CA-2000-17: Input Validation Problem In rpc.statd The CERT/CC has begun receiving reports of an input validation vulnerability in the rpc.statd program being exploited. This program is included, and often installed by default, in several popular Linux distributions.
CA-99-01 Trojan TCP Wrappers The CERT Coordination Center has received confirmation that some copies of the source code for the TCP Wrappers tool (tcpd) were modified by an intruder and contain a Trojan horse. An intruder can gain unauthorized root access to any host running this Trojan horse version of TCP Wrappers.
CA-99-05 Vulnerability in statd exposes vulnerability in automountd Important new vendor information was added to this advisory, which describes two vulnerabilities, one in statd and one in automountd, that are being used together by intruders to gain access to vulnerable systems.
CA-99-08 Buffer overflow vulnerability in rpc.cmsd There is a buffer overflow vulnerability in the Calendar Manager Service Daemon, rpc.cmsd. This vulnerability allows remote and local users to execute arbitrary code with the privileges of cmsd, typically root. A tool to exploit this vulnerability has been publicly released.
CA-99-12 Buffer Overflow in amd There is a buffer overflow vulnerability in the logging facility of the amd daemon. By exploiting this vulnerability, remote intruders can execute arbitrary code as the user running the amd daemon (usually root).
CA-99-13 Multiple Vulnerabilities in WU-FTPD Three vulnerabilities have been identified in WU-FTPD and other ftp daemons based on the WU-FTPD source code. WU-FTPD is a common package used to provide File Transfer Protocol (FTP) services.
CA-99-15 Buffer Overflows in SSH daemon and RSAREF2 Library Some versions of sshd are vulnerable to a buffer overflow that can allow an intruder to influence certain variables internal to the program. This vulnerability alone does not allow an intruder to execute code. However, a vulnerability in RSAREF2 can be used in conjunction to allow remote intruder to execute arbitrary code.
CiscoSecure Access Control Server for UNIX Remote Administration In CiscoSecure Access Control Server (CiscoSecure ACS) for UNIX, versions``1.0 through 2.3.2, there is a database access protocol that could permit``unauthorized remote users to read and write the server database without``authentication. Depending on the network environment, this might permit``unauthorized users to modify the access policies enforced by the``CiscoSecure ACS.
