O O Ø O O O O
CIAC Bulletins
CIAC is the U.S. Department of Energy's Computer Incident Advisory Capability. Established in 1989, CIAC provides computer security services to employees and contractors of the United States Department of Energy.
CIAC Bulletins are available from http://ciac.llnl.gov/
Summary
| Jan | Feb | Mar | Apr | May | Jun | Jul | Aug | Sep | Oct | Nov | Dec | |
| 1999 | 2 | 8 | 6 | 3 | ||||||||
| 1998 | 8 | 2 | 8 | 9 | 12 | 14 | 11 | 9 | 5 | 12 | 2 | 6 |
| 1997 | 1 | 1 | 9 | 9 | 14 | 8 | 2 | 11 | 4 | 4 | ||
| 1996 | 2 | 4 | 2 | 5 | 4 | 3 | 6 | 9 | 5 | 2 | ||
| 1995 | 3 | 6 | 2 | 4 | 2 | 1 | 1 | 1 | 2 | 5 | 2 | |
| 1994 | 1 | 3 | 2 |
1999
April
J-041 - Cisco IOS(R) Software Input Access List Leakage with NATJ-040 - HP-UX Security Vulnerability in sendmail
J-039 - HP-UX Vulnerabilities (MC/ServiceGuard & MC/LockManager, DESMS)
March
J-038 - HP-UX Vulnerabilities (hpterm, ftp)J-037 - W97M.Melissa Word Macro Virus
J-036 - LDAP Buffer overflow against Microsoft Directory Services
J-035 - Linux Blind TCP Spoofing
J-034 - Cisco 7xx TCP and HTTP Vulnerabilities
J-033 - SGI X server font path vulnerability
February
J-032 - Windows Backdoor Update IIJ-031 - Debian Linux 'Super' package Buffer Overflow
J-030 - Microsoft BackOffice Vulnerability
J-029 - Buffer Overflows in Various FTP Servers
J-028 - Sun Solaris Vulnerabilities (sdtcm_convert, man/catman, CDE)
J-027 - Digital Unix Vulnerabilities (at, inc)
J-026 - HP-UX rpc.pcnfsd Vulnerability
J-025 - W97M.Footprint Macro Virus Detected
January
J-024 - Windows NT Remote ExplorerJ-023 - Cisco IOS Syslog Denial-of-Service Vulnerability
1998
December
J-022 - HP-UX Vulnerabilities ( snmp, sendmail, remote network commands )J-021 - Sun Solaris Vulnerabilities ( dtmail, passwd )
J-020 - SGI IRIX fcagent daemon Vulnerability
J-019 - Intelligent Peripherals Create Security Risk
J-018 - HTML Viruses
J-017 - HP-UX vacation Security Vulnerability
November
J-013 - SGI IRIX autofsd VulnerabilityJ-016 - Cisco IOS DFS Access List Leakage Vulnerabilities
October
J-015 - HP SharedX Denial-of-Service VulnerabilityJ-014 - IBM AIX automountd Vulnerability
J-012 - SGI IRIX routed(1M) Vulnerability
J-011 - Microsoft IE 4.01 Untrusted Scripted Paste (Cuartango Vul.)
