Weekly Vulnerabilities Reports > March 15 to 21, 1999
8 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 3 high severity vulnerabilities. This weekly summary report vulnerabilities in 8 products from 7 vendors including Netbsd, Suse, Slackware, Netscape, and Redhat. Vulnerabilities are notably categorized as .
- 2 reported vulnerabilities are remotely exploitables.
- 8 reported vulnerabilities are exploitable by an anonymous user.
- Netbsd has the most reported vulnerabilities, with 3 reported vulnerabilities.
The following table list reported vulnerabilities for the period covered by this report:
0 Critical Vulnerabilities
3 High Vulnerabilities
|1999-03-17||CVE-1999-0462||Suse|| Unspecified vulnerability in Suse Linux 5.3 |
suidperl in Linux Perl does not check the nosuid mount option on file systems, allowing local users to gain root access by placing a setuid script in a mountable file system, e.g.
|1999-03-17||CVE-1999-0421||Slackware|| Unspecified vulnerability in Slackware Linux 3.6 |
During a reboot after an installation of Linux Slackware 3.6, a remote attacker can obtain root access by logging in to the root account without a password.
|1999-03-17||CVE-1999-0420||Netbsd|| Denial-Of-Service vulnerability in Umapfs |
umapfs allows local users to gain root privileges by changing their uid through a malicious mount_umap program.
4 Medium Vulnerabilities
|1999-03-18||CVE-1999-0425||Netscape|| Denial-Of-Service vulnerability in Netscape Communicator 4.5 |
talkback in Netscape 4.5 allows a local user to kill an arbitrary process of another user whose Netscape crashes.
|1999-03-21||CVE-1999-0482||Openbsd|| Denial-Of-Service vulnerability in OpenBSD Kernel |
OpenBSD kernel crash through TSS handling, as caused by the crashme program.
|1999-03-21||CVE-1999-0433|| Xfree86 Project |
|XFree86 startx command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service.|| |
|1999-03-17||CVE-1999-0422||Netbsd|| Local Security vulnerability in Netbsd 1.3.3 |
In some cases, NetBSD 1.3.3 mount allows local users to execute programs in some file systems that have the "noexec" flag set.
1 Low Vulnerabilities
|1999-03-18||CVE-1999-0424||Netscape|| Denial-Of-Service vulnerability in Netscape Communicator 4.5 |
talkback in Netscape 4.5 allows a local user to overwrite arbitrary files of another user whose Netscape crashes.