CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Debian : Security Vulnerabilities Published In 1999

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2000-0366 1999-12-02 2008-09-10
2.1
None Local Low Not required None Partial None
dump in Debian GNU/Linux 2.1 does not properly restore symlinks, which allows a local user to modify the ownership of arbitrary files.
2 CVE-2000-0076 1999-12-30 2008-09-10
2.1
None Local Low Not required None Partial None
nviboot boot script in the Debian nvi package allows local users to delete files via malformed entries in vi.recover.
3 CVE-1999-1565 1999-08-20 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
Man2html 2.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file.
4 CVE-1999-1496 1999-06-08 2008-09-05
2.1
None Local Low Not required Partial None None
Sudo 1.5 in Debian Linux 2.1 and Red Hat 6.0 allows local users to determine the existence of arbitrary files by attempting to execute the target filename as a program, which generates a different error message when the file does not exist.
5 CVE-1999-1330 Overflow 1999-12-31 2008-09-10
4.6
None Local Low Not required Partial Partial Partial
The snprintf function in the db library 1.85.4 ignores the size parameter, which could allow attackers to exploit buffer overflows that would be prevented by a properly implemented snprintf.
6 CVE-1999-0986 DoS 1999-12-08 2008-09-09
5.0
None Remote Low Not required None None Partial
The ping command in Linux 2.0.3x allows local users to cause a denial of service by sending large packets with the -R (record route) option.
7 CVE-1999-0978 Exec Code 1999-12-09 2008-09-09
7.5
User Remote Low Not required Partial Partial Partial
htdig allows remote attackers to execute commands via filenames with shell metacharacters.
8 CVE-1999-0939 DoS 1999-08-26 2008-09-09
5.0
None Remote Low Not required None None Partial
Denial of service in Debian IRC Epic/epic4 client via a long string.
9 CVE-1999-0914 Overflow 1999-01-03 2008-09-09
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in the FTP client in the Debian GNU/Linux netstd package.
10 CVE-1999-0872 Overflow 1999-08-25 2008-09-09
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in Vixie cron allows local users to gain root access via a long MAILTO environment variable in a crontab file.
11 CVE-1999-0832 Exec Code Overflow 1999-11-09 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in NFS server on Linux allows attackers to execute commands via a long pathname.
12 CVE-1999-0831 DoS 1999-11-19 2008-09-09
5.0
None Remote Low Not required None None Partial
Denial of service in Linux syslogd via a large number of connections.
13 CVE-1999-0804 DoS 1999-06-01 2008-09-09
5.0
None Remote Low Not required None None Partial
Denial of service in Linux 2.2.x kernels via malformed ICMP packets containing unusual types, codes, and IP header lengths.
14 CVE-1999-0769 1999-08-25 2008-09-09
7.2
Admin Local Low Not required Complete Complete Complete
Vixie Cron on Linux systems allows local users to set parameters of sendmail commands via the MAILTO environmental variable.
15 CVE-1999-0743 1999-08-20 2008-09-09
2.1
None Local Low Not required None Partial None
Trn allows local users to overwrite other users' files via symlinks.
16 CVE-1999-0742 +Priv 1999-06-22 2008-09-09
5.0
None Remote Low Not required Partial None None
The Debian mailman package uses weak authentication, which allows attackers to gain privileges.
17 CVE-1999-0732 1999-08-19 2008-09-09
2.1
None Local Low Not required None Partial None
The logging facilitity of the Debian smtp-refuser package allows local users to delete arbitrary files using symbolic links.
18 CVE-1999-0730 1999-06-12 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
The zsoelim program in the Debian man-db package allows local users to overwrite files via a symlink attack.
19 CVE-1999-0678 1999-01-17 2008-09-09
5.0
None Remote Low Not required Partial None None
A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
20 CVE-1999-0457 +Priv 1999-01-17 2008-09-09
7.2
Admin Local Low Not required Complete Complete Complete
Linux ftpwatch program allows local users to gain root privileges.
21 CVE-1999-0434 DoS +Priv 1999-03-30 2008-09-09
7.5
User Remote Low Not required Partial Partial Partial
XFree86 xfs command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service.
22 CVE-1999-0405 Overflow 1999-02-18 2008-09-09
7.2
Admin Local Low Not required Complete Complete Complete
A buffer overflow in lsof allows local users to obtain root privilege.
23 CVE-1999-0389 Overflow 1999-01-03 2008-09-09
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in the bootp server in the Debian Linux netstd package.
24 CVE-1999-0381 Overflow 1999-02-26 2008-09-09
7.2
Admin Local Low Not required Complete Complete Complete
super 3.11.6 and other versions have a buffer overflow in the syslog utility which allows a local user to gain root access.
25 CVE-1999-0374 1999-02-16 2008-09-09
2.1
None Local Low Not required Partial None None
Debian GNU/Linux cfengine package is susceptible to a symlink attack.
26 CVE-1999-0373 Exec Code Overflow 1999-02-01 2008-09-09
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in the "Super" utility in Debian GNU/Linux, and other operating systems, allows local users to execute commands as root.
27 CVE-1999-0368 Overflow 1999-02-09 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto.
Total number of vulnerabilities : 27   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.