J-006 - NFS mountd Buffer Overflow Vulnerability
J-009 - Cisco IOS Command History Release at Login Prompt
J-008 - FreeBSD TCP RST Denial of Service Vulnerability
J-007 - HP OpenView Omniback II Vulnerability
J-005 - SGI IRIX at(1) Vulnerability
J-002 - SGI IRIX Mail(1)/mailx(1) Security Vulnerabilities
J-004 - SunOS ftp client Vulnerability
J-001 - Windows NT RPC Spoofing Denial of Service Vulnerability
September
I-092 - Ping Buffer Overflow VulnerabilityI-091 - Stack Overflow in ToolTalk RPC Service
I-088 - NFS clients rpc.pcnfsd Vulnerabilities
I-090 - HP-UX dtmail/rpc.ttdbserverd Vulnerability
I-089 - SGI Seyon Security Vulnerability
August
I-087 - Microsoft PPTP Security VulnerabilitiesI-086 - Cisco CRM Temporary File Vulnerability
I-085 - Microsoft IE Upgrade Trojan Horse Program
I-084 - Cisco IOS Remote Router Crash
I-083 - Eudora Pro E-Mail Attachments Vulnerability
I-082 - HP-UX Netscape Servers Vulnerability
I-081 - HP UX & MPEix Predictive Vulnerability
I-080 - Microsoft Exchange Denial of Service Attacks
I-079A - IBM AIX "sdrd" daemon Vulnerability
July
I-078 - HP-UX ftp Security VulnerabilityI-077A - Mime Name Vulnerability in Outlook and Messenger
I-071A - OpenVMS loginout Vulnerability (Revised)
I-076 - SGI IRIX ioconfig(1M) and disk_bandwidth(1M) Vulnerability
I-043A - SGI IRIX mailcap Vulnerability (Revised)
I-075 - Microsoft Office 98 Security Vulnerability
I-074 - Buffer Overflow in Some Implementations of IMAP Servers
I-073 - multiscan ('mscan') Tool
I-072 - SunOS Vulnerabilities (libnsl, SUNWadmap)
I-069 - Buffer overflows in some POP servers
I-068 - File Access Issue With Internet Information Server
June
I-070 - Distributed DoS Attack Against NIS/NIS+ NetworksI-066 - Vulnerability in Some Implementations of PKCS#1
I-065 - SunOS ufsrestore Buffer Overflow Vulnerability
I-064 - SGI IRIX mail(1), rmail(1M), sendmail(1M) Vulnerabilities
I-063 - RSI BSDI rlogind Vulnerability
I-062 - SGI IRIX BIND DNS named(1M) Vulnerability
I-061 - SGI IRIX mediad(1M) Vulnerability
I-060 - SGI IRIX OSF/DCE Denial of Service Vulnerability
I-059 - SUN ftpd Vulnerability
I-058 - SunOS rpc.nisd Vulnerability
I-057 - FreeBSD NFS Kernel Code Error
I-067 - AutoStart 9805 Macintosh Worm Virus
I-056 - Cisco PIX Private Link Key Processing and Cryptography Vulnerability
I-037 - FreeBSD mmap Vulnerability
May
H-67 - Red Hat Linux X11 Libraries Buffer OverflowI-055 - SGI IRIX Vulnerabilites (NetWare Client, diskperf/diskalign)
H-62 - SGI IRIX ordist, login/scheme Buffer Overrun Vulnerability
I-044A - BIND Vulnerabilities
I-054 - Cisco Web Cache Control Protocol Router Vulnerability
I-053 - ISC DHCP Distribution Vulnerability
I-052 - 3Com CoreBuilder and SuperStack II LAN Vulnerabilities
I-051 - FreeBSD T/TCP Vulnerability
I-050 - Digital UNIX softlinks - advfs Vulnerability
I-018 - FTP Bounce Vulnerability
I-017 - statd Buffer Overrun Vulnerability
I-049 - SunOS ufsrestore Vulnerability
April
I-048 - SunOS mountd VulnerabilityI-047 - HP-UX OpenMail Vulnerability
I-046 - Open Group xterm and Xaw Library Vulnerabilities
I-039A - HP-UX inetd Vulnerability
I-045 - SGI IRIX LicenseManager(1M) Vulnerabilities
H-70a - SunOS rpcbind Vulnerability
H-66a - Vulnerability in suidperl (sperl)
I-041 - Performer API Search Tool 2.2 pfdispaly.cgi Vulnerability
I-040 - SGI Netscape Navigator Vulnerabilities
March
H-61b - SGI IRIX df, pset, and eject Buffer Overrun VulnerabilitiesI-038 - Ascend Routing Hardware Vulnerabilities
