See also the NIST Compujter Security Division's ICAT vulnerability database that is now free for commercial and public use and may be downloaded as a Microsoft Access database. The ICAT database includes mappings to the CVS vulnerability enumeration database at http://cvs.mitre.org/.
Don't count on this list to provide pointers to all known vulnerabilities. I do not usually list vulnerabilities due to add-on programs like wu-ftpd, pro-ftpd, etc. I've tried to collect and arrange pointers to various advisories where applicable. Since summer 1997, I have also been including references to FreeBSD, Sun, and SGI advisories, as those are easily available on the Internet (a Bronx cheer to HP, which hides their security information behind an absolutely ridiculous WWW interface that requires registration and a first-born son before allowing access).
Concerned UNIX administrators are well advised to check CERT, CIAC, bugtraq archives and any available security resources for their particular operating system.
Note that no
Please report mistakes or send suggestions to Guy Helmer. Use in good health, and may your systems be secure!
| Systems | Problem Description | Related Bulletins | CVE |
|---|---|---|---|
| Debian 2.2 | A potential buffer overflow vulnerability exists in the gzip program with respect to very long file names. |
Debian Security
Advisory DSA-100-1 13 January 2002 (gzip) |
None |
| Debian 2.2 | The CIPE VPN package crashes if sent a packet that is "too short". |
Debian Security
Advisory DSA-104-1 14 January 2002 (CIPE) |
None |
| Mandrake Linux 8.0-8.1 | The bind (Berkeley Internet Name Daemon) version 9 package is installed with insecure permissions on configuration files and executables. |
MandrakeSoft
Security Advisory MDKSA-2002:001: bind |
CAN-2001-0886 |
| Debian 2.2; Mandrake Linux 7.1-8.1 | The glibc library contains a buffer overflow vulnerability in the filename globbing code. Any privileged program that uses the affected library routines (such as many FTP servers) may be vulnerable to exploitation. |
Debian Security
Advisory DSA-103-1 13 January 2002 (glibc) MandrakeSoft Security Advisory MDKSA-2001:095: glibc |
CAN-2001-0886 |
| RedHat Linux 7.0-7.2 | The groff text processing program contains a buffer overflow vulnerability that allows an attacker to access the account running the printing subsystem if the LPRng printing system is in use. |
Red Hat Linux Security Advisory RHSA-2002:004-06 (groff) |
CAN-2002-0003 |
| Debian 2.2; RedHat Linux 6.2-7.2 | The XChat IRC client contains a vulnerability that allows an attacker to take over a user's IRC session. |
Debian Security
Advisory DSA-099-1 12 January 2002 (xchat) Red Hat Linux Security Advisory RHSA-2002:005-09 (xchat) |
CAN-2002-0006 |
| Debian 2.2; Mandrake Linux 7.1-8.0; RedHat Linux 7.0-7.2 | The sudo program does not completely santize environment variables before executing programs. This may allow a local user to obtain root privileges. |
Debian Security
Advisory DSA-101-1 14 January 2002 (sudo) MandrakeSoft Security Advisory MDKSA-2002:003: sudo Red Hat Linux Security Advisory RHSA-2002:011-06 (sudo) Red Hat Linux Security Advisory RHSA-2002:013-03 (sudo) |
None |
| FreeBSD 4.0-4.4 | The pw user account management utility creates a temporary copy of the /etc/master.passwd file with permissions that allow read access for local users. Encrypted passwords may be disclosed. |
FreeBSD SA 02:02 (pw)
|
None |
| FreeBSD 4.0-4.4 | The pkg_add package software package installation utility creates temporary directories unsafely, which may allow local users to modify maliciously a software package during installation. |
FreeBSD SA 02:01 (pkg_add)
|
None |
| RedHat 7.2 | stunnel contains a format string vulnerability. |
Red Hat Linux Security Advisory RHSA-2002:002-10 |
None |
| SGI Irix | A vulnerability in the Network Queuing Environment (NQE) contains format string vulnerabilities. |
SGI Advisory 20020101-01-I
|
None |
| Debian 2.2 | The exim mail transfer agent may execute arbitrary commands specified in the local part of an address. |
Debian Security
Advisory 097-1 03 January 2002 (exim) |
None |
| Debian 2.2; Mandrake Linux 7.1-8.1; RedHat Linux 6.2-7.2 | The mutt mail client contains a buffer overflow vulnerability in the address processing code. |
Debian Security
Advisory 096-1 02 January 2002 (mutt) MandrakeSoft Security Advisory MDKSA-2002:002: mutt Red Hat Linux Security Advisory RHSA-2002:003-10 |
None |
| Debian 2.2 | The gpm daemon contains format string vulnerabilities that can allow a local user to execute arbitrary code with root permissions. |
Debian Security
Advisory 095-1 27 December 2001 (gpm) |
None |
| RedHat Linux 7.2 | The namazu package contains cross-site scripting vulnerabilities. |
Red Hat Linux Security Advisory RHSA-2001:162-04 |
None |
| Debian 2.2; Mandrake Linux 7.1-8.1 | A remote format string vulnerability in the libgtop daemon allows remote attackers to execute arbitrary code. |
Debian Security
Advisory 098-1 9 January 2002 (libgtop) MandrakeSoft Security Advisory MDKSA-2001:094: libgtop |
None |
| Debian 2.2; RedHat Linux 7.2 | The mailman program contains cross-site scripting vulnerabilities. |
Debian Security
Advisory 094-1 16 December 2001 (mailman) Red Hat Linux Security Advisory RHSA-2001:170-06 Red Hat Linux Security Advisory RHSA-2001:168-05 |
None |
| Mandrake Linux 8.1 | The PAM configuration files for the passwd program do not support md5 passwords. |
MandrakeSoft
Security Advisory MDKSA-2001:091: passwd |
None |
| SGI Irix 3.x | A vulnerability in UNIX System V-derived login program allows unauthorized root access. |
CERT Advisory 2001-34 SGI Advisory 20011201-01-I |
None |
| Debian 2.2 | The wmtv video player allows local users to run any command with root privilege. |
Debian Security
Advisory 092-1 6 December 2001 (wmtv) |
None |
| Debian 2.2 | The fml mail list package contains cross-site scripting vulnerabilities. |
Debian Security
Advisory 088-1 5 December 2001 (fml) |
None |
| Debian 2.2 | The icecast-server (streaming music server) contains multiple vulnerabilities that can allow unauthorized access to files, denial of service attacks, and execution of arbitrary code. |
Debian Security
Advisory 089-1 5 December 2001 (icecast-server) |
None |
| Many | Multiple vulnerabilities exist in the wu-ftpd FTP server. |
CERT Advisory 2001-33 Caldera Security Advisory CSSA-2000-041.0 Debian Security Advisory 087-1 3 December 2001 (wu-ftpd) Red Hat Linux Security Advisory RHSA-2001:157-06 MandrakeSoft Security Advisory MDKSA-2001:090: wu-ftpd |
None |
| Caldera OpenLinux 2.3, 2.4, 3.1; FreeBSD 4.0-4.4; Debian 2.2; Mandrake Linux 7.1-8.1; RedHat Linux 7.0-7.2 | OpenSSH "UseLogin" configuration option enables a vulnerability that allows users to gain root privileges. |
Caldera
Security Advisory CSSA-2001-042.1 (OpenSSH)
Caldera
Security Advisory CSSA-2001-042.0 (OpenSSH) FreeBSD SA 01:63 (openssh) Debian Security Advisory 091-1 5 December 2001 (openssh) MandrakeSoft Security Advisory MDKSA-2001:092: openssh Red Hat Linux Security Advisory RHSA-2001:161-08 (openssh) |
None |
| SGI IRIX 6.5-6.5.12f | The IP ID field in packets generated by an SGI system can be predicted. This issue may allow detection of open TCP or UDP ports or other security problems. | SGI Advisory 20011106-01-A | None |
| Debian 2.2; Mandrake Linux 7.1-8.1; RedHat Powertools 7.1 | Postfix's session cache could be attacked to cause a denial of service due to memory exhaustion. |
Debian Security
Advisory 093-1 12 December 2001 (postfix) MandrakeSoft Security Advisory MDKSA-2001:089: postfix Red Hat Powertools Security Advisory RHSA-2001:141-05 |
None |
| Caldera OpenLinux Server & Workstation 3.1 | Format string vulnerabilities in Cyrus-SASL could potentially allow remote users to gain privileged access to a system running sendmail. |
Caldera
Security Advisory CSSA-2001-040.0 (Cyrus-SASL) |
None |
| Caldera OpenLinux Server 3.1 | Attackers can use cross-site scripting vulnerabilities to gain access to users mail. |
Caldera
Security Advisory CSSA-2001-039.0 (imp) |
None |
| Mandrake Linux 8.1 | The expect package installs unsafely, allowing a local users to gain unauthorized privileges. |
MandrakeSoft
Security Advisory MDKSA-2001:087: expect |
None |
| Caldera OpenLinux 2.3, 2.3.1, 2.4, 3.1 | Remote attackers can bypass packet filtering firewall due to a vulnerability related to syn cookies. |
Caldera
Security Advisory CSSA-2000-038.0 |
None |
| Many | Buffer overflow, mailer options, and hostname authentication vulnerabilities may allow local and remote users to gain privileged access to the system. |
CERT Advisory 2001-32
CERT Advisory 2001-30 NetBSD Security Advisory 2001-018 Red Hat Linux Security Advisory RHSA-2001:147-09 |
None |
