 Vulnerability: phone-book-service-bo Platforms Affected: Windows 2000 Windows NT Risk Factor: High Attack Type: Network Based Brief Description: Windows NT and 2000 Phone Book service buffer overflow X-Force URL: http://xforce.iss.net/static/5623.php _____ Date Reported: 12/4/00 Vulnerability: cisco-cbos-syn-packets Platforms Affected: CISCO CBOS Risk Factor: High Attack Type: Network Based Brief Description: Cisco CBOS SYN packets denial of service X-Force URL: http://xforce.iss.net/static/5627.php _____ Date Reported: 12/4/00 Vulnerability: cisco-cbos-invalid-login Platforms Affected: CISCO CBOS Risk Factor: High Attack Type: Network Based Brief Description: Cisco CBOS does not log invalid logins X-Force URL: http://xforce.iss.net/static/5628.php _____ Date Reported: 12/4/00 Vulnerability: cisco-cbos-icmp-echo Platforms Affected: CISCO CBOS Risk Factor: High Attack Type: Network Based Brief Description: Cisco CBOS large ICMP ECHO packet denial of service X-Force URL: http://xforce.iss.net/static/5629.php _____ Date Reported: 12/2/00 Vulnerability: phpweblog-bypass-authentication Platforms Affected: phpWebLog Risk Factor: High Attack Type: Host Based Brief Description: phpWebLog allows users to bypass authentication X-Force URL: http://xforce.iss.net/static/5625.php _____ Date Reported: 12/1/00 Vulnerability: linux-diskcheck-race-symlink Platforms Affected: Linux Risk Factor: Low Attack Type: Host Based Brief Description: Linux diskcheck race condition could allow a tmp file symbolic link attack X-Force URL: http://xforce.iss.net/static/5624.php _____ Date Reported: 12/1/00 Vulnerability: ie-form-file-upload Platforms Affected: Microsoft Internet Explorer Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Internet Explorer file upload form X-Force URL: http://xforce.iss.net/static/5615.php _____ Date Reported: 12/1/00 Vulnerability: mssql-xp-paraminfo-bo Platforms Affected: Risk Factor: Medium Attack Type: Host Based Brief Description: Microsoft SQL XP srv_paraminfo() buffer overflow X-Force URL: http://xforce.iss.net/static/5622.php _____ Date Reported: 12/1/00 Vulnerability: majordomo-auth-execute-commands Platforms Affected: Majordomo Risk Factor: High Attack Type: Network Based Brief Description: Majordomo allows administrative access without password X-Force URL: http://xforce.iss.net/static/5611.php _____ Date Reported: 12/1/00 Vulnerability: ie-print-template Platforms Affected: Microsoft Internet Explorer Risk Factor: High Attack Type: Network/Host Based Brief Description: Internet Explorer print template X-Force URL: http://xforce.iss.net/static/5614.php _____ Date Reported: 12/1/00 Vulnerability: aix-piobe-bo Platforms Affected: AIX Risk Factor: High Attack Type: Host Based Brief Description: AIX piobe buffer overflow X-Force URL: http://xforce.iss.net/static/5616.php _____ Date Reported: 12/1/00 Vulnerability: aix-pioout-bo Platforms Affected: AIX Risk Factor: High Attack Type: Host Based Brief Description: AIX pioout buffer overflow X-Force URL: http://xforce.iss.net/static/5617.php _____ Date Reported: 12/1/00 Vulnerability: aix-setclock-bo Platforms Affected: AIX Risk Factor: High Attack Type: Host Based Brief Description: AIX setclock buffer overflow X-Force URL: http://xforce.iss.net/static/5618.php _____ Date Reported: 12/1/00 Vulnerability: aix-enq-bo Platforms Affected: AIX Risk Factor: High Attack Type: Host Based Brief Description: AIX enq buffer overflow X-Force URL: http://xforce.iss.net/static/5619.php _____ Date Reported: 12/1/00 Vulnerability: aix-digest-bo Platforms Affected: AIX Risk Factor: High Attack Type: Host Based Brief Description: AIX digest buffer overflow X-Force URL: http://xforce.iss.net/static/5620.php _____ Date Reported: 12/1/00 Vulnerability: aix-setsenv-bo Platforms Affected: AIX Risk Factor: High Attack Type: Host Based Brief Description: AIX setsenv buffer overflow X-Force URL: http://xforce.iss.net/static/5621.php Risk Factor Key: High Any vulnerability that provides an attacker with immediate access into a machine, gains superuser access, or bypasses a firewall. Example: A vulnerable Sendmail 8.6.5 version that allows an intruder to execute commands on mail server. Medium Any vulnerability that provides information that has a high potential of giving system access to an intruder. Example: A misconfigured TFTP or vulnerable NIS server that allows an intruder to get the password file that could contain an account with a guessable password. Low Any vulnerability that provides information that potentially could lead to a compromise. Example: A finger that allows an intruder to find out who is online and potential accounts to attempt to crack passwords via brute force methods. _____ Additional Information This document is available at http://xforce.iss.net/alerts/advisennn.php. To receive these Alerts and Advisories: - - Subscribe to the Alert mailing list from http://xforce.iss.net/maillists/index.php - - Or send an email to majordomo@iss.net, and within the body of the message type: 'subscribe alert' (without the quotes). About Internet Security Systems (ISS) Internet Security Systems, Inc. (ISS) (NASDAQ: ISSX) is the leading global provider of security management solutions for the Internet. By combining best of breed products, security management services, aggressive research and development, and comprehensive educational and consulting services, ISS is the trusted security advisor for thousands of organizations around the world looking to protect their mission critical information and networks. Copyright (c) 2001 by Internet Security Systems, Inc. Permission is hereby granted for the redistribution of this Alert electronically. It is not to be edited in any way without express consent of the X-Force. If you wish to reprint the whole or any part of this Alert in any other medium excluding electronic medium, please e-mail xforce@iss.net for permission. Disclaimer The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk. X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as well as on MIT's PGP key server and PGP.com's key server. Please send suggestions, updates, and comments to: X-Force xforce@iss.net of Internet Security Systems, Inc. -----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: noconv iQCVAwUBOmd8xjRfJiV99eG9AQHGkAQAgX36zVSxItnmE160WG5ws5c6tp0F0Sr0 LLmTWkj7iiYUNv2dKxsw0L4IxItVyilHBYDDrQtjpD76ABE1YhaU2qxlFCeNqMoL r21MXXYy0JZWfMCU+t7dk7VNtDzy/0EpbZIcBqziisvQJYgUin3viD54QK+gsYIw jbM10AXVSHw= =5U+8 -----END PGP SIGNATURE-----