I-036 - FreeBSD Denial-of-Service LAND Attacks
I-035 - SGI Vulnerabilities (startmidi/stopmidi, datman/cdman, cdplayer)
I-034 - Internet Cookies
I-033 - Sun Solaris Vulnerabilities (ndd, rpc.cmsd)
I-032 - Sun Solaris Vulnerabilities (vacation, dtaction)
I-031A - Malformed UDP Packets in Denial of Service Attacks
February
I-030 - SunOS volrmmount(1) VulnerabilityI-029 - IBM AIX Telnet Denial-of-Service Vulnerability
January
I-028 - Vulnerabilities in CDEI-025A - Windows NT based Web Servers File Access Vulnerability
I-026 - Vulnerability in ssh-agent
I-027B - HP-UX Vulnerabilities (CUE, CDE, land)
I-023 - Macro Virus Update
I-024 - CGI Security Hole in EWS1.1 Vulnerability
I-021 - "smurf" IP Denial-of-Service Attacks
I-022 - IBM AIX "routed" daemon Vulnerability
1997
December
I-020 - Cisco 7xx Password Buffer OverflowI-019 - Tools Generating IP Denial-of-Service Attacks
G-43A - Vulnerabilities in Sendmail
CA-96.08 - Vulnerabilities in PCNFSD
November
I-016 - SCO /usr/bin/X11/scoterm VulnerabilityI-015 - SGI IRIX Vulnerabilities (syserr and permissions programs)
I-014 - Vulnerability in GlimpseHTTP and WebGlimpse cgi-bin Packages
I-009A - HP-UX CDE Vulnerability
October
I-013 - Count.cgi Buffer Overrun VulnerabilityI-012 - IBM AIX ftp client Vulnerability
I-011 - IBM AIX portmir command Vulnerability
I-010 - IBM AIX Vulnerabilities (libDtSvc.a, piodmgrsu, nslookup)
I-008 - Open Group OSF/DCE Denial-of-Service Vulnerability
I-007 - Sun Solaris Vulnerabilities (nis_cachemgr, ftpd/rlogind, sysdef)
I-006 - IBM AIX "xdat" Buffer Overflow Vulnerability
I-004 - NEC /UNIX "nosuid" mount option Vulnerability
I-003 - HP-UX mediainit(1) Vulnerability
I-002A - Cisco CHAP Authentication Vulnerability
I-001 - HP-UX Denial-of-Service via telnet Vulnerability
September
I-005C - E-Mail Spamming countermeasuresCA-94.13 - SGI IRIX Help Vulnerability
August
H-99 - SunOS, Solaris ifconfig ioctls VulnerabilityH-98 - SunOS automounter Vulnerability
H-97 - SGI IRIX ftpd Signal Handling Vulnerability
H-92 - HP-UX X11/Motif Lib and Novell Netware Vulnerabilities
H-96 - Vulnerability in Bind
H-95 - SunOS Vulnerability in x-lock
H-94 - SunOS Vulnerability in ps
H-93 - SGI IRIX ordist Buffer Overrun Vulnerability
July
H-91 - HP-UX Large UID's and GID's VulnerabilityH-90 - SunOS, Solaris NIS+ Vulnerability
H-89 - SunOS, Solaris talkd Buffer Overrun Vulnerability
H-88 - SGI IRIX talkd Vulnerability
H-87 - HP-UX rlogin Vulnerability
H-86 - ld.so Vulnerability
H-85 - INN News Server Vulnerabilities
H-84 - Windows NT NtOpenProcessToken Vulnerability
H-83 - Solaris ping Vulnerability
H-82 - Lynx Temporary Files & LYDownload.c Vulnerabilities
H-81 - HP-UX swinstall command in SD-UX Vulnerability
H-80 - SGI IRIX xlock Vulnerability
H-79 - Vellum 3D CD-ROM contains Mac MBDF Virus
H-78 - ICMP vulnerability in Windows 95 and NT 4.0
June
H-77 - Microsoft IIS Boundary Condition VulnerabilityH-76 - Netscape Navigator Security Vulnerability
H-75 - Solaris Solstice AdminSuite Vulnerabilities
H-74 - Unix lpr Buffer Overrun Vulnerability
H-73 - SunOS chkey Vulnerability
H-72 - SunOS eeprom Vulnerability
H-71 - Vulnerability in the at(1) program
H-69 - Vulnerability in getopt (3)
H-68 - Windows 95 Network Password Vulnerability
May
H-64 - SGI IRIX login LOCKOUT parameter VulnerabilityH-63 - ftpd Signal Handling Vulnerability
H-65 - SGI IRIX rld Security Vulnerability
H-60 - Vulnerability in metamail
H-59 - Solaris 2.x Buffer Overflow Vulnerabilities (ps, chkey)
H-58 - IRIX runpriv Program Vulnerability