| Caldera Server 3.1, Workstation 3.1 | libdb1 was built improperly and uses unsafe versions of the snprintf and vsnprintf functions, which might allow local or remote attackers to execute arbitrary code. |
Caldera
Security Advisory CSSA-2001-037.0 (libdb) |
None |
| RedHat Linux 7.2 | Non-local users could print the contents of any file on the system readable by local user 'lp'. |
Red Hat Security Advisory RHSA-2001:138-10 |
None |
| RedHat Powertools 7.0-7.1 | A problem in webalizer allowed remote users to embed malicious HTML tags in reports generated by webalizer. |
Red Hat Powertools Security Advisory RHSA-2001:141-05 |
None |
| RedHat Linux 7.2 | A malicious client could execute arbitrary XQL statements via the mod_auth_pgsql module for Apache. |
Red Hat Linux Security Advisory RHSA-2001:124-04 |
None |
| Sun Solaris 2.6, 7, & 8 (SunOS 5.6-5.8) | A vulnerability has been found in ufsrestore which, if exploited, could allow an unprivileged local user to gain unauthorized root access. | Sun Security Bulletin #00208 (ufsrestore) | None |
| Sun Solaris 2.6, 7, & 8 (SunOS 5.6-5.8) | A buffer overflow vulnerability has been discovered in rpc.yppasswd which may be exploited by a local or a remote attacker to gain root access on the NIS master server system. | Sun Security Bulletin #00209 (rpc.yppasswdd) | None |
| SGI IRIX 6.5-6.5.12f | Remote users can send a malformed IGMP multicast packet and cause the IRIX operating system to panic, resulting in a denial of service. | SGI Advisory 20011001-01-P | None |
| Debian 2.2; Mandrake Linux 7.1-8.1 | procmail insecurely responds to signals and may allow a local user to gain unauthorized privileges. |
Debian Security
Advisory DSA-083-1 18 October 2001 (procmail) MandrakeSoft Security Advisory MDKSA-2001:085: procmail |
None |
| Debian 2.2 | xvt is vulnerable to a buffer overflow attack which could allow local users to gain root privileges. |
Debian Security
Advisory DSA-082-1 18 October 2001 (xvt) |
None |
| Debian 2.2 | nvi contains a format string vulnerability that probably can not be exploited to gain any privileges. |
Debian Security
Advisory DSA-085-1 21 October 2001 (nvi) |
None |
| Debian 2.2 | w3m contains a remotely exploitable buffer overflow vulnerability that could allow a malicious server to execute arbitrary code on the w3m client. |
Debian Security
Advisory DSA-081-1 18 October 2001 (w3m) |
None |
| Mandrake Linux 8.0-8.1; RedHat Linux 7.1-7.2 | /bin/login's interaction with PAM contains a bug that allows a local user to obtain the credentials of another local user. |
MandrakeSoft
Security Advisory MDKSA-2001:084: util-linux update Red Hat Linux Security Advisory RHSA-2001:132-04 |
None |
| Caldera OpenLinux 2.3, eServer 2.3.1, eDesktop 2.4, Server 3.1, Workstation 3.1; Mandrake Linux 7.1-8.1; RedHat 7.1 | The Linux kernel version 2.4 contains vulnerabilities that could allow local users to gain root privileges. |
Caldera
Security Advisory CSSA-2001-036.0 (Linux)
MandrakeSoft
Security Advisory MDKSA-2001:082: kernel22 update Red Hat Linux Security Advisory RHSA-2001:129-05 |
None |
| Mandrake Linux 7.1-8.1; RedHat Linux 7.0-7.1 | sshd may not honor the "from" option on a key in the authorized_keys2 file, thereby allowing key-based logins from hosts which should be denied. |
MandrakeSoft
Security Advisory MDKSA-2001:081: openssh Red Hat Linux Security Advisory RHSA-2001:154-06 (openssh) Red Hat Linux Security Advisory RHSA-2001:114-05 (openssh) |
None |
| Caldera OpenLinux Server 3.1, Workstation 3.1; Debian 2.2; Mandrake Linux 7.2-8.1 | A remote attacker can use a vulnerability in htdig to read any file on the system that is readable by the http server's user. |
Caldera
Security Advisory CSSA-2001-035.0 (htdig) Debian Security Advisory 17 October 2001 (htdig) MandrakeSoft Security Advisory MDKSA-2001:083: htdig |
None |
| Caldera All OpenLinux | Local attackers may prevent the sendmail daemon from delivering mail. | Caldera Security Advisory CSSA-2001-034.0 (sendmail) | None |
| Mandrake Linux 8.1 | The devfs option in the Linux kernel contains a serious vulnerability. | MandrakeSoft Security Advisory MDKSA-2001:079: devfs | None |
| RedHat Linux 5.2-7.1 | The man program contains a buffer overflow vulnerability that allows a remote user to gain access to the group man and may allow an attacker to eventually gain root privileges. |
Red Hat Linux Security Advisory RHSA-2001:072-14 |
None |
| Caldera OpenLinux 2.3, eServer 2.3.1, eDesktop 2.4, Server 3.1, Workstation 3.1; FreeBSD 4.0-4.3; Mandrake Linux 7.1-8.0 | Local attackers may use argument handling vulnerabilities in the UUCP suite to gain access to the uucp group, which may lead to gaining root privileges. |
Caldera
Security Advisory CSSA-2001-033.0 (uucp)
FreeBSD SA 01:62 (uucp)
MandrakeSoft Security Advisory MDKSA-2001:078: uucp |
None |
| Mandrake Linux 8.0 | The Linux 2.4 kernel's iptables packet filtering system contains a vulnerability that may allow an attacker to create a special FTP PORT command that would allow the attacker to breach an iptable firewall. |
MandrakeSoft
Security Advisory MDKSA-2001:071: kernel 2.4 update |
None |
| NetBSD 1.4-1.5.1 | Local users can exploit insufficient checks on parameters to system calls to cause a denial of service or gain root privileges. | NetBSD Security Advisory 2001-015 | None |
| FreeBSD 4.0-4.3 | The rmuser program, which is run by root, contains a race condition that may expose encrypted passwords to a local attacker. |
FreeBSD SA 01:59 (rmuser)
|
None |
| Sun Solaris 2.6, 7, & 8 (SunOS 5.6-5.8) | A buffer overflow vulnerability in the snmpXdmid daemon allows remote users to gain privileged access. | Sun Security Bulletin #00207 (snmpXdmid) | None |
| Many | The Berkeley line printer server contains a buffer overflow that can be exploited remotely to execute arbitrary code with root privileges. |
IBM MSS-OAR-E01-2001:391.1 (lpd)
FreeBSD SA 01:58 (lpd)
SGI Advisory 20011003-01-P
Sun Security Bulletin #00206 (in.lpd) |
None |
| FreeBSD 4.2-4.3 | "PARANOID" hostname checking does not work in FreeBSD's tcp_wrappers, potentially allowing attackers with spoofed DNS reverse-lookup names to use network services that should be denied. |
FreeBSD SA 01:56 (tcp_wrappers)
|
None |
| NetBSD 1.4-1.5.1 | Local users can exploit the RCMD_CMD environment variable to cause dump(8) to execute a command with group "tty" privileges and gain access to terminal device files. | NetBSD Security Advisory 2001-014 | None |
| FreeBSD 4.0-4.3 | The procfs file system allows local users to gain access to the memory space of privileged programs and may lead to the user obtaining increased privileges. |
FreeBSD SA 01:55 (procfs)
|
None |
| Caldera OpenLinux eServer 2.3.1 | Buffer overflow vulnerabilities, format string bugs, temporary file races, and signed integer problems exist in the ucd-snmp-4.2.1 package. These vulnerabilities may allow remote or local users to execute arbitrary code with privilege or obtain increased privileges. | Caldera Security Advisory CSSA-2001-031.0 (ucd-snmp) | None |
| Mandrake Linux 8.0 | The gdm XDMCP handler contains a vulnerability that allows remote attackers to execute arbitrary commands with root privilege. |
MandrakeSoft
Security Advisory MDKSA-2001:070: gdm |
None |
| FreeBSD 4.3 | ipfw packet filtering in the kernel improperly matches both the remote and local IP addresses of a point-to-point interface. | FreeBSD SA 01:53 (ipfw) | None |
| Debian 2.2; Mandrake Linux 7.1-8.0 | Malicious remote servers can exploit a buffer overflow vulnerability in the WindowMaker window manager to execute arbitrary code with the privileges of the user running a web browser. |
Debian Security
Advisory DSA-074-1 12 August 2001 (WindowMaker) MandrakeSoft Security Advisory MDKSA-2001:074: WindowMaker |
None |
| Debian 2.2 | Local users can exploit format string vulnerabilities in the groff program pic. |
Debian Security
Advisory DSA-072-1 10 August 2001 (groff) |
None |
| Debian 2.2; Mandrake Linux; RedHat 6.2-7.1 | The openldap daemon included in Debian contains a vulnerability than results in a denial of service. |
Debian Security
Advisory DSA-068-1 9 August 2001 (openldap) MandrakeSoft Security Advisory MDKSA-2001:069: openldap Red Hat Linux Security Advisory RHSA-2001:098-05 |
None |
| Caldera OpenLinux Server 3.1 | Remote users can view arbitrary files in the system via Jakarta-Tomcat, a Java Servlet Engine. Jakarta-Tomcat was also vulnerable to cross-site scripting. | Caldera Security Advisory CSSA-2001-028.0 (tomcat) | None |
| Caldera OpenLinux Server 3.1; Debian 2.2 | Remote users can gain execute arbitrary commands with the privilege of the http account via the IMP webmail application. |
Caldera
Security Advisory CSSA-2001-027.0 (imp) Debian Security Advisory DSA-073-1 10 August 2001 (imp) |
