Vulnerability CVE-1999-0016


Published: 1997-12-01   Modified: 2012-02-12

Description:
Land IP denial of service.

Vendor: HP
Product: Hp-ux 
Version:
9.07
9.05
9.04
9.03
9.01
9.00
11.00
10.30
10.24
10.20
10.16
10.10
10.01
10.00
Vendor: Cisco
Product: IOS 
Version: 7000;
Vendor: GNU
Product: INET 
Version: 5.01;
Vendor: SUN
Product: Sunos 
Version: 4.1.4; 4.1.3u1;
Vendor: Microsoft
Product: Windows nt 
Version: 4.0;
Product: Winsock 
Version: 2.0;
Product: Windows 95 
Vendor: Netbsd
Product: Netbsd 
Version: 1.1; 1.0;

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial

 References:
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9801-076

Related CVE
CVE-2017-1000378
The NetBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allows attackers to consume arbitrary amounts of stack m...
CVE-2017-1000375
NetBSD maps the run-time link-editor ld.so directly below the stack region, even if ASLR is enabled, this allows attackers to more easily manipulate memory leading to arbitrary code execution. This affects NetBSD 7.1 and possibly earlier versions.
CVE-2017-1000374
A flaw exists in NetBSD's implementation of the stack guard page that allows attackers to bypass it resulting in arbitrary code execution using certain setuid binaries. This affects NetBSD 7.1 and possibly earlier versions.
CVE-2016-6253
mail.local in NetBSD versions 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows local users to change ownership of or append data to arbitrary files on the target system via a symlink attack on the user mailbox.
CVE-2015-8212
CGI handling flaw in bozohttpd in NetBSD 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows remote attackers to execute arbitrary code via crafted arguments, which are handled by a non-CGI aware program.
CVE-2015-5917
The glob implementation in tnftpd (formerly lukemftpd), as used in Apple OS X before 10.11, allows remote attackers to cause a denial of service (memory consumption and daemon outage) via a STAT command containing a crafted pattern, as demonstrated b...
CVE-2014-7250
The TCP stack in 4.3BSD Net/2, as used in FreeBSD 5.4, NetBSD possibly 2.0, and OpenBSD possibly 3.6, does not properly implement the session timer, which allows remote attackers to cause a denial of service (resource consumption) via crafted packets...
CVE-2014-8517
The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary commands via a | (pipe) character at the end of an H...

Copyright 2019, cxsecurity.com

 

Back to Top