January 2001 Advisories and Exploits


January 31, 2001

FreeBSD-SA-01:18 - BIND remotely exploitable buffer overflow

AFFECTED: All released versions of FreeBSD 3.x, 4.x., FreeBSD 3.5-STABLE prior to the correction date. FreeBSD 4.2-STABLE prior to the correction date. Ports collection prior to the correction date.

Microsoft MS01-006 - Patch Available for "Invalid RDP Data" Vulnerability - Denial of Service

AFFECTED:  Windows 2000 Terminal Servers


January 30, 2001

Microsoft MS01-005 - Tool and Patch Available to correct Hotfix Packaging Anomalies

AFFECTED:  Windows 2000

RHSA-2001:006-03 - Updated inetd packages available for Red Hat Linux 6.2 The inetd server as shipped with Red Hat Linux 6.2 fails to close sockets for internal services properly.

AFFECTED: RedHat Linux v6.2 alpha, i386, sparc


January 29, 2001

CERT Advisory CA-2001-02 - Multiple Vulnerabilities in BIND

AFFECTED: Domain Name System (DNS) Servers running various versions of ISC BIND (including both 4.9.x prior to 4.9.8 and 8.2.x prior to 8.2.3; 9.x is not affected) and derivatives. Because the normal operation of most services on the Internet depends on the proper operation of DNS servers, other services could be impacted if these vulnerabilities are exploited.

COVERT-2001-01 - Vulnerabilities in BIND 4 and 8

AFFECTED: BIND 8 versions: 8.2, 8.2.1/8.2.2 through to 8.2.2-P7/8.2.3-T1A through to 8.2.3-T9B/BIND 4 versions: buffer overflow - 4.9.5 through to 4.9.7 format string - 4.9.3 through to 4.9.5-P1

Debian Security Advisory DSA-026-1 - BIND 8 suffered from several buffer overflows. It is possible to construct an inverse query that allows the stack to be read remotely exposing environment variables. CERT has disclosed information about these issues. A new upstream version fixes this. Due to the complexity of BIND we have decided to make an exception to our rule by releasin the new upstream source to our stable distribution.

AFFECTED: Debian GNU/Linux 2.2 alias potato for the alpha, arm, i386, m68k, powerpc and sparc architectures.

FreeBSD-SA-01:11 - inetd ident server allows remote users to partially read arbitrary wheel-accessible files

FreeBSD-SA-01:12 - periodic uses insecure temporary files [REVISED]

AFFECTED: FreeBSD 4.1-STABLE after 2000-09-20, 4.1.1-RELEASE, and 4.1.1-STABLE prior to the correction date. No FreeBSD 3.x versions are affected.

FreeBSD-SA-01:13 - sort uses insecure temporary files.

AFFECTED: FreeBSD 3.x (all releases), FreeBSD 4.x (all releases prior to 4.2), FreeBSD 3.5-STABLE prior to the correction date.

FreeBSD-SA-01:14 - micq remote buffer overflow vulnerability.

AFFECTED: All prior to the correction date.

FreeBSD-SA-01:15 - tinyproxy contains remote vulnerabilities.

AFFECTED: All prior to the correction date.

FreeBSD-SA-01:16 - mysql may allow remote users to gain increased privileges.

AFFECTED: All prior to the correction date.

FreeBSD-SA-01:17 - exmh symlink vulnerability.

AFFECTED: All prior to the correction date.

ISS X-Force - BIND - Internet Security Systems Security Alert Remote Vulnerabilities in BIND versions 4 and 8

RHSA-2001:007-03 - Updated bind packages available - Some security problems, including a remotely exploitable information leak allowing anyone to read the stack, have been found in bind versions prior to 8.2.3.

AFFECTED: Red Hat Linux 5.2 - alpha, i386, sparc/Red Hat Linux 6.2 - alpha, i386, sparc/Red Hat Linux 7.0 - alpha, i386


January 26, 2001

Debian Security Advisory DSA-021-1 - apache

AFFECTED: Debian GNU/Linux 2.2 alias potato for the alpha, arm, i386, m68k, powerpc and sparc architectures.

Debian Security Advisory DSA-022-1- exmh - Former versions of the exmh program used /tmp for storing temporary files. No checks were made to ensure that nobody placed a symlink with the same name in /tmp in the meantime and thus was vulnerable to a symlink attack. This could lead to a malicious local user being able to overwrite any file writable by the user executing exmh. Upstream developers have reported and fixed this. The exmh program now use /tmp/login now unless TMPDIR or EXMHTMPDIR is set.

AFFECTED: Debian GNU/Linux 2.2 alias potato for the alpha, arm, i386, m68k, powerpc and sparc architectures.

Microsoft MS01-004 - Patch Available to Eliminate New Variant of "File Fragment Reading via .HTR" Vulnerability

AFFECTED: IIS 4.0 and 5.0

SuSE-SA:2001:01- glibc (shlibs) - local root compromise

AFFECTED: SuSE versions: 6.0, 6.1, 6.2, 6.3, 6.4, 7.0

SuSE-SA:2001:02- kdesu - local root compromise-All KDE 1 & KDE 2 systems

AFFECTED: SuSE versions: 6.0, 6.1, 6.2, 6.3, 6.4, 7.0


January 25, 2001

S.A.F.E.R. Security Bulletin 010125.EXP.1.12 - PlanetIntra - Buffer Overflow

AFFECTED: PlanetIntra v2.5 software


January 24, 2001

Microsoft MS01-003 - Patch Available for Winsock Mutex Vulnerability -Denial of Service

AFFECTED: Microsoft Windows NT 4.0 and Windows NT 4.0 TSE


???, 2001

Netscape Enterprise Server 3.5.1 (and others?) - Netscape Web Publisher -

Two Security Holes in Sun Cluster 2.x - Sun Cluster 2.x (Sun Microsystems' commercial high-availability product for Solaris) leaks potentially sensitive information to local or remote users.

Infobot 0.44.5.3 and below vulnerability [Hack-X] - Any malicious user would be able to run arbitrary files writable by the user running infobot. They would also be able to recieve information or write, since infobot automatically replies the data the open() sent. A user would be able to easily check the operating system and gain other information


Copyright © 1998 - 2004 RHP Studios
All Rights Reserved!
Report errors to webmaster@rhpstudios.com
Last Updated on July 24,2004 @ 11:45 hrs EST