Candidates must be reviewed and accepted by the CVE Editorial Board before they can be added to the official CVE list.
Therefore, these candidates may be modified or even rejected in the future.
doctype=coll&doc=secbull/170 Reference: ISS: June10,1998 Reference: XF:nisd-bo-check Description: Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases.
doc Id=HPSBUX9808-083 Reference: SUN:00180 Reference: URL: doctype=coll&doc=secbull/180 Reference: CERT: CA-98.05.bind_problems Reference: XF:bind-bo Reference: BID:134 Reference: URL: Description: Denial of Service vulnerability in BIND 8 Releases via maliciously formatted DNS messages.Status: Entry Reference: CERT: CA-98.05.bind_problems Reference: SGI:19980603-01-PX Reference: URL:ftp://com/support/free/security/advisories/19980603-01-PX Reference: HP: HPSBUX9808-083 Reference: URL: Display.do?All references and descriptions in this candidate have been removed to prevent accidental usage.Status: Candidate Phase: Modified (20050204) Votes: Description: Arbitrary command execution via buffer overflow in (wwwcount) cgi-bin program.CERT: CA-1998-13 is too vague to be sure without further analysis.
Description: Buffer overflow in NFS mountd gives root access to remote attackers, mostly in Linux systems.doctype=coll&doc=secbull/135 Description: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate is a duplicate of CVE-1999-0032.Notes: All CVE users should reference CVE-1999-0032 instead of this candidate.Status: Entry Reference: BUGTRAQ:19971010 Security flaw in (wwwcount) Reference: CERT: CA-97.24.Count_cgi Reference: XF:http-cgi-count Reference: BID:128 Reference: URL: Description: Local user gains root privileges via buffer overflow in rdist, via expstr() function.Status: Candidate Phase: Modified (20051217) Reference: CERT: CA-98-13-tcp-denial-of-service Reference: BUGTRAQ:19981223 Re: CERT Advisory CA-98.13 - TCP/IP Denial of Service Reference: CONFIRM: Reference: OSVDB:5707 Reference: URL: Votes: A Bugtraq posting indicates that the bug has to do with "short packets with certain options set," so the description should be modified accordingly. That one is related to nestea (CVE-1999-0257) and probably the one described in BUGTRAQ:19981023 nestea v2 against freebsd 3.0-Release The patch for nestea is in ip_input.c around line 750.