So, CVE-1999-0001 is different from CVE-1999-0257 and CVE-1999-0052.The Free BSD patch for CVE-1999-0052 is in line 750.doc Id=HPSBUX9808-083 Reference: SUN:00180 Reference: URL: doctype=coll&doc=secbull/180 Reference: CERT: CA-98.05.bind_problems Reference: XF:bind-bo Reference: BID:134 Reference: URL: Description: Denial of Service vulnerability in BIND 8 Releases via maliciously formatted DNS messages.
doctype=coll&doc=secbull/170 Reference: ISS: June10,1998 Reference: XF:nisd-bo-check Description: Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases.Status: Entry Reference: SGI:19980603-01-PX Reference: URL:ftp://com/support/free/security/advisories/19980603-01-PX Reference: HP: HPSBUX9808-083 Reference: URL: Display.do?doc Id=HPSBUX9808-083 Reference: SUN:00180 Reference: URL: doctype=coll&doc=secbull/180 Reference: XF:bind-axfr-dos Description: Some web servers under Microsoft Windows allow remote attackers to bypass access restrictions for files with long file names. Status: Entry Reference: CERT: CA-98.03.ssh-agent Reference: NAI: NAI-24 Reference: XF:ssh-agent Description: Unauthorized privileged access or denial of service via dtappgather program in CDE.Status: Entry Reference: HP: HPSBUX9801-075 Reference: URL: Display.do? Status: Candidate Phase: Modified (20090302) Reference: CERT: CA-97.28.They are provided for use by individuals who have a need for an early numbering scheme for items that have not been fully reviewed by the Editorial Board.
Description: ip_input.c in BSD-derived TCP/IP implementations allows remote attackers to cause a denial of service (crash or hang) via crafted packets.Status: Candidate Phase: Modified (20051217) Reference: CERT: CA-98-13-tcp-denial-of-service Reference: BUGTRAQ:19981223 Re: CERT Advisory CA-98.13 - TCP/IP Denial of Service Reference: CONFIRM: Reference: OSVDB:5707 Reference: URL: Votes: A Bugtraq posting indicates that the bug has to do with "short packets with certain options set," so the description should be modified accordingly. That one is related to nestea (CVE-1999-0257) and probably the one described in BUGTRAQ:19981023 nestea v2 against freebsd 3.0-Release The patch for nestea is in ip_input.c around line 750.The patches for CVE-1999-0001 are in lines 388&446.Status: Entry Reference: CERT: CA-98.08.qpopper_vul Reference: SGI:19980801-01-I Reference: URL:ftp://com/support/free/security/advisories/19980801-01-I Reference: AUSCERT: AA-98.01 Reference: XF:qpopper-pass-overflow Reference: BID:133 Reference: URL: Description: Information from SSL-encrypted sessions via PKCS #1. PKCS Reference: MS: MS98-002 Reference: URL: XF:nt-ssl-fix Description: Buffer overflow in NIS , in Sun's program.Status: Entry Reference: CERT: CA-98.06Reference: SUN:00170 Reference: URL:doc Id=HPSBUX9801-075 Reference: SUN:00185 Reference: URL: doctype=coll&doc=secbull/185 Reference: CERT: CA-98.02. Teardrop_Land Reference: OVAL:oval:org.mitre.oval:def:5579 Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:5579 Reference: XF:teardrop Votes: MSKB: Q154174 MSKB: Q154174 (CVE-1999-0015) and MSKB: Q179129 (CVE-1999-0104) indicate that CVE-1999-0015 was fixed in NT SP3, but CVE-1999-0104 was not.