None |
| Debian 2.2; Mandrake Linux 7.1-8.0 | The apache http daemon included in Debian contains a vulnerability that may allow a remote attacker to gain access to files which are not meant to be visible. |
Debian Security
Advisory DSA-067-1 28 July 2001 (apache) MandrakeSoft Security Advisory MDKSA-2001:077: apache |
None |
| SGI IRIX 6.5-6.5.12f | Local users can exploit a vulnerability in netprint to gain root privileges. | SGI Advisory 20010701-01-P | CVE-2001-0485 |
| Many | The telnetd telnet server contains buffer overflow that can be exploited remotely to execute arbitrary code with root privileges. |
CERT Advisory 2001-21 FreeBSD SA 01:49 (telnetd) Caldera Security Advisory CSSA-2001-030.0 (telnet) Debian Security Advisory DSA-075-1 14 August 2001 (netkit-telnet-ssl) Debian Security Advisory 9 August 2001 (netkit-telnet) MandrakeSoft Security Advisory MDKSA-2001:093: kerberos MandrakeSoft Security Advisory MDKSA-2001:068: telnet Red Hat Linux Security Advisory RHSA-2001:099-06 SGI Advisory 20010801-01-P |
None |
| NetBSD 1.3-1.5 | Local users can exploit a missing bounds check in the sendmsg(2) system call to cause a denial of service. | NetBSD Security Advisory 2001-011 | None |
| NetBSD 1.5 and previous | Local users can exploit a race condition between the setuid/setgid handling in the execve(2) system call and the ptrace(2) system call to execute arbitrary code with increased privileges. | NetBSD Security Advisory 2001-009 | None |
| Caldera OpenLinux Server 3.1; Mandrake Linux 7.1-8.1; RedHat Linux 6.2-7.2 | squid HTTP accelerator may allow remote users to portscan the internal network through the squid proxy. Squid's FTP proxy may be affected by a denial of service attack. |
Caldera
Security Advisory CSSA-2001-029.0 (squid) MandrakeSoft Security Advisory MDKSA-2001:088: squid MandrakeSoft Security Advisory MDKSA-2001:066: squid Red Hat Linux Security Advisory RHSA-2001:113-03 (squid) Red Hat Linux Security Advisory RHSA-2001:097-04 (squid) |
None |
| RedHat Linux 5.2-7.1 | procmail mail processor handles signals unsafely. |
Red Hat Linux Security Advisory RHSA-2001:093-03 (procmail) |
None |
| Caldera OpenLinux Server 3.1 & Workstation 3.1 | Local users can gain access to the httpd account via a CGI vulnerability. | Caldera Security Advisory CSSA-2001-026.0 (docview) | None |
| FreeBSD 4.0-4.3; Mandrake Linux 7.1-8.0; NetBSD 1.5; RedHat Linux 6.2-7.1 | openssl prior to 0.9.6b contains several (relatively minor) security vulnerabilities, including leakage of information after SSL version 3 key exchanges, problems with random numbers, improper use of environment variables in setuid or setgid applications, and potential problems when generating digital signatures. |
FreeBSD SA 01:51 (openssl)
MandrakeSoft
Security Advisory MDKSA-2001:065: openssl NetBSD Security Advisory 2001-013 |
None |
| Sun Solaris 2.6, 7, & 8 (SunOS 5.6-5.8) | Buffer overflow vulnerability in in.lpd daemon allows remote users to execute arbitrary code with root privileges. |
CERT Advisory 2001-15 |
CAN-2001-0353 |
| Mandrake Linux 7.1-8.0; RedHat Linux 5.2-7.1 | Elm mail reader contains a buffer overflow vulnerability in the message-id handling code, which may allow remote users to execute arbitrary code with privileges of the user running elm. |
MandrakeSoft
Security Advisory MDKSA-2001:067: elm |
None |
| RedHat Linux 7.1 | vipw leaves /etc/shadow world-readable after editing which allows local users to obtain access to encrypted passwords. |
|
None |
| Debian 2.2 | The cfingerd finger daemon contains a buffer overflow vulnerability and a format string vulnerability that may allow a local attacker to gain root privilege. |
Debian Security
Advisory DSA-066-1 11 July 2001 (cfingerd) |
None |
| Debian 2.2; Mandrake Linux 7.1-8.0; RedHat Linux 6.2-7.1 | xloadimage contains a vulnerability in the faces reader that may allow remote users to execute arbitrary code on the target computer. |
Debian Security
Advisory DSA-069-1 9 August 2001 (xloadimage) MandrakeSoft Security Advisory MDKSA-2001:073: xli |
None |
| Mandrake Linux 7.2-8.0; RedHat Linux 7.0-7.1 | A vulnerability exists in xinetd's string handling. |
MandrakeSoft
Security Advisory MDKSA-2001:076: xinetd Red Hat Linux Security Advisory RHSA-2001:109-05 (xinetd) Red Hat Linux Security Advisory RHSA-2001:092-02 (xinetd) |
None |
| Sun Solaris 2.4-2.6, 7, & 8 (SunOS 5.4-5.8) | Buffer overflow vulnerability in ypbind daemon allows remote users to gain privileged access. | Sun Security Bulletin #00203 (ypbind) | None |
| Caldera eServer 2.3.1, OpenLinux 3.1 Server & Workstation; NetBSD 1.5 | Local users can remove any file named "cookies" on the system. | Caldera Security Advisory CSSA-2001-023.0 (openssh) NetBSD Security Advisory 2001-010 | None |
| Caldera; Debian 2.2; Mandrake Linux 7.1-8.0; RedHat Linux 5.2-7.1 | The Samba file service daemon insecurely creates machine-specific log files, which may allow remote users to overwrite any file on the system. |
Caldera
Security Advisory CSSA-2001-024.0 (samba)
Debian Security
Advisory DSA-065-1 June 23 2001 (samba) MandrakeSoft Security Advisory MDKSA-2001:062: samba Red Hat Linux Security Advisory RHSA-2001:086-06 (samba) |
None |
| Debian 2.2 | rxvt contains a buffer overflow vulnerability that may allow an attacker to modify the utmp file. |
Debian Security
Advisory DSA-062-1 16 June 2001 (rxvt) |
None |
| Caldera; Debian 2.2; Mandrake Linux 7.1-8.0; RedHat 5.2-7.1 | fetchmail contains a buffer overflow vulnerability which may potentially be exploited by a remote attacker to execute code with privileges of the user executing fetchmail. |
Caldera
Security Advisory CSSA-2001-022.0 (fetchmail)
Caldera
Security Advisory CSSA-2001-022.1 (fetchmail) MandrakeSoft Security Advisory MDKSA-2001:072: fetchmail MandrakeSoft Security Advisory MDKSA-2001:063: fetchmail Debian Security Advisory DSA-071-1 9 August 2001 (fetchmail) Debian Security Advisory DSA-060-1 16 June 2001 (fetchmail) Red Hat Linux Security Advisory RHSA-2001:103-04 |
None |
| RedHat Linux 7.0-7.1 | LPRng fails to drop supplemental group membership at startup, which is a security risk. |
Red Hat Linux Security Advisory RHSA-2001:077-05 |
None |
| Debian 2.2 | man-db may be used by local users to create files with privileges of the user "man". |
Debian Security
Advisory DSA-059-1 12 June 2001 (man-db) |
None |
| Mandrake Linux 7.1-8.0 | Buffer overflow vulnerabilities in the uw-imap mail server allow authenticated users to gain shell access. |
MandrakeSoft
Security Advisory MDKSA-2001:054: imap |
None |
| Debian 2.2; Redhat Powertools 6.2-7.1 | exim mail transfer agent contains a format string vulnerability. |
Debian Security
Advisory DSA-058-1 10 June 2001 (exim) Red Hat Security Advisory RHSA-2001:078-05 (batch SMTP) |
None |
| Caldera Volution 1.0 | Security vulnerabilities exist in the client and server versions of Volution prior to csm-1.0.8-47 and csm-server-1.0.8-47. | Caldera Security Advisory CSSA-2001-021.0 (Volution) | None |
| Caldera OpenLinux 2.3, eServer 2.3.1, eBuilder, eDesktop 2.4; Mandrake Linux 7.1-8.1; RedHat Linux 6.2-7.1 | GnuPG contains a format string vulnerability that can lead to compromise of an account being used to decrypt an encrypted file. |
MandrakeSoft
Security Advisory MDKSA-2001:053: gnupg Caldera Security Advisory CSSA-2001-020.0 (gnupg) Red Hat Linux Security Advisory RHSA-2001:073-04 (gnupg) |
None |
| Debian 2.2; Mandrake Linux 7.2-8.0; RedHat Linux 7.0-7.1 | xinetd executes child processes with umask of 0, which may allow child processes like swat from Samba to create world-writable files. xinetd also contains a buffer overflow vulnerability via its ident response processing code that may allow a remote attacker to execute code with root privileges. |
Debian Security
Advisory DSA-063-1 17 June 2001 (xinetd) MandrakeSoft Security Advisory MDKSA-2001:055: xinetd Red Hat Linux Security Advisory RHSA-2001:075-04 (xinetd) |
None |
| FreeBSD 3.0-3.5.1, 4.0-4.3; NetBSD 1.5 | Local users can confuse fts(3) library routines such that files may be removed or modified on the local system which are owned, writable, or removable by a user running a command that uses fts(3) library routines. |
FreeBSD SA 01:40 (fts)
NetBSD Security Advisory 2001-016 |
None |
| Caldera; Mandrake Linux 7.1-8.0 | Webmin allows users to gain root privileges. |
Caldera
Security Advisory CSSA-2001-019.1 (webmin)
Caldera
Security Advisory CSSA-2001-019.0 (webmin) MandrakeSoft Security Advisory MDKSA-2001:059: webmin |
None |
| FreeBSD 3.0-3.5.1, 4.0-4.2 | Initial sequence numbers in TCP connections may be predicted and allow either abuse of weakly-authenticated protocols, hijacking of existing TCP connections, or denial of service attacks against existing TCP connections. | FreeBSD SA 01:39 (tcp-isn) | None |
