This file: ftp.cert.org:/pub/cert_bulletins/01-README
This directory contains an archive of all the bulletins the CERT Coordination
Center has published. A listing and short description of each bulletin
follow.
VB-94:01.sco 12/94
This bulletin describes problems with the programs at(C), login(M),
prwarn(C) sadc(ADM), and pt_chmod, and provides patch information.
VB-94:02.dec 12/94
Patch information for ULTRIX Versions 4.3, 4.3A, V4.4;
DECnet-ULTRIX Version 4.2; and DEC OSF/1 Versions 1.2, 1.3, 1.3A, 2.0.
VB-95:01.hp 2/95
This bulletin addresses problems with Remote Watch in fileset WATCH-RUN
for releases of HP-UX, in particular HP 9000 series 300/400s & 700/800s
running HP-UX revisions 8.X, 9.X. Patch information is included.
VB-95:02.sgi 3/95
Vulnerability and patch information for the IRIX 5.2, 6.0, 6.0.1 Desktop
Permissions Tool.
VB-95:03.hp 4/95
Sendmail vulnerability and patch information for HP 9000 series 300/400s
and 700/800s 8.x and 9.x.
VB-95:04.venema 6/95
Vulnerability and patch information for S/Key software enhancements
for FreeBSD 1.1.5.1 and 2.0 and for logdaemon versions prior to 4.9.
VB-95:05.osf 7/95
Description of a security hole in all releases of OSF/DCE prior to
version 1.1, and information about the fix.
VB-95:06.cisco 8/95
Problem description, upgrade information, and workaround for a
vulnerability in Cisco's IOS software versions 10.3(1) through 10.3(2);
10.2(1) through 10.2(5); 10.0(1) through 10.0(9); and all previous
versions.
VB-95:07.abell 9/95
Description of a directory and file vulnerability in lsof 3.18 through
3.43, along with instructions on getting later versions.
VB-95:08.X_Authentication_Vul 11/95
Vulnerability and patch information for an X authentication
vulnerability.
VB-95:09.hp 12/95
Vulnerability and patch information for a vulnerability in ftp in
releases 9.X and 10.X of HP-UX (platforms: HP 9000 series 300/400s
and 700/800s).
VB-95:10.elm 12/95
Vulnerability and patch information for a vulnerability in
elm 2.4 PL 24.
VB-95:10a.elm 1/96
This updated version of VB-95:10 lists additional FTP sites.
VB-96.01.splitvt 1/96
Vulnerability information on splitvt versions lower than
1.6.3, locations of the latest version (1.6.3), and an interim
workaround to apply until you can install that version.
VB-96.02.sgi 2/96
Vulnerability information on the "ATT Packaging Utility" and
security measures to take on all SGI systems running IRIX 5.2,
5.3, 6.0, 6.0.1, and 6.1.
VB-96.03.sun 2/96
Vulnerability information and workaround for a potential
security weakness on some SunSoft demo CDs for Catalyst CDWARE;
SunSoft Developer CD, Premiere Issue; and Business Solutions.
VB-96.04.bsdi 3/96
Information about a vulnerability in the BSD/OS 2.0/2.0.1 kernel
and a pointer to the patch.
VB-96.05.dec 4/96
Advisory from Digital Equipment about a potential security vulnerability
with dxconsole for OSF/1 V2.0 thru V3.2C and pointers to patches.
VB-96.06.freebsd 5/96
Information about a problem in FreeBSD versions 2.0 through 2.2-CURRENT,
related to unauthorized access via mount_union / mount_msdos (vfsload).
VB-96.07.freebsd 5/96
Information about system stability compromise via mount_union program;
the problem is present in all source code and binary distributions of
FreeBSD version 2.x released before 1996-05-18.
VB-96.08.sgi 5/96
Information about a vulnerability in the IRIX 5.3, 6.1, and 6.2
operating systems regarding the permissions tool under the IRIX
desktop environment.
VB-96.09.freebsd 5/96
Information about a vulnerability in the manual page reader for FreeBSD
2.0, 2.0.5, 2.1, 2.1-stable, and 2.2-current.
VB-96.10.sco 6/96
Information from The Santa Cruz Operation, Inc. about a problem in a
kernel error handling routine. A patch is provided.
VB-96.11.freebsd 7/96
Information from FreeBSD, Inc. on a vulnerability in the
ppp program. Patch information is included.