Trust: 5.58

sources: NVD: CVE-2000-1090 // CERT/CC: VU#610904 // CERT/CC: VU#739201 // CERT/CC: VU#808633 // CERT/CC: VU#872257 // CERT/CC: VU#886953 // JVNDB: JVNDB-2000-000075 // BID: 2100 // PACKETSTORM: 24096

AFFECTED PRODUCTS

vendor:ibmmodel: - scope: - version: -

Trust: 2.4

vendor:microsoftmodel:internet information serverscope:eqversion:4.0

Trust: 1.6

vendor:microsoftmodel:internet information serverscope:eqversion:5.0

Trust: 1.6

vendor:oraclemodel: - scope: - version: -

Trust: 0.8

vendor:microsoftmodel:iisscope:eqversion:4.0

Trust: 0.8

vendor:microsoftmodel:iisscope:eqversion:5.0

Trust: 0.8

vendor:microsoftmodel:iis far east editionscope:eqversion:5.0

Trust: 0.3

vendor:microsoftmodel:iis far east edition sp5scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:iis far east edition sp6scope:neversion:4.0

Trust: 0.3

sources: CERT/CC: VU#610904 // CERT/CC: VU#739201 // CERT/CC: VU#808633 // CERT/CC: VU#886953 // BID: 2100 // JVNDB: JVNDB-2000-000075 // CNNVD: CNNVD-200102-009 // NVD: CVE-2000-1090

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2000-1090
value: MEDIUM

Trust: 1.0

CARNEGIE MELLON: VU#610904
value: 3.00

Trust: 0.8

CARNEGIE MELLON: VU#739201
value: 7.09

Trust: 0.8

CARNEGIE MELLON: VU#808633
value: 5.36

Trust: 0.8

CARNEGIE MELLON: VU#872257
value: 7.09

Trust: 0.8

CARNEGIE MELLON: VU#886953
value: 15.19

Trust: 0.8

NVD: CVE-2000-1090
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200102-009
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2000-1090
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: CERT/CC: VU#610904 // CERT/CC: VU#739201 // CERT/CC: VU#808633 // CERT/CC: VU#872257 // CERT/CC: VU#886953 // JVNDB: JVNDB-2000-000075 // CNNVD: CNNVD-200102-009 // NVD: CVE-2000-1090