| NetBSD 1.5 on sh3 (dreamcast, evbsh3, hpcsh and mmeye hardware ports) | Users can modify the processor privilege mode via sigreturn system call, ptrace(2), and procfs resulting in increased privileges. | NetBSD Security Advisory 2001-008 | None |
| FreeBSD 3.x, 4.0-4.4; NetBSD 1.4-1.5 | Incomplete IP fragments can exhaust the kernel's network buffer space resulting in a denial of service. |
FreeBSD SA 01:52 (fragment)
NetBSD Security Advisory 2001-006 |
None |
| RedHat Linux 5.2-6.2 | The mktemp(1) command does not support creation of temporary directories. |
Red Hat Linux Security Advisory RHSA-2001:070-02 (mktemp) |
None |
| RedHat Linux 5.0-7.0 | Users can gain increased privileges via a heap overflow vulnerability in the man(1) command. |
Red Hat Linux Security Advisory RHSA-2001:069-02 (man) |
None |
| RedHat Linux 6.2-7.1 | Kerberos V contains buffer overflow vulnerabilities in the telnet server and FTP GSSAPI. |
Red Hat Linux Security Advisory RHSA-2001:100-02 (Kerberos 5) Red Hat Linux Security Advisory RHSA-2001:060-04 (Kerberos 5) |
None |
| Mandrake Linux 7.1-8.0; RedHat Linux 6.2-7.1 | GnuPG contains a weakness that could allow an attacker to compute a user's secret key. |
MandrakeSoft
Security Advisory MDKSA-2001:053: gnupg Red Hat Linux Security Advisory RHSA-2001:063-02 (gnupg) |
None |
| Sun Solaris for Intel Platforms 2.6, 7, & 8 (SunOS 5.6-5.8) | Vulnerability in operating system call allows local users to gain privileges. | Sun Security Bulletin #00202 (i386 syscalls) | None |
| RedHat Linux 7.1 | Swap files created by RedHat 7.1 installation are world-readable, allowing local users access to information written to swap. |
Red Hat Linux Security Advisory RHSA-2001:058-04 (mount) |
None |
| Mandrake Linux 7.1-8.0; RedHat Linux 7.1 | World-readable temporary file created by kdesu may be abused by a local user. |
MandrakeSoft
Security Advisory MDKSA-2001:046: kdelibs Red Hat Linux Security Advisory RHSA-2001:059-03 (kdelibs) |
None |
| Debian 2.2; Mandrake Linux 6.0-7.2; RedHat Linux 6.2-7.1 | gftp contains a format string vulnerability. |
Debian Security
Advisory DSA-055-1 8 May 2001 (gftp) MandrakeSoft Security Advisory MDKSA-2001:044: gftp Red Hat Linux Security Advisory RHSA-2001:053-06 (gftp) |
None |
| SGI IRIX 6.5-6.5.9 | Remote users can exploit buffer overflow vulnerabilities in the ESP daemon to gain root privileges. | SGI Advisory 20010501-01-P | CVE-2001-0331 |
| Debian 2.2 | sendfile contains vulnerabilities that may be exploited by a local user to obtain root privileges. |
Debian Security
Advisory DSA-050-1 20 April 2001 (sendfile)
Debian Security
Advisory DSA-052-1 23 April 2001 (sendfile) |
None |
| Debian 2.2; Mandrake Linux 6.0-7.2 | Recent security fix to cron introduced a vulnerability that may be exploited by a local user to obtain root privileges. |
Debian Security
Advisory DSA-054-1 7 May 2001 (cron) MandrakeSoft Security Advisory MDKSA-2001:050: vixie-cron |
None |
| RedHat Linux 7.1 | Linux kernels prior to 2.4.x using iptables for TCP/IP firewalling contain a vulnerability that allows an attacker to create TCP connections that should not be allowed. |
Red Hat Linux Security Advisory RHSA-2001:052-02 (linux kernel) |
None |
| Debian 2.2 | The cfingerd finger daemon contains a format string vulnerability that may allow a remote attacker to gain root privilege. |
Debian Security
Advisory DSA-049-1 19 April 2001 (cfingerd) |
None |
| FreeBSD 3.0-3.5.1, 4.0-4.2; NetBSD 1.4-1.5 | The IPFilter packet filtering firewall incorrectly passes packets that should be blocked. | FreeBSD SA 01:32 (ipfilter) NetBSD Security Advisory 2001-007 | None |
| Caldera; Debian 2.2; Mandrake Linux 7.1-8.0; RedHat Linux 5.2-7.1 | The Samba file service daemon insecurely creates temporary files. |
Red Hat Linux Security Advisory RHSA-2001:044-08 (samba) MandrakeSoft Security Advisory MDKSA-2001:040: samba Caldera Security Advisory CSSA-2001-015.0 (samba) Caldera Security Advisory CSSA-2001-018.0 (samba) Debian Security Advisory DSA-048-1 18 April 2001 (samba) |
None |
| Caldera; Debian 2.2; Mandrake Linux 6.0-7.2; RedHat Linux 6.2-7.0 | Linux kernels prior to 2.2.19 contain multiple security problems, including local denial of service attacks and root privilege compromises. |
Caldera
Security Advisory CSSA-2001-012.0 (linux kernel) Debian Security Advisory DSA-047-1 15 April 2001 (kernel) MandrakeSoft Security Advisory MDKSA-2001:037: kernel Red Hat Linux Security Advisory RHSA-2001:047-03 (linux kernel) |
None |
| FreeBSD 3.0-3.5.1, 4.0-4.2; NetBSD 1.5 and prior; Mandrake Linux 7.1-8.1; RedHat Linux 6.2-7.2 | Remote users can cause a denial of service or gain root privileges via a buffer overflow vulnerability in ftpd's use of the glob(3) library function. |
FreeBSD SA 01:33 (ftpd-glob)
NetBSD
Security Advisory 2001-005
MandrakeSoft
Security Advisory MDKSA-2001:095: glibc Red Hat Linux Security Advisory RHSA-2001:160-09 (glibc) |
None |
| RedHat Linux 6.2-7.0 | The Kerberos programs handle the Kerberos IV ticket files insecurely. |
Red Hat Linux Security Advisory RHSA-2001:025-14 |
None |
| FreeBSD 3.0-3.5.1, 4.0-4.2 | The UFS and EXT2FS file systems on FreeBSD contain a race condition that allows users access to contents of deleted files. | FreeBSD SA 01:30 (ufs-ext2fs) | None |
| RedHat Linux 7.0 | The licq program is vulnerable to buffer overruns and executing the system(3) library function with user-specified data. |
Red Hat Linux Security Advisory RHSA-2001:022-03 |
None |
| Mandrake Linux 6.0-7.2 | The mutt mail client's imap code contains a format string vulnerability. |
MandrakeSoft
Security Advisory MDKSA-2001:031: mutt |
None |
| AIX 5.3.x, 5.1; Caldera; Debian 2.2; Mandrake Linux 6.0-7.2; NetBSD 1.4-1.5; RedHat Linux 5.2-7.0; Sun Solaris 2.4-2.6, 7, & 8 (SunOS 5.4-5.8) | The ntp network time protocol daemon contains a buffer overflow vulnerability that may be exploited by remote users to gain root privileges. |
IBM MSS-OAR-E01-2000:138.1 (ntp)
Caldera
Security Advisory CSSA-2001-013.0 (ntpd) Debian Security Advisory DSA-045-1 5 April 2001 (ntp) MandrakeSoft Security Advisory MDKSA-2001:036: ntp/xntp3 NetBSD Security Advisory 2001-004 Red Hat Linux Security Advisory RHSA-2001:045-05 (ntpd) Sun Security Bulletin #00211 (xntpd) |
None |
| Caldera; Mandrake Linux 6.0-7.2; RedHat 5.2-7.0 | Users can embed malicious control codes in files that will cause commands to be executed by any user who opens the file in the vim editor. |
Caldera
Security Advisory CSSA-2001-014.0 (vim) MandrakeSoft Security Advisory MDKSA-2001:035: vim Red Hat Linux Security Advisory RHSA-2001:008-02 |
None |
| Caldera OpenLinux 2.3, eServer 2.3.1, eBuilder, eDesktop 2.4 | Buffer overflow vulnerabilities and a misconfiguration in the imap, ipop2d, and ipop3d daemons allow remote attackers to gain access to the "nobody" account. |
Caldera
Security Advisory CSSA-2001-011.0 (imap, ipop2d, ipop3d) |
None |
| FreeBSD 3.0-3.5.1, 4.0-4.2; Mandrake Linux 6.0-7.2 | The timed daemon that provides synchronization of time between multiple clients may be crashed by a malformed packet. |
FreeBSD SA 01:28 (timed)
MandrakeSoft
Security Advisory MDKSA-2001:034: timed |
None |
| FreeBSD 3.0-3.5.1, 4.0-4.2 | The rwhod daemon that provides system uptime reports and remote reporting of logged-in users may be crashed by a malformed packet. | FreeBSD SA 01:29 (rwhod) | None |
| Debian 2.2 | The mailx program contains a buffer overflow vulnerability. |
Debian Security
Advisory DSA-044-1 13 March 2001 (mailx) |
None |
| Debian 2.2 | The gnuserv program used with xemacs21 insecurely handles remote connections and buffer overflows. |
Debian Security
Advisory DSA-042-1 8 March 2001 (gnuserv) |
CVE-2001-0191 |
| Debian 2.2 | The ePerl program contains buffer overflows which may be used by local or remote users to obtain increased privileges. |
Debian Security
Advisory DSA-034-1 7 March 2001 (ePerl) |
None |
| Debian 2.2; Mandrake 7.2; RedHat 5.2, 6.2, 7.0 | The joe editor contains a vulnerability that may be exploited by local users to run commands as other users that run joe. |
Debian Security
Advisory DSA-041-1 9 March 2001 (joe) MandrakeSoft Security Advisory MDKSA-2001:026: joe Red Hat Linux Security Advisory RHSA-2001:024-03 (joe) |
None |
| Caldera OpenLinux 2.3, eServer 2.3.1, eBuilder, eDesktop 2.4 | A buffer overflow in /bin/mail allows a local user to read, modify, and delete mail messages of other users. |
Caldera
Security Advisory CSSA-2001-010.0 (/bin/mail) Red Hat Linux Security Advisory RHSA-2001:013-05 (sysctl ptrace mxcsr P4) |
None |
