CVE-2000-0824 – ProFTPd 1.2 pre6 - 'snprintf' Remote Root
https://notcve.org/view.php?id=CVE-2000-0824
The unsetenv function in glibc 2.1.1 does not properly unset an environmental variable if the variable is provided twice to a program, which could allow local users to execute arbitrary commands in setuid programs by specifying their own duplicate environmental variables such as LD_PRELOAD or LD_LIBRARY_PATH. • https://www.exploit-db.com/exploits/19503 http://archives.neohapsis.com/archives/bugtraq/2000-08/0436.html http://archives.neohapsis.com/archives/bugtraq/2000-08/0509.html http://archives.neohapsis.com/archives/bugtraq/2000-08/0525.html http://marc.info/?l=bugtraq&m=93760201002154&w=2 http://www.calderasystems.com/support/security/advisories/CSSA-2000-028.0.txt http://www.debian.org/security/2000/20000902 http://www.linux-mandrake.com/en/updates/MDKSA-2000-040.php3 http:/ •
CVE-2000-0335
https://notcve.org/view.php?id=CVE-2000-0335
The resolver in glibc 2.1.3 uses predictable IDs, which allows a local attacker to spoof DNS query results. • http://www.securityfocus.com/bid/1166 •