<p>

<hr><font size=+2><b>Name: CVE-1999-0052</b></font><p>

<b>Description:</b><br>
IP fragmentation denial of service in FreeBSD allows a remote attacker
to cause a crash.
<b>Status:</b> Entry<br>
<b>Reference:</b> FREEBSD:FreeBSD-SA-98:08
<br><b>Reference:</b> OSVDB:908
<br><b>Reference:</b> URL:http://www.osvdb.org/908
<br><b>Reference:</b> XF:freebsd-ip-frag-dos(1389)
<br><b>Reference:</b> URL:http://xforce.iss.net/xforce/xfdb/1389
<p>
<hr><font size=+2><b>Name: CVE-1999-0053</b></font><p>
<b>Description:</b><br>
TCP RST denial of service in FreeBSD.
<b>Status:</b> Entry<br>
<b>Reference:</b> FREEBSD:FreeBSD-SA-98:07
<br><b>Reference:</b> OSVDB:6094
<br><b>Reference:</b> URL:http://www.osvdb.org/6094
<p>
<hr><font size=+2><b>Name: CVE-1999-0054</b></font><p>
<b>Description:</b><br>
Sun's ftpd daemon can be subjected to a denial of service.
<b>Status:</b> Entry<br>
<b>Reference:</b> SUN:00171
<br><b>Reference:</b> URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=co
ll&amp;doc=secbull/171
<br><b>Reference:</b> XF:sun-ftpd
<p>
<hr><font size=+2><b>Name: CVE-1999-0055</b></font><p>
<b>Description:</b><br>
Buffer overflows in Sun libnsl allow root access.
<b>Status:</b> Entry<br>
<b>Reference:</b> SUN:00172
<br><b>Reference:</b> URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=co
ll&amp;doc=secbull/172
<br><b>Reference:</b> AIXAPAR:IX80543
<br><b>Reference:</b> URL:http://www-1.ibm.com/support/search.wss?rs=0&amp;q=IX8
0543&amp;apar=only
<br><b>Reference:</b> RSI:RSI.0005.05-14-98.SUN.LIBNSL
<br><b>Reference:</b> XF:sun-libnsl
<p>
<hr><font size=+2><b>Name: CVE-1999-0056</b></font><p>
<b>Description:</b><br>
Buffer overflow in Sun's ping program can give root access to local users.
<b>Status:</b> Entry<br>
<b>Reference:</b> SUN:00174
<br><b>Reference:</b> URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=co
ll&amp;doc=secbull/174
<br><b>Reference:</b> XF:sun-ping
<p>
<hr><font size=+2><b>Name: CVE-1999-0057</b></font><p>
<b>Description:</b><br>
Vacation program allows command execution by remote users through
a sendmail command.
<b>Status:</b> Entry<br>
<b>Reference:</b> NAI:NAI-19
<br><b>Reference:</b> XF:vacation
<br><b>Reference:</b> HP:HPSBUX9811-087
<br><b>Reference:</b> URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docI
d=HPSBUX9811-087
<p>
<hr><font size=+2><b>Name: CVE-1999-0058</b></font><p>
<b>Description:</b><br>
Buffer overflow in PHP cgi program, php.cgi allows shell access.
<b>Status:</b> Entry<br>
<b>Reference:</b> NAI:NAI-12
<br><b>Reference:</b> BID:712
<br><b>Reference:</b> URL:http://www.securityfocus.com/bid/712
<br><b>Reference:</b> XF:http-cgi-phpbo
<p>
<hr><font size=+2><b>Name: CVE-1999-0059</b></font><p>
<b>Description:</b><br>
IRIX fam service allows an attacker to obtain a list of all files
on the server.
<b>Status:</b> Entry<br>
<b>Reference:</b> NAI:NAI-16
<br><b>Reference:</b> BID:353
<br><b>Reference:</b> URL:http://www.securityfocus.com/bid/353
<br><b>Reference:</b> OSVDB:164
<br><b>Reference:</b> URL:http://www.osvdb.org/164
<br><b>Reference:</b> XF:irix-fam(325)
<br><b>Reference:</b> URL:http://xforce.iss.net/xforce/xfdb/325
<p>
<hr><font size=+2><b>Name: CVE-1999-0060</b></font><p>
<b>Description:</b><br>
Attackers can cause a denial of service in Ascend MAX and Pipeline
routers with a malformed packet to the discard port, which is used by
the Java Configurator tool.
<b>Status:</b> Entry<br>
<b>Reference:</b> NAI:NAI-26
<br><b>Reference:</b> XF:ascend-config-kill
<br><b>Reference:</b> ASCEND:http://www.ascend.com/2695.html
<p>
<hr><font size=+2><b>Name: CVE-1999-0061</b></font><p>
<p>
<b>Description:</b><br> File creation and deletion, and remote execution, in the
BSD
line printer daemon (lpd).
<p>
<b>Status:</b> Candidate<br>
<b>Phase:</b> Proposed (19990630)<br>
<b>Reference:</b> NAI:NAI-20<br>
<b>Reference:</b> XF:bsd-lpd<br>
<p>
<b>Votes:</b>
<pre> ACCEPT(3) Frech, Hill, Northcutt
RECAST(1) Baker
REVIEWING(1) Christey
</pre>
<b>Voter Comments:</b><br>
<pre> Christey&gt; This should be split into three separate problems based on
the SNI advisory. But there's newer information to further
complicate things.
What do we do about this one? in 1997 or so, SNI did an
advisory on this problem. In early 2000, it was still
discovered to be present in some Linux systems. So an
SF-DISCOVERY content decision might say that this is a
long enough time between the two, so this should be recorded
separately. But they're the same codebase... so if we keep
them in the same entry, how do we make sure that this entry
reflects that some new information has been discovered?
The use of dot notation may help in this regard, to use one
dot for the original problem as discovered in 1997, and
another dot for the resurgence of the problem in 2000.
Baker&gt; We should merge these.
Christey&gt; Perhaps this should be NAI-19 instead of NAI-20?
The original Bugtraq post for the SNI advisory suggests SNI-19:
BUGTRAQ:19971002 SNI-19:BSD lpd vulnerability
URL:SNI-19:BSD lpd vulnerability

