Title: rc uses file globbing dangerously
Date: May 9 2002
Vendor: FreeBSD
Vulnerable systems: FreeBSD 4.4-RELEASE, FreeBSD 4.5-RELEASE, FreeBSD 4-STABLE prior to the correction date
Full advisory: http://www.net-security.org/advisory.php?id=727
Problem description: rc is the system startup script (/etc/rc). It is run when the FreeBSD is booted multi-user, and performs a multitude of tasks to bring the system up. One of these tasks is to remove lock files left by X Windows, as their existence could prevent one from restarting the X Windows server.



Title: DHCP remote exploitable vulnerability
Date: May 29 2002
Vendor: Mandrake
Vulnerable systems: Mandrake Linux 7.2, 8.1, 8.2, Single Network Firewall 7.2
Full advisory: http://www.net-security.org/advisory.php?id=729
Problem description: Fermin J. Serna discovered a problem in the dhcp server and client package from versions 3.0 to 3.0.1rc8, which are affected by a format string vulnerability that can be exploited remotely.




Title: Remote denial-of-service when using accept filters
Date: May 29 2002
Vendor: FreeBSD
Vulnerable systems: FreeBSD 4.5-RELEASE, FreeBSD 4-STABLE after 2001-11-22 and prior to the correction date
Full advisory: http://www.net-security.org/advisory.php?id=728
Problem description: FreeBSD features an accept_filter mechanism which allows an application to request that the kernel pre-process incoming connections. For example, the accf_http accept filter prevents accept from returning until a full HTTP request has been buffered.



Title: Mozilla vulnerabilities
Date: May 29 2002
Vendor: Conectiva
Vulnerable systems: Conectiva Linux 6.0, 7.0, 8
Full advisory: http://www.net-security.org/advisory.php?id=730
Problem description: GreyMagic Security found a vulnerability in mozilla prior to version 1.0rc1 which allows a hostile site to read and list user files. The vulnerability was related to the XMLHTTP, a component that is primarily used for retrieving XML documents from a web server.