| Debian 2.2; Mandrake Linux 7.1-7.2; RedHat Powertools 6.2-7.1 | Users with scripting capabilities can exploit vulnerabilities in the Zope ZClasses which may allow unauthorized changes to be made to ZClass instances. DTML scripting may allow users to access functions that should not be available to them |
Debian Security
Advisory DSA-043-1 9 March 2001 (Zope) MandrakeSoft Security Advisory MDKSA-2001:080: Zope MandrakeSoft Security Advisory MDKSA-2001:049: Zope Red Hat Linux Security Advisory RHSA-2001:115-05 (Zope) Red Hat Linux Security Advisory RHSA-2001:021-06 (Zope) Red Hat Linux Security Advisory RHSA-2001:065-05 (Zope) |
None |
| Debian 2.2; Mandrake Linux 7.1-7.2; RedHat Powertools 6.2 | The sudo program contains a buffer overflow which may be used by a local user to obtain increased privileges. |
Debian Security
Advisory DSA-031-1 28 February 2001 (sudo) MandrakeSoft Security Advisory MDKSA-2001:024: sudo Red Hat Linux Security Advisory RHSA-2001:019-02 (sudo) |
None |
| Debian 2.2; RedHat Secure Web Server 2.0 | A buffer overflow vulnerability in the analog package that may be exploited by use of the ALIAS command. |
Debian Security
Advisory 7 March 2001 (analog) Red Hat Linux Security Advisory RHSA-2001:017-03 (vixie cron) |
None |
| Mandrake Linux 6.0-7.2 | CUPS printing package contains temporary file races, buffer overflows, and other vulnerabilities. |
MandrakeSoft
Security Advisory MDKSA-2001:023: cups
MandrakeSoft
Security Advisory MDKSA-2001:048: cups |
None |
| Sun Java JDK 1.1.6-1.1.8; SDK 1.2.1-1.2.2 | Vulnerability in Java Runtime Environment may allow malicious Java code to execute unauthorized commands. | Sun Security Bulletin #00201 | None |
| Mandrake Linux 6.0-7.2; RedHat 5.2-7.0 | A buffer overflow in the crontab command may be exploited by users with usernames longer than 20 characters. |
MandrakeSoft
Security Advisory MDKSA-2001:022: vixie-cron Red Hat Linux Security Advisory RHSA-2001:014-03 (vixie cron) |
None |
| NetBSD 1.4-1.5 (i386) | Local users on systems built with "options USER_LDT" may execute arbitrary kernel code via a custom call gate. | NetBSD Security Advisory 2001-002 | None |
| FreeBSD 3.5, 4.0-4.2 | Kerberos-related security vulnerabilities: 1) Buffer overflow in the libkrb Kerberos authentication library may be exploited by remote authentication servers; 2) Kerberized telnet daemon does not properly filter environment variables supplied by a malicious client; 3) Kerberos ticket management code creates temporary files unsafely. | FreeBSD SA 01:25 (kerberosIV) | None |
| Debian 2.2 | XFree86 3.3.6 contains buffer overflow vulnerabilities, creates temporary files insecurely, and is vulnerable to denial of service attacks. |
Debian Security
Advisory 12 February 2001 (xfree86-1) Red Hat Linux Security Advisory RHSA-2001:071-05 (XFree86) |
None |
| Debian 2.2; Mandrake Linux 7.2 | proftpd daemon contains vulnerabilities that could result in a denial of service or execution of arbitrary code by remote users. |
Debian Security
Advisory 7 March 2001 (proftpd) Debian Security Advisory 11 February 2001 (proftpd) MandrakeSoft Security Advisory MDKSA-2001:021: proftpd |
None |
| Mandrake Linux 7.0-7.2; Debian 2.2; FreeBSD 4.0-4.2; NetBSD 1.5_BETA; RedHat Linux 7.0 | Remote users could exploit a memory overwriting vulnerability in sshd to obtain privileged access to a system. Remote users could obtain the server's secret key by making frequent connections to the sshd daemon. |
MandrakeSoft
Security Advisory MDKSA-2001:033: openssh Debian Security Advisory DSA 086-1 13 November 2001 (openssh) Debian Security Advisory 8 February 2001 (openssh) FreeBSD SA 01:24 (ssh) NetBSD Security Advisory 2001-003 Red Hat Linux Security Advisory RHSA-2001:033-04 (openssh) Red Hat Linux Security Advisory RHSA-2001:041-02 (openssh) |
None |
| Debian 2.2 | Local users could abuse format string vulnerabilities in man(1). |
Debian Security
Advisory 9 February 2001 (man) |
None |
| Caldera, RedHat 6.0-7.0 | Linux 2.2 and 2.4 kernels contain vulnerabilities: the sysctl() system call allows local users to read kernel memory, and the ptrace() system call allows local users to modify setuid processes. |
Caldera
Security Advisory CSSA-2001-009.0 (ptrace, sysctl) Red Hat Linux Security Advisory RHSA-2001:013-05 (sysctl ptrace mxcsr P4) |
None |
| Mandrake Linux 7.2 | kdesu in KDE versions 1.x and 2.0 allows local users to obtain the root password. |
MandrakeSoft
Security Advisory MDKSA-2001:018: kdesu |
None |
| RedHat 6.2 | inetd fails to close properly sockets for internal services. |
Red Hat Linux Security Advisory RHSA-2001:006-03 |
None |
| FreeBSD 3.x, 4.0-4.2 | The ident server built into inetd does not properly set group privileges, allowing remote users to read the first sixteen bytes of files readable by the group "wheel". | FreeBSD SA 01:11 (inetd) | None |
| Many | BIND (Berkeley Internet Name Daemon) versions prior to 8.2.3 or 4.9.8 contain a buffer overflow vulnerability allows remote users to execute arbitrary code |
CERT Advisory 2001-02 Caldera Security Advisory CSSA-2001-008.0 (BIND) Debian Security Advisory 29 January 2001 (bind) MandrakeSoft Security Advisory MDKSA-2001:017: BIND NetBSD Security Advisory 2001-001 Red Hat Linux Security Advisory RHSA-2001:007-03 |
None |
| FreeBSD 3.x, 4.0-4.1.1, Debian 2.2 | Local users could abuse crontab(1) to read any file on the system that conforms to the crontab(5) syntax. |
FreeBSD SA 01:09 (crontab)
Debian Security
Advisory 27 January 2001 (crontab) |
None |
| Solaris 7, 2.6-2.4 | Buffer overflow vulnerability in arp(8) allows local users to gain root privileges. | Sun Security Bulletin #00200 | None |
| Debian 2.2 | Remote users can gain access to a system via a heap overflow vulnerability in tinyproxy. |
Debian Security
Advisory DSA-018-1 23 January 2001 (tinyproxy) |
None |
| RedHat Powertools 6.0-7.0 | A buffer overflow vulnerability in the micq package allows users to execute arbitrary commands (I assume with privileges). |
Red Hat Linux Security Advisory RHSA-2001:005-03 |
None |
| FreeBSD 3.x, 4.0-4.2 | ipfw packet filtering rules that allow established TCP connections also allow TCP segments through which have ECE flags set. | FreeBSD SA 01:08 (ipfw) | None |
| Debian 2.2 | splitvt allows local users to gain increased privileges via buffer overflow exploits. |
Debian Security
Advisory DSA-014-1 23 January 2001 (splitvt) |
None |
| Debian 2.2 | Local users who are members of the floppy group can obtain root privileges via a vulnerability jazip program. |
Debian Security
Advisory DSA-017-1 25 January 2001 (jazip) |
None |
| FreeBSD 4.0-4.1.1 | Vulnerability in OpenSSH agent and X11 forwarding allows agent and X11 forwarding to SSH servers even if the client is configured not to allow such forwarding. This may expose the SSH keyring and X11 display to snooping by hostile users. | FreeBSD SA 01:01 (openssh) | None |
| Debian 2.2 | sash incorrectly set permissions on /etc/shadow, leaving encrypted passwords visible to all users. |
Debian Security
Advisory DSA-015-1 23 January 2001 (sash) |
None |
| RedHat Powertools 6.0-7.0 | A string format vulnerability exists in icecast that allows execution of arbitrary commands. |
Red Hat Linux Security Advisory RHSA-2001:004-04 |
None |
| Debian 2.2; RedHat 5.2-7.0 | PHP 4.0.0-4.0.4 contains vulnerabilities allowing a remote user to obtain access to source code to PHP pages. |
Debian Security
Advisory DSA-020-1 25 January 2001 (php4) Red Hat Linux Security Advisory RHSA-2000:136-10 |
None |
| Caldera; Debian 2.2; Mandrake Linux 6.0-7.2; RedHat 7.0 | MySQL 3.23.2 through 3.23.30 contains a vulnerability through which any MySQL user could obtain the encrypted passwords for all MySQL users. Older versions of MySQL also contain buffer overflow vulnerabilities. |
Caldera
Security Advisory CSSA-2001-006.0 (mysql) MandrakeSoft Security Advisory MDKSA-2001:014: MySQL Debian Security Advisory DSA-013-1 23 January 2001 (mysql) Red Hat Linux Security Advisory RHSA-2001:003-07 |
None |
| Caldera OpenLinux 2.3, OpenLinux eServer 2.3.1, OpenLinux eDesktop 2.4; Mandrake Linux 6.0-7.2; RedHat 7.0 | glibc allows unprivileged users to read restricted files and preload libraries in /lib and /usr/lib directories into SUID programs even if those libraries have not been marked OK for preloading. |
Debian Security
Advisory DSA-039-1 8 March 2001 (glibc) Caldera Security Advisory CSSA-2001-007.0 (glibc) MandrakeSoft Security Advisory MDKSA-2001:012: glibc Red Hat Linux Security Advisory RHSA-2001:001-05 Red Hat Linux Security Advisory RHSA-2001:002-03 |
None |
| Caldera OpenLinux, Debian, FreeBSD, Mandrake Linux, RedHat Linux, SGI IRIX | A number of programs create temporary files insecurely. Local users can exploit this vulnerability to overwrite arbitrary files, potentially resulting in a denial of service or an increase in privilege. |
