CVE-1999-0577

A Windows NT system's file audit policy does not log an event success or failure for non-critical files or directories...

CVE-1999-0795

The NIS+ rpc.nisd server allows remote attackers to execute certain RPC calls without authentication to obtain system information, disable logging, or modify caches...

CVE-1999-0576

CVE-1999-0576 concerns Windows NT: the file audit policy fails to log event success or failure for security-critical files/directories. Affected component is the Windows NT file auditing mechanism; root cause is the policy not emitting logs for accesses to critical files/directories (no explicit ...

CVE-1999-0576

A Windows NT system's file audit policy does not log an event success or failure for security-critical files or directories...

CVE-1999-0579

A Windows NT system's registry audit policy does not log an event success or failure for non-critical registry keys...

CVE-1999-0578

CVE-1999-0578 affects Windows NT; multiple connected sources confirm the issue is that the registry auditing policy does not log events for security-critical registry keys (both success and failure). Documented scope: Windows NT OS with registry audit policy lacking event logging for cryptographi...

CVE-1999-0577

The CVE-1999-0577 issue affects Windows NT with the file audit policy failing to log events for non-critical files/directories. Affected component: Windows NT file audit policy (logging of success/failure). Root cause: audit policy does not log certain accesses, per multiple sources (NVD/Red Hat/...

CVE-1999-0579

CVE-1999-0579 affects Windows NT where the registry audit policy does not log an event for successes or failures when non-critical registry keys are accessed. The root cause is a missing log for non-critical keys, resulting in an auditing gap. Documents from Red Hat, CVE databases, and PT-Policy ...

CVE-1999-0575

A Windows NT system's user audit policy does not log an event success or failure, e.g. for Logon and Logoff, File and Object Access, Use of User Rights, User and Group Management, Security Policy Changes, Restart, Shutdown, and System, and Process Tracking...

CVE-1999-0732

The logging facility of the Debian smtp-refuser package allows local users to delete arbitrary files using symbolic links...

CVE-1999-0732

The CVE-1999-0732 entry concerns the Debian smtp-refuser package. The issue arises in the package’s logging facility, which can be abused by local users to delete arbitrary files via symbolic links. This is a local-privilege and integrity concern (no confidentiality or availability impact stated ...

CVE-1999-0965

CVE-1999-0965 is a race condition in xterm that allows local users to modify arbitrary files via the logging option. The vulnerability is documented across multiple sources (NVD, RH, MSRC, cve.org) as a local-privilege impact tied to xterm’s logging feature. Root cause stated as a race condition;...

oce9400.txt

This appeared on bugtraq in August of 99 I am aware of the Intelligent Peripherals bulletin by CIAC. http://www.ciac.org/ciac/bulletins/j-019.shtml I have a few plotters / printers under my audit umbrella and noticed something interesting on an Oce' 9400 plotter. The printer has the ability to be...

proftpd.mod_sqlpw.txt

A member of the proftpd mailing list and myself discovered a problem with proftpd with modsqlpw.c optional module compiled in. Unix last command reveals passwords where the username should be. A patch was sent to the mailing list, however, the patch only protects ftp localhost not ftp remotehost...

CVE-1999-1047

When BSDI patches for Gauntlet 5.0 BSDI are installed in a particular order, Gauntlet allows remote attackers to bypass firewall access restrictions, and does not log the activities...

CVE-1999-0704

Buffer overflow in Berkeley automounter daemon amd logging facility provided in the Linux am-utils package and others...

CVE-1999-0732

The logging facility of the Debian smtp-refuser package allows local users to delete arbitrary files using symbolic links...

[SECURITY] New versions of smtp-refuser fixes security hole

This bug was experienced in May 1999 but wasnt reported on this channel yet. Former versions of the smtp-refuser package came with unchecked logging facility to /tmp/log. This allowed deleting arbitrary, root-owned files by any user who has write access to /tmp. We recommend you upgrade your...

PT-1999-1310 · Debian · Smtp-Refuser

Name of the Vulnerable Software and Affected Versions: Debian smtp-refuser affected versions not specified Description: The issue affects the logging facility of the Debian smtp-refuser package, allowing local users to delete arbitrary files using symbolic links. Recommendations: At the moment,...

ca.inoculan.nt.txt

Date: Sat, 8 May 1999 14:58:08 +1000 From: Glenn Corbett To: [email protected] Subject: Insecure Bahaviour in Inoculan Client Russ, A problem has been discovered with the InocuLAN client on Windows NT workstations. If an account lockout policy is present on a Windows NT domain, lar...