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2000-1090

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 24096 // CNNVD: CNNVD-200102-009

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200102-009

CONFIGURATIONS

sources: JVNDB: JVNDB-2000-000075

PATCH

title:Top Pageurl:http://www.microsoft.com/ja/jp/default.aspx

Trust: 0.8

sources: JVNDB: JVNDB-2000-000075

EXTERNAL IDS

db:NVDid:CVE-2000-1090

Trust: 2.7

db:BIDid:2100

Trust: 2.7

db:XFid:5804

Trust: 0.9

db:XFid:5618

Trust: 0.9

db:XFid:5620

Trust: 0.9

db:XFid:5619

Trust: 0.9

db:XFid:5621

Trust: 0.9

db:CERT/CCid:VU#610904

Trust: 0.8

db:BIDid:2035

Trust: 0.8

db:CERT/CCid:VU#739201

Trust: 0.8

db:BIDid:2033

Trust: 0.8

db:CERT/CCid:VU#808633

Trust: 0.8

db:BIDid:2034

Trust: 0.8

db:CERT/CCid:VU#872257

Trust: 0.8

db:BIDid:2032

Trust: 0.8

db:CERT/CCid:VU#886953

Trust: 0.8

db:JVNDBid:JVNDB-2000-000075

Trust: 0.8

db:XFid:5729

Trust: 0.7

db:CNNVDid:CNNVD-200102-009

Trust: 0.6

db:XFid:5629

Trust: 0.1

db:XFid:5825

Trust: 0.1

db:XFid:5626

Trust: 0.1

db:XFid:5776

Trust: 0.1

db:XFid:5616

Trust: 0.1

db:XFid:5797

Trust: 0.1

db:XFid:5740

Trust: 0.1

db:XFid:5831

Trust: 0.1

db:XFid:5827

Trust: 0.1

db:XFid:5823

Trust: 0.1

db:XFid:5758

Trust: 0.1

db:XFid:5777

Trust: 0.1

db:XFid:5664

Trust: 0.1

db:XFid:5611

Trust: 0.1

db:XFid:5650

Trust: 0.1

db:XFid:5818

Trust: 0.1

db:XFid:5738

Trust: 0.1

db:XFid:5662

Trust: 0.1

db:XFid:5732

Trust: 0.1

db:XFid:5739

Trust: 0.1

db:XFid:5785

Trust: 0.1

db:XFid:5787

Trust: 0.1

db:XFid:5734

Trust: 0.1

db:XFid:5743

Trust: 0.1

db:XFid:5821

Trust: 0.1

db:XFid:5639

Trust: 0.1

db:XFid:5622

Trust: 0.1

db:XFid:5796

Trust: 0.1

db:XFid:5829

Trust: 0.1

db:XFid:5755

Trust: 0.1

db:XFid:5625

Trust: 0.1

db:XFid:5833

Trust: 0.1

db:XFid:5778

Trust: 0.1

db:XFid:5773

Trust: 0.1

db:XFid:5717

Trust: 0.1

db:XFid:5617

Trust: 0.1

db:XFid:5728

Trust: 0.1

db:XFid:5736

Trust: 0.1

db:XFid:5753

Trust: 0.1

db:XFid:5627

Trust: 0.1

db:XFid:5651

Trust: 0.1

db:XFid:5815

Trust: 0.1

db:XFid:5822

Trust: 0.1

db:XFid:5744

Trust: 0.1

db:XFid:5834

Trust: 0.1

db:XFid:5554

Trust: 0.1

db:XFid:5789

Trust: 0.1

db:XFid:5615

Trust: 0.1

db:XFid:5742

Trust: 0.1

db:XFid:5741

Trust: 0.1

db:XFid:5824

Trust: 0.1

db:XFid:5793

Trust: 0.1

db:XFid:5614

Trust: 0.1

db:XFid:5763

Trust: 0.1

db:XFid:5674

Trust: 0.1

db:XFid:5723

Trust: 0.1

db:XFid:5654

Trust: 0.1

db:XFid:5826

Trust: 0.1

db:XFid:5782

Trust: 0.1

db:XFid:5663

Trust: 0.1

db:XFid:5628

Trust: 0.1

db:XFid:5805

Trust: 0.1

db:XFid:5798

Trust: 0.1

db:XFid:5762

Trust: 0.1