Debian Security
Advisory 090-1 5 December 2001 (xtel) SGI Advisory 20011103-01-I (shells) MandrakeSoft Security Advisory MDKSA-2001:086: tetex MandrakeSoft Security Advisory MDKSA-2001:064: tripwire MandrakeSoft Security Advisory MDKSA-2001:058: ispell Red Hat Linux Security Advisory RHSA-2001:102-10 (teTeX) Red Hat Linux Security Advisory RHSA-2001:116-03 (diffutils) Red Hat Linux Security Advisory RHSA-2001:74-03 (ispell) MandrakeSoft Security Advisory MDKSA-2001:043: rpmdrake Red Hat Linux Security Advisory RHSA-2001:061-02 (nedit) Debian Security Advisory DSA-053-1 26 April 2001 (nedit) MandrakeSoft Security Advisory MDKSA-2001:042: nedit MandrakeSoft Security Advisory MDKSA-2001:047: pine Red Hat Linux Security Advisory RHSA-2001:042-02 (pine, pico) Debian Security Advisory DSA-046-1 15 April 2001 (exuberant-ctags) MandrakeSoft Security Advisory MDKSA-2001:030: sgml-tools MandrakeSoft Security Advisory MDKSA-2001:029: Mesa Debian Security Advisory 26 January 2001 (inn2) Caldera Security Advisory CSSA-2001-004.0 (webmin) MandrakeSoft Security Advisory MDKSA-2001:016: webmin Debian Security Advisory 26 January 2001 (exmh) MandrakeSoft Security Advisory MDKSA-2001:015: exmh FreeBSD SA 01:13 (sort) FreeBSD SA 01:12 (periodic) Debian Security Advisory 25 January 2001 (squid) Caldera Security Advisory CSSA-2000-043.0 (tcsh, csh) Debian Security Advisory 11 November 2000 (tcsh) FreeBSD SA 00:76 (tcsh-csh) Red Hat Linux Security Advisory RHSA-2000:121-04 (tcsh, csh) Caldera Security Advisory CSSA-2000-042.0 (bash) FreeBSD SA 01:03 (bash1) Red Hat Linux Security Advisory RHSA-2000:117-01 (bash) Debian Security Advisory 25b December 2000 (dialog) Debian Security Advisory 30 November 2000 (fsh) Debian Security Advisory 29 November 2000 (ed) MandrakeSoft Security Advisory MDKSA-2000:076: ed Red Hat Linux Security Advisory RHSA-2000:123-01 (ed) Red Hat Linux Security Advisory RHSA-2000:122-06 (diskcheck) Caldera Security Advisory CSSA-2001-001.0 (inn) MandrakeSoft Security Advisory MDKSA-2001:010: inn MandrakeSoft Security Advisory MDKSA-2001:008: diffutils MandrakeSoft Security Advisory MDKSA-2001:002: arpwatch MandrakeSoft Security Advisory MDKSA-2001:001: wu-ftpd MandrakeSoft Security Advisory MDKSA-2001:006: gpm MandrakeSoft Security Advisory MDKSA-2001:004: getty_ps Caldera Security Advisory CSSA-2001-002.0 (mgetty) Debian Security Advisory DSA-011-1 10 January 2001 (mgetty) MandrakeSoft Security Advisory MDKSA-2001:009: mgetty MandrakeSoft Security Advisory MDKSA-2001:007: useradd MandrakeSoft Security Advisory MDKSA-2001:005: rdist MandrakeSoft Security Advisory MDKSA-2001:011: vpop3d |
None |
| SGI IRIX 6.5-6.5.9 | Local users can exploit format string vulnerabilities in the locale subsystem to gain root privileges. | SGI Advisory 20000901-01-A | None |
| NetBSD 1.5 | Authorized users may gain root privilege via exploitable buffer overflows in libkrb and kerberized telnetd. | NetBSD Security Advisory 2000-017 | None |
| RedHat 7.0 | rp-pppoe is vulnerable to a denial of service attack. |
Red Hat Linux Security Advisory RHSA-2000:130-05 |
None |
| Debian 2.2; RedHat 7.0 | stunnel contains a buffer overflow vulnerability. |
Debian Security
Advisory 25a December 2000 Red Hat Linux Security Advisory RHSA-2000:137-04 |
None |
| OpenBSD 2.8 and prior; NetBSD 1.5 and prior | Remote users can gain root privileges via a buffer overflow vulnerability in ftpd. |
OpenBSD NetBSD Security Advisory 2000-018 |
None |
| Mandrake Linux 6.0-7.2; RedHat 6.0-7.0 | Local users can force slocate to execute arbitrary code via a buffer overflow. |
MandrakeSoft
Security Advisory MDKSA-2000:085: slocate Red Hat Linux Security Advisory RHSA-2000:128-02 |
None |
| FreeBSD 3.0-3.5.1, 4.0-4.2 | Vulnerability in procfs virtual filesystem allows local users to gain root privileges or cause a denial of service by hanging the system | FreeBSD SA 00:77 (procfs) | None |
| Mandrake Linux 6.0-7.2 | Local users can exploit a vulnerability in the cons.saver screen saver program in the mc package to write arbitrary files. |
MandrakeSoft
Security Advisory MDKSA-2000:078: mc |
None |
| Mandrake Linux 7.2 | apcupsd daemon in combination with its shutdown script allows local users to kill arbitrary processes when the apcupsd daemon is stopped or restarted. |
MandrakeSoft
Security Advisory MDKSA-2000:077: apcupsd |
None |
| RedHat Linux 6.0-7.0 | The pam_localuser PAM module contains a buffer overflow vulnerability. The module is not used in any default configurations. |
Red Hat Linux Security Advisory RHSA-2000:120-04 |
None |
| Mandrake Linux 7.2 | CUPS allows access to local printers to any remote user. |
MandrakeSoft
Security Advisory MDKSA-2000:070: modutils |
None |
| Debian Linux 2.2 | Insecure permissions on files and race conditions allow local users to gain privileges or cause denial of service to other users. |
Debian Security
Advisory 17 November 2000 |
CVE-2000-0666 |
| Mandrake Linux 7.1-7.2; Debian 2.2; RedHat Linux 6.2-7.0 | modutils package in combination with kmod kernel facility allows local users to execute commands with root privileges. |
Debian Security
Advisory 20 November 2000
Debian Security
Advisory 22 November 2000 Red Hat Linux Security Advisory RHSA-2000:108-02 Red Hat Linux Security Advisory RHSA-2000:108-04 MandrakeSoft Security Advisory MDKSA-2000:071: modutils |
None |
| FreeBSD 3.5-3.5.1,4.0-4.1.1 | Failure in ppp(8)'s network address translation code allows remote users to pass in IP packets that should be stopped by filters. | FreeBSD SA 00:70 (ppp-nat) | None |
| FreeBSD 3.x,4.0-4.1.1 | Remote users can use telnetd to cause a denial of service. | FreeBSD SA 00:69 (telnetd) | None |
| FreeBSD 3.x,4.0-4.1.1; Mandrake Linux 7.1-7.2; RedHat Linux 6.2-7.0 | Buffer overflow vulnerability in the libncurses library allows local users to gain new privileges. |
MandrakeSoft
Security Advisory MDKSA-2001:052: ncurses FreeBSD SA 00:68 (ncurses) Red Hat Linux Security Advisory RHSA-2000:115-01 |
None |
| AIX Versions 4.2.x, 4.3.x; Caldera OpenLinux Desktop 2.3, OpenLinux eServer 2.3, OpenLinux eDesktop 2.4; Debian 2.1-2.2; Mandrake Linux 6.0-7.2; RedHat Linux 5.2-7.0; FreeBSD 3.x | Denial of service vulnerability in BIND 8.2.2P7 allows remote users to cause the nameserver daemon to crash. |
IBM ERS-SVA-E01-2000:005.1 (filesystem) Caldera Security Advisory CSSA-2000-040.0 Debian Security Advisory 12 November 2000 MandrakeSoft Security Advisory MDKSA-2000:067: bind Red Hat Linux Security Advisory RHSA-2000:107-01 FreeBSD SA 01:10 (bind) |
None |
| Mandrake Linux 7.0-7.2 | Race condition in nss_ldap allows malicious users to cause a system running nscd daemon to hang. |
MandrakeSoft
Security Advisory MDKSA-2000:066: nss_ldap |
None |
| Mandrake Linux; RedHat Linux 5.x-6.x | Buffer overflow exploits in the dump program allow local users to gain root privileges. |
Red Hat Linux Security Advisory RHSA-2000:100-02 MandrakeSoft Security Advisory MDKSA-2000:065: dump |
None |
| FreeBSD 3.x,4.0-4.1.1 | A format string vulnerability in the top program allows local users to read privileged data from the system's memory. | FreeBSD SA 00:62 (top) | None |
| FreeBSD 4.0-4.1.1 | A long DNS hostname in a name lookup response can be used to cause a denial of service in certain cases. | FreeBSD SA 00:63 (getnameinfo) | None |
| FreeBSD 3.0-3.5.1, 4.0 | Format string vulnerabilities in chpass and related commands allow local users to execute arbitrary code as the root user. | FreeBSD SA 00:58 (chpass) | None |
| Debian 2.2; FreeBSD 3.0-3.5.1, 4.0-4.1.1; Mandrake Linux 7.1-8.0 | Buffer overflow vulnerabilities in tcpdump allow remote attackers to crash tcpdump or execute arbitrary code if tcpdump is running. |
Debian Security
Advisory 20 November 2000 FreeBSD SA 01:48 (tcpdump) FreeBSD SA 00:61 (tcpdump) MandrakeSoft Security Advisory MDKSA-2001:056: tcpdump |
None |
| RedHat Linux 6.1-7.0 | Race condition in nss_ldap package allows users to cause a denial of service if a system is running nscd. |
Red Hat Linux Security Advisory RHSA-2000:024-02 |
None |
| Caldera OpenLinux Desktop 2.3, OpenLinux eServer 2.3, OpenLinux eDesktop 2.4; Debian GNU/Linux 2.1-2.2; RedHat Linux 5.0-6.2 | ypbind NIS program contains a format string vulnerability that may be exploited remotely. |
Caldera
Security Advisory CSSA-2000-039.0 Debian Security Advisory 14 October 2000 Red Hat Linux Security Advisory RHSA-2000:086-05 MandrakeSoft Security Advisory MDKSA-2000:064: ypbind and ypserv |
None |
| Debian GNU/Linux 2.2; RedHat Powertools 6.1-7.0 | curl file retrieval tool contains a format string vulnerability that may be exploited by rogue FTP or HTTP servers. |
Debian Security
Advisory 14 October 2000 Red Hat Linux Security Advisory RHSA-2000:092-01 |