H-57 - Windows NT/95 Out of Band Data Exploit
H-56 - Solaris 2.x lp Print Service Vulnerability
H-55 - IRIX netprint Program Security Vulnerability
February
G-18 - Digital dxconsole Security VulnerabilityJanuary
G-17 - sample HTTPD CGI vulnerabilities1996
December
G-13 - kerberos v4 vulnerabilityG-09B - Sendmail Unix vulnerability
September
G-47 - Unix FLEXlm VulnerabilitiesG-46 - Vulnerabilities in Transarc DCE and DFS
G-45 - Vulnerability in HP VUE
G-44 - SCO Unix Vulnerability
G-43 - Sendmail Vulnerability
August
G-42 - Vulnerability in workmanG-41 - Vulnerability in bash
G-40 - SGI Admin User Prog Vulnerabilities
G-48 - TCP SYN Flooding and IP Spoofing Attacks
G-39 - Vulnerability in expreserve
G-38 - Linux Vulnerabilities: mount, umount
G-37 - Vulnerability in Adobe FrameMaker (fm_fls)
G-36 - HP-UX Vulnerabilities in elm and rdist Programs
G-35 - SUN Microsystems Solaris vold Vulnerability
July
G-34 - HP-UX Vulnerabilities (netttune, SAM remote admin)G-33 - rdist vulnerability
G-32 - HP-UX Vulnerabilities in expreserve, rpc.pcnfsd, rpc.statd
G-31 - FreeBSD PPP Vulnerability
G-30 - DEC Software Security Kits
G-29 - dip Program Vulnerability
June
G-28 - suidperl Vulnerability (update)G-28 - suidperl Vulnerability
G-27 - SCO kernel securit Vulnerability
May
G-26 - SGI Permissions PanelG-25 - SUN statd Program Vulnerability
G-24 - FreeBSD Security Vulnerabilities
G-23 - Solaris NIS Conifiguration vulnerability
April
G-22 - rpc.statd VulnerabilityG-22 - rpc.statd Vulnerability
G-021 - Vulnerabilities pcnfsd program
G-20 - NCSA and Apache httpd Vulnerability
G-19 - IBM AIX rmail Vulnerability
March
G-16 - SGI rpc.statd VulnerabilityG-15 - Sunsoft Demo CD Vulnerability
February
G-14 - DNS VulnerabilityG-11 - HP syslog Vulnerability
G-10A - Winword Macro Viruses
G-12 - SGI ATT Packaging Utility Security Vulnerability
January
G-08 - Splitvt VulnerabilityG-07 - SGI object server vulnerability
1995
December
G-06A - Win95 VulnerablityG-06 - Win95 Vulnerability
November
G-05 - HP-UX FTP VulnerabilityG-04 - X Authentication Vulnerability
G-03 - AOLGOLD Trojan Program
G-01 - Telnetd Vulnerability
G-02 - SunOS 4.1.X Loadmodule Vulnerability
September
F-28A - Vulnerability in SunOS 4.1.* Sendmail (-oR option)F-28 - Vulnerability in SunOS 4.1.* Sendmail (-oR option)
August
F-27 - Incorrect Permissions on /tmpJuly
F-26 - OSF/DCE Security HoleJune
F-25 - Cisco IOS Router Software VulnerabilityMay
F-24 - Protecting SGI IRIX Systems Against SATANF-23 - Protecting IBM AIX Systems Against SATAN
April
F-22 - SATAN password disclosureF-21 - Protecting SUN OS Systems Against SATAN
F-20 - Security Administrator Tool for Analyzing Networks
F-19 - Protecting HP-UX Systems Against SATAN
March
F-18 - MPE/iX VulnerabilitiesF-16 - SGI IRIX Desktop Permissions Tool Vulnerability
February
F-15 - HP-UX `at' and `cron' vulnerabilitiesF-14 - HP-UX Malicious Code Sequences
F-13 - Unix Sendmail Vulnerabilities
F-12 - Kerberos Telnet Encryption Vulnerability
F-11 - Unix NCSA httpd Vulnerability
F-10 - HP-UX Remote Watch
January
F-09 - Unix /bin/mail VulnerabilitiesF-08 - Internet Address Spoofing and Hijacked Session Attacks
F-07A - New and Revised HP Bulletins
1994
December
F-06 - Novell UnixWare sadc, urestore, and suid_exec VulnerabilitiesF-05 - SCO Unix at, login, prwarn, sadc, and pt_chmod Patches Available
November
F-04 - Security Vulnerabilities in DECnet/OSI for OpenVMSF-03 - Vendor restricted bulletin
F-02 - Summary of HP Security Bulletins