CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Redhat : Security Vulnerabilities Published In 1999

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2000-0531 DoS 1999-11-23 2008-09-05
2.1
None Local Low Not required None None Partial
Linux gpm program allows local users to cause a denial of service by flooding the /dev/gpmctl device with STREAM sockets.
2 CVE-2000-0365 1999-06-01 2008-09-10
4.6
User Local Low Not required Partial Partial Partial
Red Hat Linux 6.0 installs the /dev/pts file system with insecure modes, which allows local users to write to other tty devices.
3 CVE-2000-0364 1999-06-01 2008-09-10
4.6
User Local Low Not required Partial Partial Partial
screen and rxvt in Red Hat Linux 6.0 do not properly set the modes of tty devices, which allows local users to write to other ttys.
4 CVE-2000-0358 1999-12-03 2008-09-10
5.0
None Remote Low Not required None None Partial
ORBit and gnome-session in Red Hat Linux 6.1 allows remote attackers to crash a program.
5 CVE-2000-0357 1999-12-03 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
ORBit and esound in Red Hat Linux 6.1 do not use sufficiently random numbers, which allows local users to guess the authentication keys.
6 CVE-2000-0356 1999-10-13 2008-09-10
4.6
User Local Low Not required Partial Partial Partial
Pluggable Authentication Modules (PAM) in Red Hat Linux 6.1 does not properly lock access to disabled NIS accounts.
7 CVE-2000-0355 1999-08-21 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
pg and pb in SuSE pbpg 1.x package allows an attacker to read arbitrary files.
8 CVE-2000-0118 1999-06-09 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
The Red Hat Linux su program does not log failed password guesses if the su process is killed before it times out, which allows local attackers to conduct brute force password guessing.
9 CVE-2000-0017 Overflow +Priv 1999-12-21 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in Linux linuxconf package allows remote attackers to gain root privileges via a long parameter.
10 CVE-1999-1542 Exec Code 1999-10-04 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
RPMMail before 1.4 allows remote attackers to execute commands via an e-mail message with shell metacharacters in the "MAIL FROM" command.
11 CVE-1999-1496 1999-06-08 2008-09-05
2.1
None Local Low Not required Partial None None
Sudo 1.5 in Debian Linux 2.1 and Red Hat 6.0 allows local users to determine the existence of arbitrary files by attempting to execute the target filename as a program, which generates a different error message when the file does not exist.
12 CVE-1999-1348 DoS 1999-06-30 2008-09-05
2.1
None Local Low Not required None None Partial
Linuxconf on Red Hat Linux 6.0 and earlier does not properly disable PAM-based access to the shutdown command, which could allow local users to cause a denial of service.
13 CVE-1999-1347 Bypass 1999-10-07 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Xsession in Red Hat Linux 6.1 and earlier can allow local users with restricted accounts to bypass execution of the .xsession file by starting kde, gnome or anotherlevel from kdm.
14 CVE-1999-1346 1999-10-07 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
PAM configuration file for rlogin in Red Hat Linux 6.1 and earlier includes a less restrictive rule before a more restrictive one, which allows users to access the host via rlogin even if rlogin has been explicitly disabled using the /etc/nologin file.
15 CVE-1999-1335 1999-12-31 2008-09-10
6.4
None Remote Low Not required Partial Partial None
snmpd server in cmu-snmp SNMP package before 3.3-1 in Red Hat Linux 4.0 is configured to allow remote attackers to read and write sensitive information.
16 CVE-1999-1333 Exec Code 1999-12-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
automatic download option in ncftp 2.4.2 FTP client in Red Hat Linux 5.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the names of files that are to be downloaded.
17 CVE-1999-1332 1999-12-31 2008-09-05
2.1
None Local Low Not required None Partial None
gzexe in the gzip package on Red Hat Linux 5.0 and earlier allows local users to overwrite files of other users via a symlink attack on a temporary file.
18 CVE-1999-1331 DoS 1999-12-31 2008-09-10
2.1
None Local Low Not required None None Partial
netcfg 2.16-1 in Red Hat Linux 4.2 allows the Ethernet interface to be controlled by users on reboot when an option is set, which allows local users to cause a denial of service by shutting down the interface.