None |
| RedHat Linux 6.2-7.0 | Several security problems in ping program have been fixed. |
Red Hat Linux Security Advisory RHSA-2000:087-02 |
None |
| FreeBSD 4.1.1 | Finger daemon allows local and remote users to read the contents of any file readable by user "nobody". | FreeBSD SA 00:54 (fingerd) | None |
| RedHat Linux 6.1-7.0 | GnoRPM may be tricked into writing arbitrary files by local users. |
Red Hat Linux Security Advisory RHSA-2000:072-05 |
None |
| RedHat Linux 6.0-7.0 | Failure to scrub environment variables (such as LANG and LC_ALL) in /usr/bin/userhelper allows local users to gain root privileges via format string exploits against privileged programs. |
Red Hat Linux Security Advisory RHSA-2000:075-05 |
None |
| Caldera OpenLinux eServer 2.3, OpenLinux eDesktop 2.4;Debian GNU/Linux 2.1-2.2 | PHP format string bugs could allow remote users to execute arbitrary code on a web server. |
Caldera
Security Advisory CSSA-2000-037.0 Debian Security Advisory 14 October 2000 |
None |
| Caldera OpenLinux Desktop 2.3, OpenLinux eServer 2.3, OpenLinux eDesktop 2.4 | ncurses library allows local users to exploit privileged programs that link against ncurses. |
Caldera
Security Advisory CSSA-2000-036.0 |
None |
| Debian 2.2; RedHat Linux 6.0-7.0 | Race condition vulnerability in esound Gnome sound server allows local users to change permissions of any file owned by the esound user. |
Debian Security
Advisory 8 October 2000 Red Hat Linux Security Advisory RHSA-2000:077-03 |
None |
| FreeBSD 3.0-3.5.1, 4.0-4.1.1 | Weak random number generator used to create TCP initial sequence numbers may allow remote users to abuse protocols that use IP source addresses for authentication. | FreeBSD SA 00:52 (tcp-iss) | None |
| Mandrake Linux 7.0-7.1 | Lack of restrictions on local acccess to X server allows local users to obtain or insert keystrokes and window information from the console user. |
MandrakeSoft
Security Advisory MDKSA-2000:052: xinitrc |
None |
| Mandrake Linux 6.0-7.1; RedHat Linux 6.1-7.0 | tmpwatch allows local users to cause a denial of service or gain root privileges. |
MandrakeSoft
Security Advisory MDKSA-2000:056: tcpwatch Red Hat Linux Security Advisory RHSA-2000:080-01 |
None |
| Caldera OpenLinux Desktop 2.3, OpenLinux eServer 2.3, OpenLinux eDesktop 2.4; Debian 2.2; Mandrake Linux 6.0-7.1; RedHat Linux 7.0 | traceroute contains a vulnerability that may be exploited by local users to gain root privileges. |
Debian Security
Advisory 13 October 2000 MandrakeSoft Security Advisory MDKSA-2000:053: traceroute Caldera Security Advisory CSSA-2000-034.0 Red Hat Linux Security Advisory RHSA-2000:078-02 Red Hat Linux Security Advisory RHSA-2000:065-04 |
None |
| Caldera OpenLinux Desktop 2.3, OpenLinux eServer 2.3, OpenLinux eDesktop 2.4; RedHat Linux 5.0-6.2 | Format bug vulnerability in LPRng may allow local and remote users to gain root privileges. |
Caldera
Security Advisory CSSA-2000-033.0 MandrakeSoft Security Advisory MDKSA-2000:054: lpr Red Hat Linux Security Advisory RHSA-2000:066-03 |
None |
| Caldera OpenLinux Desktop 2.3, OpenLinux eServer 2.3, OpenLinux eDesktop 2.4; Mandrake Linux 6.0-7.1; RedHat Linux 5.2-6.2; Debian GNU/Linux 2.1-2.2 | syslogd and klogd contain vulnerabilities that may be exploited by local and remote users to gain root privileges. |
Red Hat Linux Security Advisory RHSA-2000:061-04
Red Hat Linux Security Advisory RHSA-2000:061-02 Debian Security Advisory 19 September 2000 MandrakeSoft Security Advisory MDKSA-2000:050: sysklogd Caldera Security Advisory CSSA-2000-032.0 |
None |
| Debian Linux 2.2 | libpam-smb buffer overflow allows remote execution of arbitrary commands with root privileges. | Debian Security Advisory 11 September 2000 | None |
| IRIX 5.2-6.5.9 | Vulnerability in in.telnetd allows remote users to gain root access. | SGI Advisory 20000801-01-P | None |
| Caldera OpenLinux Desktop 2.3, eBuilder 2.3, eDesktop 2.4; Mandrake Linux 7.0-7.1; RedHat Linux 5.0-6.2; Debian GNU/Linux 2.1-2.2 | Failure to scrub environment variables (such as LD_PRELOAD and
LD_LIBRARY_PATH) allows local users to gain root privileges by
substituting trojan shared libraries for system shared libraries when
setuid programs execute other programs. Buffer overflow vulnerabilities exist in the locale handling code and may be exploited by executing setuid programs with particular environment variables (such as LANGUAGE) set. |
Red Hat Linux Security Advisory RHSA-2000:057-04
Red Hat Linux Security Advisory RHSA-2000:057-01 Debian Security Advisory 2 September 2000 Debian Security Advisory 5 September 2000 Caldera Security Advisory CSSA-2000-030.0 Caldera Security Advisory CSSA-2000-028.0 Mandrake September 6 Security Update: glibc Mandrake August 29 Security Update: glibc TurboLinux Advisory TLSA2000021-1 |
None |
| RedHat 6.0-6.2 | Unprivileged users logged in at the system console may cause denial of service by misusing the halt, poweroff, reboot, and shutdown commands. | Red Hat Linux Security Advisory RHSA-2000:053-02 | None |
| FreeBSD 3.0-3.5.1, 4.0-4.1 | Kernel stack overflow in Linux binary compatibility module allows local users to execute arbitrary code with kernel privilege. | FreeBSD SA 00:42 (linux) | None |
| FreeBSD 3.0-3.5.1, 4.0 | ELF image activator in kernel accepts invalid values in executable files allows local users to cause denial of service due to temporary kernel lockup. | FreeBSD SA 00:41 (elf) | None |
| Most systems with suidperl installed | Insecure use of /bin/mail by suidperl allows a local attacker to gain root privileges. |
Red Hat Linux Security Advisory RHSA-2000:048-02 Caldera Security Advisory CSSA-2000-026.0 TurboLinux Advisory TLSA2000018-1 |
None |
| Solaris 8, 7, 2.6 | Buffer overflow vulnerabilities in libprint.so.2 and /usr/lib/lp/bin/netpr allow local users to gain root privileges. | Sun Security Bulletin #00195 | None |
| RedHat Linux 6.0-6.2 | Remote users can use "Xnest -query" to login on display :1 and gain access to console devices. | Red Hat Linux Security Advisory RHSA-2000:044-02 | None |
| RedHat Linux 6.0-6.2, Debian Linux 2.2 (prerelease) | rpc.statd buffer overflow vulnerability allows remote users to gain root privileges |
CERT Advisory 2000-17 Red Hat Linux Security Advisory RHSA-2000:043-03 Debian Security Advisory 15 July 2000 |
CVE-2000-0666 |
| FreeBSD 3.0-3.4, 4.0; NetBSD 1.4.2 and prior | IP options processing vulnerability allows remote users to cause kernel panic. |
FreeBSD
SA 00:23 (ip-options) NetBSD Security Advisory 2000-002 |
None |
| NetBSD-current between 1999-06-24 and 2000-06-22 | Insecure Kerberos session and server keys may be generated. | NetBSD Security Advisory 2000-007 | None |
| IRIX 6.5-6.1 with WorkShop 2.6.* and lower | Vulnerability in cvconnect(1M) allows local and remote users to overwrite any file on the system. | SGI Advisory 20000601-01-P | None |
| All Linux systems with kernel versions 2.2.15 and prior, including Caldera OpenLinux Desktop/eServer/eBuilder 2.3 & eDesktop 2.4, RedHat 6.2 & prior, Debian, etc. | Inherited security capabilities allow local users to prevent privileged programs such as sendmail from reducing privileges. |
Red Hat Linux 6.2 Security Advisory RHSA-2000:037-02
Caldera Security Advisory CSSA-2000-014.0 |
None |
| NetBSD 1.4.2 | Users listed in /etc/ftpchroot are able to access files outside their home directory. | NetBSD Security Advisory 2000-006 | None |
| NetBSD 1.4.2 and prior | CPU starvation denial of service attack possible by local users. | NetBSD Security Advisory 2000-005 | None |
| FreeBSD 2.0-3.4, 4.0, NetBSD 1.4-1.4.2 | System call vulnerability in semaphore facility allows local users to prevent processes from exiting. NetBSD and OpenBSD are affected to a lesser extent. |
FreeBSD
SA 00:19 (semconfig) NetBSD Security Advisory 2000-004 |
None |
| IRIX 6.3 through 6.5.7 | infosrch.cgi(1) program allows any remote user to view files on the vulnerable system with privileges of the user "nobody". | SGI Advisory 20000501-01-P | None |
| AIX Versions 3.2.x, 4.1.x, 4.2.x, 4.3.x | Non-privileged local users can gain write access to files despite permissions that should preclude write access. | IBM ERS-OAR-E01-2000:087.1 (filesystem) | None |
| AIX 4.3 | frcactrl can be used by a local user to cause the Fast Response Cache Accelerator module to modify files and gain root privileges. | ISS Security Advisory of April 26 2000 | CAN-2000-0249 |
| AIX 4.3, Solaris 7, various Linux (Caldera, Redhat 4.x-6.1) | Remote users can cause domain name service performance degredation or completely cause the name service daemon to crash. |
CERT Advisory 99.14 (bind)
Red Hat Linux 6.1 Security Advisory RHSA-1999:054-01 Sun Security Bulletin #00194 |
CVE-1999-0833 |