VB-96.12.freebsd 7/96
Information from FreeBSD, Inc. on a Trojan horse vulnerability via the
rz program. A workaround is included.
VB-96.13.hp 8/96
Information from the Hewlett-Packard Company on vulnerabilities in the
elm executable. Patch information is included.
VB-96.14.sgi 8/96
Information from Silicon Graphics Inc. about vulnerabilities in
the visual admin and user tool programs used in the IRIX operating
systems versions 5.2, 5.3, 6.1, and 6.2. Patch information is included.
VB-96.15.sco 9/96
Information from The Santa Cruz Operation about a problem with
system security in SCO(R) UnixWare(R) releases 2.0.x and 2.1.0.
VB-96.16.transarc 9/96
Information from Transarc Corp. about a problem with a Solaris AFS/DFS
Integrated login bug if the user is in too many groups.
VB-96.17.linux 10/96
Linux Security FAQ Update from Alexander Yuriev. Includes information
about a mount/umount vulnerability.
VB-96.18.sun 11/96
Information from Sun Microsystems, Inc. about vulnerabilities in the
libc and libnsl libraries.
VB-96.19.sgi 12/96
Information from Silicon Graphics Inc. about vulnerabilities in
the systour and OutOfBox subsystems.
VB-96.20.hp 12/96
Information from Hewlett-Packard Company about vulnerabilities in HP
Remote Watch. These vulnerabilities allow unauthorized root access.
VB-97.01.dec 1/97
Information from Digital Equipment Corporation about a potential
vulnerability in the Division of Privilege (DoP).
VB-97.02.sol_guestbook 4/97
Information from Selena Sol about a vulnerability in her Guestbook
script for Web servers using Server Side Includes (SSI).
VB-97.03.sun 6/97
A Sun Security Bulletin announcing patches for a vulnerability
in rpcbind.
VB-97.04.hp 7/97
Information from Hewlett-Packard on a vulnerability in the chfn
executable in HP 9000 Series 700/800s running versions of HP-US 9.X
and 10.X.
VB-97.05.lynx 7/97
Information from members of the lynx-dev mailing list about
a vulnerability in temporary files that enables users to
replace the temporary file with a symbolic link or with another
file.
VB-97.06.lynx 7/97
Information from members of the lynx-dev mailing list about
a vulnerability in Lynx downloading that enables users to
read or execute arbitrary files regardless of restrictions set
by the system administrator.
VB-97.07.sgi 8/97
A Silicon Graphics Inc. Security Advisory addressing vulnerabilities in
the IRIX webdist.cgi, handler, and wrap programs, part of the Outbox
subsystem.
VB-97.08.transarc 9/97
Information from Transarc Corp. about a vulnerability in Transarc DCE
Integrated login for sites running both AFS and DCE.
VB-97.09.cisco 10/97
Information from Cisco Systems about vulnerabilities in CHAP
authentication.
VB-97.10.samba 10/97
Information from The Samba Team concerning a security
vulnerability.
VB-97.11.nec 10/97
NEC Corporation has identified and corrected a problem
with the "nosuid" mount(1) option. This bulletin gives details.
VB-97.12.opengroup 10/97
Open Group has discovered that OSF/DCE has a potential problem in the
security server that could allow for a denial of service attack. This
bulletin includes source code fix information.
VB-97.13.GlimpseHTTP.WebGlimpse 11/97
A vulnerability exists in the GlimpseHTTP and WebGlimpse web search
packages. This bulletin provides details.
VB-97.14.scoterm 11/97
The Santa Cruz Operation has discovered a security vulnerability
in the implementation of scoterm.
VB-97.15.nis_cachemgr 12/97
Sun announces the release of patches for Solaris which relate
to a vulnerability in nis_cachemgr.
VB-97.16.CrackLib 12/97
There is a weakness in a published version of CrackLib
(v2.5, dated 1993) that could lead to a compromise of system
privileges.
VB-98.01.excite 01/98
Excite for Web Servers, version 1.1, contains a security hole
that could allow a malicious user of the software to execute
shell commands on the the host system on which EWS has been installed.
VB-98.02.apache 01/98
This advisory informs users of several possible security issues
that have been discovered during an internal security review of the
Apache source code.
For more information on the CERT(sm) Coordination Center and on computer and
information security, see
ftp://ftp.cert.org/pub
http://www.cert.org