19 CVE-1999-1330 Overflow 1999-12-31 2008-09-10
4.6
None Local Low Not required Partial Partial Partial
The snprintf function in the db library 1.85.4 ignores the size parameter, which could allow attackers to exploit buffer overflows that would be prevented by a properly implemented snprintf.
20 CVE-1999-1329 Overflow +Priv 1999-12-31 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in SysVInit in Red Hat Linux 5.1 and earlier allows local users to gain privileges.
21 CVE-1999-1328 1999-12-31 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
linuxconf before 1.11.r11-rh3 on Red Hat Linux 5.1 allows local users to overwrite arbitrary files and gain root access via a symlink attack.
22 CVE-1999-1327 Overflow +Priv 1999-12-31 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in linuxconf 1.11r11-rh2 on Red Hat Linux 5.1 allows local users to gain root privileges via a long LANG environmental variable.
23 CVE-1999-0997 Exec Code 1999-12-20 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
wu-ftp with FTP conversion enabled allows an attacker to execute commands via a malformed file name that is interpreted as an argument to the program that does the conversion, e.g. tar or uncompress.
24 CVE-1999-0986 DoS 1999-12-08 2008-09-09
5.0
None Remote Low Not required None None Partial
The ping command in Linux 2.0.3x allows local users to cause a denial of service by sending large packets with the -R (record route) option.
25 CVE-1999-0872 Overflow 1999-08-25 2008-09-09
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in Vixie cron allows local users to gain root access via a long MAILTO environment variable in a crontab file.
26 CVE-1999-0832 Exec Code Overflow 1999-11-09 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in NFS server on Linux allows attackers to execute commands via a long pathname.
27 CVE-1999-0814 1999-08-11 2008-09-09
10.0
None Remote Low Not required Complete Complete Complete
Red Hat pump DHCP client allows remote attackers to gain root access in some configurations.
28 CVE-1999-0804 DoS 1999-06-01 2008-09-09
5.0
None Remote Low Not required None None Partial
Denial of service in Linux 2.2.x kernels via malformed ICMP packets containing unusual types, codes, and IP header lengths.
29 CVE-1999-0769 1999-08-25 2008-09-09
7.2
Admin Local Low Not required Complete Complete Complete
Vixie Cron on Linux systems allows local users to set parameters of sendmail commands via the MAILTO environmental variable.
30 CVE-1999-0768 Overflow 1999-08-25 2008-09-09
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in Vixie Cron on Red Hat systems via the MAILTO environmental variable.
31 CVE-1999-0748 Overflow 1999-06-24 2008-09-09
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflows in Red Hat net-tools package.
32 CVE-1999-0740 DoS 1999-08-19 2008-09-09
6.4
None Remote Low Not required Partial None Partial
Remote attackers can cause a denial of service on Linux in.telnetd telnet daemon through a malformed TERM environmental variable.
33 CVE-1999-0710 1999-07-25 2008-09-09
7.5
User Remote Low Not required Partial Partial Partial
The Squid package in Red Hat Linux 5.2 and 6.0, and other distributions, installs cachemgr.cgi in a public web directory, which allows remote attackers to use it as an intermediary to connect to other systems.
34 CVE-1999-0705 Overflow 1999-09-01 2008-09-09
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in INN inews program.
35 CVE-1999-0704 Overflow 1999-09-16 2008-09-09
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in Berkeley automounter daemon (amd) logging facility provided in the Linux am-utils package and others.
36 CVE-1999-0434 DoS +Priv 1999-03-30 2008-09-09
7.5
User Remote Low Not required Partial Partial Partial
XFree86 xfs command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service.
37 CVE-1999-0433 DoS +Priv 1999-03-21 2008-09-09
4.6
User Local Low Not required Partial Partial Partial
XFree86 startx command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service.
38 CVE-1999-0405 Overflow 1999-02-18 2008-09-09
7.2
Admin Local Low Not required Complete Complete Complete
A buffer overflow in lsof allows local users to obtain root privilege.
39 CVE-1999-0390 Overflow 1999-01-04 2008-09-09
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in Dosemu Slang library in Linux.
40 CVE-1999-0368 Overflow 1999-02-09 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto.
Total number of vulnerabilities : 40   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.