db:XFid:5721

Trust: 0.1

db:XFid:5784

Trust: 0.1

db:XFid:5671

Trust: 0.1

db:XFid:5623

Trust: 0.1

db:XFid:5725

Trust: 0.1

db:XFid:5809

Trust: 0.1

db:XFid:5795

Trust: 0.1

db:XFid:5673

Trust: 0.1

db:XFid:5801

Trust: 0.1

db:XFid:5830

Trust: 0.1

db:XFid:5817

Trust: 0.1

db:XFid:5701

Trust: 0.1

db:XFid:5788

Trust: 0.1

db:XFid:5808

Trust: 0.1

db:XFid:5735

Trust: 0.1

db:XFid:5819

Trust: 0.1

db:XFid:5754

Trust: 0.1

db:XFid:5649

Trust: 0.1

db:XFid:5807

Trust: 0.1

db:XFid:5660

Trust: 0.1

db:XFid:5661

Trust: 0.1

db:XFid:5746

Trust: 0.1

db:XFid:5624

Trust: 0.1

db:XFid:5775

Trust: 0.1

db:XFid:5761

Trust: 0.1

db:XFid:5733

Trust: 0.1

db:XFid:5727

Trust: 0.1

db:XFid:5813

Trust: 0.1

db:XFid:5656

Trust: 0.1

db:XFid:5799

Trust: 0.1

db:XFid:5665

Trust: 0.1

db:XFid:5737

Trust: 0.1

db:XFid:5659

Trust: 0.1

db:XFid:5667

Trust: 0.1

db:XFid:5672

Trust: 0.1

db:XFid:5749

Trust: 0.1

db:XFid:5803

Trust: 0.1

db:XFid:5811

Trust: 0.1

db:XFid:5786

Trust: 0.1

db:XFid:5802

Trust: 0.1

db:XFid:5760

Trust: 0.1

db:XFid:5800

Trust: 0.1

db:XFid:5670

Trust: 0.1

db:PACKETSTORMid:24096

Trust: 0.1

sources: CERT/CC: VU#610904 // CERT/CC: VU#739201 // CERT/CC: VU#808633 // CERT/CC: VU#872257 // CERT/CC: VU#886953 // BID: 2100 // JVNDB: JVNDB-2000-000075 // PACKETSTORM: 24096 // CNNVD: CNNVD-200102-009 // NVD: CVE-2000-1090

REFERENCES

url:http://www.securityfocus.com/bid/2100

Trust: 2.4

url:http://www.nsfocus.com/english/homepage/sa_08.htm

Trust: 1.9

url:http://techsupport.services.ibm.com/rs6000/aix.uhuic_getrec?args=dvhuron.boulder.ibm.com+dbaix+da139925+stiy08143+usbin

Trust: 1.6

url:http://techsupport.services.ibm.com/support/rs6000.support/fixsearch?fixdb=aix4&srchtype=apar&query=iy08143

Trust: 1.6

url:http://techsupport.services.ibm.com/rs6000/aix.uhuic_getrec?args=dvhuron.boulder.ibm.com+dbaix+da137627+stiy08287+usbin

Trust: 1.6

url:http://techsupport.services.ibm.com/support/rs6000.support/fixsearch?fixdb=aix4&srchtype=apar&query=iy08287

Trust: 1.6

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/5729

Trust: 1.0

url:http://xforce.iss.net/static/5804.php

Trust: 0.9

url:http://xforce.iss.net/static/5618.php

Trust: 0.9

url:http://xforce.iss.net/static/5620.php

Trust: 0.9

url:http://xforce.iss.net/static/5619.php

Trust: 0.9

url:http://xforce.iss.net/static/5621.php

Trust: 0.9

url:http://www.securityfocus.com/templates/archive.pike?list=1&mid=152620

Trust: 0.8

url:http://www.securityfocus.com/bid/2035

Trust: 0.8

url:http://techsupport.services.ibm.com/rs6000/aix.uhuic_getrec?args=dvhuron.boulder.ibm.com+dbaix+da139817+stiy07831+usbin