Also add:
BUGTRAQ:19971021 SNI-19: BSD lpd vulnerabilities (UPDATE)
URL:http://marc.theaimsgroup.com/?l=bugtraq&amp;m=87747479514310&amp;w=2
However, archives of &quot;NAI-0020&quot; point to the lpd vuln.
If I recall correctly, some of the NAI advisory numbers got
switched when NAI acquired SNI.
</pre>
<hr><font size=+2><b>Name: CVE-1999-0062</b></font><p>
<b>Description:</b><br>
The chpass command in OpenBSD allows a local user to gain root access
through file descriptor leakage.
<b>Status:</b> Entry<br>
<b>Reference:</b> XF:openbsd-chpass
<br><b>Reference:</b> NAI:NAI-28
<br><b>Reference:</b> OSVDB:7559
<br><b>Reference:</b> URL:http://www.osvdb.org/7559
<p>
<hr><font size=+2><b>Name: CVE-1999-0063</b></font><p>
<b>Description:</b><br>
Cisco IOS 12.0 and other versions can be crashed by malicious UDP
packets to the syslog port.
<b>Status:</b> Entry<br>
<b>Reference:</b> AUSCERT:ESB-98.197
<br><b>Reference:</b> CISCO:http://www.cisco.com/warp/public/770/iossyslog-pub.s
html
<br><b>Reference:</b> XF:cisco-syslog-crash
<p>
<hr><font size=+2><b>Name: CVE-1999-0064</b></font><p>
<b>Description:</b><br>
Buffer overflow in AIX lquerylv program gives root access to local users.
<b>Status:</b> Entry<br>
<b>Reference:</b> BUGTRAQ:May28,1997
<br><b>Reference:</b> XF:lquerylv-bo
<p>
<hr><font size=+2><b>Name: CVE-1999-0065</b></font><p>
<b>Description:</b><br>
Multiple buffer overflows in how dtmail handles attachments allows a
remote attacker to execute commands.
<b>Status:</b> Entry<br>
<b>Reference:</b> SUN:00181
<br><b>Reference:</b> URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=co
ll&amp;doc=secbull/181
<br><b>Reference:</b> XF:hp-dtmail
<p>
<hr><font size=+2><b>Name: CVE-1999-0066</b></font><p>
<b>Description:</b><br>
AnyForm CGI remote execution.
<b>Status:</b> Entry<br>
<b>Reference:</b> BUGTRAQ:19950731 SECURITY HOLE: &quot;AnyForm&quot; CGI
<br><b>Reference:</b> BID:719
<br><b>Reference:</b> URL:http://www.securityfocus.com/bid/719
<br><b>Reference:</b> XF:http-cgi-anyform
<p>
<hr><font size=+2><b>Name: CVE-1999-0067</b></font><p>
<b>Description:</b><br>
phf CGI program allows remote command execution through shell
metacharacters.
<b>Status:</b> Entry<br>
<b>Reference:</b> BUGTRAQ:19960923 PHF Attacks - Fun and games for the whole fam
ily
<br><b>Reference:</b> CERT:CA-1996-06
<br><b>Reference:</b> URL:http://www.cert.org/advisories/CA-1996-06.html
<br><b>Reference:</b> AUSCERT:AA-96.01
<br><b>Reference:</b> BID:629
<br><b>Reference:</b> URL:http://www.securityfocus.com/bid/629
<br><b>Reference:</b> OSVDB:136
<br><b>Reference:</b> URL:http://www.osvdb.org/136
<br><b>Reference:</b> XF:http-cgi-phf