A security hole was discovered in the GNU make package version 3.77-44 distributed with SuSE 6.1 and 6.3. If Makefile contents are fed in via stdin, files will be created in /tmp without checking if there is a symbolic link with the same name. Implications are command execution as the user running make. Other distributions are also affected. SuSE security site here.
ea08e1d1f74ae57dec28f0224d6ad7a4b1254790603ed556b334ded009d41465
A security hole was discovered in the util package (mount and umount commands) installed by default on SuSE and other flavors of linux. Local root compromise possible. SuSE security site here.
d5441c0cfdf9c9b309b67e8539ad4feae7ae7d635226df5cbeedc83b7c860831
Patch for linux kernel 2.2.14 to discard packets that many OS detection tools use to query the TCP/IP stack.
c84594838465fe09706a766e9b8530454728fe6dcbf3ef3079659c0e2e691eb2
Kppp 1.6.14 has a vulnerability that allows a local user to display the saved PPP password.
8d19332151732e5697e7f7163003d6acf0c93e1dbfc58fe97ed5779abc51b4cb
InetServ 3.0 remote DoS exploit.
745955650f792ca0b47cdd962de7a7acf7142588a0956916494311e2965dafa0
Windows 2000 Magazene Security Digest - New vulnerabilities include RDISK Race Condition: Update, Bypass surfControl URL Blocking, WWWThreads Elevates Privileges, Web Server Scripting Issues, Microsoft Java Exposes Files, and Windows NT Recycle Bin Goes Unchecked. Also contains articles on serious DoS attacks, IIS Administrator, FBI and CERT Warn Users Against Web-Based Scripting, and ZoneAlarm 2.0.
aefd83c89746659843b6c1be6a5a6cdf9f3be4950de270b7fb995fce23408f15
A new form of Distributed Denial of Service (DDoS) attack has been discovered following the release of the trin00 and Tribe Flood Network (TFN) denial of service programs (see December 7, 1999 ISS Security Alert at http://xforce.iss.net/alerts/advise40.php3). These attacks are more powerful than any previous denial of service attack observed on the Internet. A Distributed Denial of Service attack is designed to bring a network down by flooding target machines with large amounts of traffic. This traffic can originate from many compromised machines, and can be managed remotely using a client program. ISS X-Force considers this attack a high risk since it can potentially impact a large number of organizations. DDoS attacks have proven to be successful and are difficult to defend against.
b62da56635635d524817aaca0d701afa8f1d51b1075b2f5942b15e54cba18a0e
Bypassing authentication on Axis 700 Network Scanner - By modifying an URL, outsiders can access administrator URLs without entering username and password. Tested on Axis 700 Network Scanner Server version 1.12.
62be7cce360cae03aa7cf171c9411f06a344a3d1ae4af8abcb8218e26c1b8673
The default configuration of SCO OpenServer 5.0.5 allows local users read/write access to SNMPD via a default writable community string. This configuration has been verified on SCO OpenServer 5.0.5 and may be present in earlier versions.
3c82f312504d022a8c22babfcbc6580fa23cc95dd9cd9e92a5e994687ae533a7
There exists a vulnerability in the password checking routines in the latest versions of the MySQL server, that allows any user on a host that is allowed to connect to the server, to skip password authentication, and access databases. All versions of MySQL up to 3.22.26a are vulnerable.
5f5a4fb2100d5e175dc80ad904c3a600382a5f0b6c8153e8084244e2328cedac