Trust: 0.8

url:http://techsupport.services.ibm.com/support/rs6000.support/fixsearch?fixdb=aix4&srchtype=apar&query=iy07831

Trust: 0.8

url:http://techsupport.services.ibm.com/rs6000/aix.uhuic_getrec?args=dvhuron.boulder.ibm.com+dbaix+da137621+stiy07790+usbin

Trust: 0.8

url:http://techsupport.services.ibm.com/support/rs6000.support/fixsearch?fixdb=aix4&srchtype=apar&query=iy07790

Trust: 0.8

url:http://www.securityfocus.com/bid/2033

Trust: 0.8

url:http://www.rs6000.ibm.com/idd500/usr/share/man/info/en_us/a_doc_lib/cmds/aixcmds2/digest.htm#a26p05a6

Trust: 0.8

url:http://www.securityfocus.com/bid/2034

Trust: 0.8

url:http://www.rs6000.ibm.com/idd500/usr/share/man/info/en_us/a_doc_lib/cmds/aixcmds2/enq.htm#a200977f

Trust: 0.8

url:http://www.securityfocus.com/bid/2032

Trust: 0.8

url:http://techsupport.services.ibm.com/rs6000/aix.uhuic_getrec?args=dvhuron.boulder.ibm.com+dbaix+da114623+stiy10721+usbin

Trust: 0.8

url:http://techsupport.services.ibm.com/support/rs6000.support/fixsearch?fixdb=aix4&srchtype=apar&query=iy10721

Trust: 0.8

url:http://techsupport.services.ibm.com/rs6000/aix.uhuic_getrec?args=dvhuron.boulder.ibm.com+dbaix+da123587+stiy08812+usbin

Trust: 0.8

url:http://techsupport.services.ibm.com/support/rs6000.support/fixsearch?fixdb=aix4&srchtype=apar&query=iy08812

Trust: 0.8

url:http://www.rs6000.ibm.com/doc_link/en_us/a_doc_lib/cmds/aixcmds5/setsenv.htm#wpg2f0frit

Trust: 0.8

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2000-1090

Trust: 0.8

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2000-1090

Trust: 0.8

url:http://xforce.iss.net/static/5729.php

Trust: 0.7

url:http://xforce.iss.net/static/5742.php

Trust: 0.1

url:http://xforce.iss.net/static/5775.php

Trust: 0.1

url:http://xforce.iss.net/static/5795.php

Trust: 0.1

url:http://xforce.iss.net/static/5701.php

Trust: 0.1

url:http://xforce.iss.net/static/5813.php

Trust: 0.1

url:http://xforce.iss.net/static/5639.php

Trust: 0.1

url:http://xforce.iss.net/static/5762.php

Trust: 0.1

url:http://xforce.iss.net/static/5830.php

Trust: 0.1

url:http://xforce.iss.net/static/5754.php

Trust: 0.1

url:http://xforce.iss.net).