| IRIX 6.2 through 5.1 | Remote users can create new unprivileged user accounts via the objectserver(1M) daemon. | SGI Advisory 20000303-01-PX | None |
| IRIX 6.x, 5.x | Remote users can determine names of files and directories on an IRIX system by exploiting a vulnerability in the fam daemon. | SGI Advisory 20000301-01-I | None |
| NetBSD 1.4.1 and prior | Vulnerability via procfs filesystem allows modification of a privileged program during execution. | NetBSD Security Advisory 2000-001 | None |
| NetBSD/vax 1.4.1 and prior | ptrace(2) can be used to increase a process' hardware privileges. | NetBSD Security Advisory 1999-012 | None |
| FreeBSD 3.0-3.4, 2.x | Vulnerability in procfs allows local users to gain root privileges | FreeBSD SA 00:02 (procfs) | None |
| FreeBSD 3.0-3.4, 2.x | make(1) uses temporary files insecurely, which allows local users to execute arbitrary shell commands as another user running make with the '-j' flag. | FreeBSD SA 00:01 (make) | None |
| RedHat Linux 6.1, 6.0, 5.x, 4.x | Vulnerabilities in lpd allow remote users to print when they should not have access and allow local users to gain root privileges | Red Hat Security Advisory RHSA-2000:002-01 | None |
| SGI IRIX 6.5-6.5.14; Solaris 7, 2.6, 2.5.1, 2.5, 2.4, 2.3 (SunOS 5.7, 5.6, 5.5.1, 5.5, 5.4, 5.3); Other systems running Common Desktop Environment (CDE) | Buffer overflow vulnerability in dtaction utility allows local
users to execute arbitrary code with root privileges. ttsession authentication mechanism is weak and allows local or remote users to execute arbitrary commands with the privilege of an executing ttsession process. dtspcd daemon vulnerable to file manipulation which allows local users to execute arbitrary commands to gain root privileges. |
CERT Advisory
2002-01
CERT Advisory 2001-31 SGI Advisory 20011107-01-P HREF="http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/214&type=0&nav=sec.sba"> Sun Security Bulletin #00214 Sun Security Bulletin #00192 CERT Advisory 99.11 (CDE) |
CVE-2001-0803 |
| Solaris 7, 2.6, 2.5, 2.4, 2.3 (SunOS 5.7, 5.6, 5.5, 5.4, 5.3) | Buffer overflow vulnerability in sadmind remote system administration daemon allows remote attackers to execute arbitrary code with root privileges. |
CERT
Advisory 99.16 (sadmind) Sun Security Bulletin #00191 |
None |
| Solaris 7, 2.6, 2.5.1, 2.5, 2.4, 2.3 (SunOS 5.7, 5.6, 5.5.1, 5.5, 5.4, 5.3) | Buffer overflow vulnerability in snoop program allows remote attackers to gain root privileges. | Sun Security Bulletin #00190 | None |
| RedHat Linux 6.0, 5.x, 4.x | Denial of service attacks are possible against syslogd | Red Hat Security Advisory RHSA-1999:055-01 | None |
| RedHat Linux 5.2, 4.2 | Buffer overflow vulnerability in the user-space NFS daemon allows remote users to execute arbitrary code as the root user. | Red Hat Security Advisory RHSA-1999:053-01 | None |
| SCO OpenServer 5.0.0-5.0.5 | Unprivileged users can gain privileges via several security holes. | SCO Security Bulletin 99.17 | None |
| RedHat Linux 6.1, 6.0, 5.x, 4.x | Local administrators in the NIS domain could possibly inject password tables via ypserv. In rpc.yppasswdd, users could change GECOS and login shells of other users, and there is a buffer overflow in the md5 hash generation. | Red Hat Security Advisory RHSA-1999:046-01 | None |
| RedHat Linux 6.1, 6.0, 5.x, 4.x | lpr and lpd allows users to print files to which they should not have access | Red Hat Security Advisory RHSA-1999:041-01 | None |
| RedHat Linux 6.1 | Locked NIS accounts may be accessed | Red Hat Security Advisory RHSA-1999:040-01 | None |
| BSD/OS; RedHat Linux 6.0, 5.2, 4.2; FreeBSD 3.2 and prior | Remote users can execute arbitrary code if the amd automount daemon is running |
CERT Advisory 99.12 (amd)
FreeBSD SA 99:06 (amd) Red Hat Security Advisory RHSA-1999:032-01 |
None |
| FreeBSD 3.2 and prior | Local users could gain root privileges via a buffer overflow in the fts(3) library routines. | FreeBSD SA 99:05 (fts) | None |
| FreeBSD 3.2 and prior | Local users could gain root privileges due to core dumps following symbolic links. | FreeBSD SA 99:04 (core) | None |
| Solaris 7, 2.6 (SunOS 5.7, 5.6) | Buffer overflow vulnerability via LC_MESSAGES environment variable may be exploited to gain root privileges. | Sun Security Bulletin #00189 | None |
| FreeBSD 3.2 and prior; OpenBSD 2.5 and prior | Local users could potentially gain increased privileges via profiling setuid programs. |
FreeBSD SA 99:02 (profil)
OpenBSD |
None |
| FreeBSD 3.2 and prior; NetBSD; OpenBSD 2.5 and prior | Local users can gain access to other user's terminals by setting immutable flags on terminal devices. |
FreeBSD SA 99:01 (chflags)
OpenBSD |
None |
| RedHat Linux 6.0, 5.2, 4.2 | Buffer overflow in crond, the cron daemon, allows local users to obtain root privileges | Red Hat Security Advisory RHSA-1999:030-01 | None |
| RedHat Linux 6.0, 5.2, 4.2 | Denial of service attack possible on in.telnetd | Red Hat Security Advisory RHSA-1999:029-01 | None |
| Solaris 7, 2.6, 2.5.1, 2.5, 2.4, 2.3 (SunOS 5.7, 5.6, 5.5.1, 5.5, 5.4, 5.3) | Buffer overflow vulnerability in rpc.cmsd Calendar Manager daemon may be exploited to gain root privileges. | Sun Security Bulletin #00188 | None |
| C Set ++ for AIX Versions 3, 2 | Buffer overflow vulnerability in pdnsd allows local and remote users to gain root access. | IBM ERS-SVA-E01-1999:003.1 (pdnsd) | None |
| RedHat Linux | Buffer overflow in tgetent() function in libtermcap may allow local users to obtain root privileges | Red Hat Security Advisory RHSA-1999:028-01 | None |
| NetBSD Prior to 1.4.1 | profil(2) can modify setuid root programs | NetBSD Security Advisory 1999-011 | None |
| AIX 4.2.x, 4.3.x | Local users can crash the system via the ptrace() system call. | IBM ERS-SVA-E01-1999:002.1 (ptrace) | None |
| IRIX & UNICOS systems running Array Services daemon | Remote users can execute arbitrary commands as root |
CERT Advisory 99.09 (arrayd)
SGI Advisory 19990701-01-P |
None |
| Solaris 2.6 and 2.5.1 | Sendmail updated from 8.6.9 to 8.8.8, including security fixes and email relaying controls. | Sun Security Bulletin #00187 | None |
| SGI IRIX 5.3, Sun Solaris 2.6, 2.5.1, 2.5, 2.4, 2.3 | Remote users can use rpc.statd to execute indirect RPC calls to other RPC services as root |
CERT Advisory 99.05 (statd-automountd)
Sun Security Bulletin #00186 |
None |
| NetBSD 1.3.x | ARP vulnerable to denial of service or traffic hijacking | NetBSD Security Advisory 1999-010 | None |
| SGI IRIX | If installed, /usr/sbin/midikeys allows local users to gain root privileges | SGI Advisory 19990501-01-A | None |
| NetBSD/i386 w/ SVR4 emulation as of April 20 1999 and previous | Regular users can read or write data stored on the NetBSD portion of the first IDE disk in the system | NetBSD Security Advisory 1999-009 | None |
| NetBSD as of April 4 1999 and previous | Local users can trigger system hang or panic, resulting in denial of service | NetBSD Security Advisory 1999-008 | None |
| NetBSD as of March 18 1999 and previous | Security hole in mount syscall allows local users to mount filesystems and execute arbitrary programs on the filesystems | NetBSD Security Advisory 1999-007 | None |
| NetBSD as of March 12 1999 and previous | Security hole in umapfs allows local users to gain root privileges | NetBSD Security Advisory 1999-006 | None |
| SGI IRIX | Font path buffer overflow vulnerability in the X server allows local users to gain root privileges | SGI Advisory 19990301-01-PX | None |
| Solaris 7, 2.6, 2.5.1, 2.5, 2.4, 2.3 | Vulnerabilities in man and catman may be exploited to overwrite arbitrary files | Sun Security Bulletin #00184 | None |
| Solaris 7, 2.6, 2.5.1, 2.5, 2.4 running CDE | Buffer overflow vulnerability in the sdtcm_convert utility may be exploited to gain root privileges | Sun Security Bulletin #00183 | None |
| NetBSD as of Jan 1999 and previous | Race condition in TCP services allows attackers to cause denial of service | NetBSD Security Advisory 1999-001 | None |
| Many BSD-derived TCP stacks | Attackers can disrupt service or crash systems that have vulnerable TCP/IP protocol stacks. |
CERT Advisory 98.13 (TCP denial of service)
|
None |
| Solaris 2.6, 2.5.1, 2.5, 2.4, 2.3 | Vulnerability in the passwd utility which could be exploited to create a denial of service | Sun Security Bulletin #00182 | None |
| Solaris 2.6, 2.5.1, 2.5, 2.4 running CDE | Buffer overflow vulnerability in the dtmail program allows attackers to execute arbitrary commands with the privilege of the user reading the email | Sun Security Bulletin #00181 | None |
| SGI IRIX | Vulnerability in the fcagent(1m) daemon can lead to a denial of service that can disable FibreVault | SGI Advisory 19981201-01-PX | None |
| NetBSD 1.3.2 and previous |