Trust: 0.1

url:http://xforce.iss.net/static/5778.php

Trust: 0.1

url:http://xforce.iss.net/static/5624.php

Trust: 0.1

url:http://xforce.iss.net/static/5739.php

Trust: 0.1

url:http://xforce.iss.net/static/5802.php

Trust: 0.1

url:http://xforce.iss.net/static/5650.php

Trust: 0.1

url:http://xforce.iss.net/static/5651.php

Trust: 0.1

url:http://xforce.iss.net/static/5793.php

Trust: 0.1

url:http://xforce.iss.net/static/5788.php

Trust: 0.1

url:http://xforce.iss.net/static/5717.php

Trust: 0.1

url:http://xforce.iss.net/static/5800.php

Trust: 0.1

url:http://xforce.iss.net/static/5773.php

Trust: 0.1

url:http://xforce.iss.net/static/5822.php

Trust: 0.1

url:http://xforce.iss.net/static/5728.php

Trust: 0.1

url:http://xforce.iss.net/static/5789.php

Trust: 0.1

url:http://xforce.iss.net/static/5815.php

Trust: 0.1

url:http://xforce.iss.net/static/5625.php

Trust: 0.1

url:http://xforce.iss.net/static/5662.php

Trust: 0.1

url:http://xforce.iss.net/static/5760.php

Trust: 0.1

url:http://xforce.iss.net/static/5663.php

Trust: 0.1

url:http://xforce.iss.net/static/5721.php

Trust: 0.1

url:http://xforce.iss.net/static/5626.php

Trust: 0.1

url:http://xforce.iss.net/static/5805.php

Trust: 0.1

url:http://xforce.iss.net/static/5799.php

Trust: 0.1

url:http://xforce.iss.net/static/5827.php

Trust: 0.1

url:http://xforce.iss.net/static/5777.php

Trust: 0.1

url:http://xforce.iss.net/static/5649.php

Trust: 0.1

url:http://xforce.iss.net/static/5819.php

Trust: 0.1

url:http://xforce.iss.net/static/5786.php

Trust: 0.1

url:http://xforce.iss.net/static/5744.php

Trust: 0.1

url:http://xforce.iss.net/static/5808.php

Trust: 0.1

url:http://xforce.iss.net/static/5797.php

Trust: 0.1

url:http://xforce.iss.net/static/5738.php

Trust: 0.1

url:http://xforce.iss.net/static/5664.php

Trust: 0.1

url:http://xforce.iss.net/static/5628.php

Trust: 0.1

url:http://xforce.iss.net/static/5809.php

Trust: 0.1

url:http://xforce.iss.net/static/5622.php

Trust: 0.1

url:http://xforce.iss.net/static/5732.php

Trust: 0.1

url:http://xforce.iss.net/static/5740.php

Trust: 0.1

url:http://xforce.iss.net/static/5670.php

Trust: 0.1

url:http://xforce.iss.net/static/5776.php

Trust: 0.1

url:http://xforce.iss.net/static/5784.php

Trust: 0.1

url:http://xforce.iss.net/static/5803.php

Trust: 0.1

url:http://xforce.iss.net/static/5659.php

Trust: 0.1

url:http://xforce.iss.net/static/5671.php

Trust: 0.1

url:http://xforce.iss.net/static/5734.php

Trust: 0.1

url:http://xforce.iss.net/static/5611.php

Trust: 0.1

url:http://xforce.iss.net/static/5785.php

Trust: 0.1

url:http://xforce.iss.net/static/5616.php

Trust: 0.1

url:http://xforce.iss.net/static/5672.php

Trust: 0.1

url:http://xforce.iss.net/static/5743.php

Trust: 0.1

url:http://xforce.iss.net/static/5674.php

Trust: 0.1

url:http://xforce.iss.net/static/5614.php

Trust: 0.1

url:http://xforce.iss.net/static/5763.php

Trust: 0.1

url:http://xforce.iss.net/alerts/vol-06_num-02.php.

Trust: 0.1

url:http://xforce.iss.net/static/5627.php

Trust: 0.1

url:http://xforce.iss.net/static/5617.php

Trust: 0.1

url:http://xforce.iss.net/static/5727.php

Trust: 0.1

url:http://xforce.iss.net/static/5824.php

Trust: 0.1

url:http://xforce.iss.net/static/5818.php

Trust: 0.1

url:http://xforce.iss.net/static/5660.php

Trust: 0.1

url:http://xforce.iss.net/static/5796.php

Trust: 0.1

url:http://xforce.iss.net/static/5615.php

Trust: 0.1

url:http://xforce.iss.net/static/5725.php

Trust: 0.1

url:http://xforce.iss.net/static/5833.php

Trust: 0.1

url:http://xforce.iss.net/static/5787.php

Trust: 0.1

url:http://xforce.iss.net/static/5761.php

Trust: 0.1

url:http://xforce.iss.net/static/5811.php

Trust: 0.1

url:http://xforce.iss.net/static/5629.php

Trust: 0.1

url:http://xforce.iss.net/static/5723.php

Trust: 0.1

url:http://xforce.iss.net/static/5829.php

Trust: 0.1

url:http://xforce.iss.net/static/5749.php

Trust: 0.1

url:http://xforce.iss.net/static/5801.php

Trust: 0.1

url:http://xforce.iss.net/static/5755.php

Trust: 0.1

url:http://xforce.iss.net/static/5821.php

Trust: 0.1

url:http://xforce.iss.net/static/5656.php

Trust: 0.1

url:http://xforce.iss.net/static/5834.php

Trust: 0.1

url:http://xforce.iss.net/static/5736.php

Trust: 0.1

url:http://xforce.iss.net/static/5623.php

Trust: 0.1

url:http://xforce.iss.net/static/5735.php

Trust: 0.1

url:http://xforce.iss.net/static/5673.php

Trust: 0.1

url:http://xforce.iss.net/static/5825.php

Trust: 0.1

url:http://xforce.iss.net/static/5753.php

Trust: 0.1

url:http://xforce.iss.net/static/5798.php

Trust: 0.1

url:http://xforce.iss.net/static/5667.php

Trust: 0.1

url:http://xforce.iss.net/maillists/index.php

Trust: 0.1

url:http://xforce.iss.net/static/5654.php

Trust: 0.1

url:http://xforce.iss.net/static/5817.php

Trust: 0.1

url:http://xforce.iss.net/alerts/advisennn.php.

Trust: 0.1

url:http://xforce.iss.net/static/5823.php

Trust: 0.1

url:http://xforce.iss.net/static/5826.php

Trust: 0.1

url:http://xforce.iss.net/sensitive.php

Trust: 0.1

url:http://xforce.iss.net/static/5554.php

Trust: 0.1

url:http://xforce.iss.net/static/5831.php

Trust: 0.1

url:http://xforce.iss.net/static/5665.php

Trust: 0.1

url:http://xforce.iss.net/static/5741.php

Trust: 0.1

url:http://xforce.iss.net/static/5733.php

Trust: 0.1

url:http://xforce.iss.net/static/5782.php

Trust: 0.1

url:http://xforce.iss.net/static/5807.php

Trust: 0.1

url:http://xforce.iss.net/static/5758.php

Trust: 0.1

url:http://xforce.iss.net/static/5661.php

Trust: 0.1

url:http://xforce.iss.net/static/5737.php

Trust: 0.1

url:http://xforce.iss.net/static/5746.php

Trust: 0.1

sources: CERT/CC: VU#610904 // CERT/CC: VU#739201 // CERT/CC: VU#808633 // CERT/CC: VU#872257 // CERT/CC: VU#886953 // BID: 2100 // JVNDB: JVNDB-2000-000075 // PACKETSTORM: 24096 // CNNVD: CNNVD-200102-009 // NVD: CVE-2000-1090

CREDITS

Nsfocus Security Team※ security@nsfocus.com

Trust: 0.6

sources: CNNVD: CNNVD-200102-009

SOURCES

db:CERT/CCid:VU#610904
db:CERT/CCid:VU#739201
db:CERT/CCid:VU#808633
db:CERT/CCid:VU#872257
db:CERT/CCid:VU#886953
db:BIDid:2100
db:JVNDBid:JVNDB-2000-000075
db:PACKETSTORMid:24096
db:CNNVDid:CNNVD-200102-009
db:NVDid:CVE-2000-1090

LAST UPDATE DATE

2024-11-27T21:56:06.017000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#610904date:2001-07-09T00:00:00
db:CERT/CCid:VU#739201date:2001-09-28T00:00:00
db:CERT/CCid:VU#808633date:2001-09-28T00:00:00
db:CERT/CCid:VU#872257date:2001-09-28T00:00:00
db:CERT/CCid:VU#886953date:2001-09-28T00:00:00
db:BIDid:2100date:2009-07-12T17:56:00
db:JVNDBid:JVNDB-2000-000075date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200102-009date:2006-04-25T00:00:00
db:NVDid:CVE-2000-1090date:2018-01-11T16:57:00.407

SOURCES RELEASE DATE

db:CERT/CCid:VU#610904date:2001-07-09T00:00:00
db:CERT/CCid:VU#739201date:2001-09-28T00:00:00
db:CERT/CCid:VU#808633date:2001-09-28T00:00:00
db:CERT/CCid:VU#872257date:2001-09-28T00:00:00
db:CERT/CCid:VU#886953date:2001-09-28T00:00:00
db:BIDid:2100date:2000-12-13T00:00:00
db:JVNDBid:JVNDB-2000-000075date:2007-04-01T00:00:00
db:PACKETSTORMid:24096date:2001-01-22T23:24:05
db:CNNVDid:CNNVD-200102-009date:2000-12-13T00:00:00
db:NVDid:CVE-2000-1090date:2001-02-12T05:00:00