MidnightBSD

Advisories for caldera

CVE-1999-0002 HIGH

Buffer overflow in NFS mountd gives root access to remote attackers, mostly in Linux systems.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
redhat linux 2.1
redhat linux 4.2
redhat linux 4.1
redhat linux 4.0
redhat linux 5.0
bsdi bsd_os 1.1
caldera openlinux 1.2
redhat linux 5.1
redhat linux 3.0.3
redhat linux 2.0
CVE-1999-0009 HIGH

Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sgi irix 6.1
sgi irix 6.2
sun solaris 2.5.1
redhat linux 4.0
sgi irix 4.0.1t
sgi irix 4.0.5g
sun sunos 5.5
ibm aix 4.1.2
data_general dg_ux 5.4_4.1
ibm aix 4.1.1
nec asl_ux_4800 64
sgi irix 3.3
sgi irix 3.3.1
isc bind 8.1.1
sgi irix 3.2
sgi irix 6.0
netbsd netbsd 1.3.1
ibm aix 4.1.3
sun solaris 2.6
ibm aix 4.1.5
data_general dg_ux 5.4_3.1
data_general dg_ux 5.4_3.0
sun sunos 5.5.1
sgi irix 4.0.3
sgi irix 4.0.4t
sco open_desktop 5.0
sun sunos -
netbsd netbsd 1.2.1
ibm aix 4.2
redhat linux 4.1
sgi irix 4.0.5d
sgi irix 4.0.5h
sgi irix 3.3.3
sgi irix 4.0.4b
netbsd netbsd 1.3
sgi irix 5.2
sun sunos 5.3
netbsd netbsd 1.1
sgi irix 5.0
sgi irix 4.0.5a
sgi irix 4.0.2
sun sunos 5.4
sgi irix 4.0.5_ipr
isc bind 4.9.6
sco unixware 2.1
sco unixware 7.0
sgi irix 4.0.5
sgi irix 4.0.1
ibm aix 4.1.4
isc bind 8.1
sgi irix 6.3
bsdi bsd_os 2.0
ibm aix 4.2.1
redhat linux 4.2
bsdi bsd_os 2.1
sgi irix 4.0.5_iop
netbsd netbsd 1.2
sgi irix 5.3
sun solaris 2.5
sgi irix 4.0.5f
sgi irix 5.0.1
sgi irix 4.0.5e
sgi irix 3.3.2
ibm aix 4.1
sgi irix 4.0
sco open_desktop 3.0
sgi irix 5.1.1
bsdi bsd_os 2.0.1
caldera openlinux 1.0
redhat linux 5.0
data_general dg_ux 5.4_4.11
sgi irix 5.1
netbsd netbsd 1.0
ibm aix 4.3
sgi irix 4.0.4
CVE-1999-0017 HIGH

FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 2.0
sun sunos 5.4
gnu inet 6.01
sun sunos 5.5
gnu inet 5.01
sun sunos 4.1.4
sco unixware 2.1
freebsd freebsd 2.1.7
sco openserver 5.0.4
washington_university wu-ftpd 2.4
caldera openlinux 1.2
ibm aix 3.2
netbsd netbsd 1.2
sun sunos 5.5.1
freebsd freebsd 2.1.0
freebsd freebsd 1.0
ibm aix 4.1
netbsd netbsd 1.2.1
sun sunos 4.1.3u1
sco open_desktop 3.0
ibm aix 4.2
freebsd freebsd 1.1
gnu inet 6.02
siemens reliant_unix *
freebsd freebsd 1.2
netbsd netbsd 1.0
sun sunos 5.3
ibm aix 4.3
netbsd netbsd 1.1
CVE-1999-0042 HIGH

Buffer overflow in University of Washington's implementation of IMAP and POP servers.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ibm aix 4.2.1
university_of_washington imap 4
bsdi bsd_os 2.1
redhat linux 4.0
caldera openlinux 1.0
university_of_washington pop 3
bsdi bsd_os 3.0
redhat linux 2.0
CVE-1999-0043 HIGH

Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,CWE-78,

Products Affected

Vendor Product Version
bsdi bsd_os 2.1
redhat linux 4.0
nec goah_networksv 2.2
nec goah_networksv 1.2
isc inn 1.4sec2
netscape news_server 1.1
isc inn 1.4unoff4
nec goah_intrasv 1.1
redhat linux 4.1
caldera openlinux 1.0
isc inn 1.4sec
isc inn 1.5
isc inn 1.4unoff3
nec goah_networksv 3.1
CVE-1999-0047 HIGH

MIME conversion buffer overflow in sendmail versions 8.8.3 and 8.8.4.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
bsdi bsd_os 2.1
caldera openlinux 1.0
eric_allman sendmail 8.8.3
eric_allman sendmail 8.8.4
CVE-1999-0104 MEDIUM

A later variation on the Teardrop IP denial of service attack, a.k.a. Teardrop-2.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
caldera openlinux 2.0
hp hp-ux *
microsoft windows_95 0a
sun sunos 4.1.4
microsoft windows_nt 4.0
sun sunos 4.1.3u1
CVE-1999-0130 HIGH

Local users can start Sendmail in daemon mode and gain root privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 10.01
hp hp-ux 10.20
bsdi bsd_os 2.1
redhat linux 4.0
eric_allman sendmail 8.8.1
hp hp-ux 10.00
ibm aix 4.2
eric_allman sendmail 8.8
freebsd freebsd 2.1.5
eric_allman sendmail 8.7
eric_allman sendmail 8.8.2
caldera network_desktop 1.0
hp hp-ux 10.10
freebsd freebsd 2.1.6
CVE-1999-0234 MEDIUM

Bash treats any character with a value of 255 as a command separator.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
caldera openlinux *
sgi irix *
redhat linux 3.0.3
yggdrasil linux *
suse suse_linux 4.2
CVE-1999-0368 HIGH

Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
slackware slackware_linux 3.4
sco openserver 5.0.5
proftpd_project proftpd 1.2_pre1
washington_university wu-ftpd 2.4.2_beta18
slackware slackware_linux 3.5
redhat linux 5.1
sco unixware 7.0.1
slackware slackware_linux 3.6
sco unixware 7.0
caldera openlinux 1.3
sco openserver 5.0.2
sco openserver 5.0.4
washington_university wu-ftpd 2.4.2_beta18_vr9
redhat linux 5.0
debian debian_linux 2.0
sco openserver 5.0.3
sco openserver 5.0
CVE-1999-0434 HIGH

XFree86 xfs command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
debian debian_linux 2.0
netbsd netbsd 1.3.3
caldera openlinux 1.2
redhat linux 5.1
suse suse_linux 5.3
debian debian_linux 2.1
CVE-1999-0439 HIGH

Buffer overflow in procmail before version 3.12 allows remote or local attackers to execute commands via expansions in the procmailrc configuration file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
caldera openlinux *
procmail procmail *
CVE-1999-0712 LOW

A vulnerability in Caldera Open Administration System (COAS) allows the /etc/shadow password file to be made world-readable.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
caldera coas 1.0.6
caldera openlinux 2.2
caldera coas 1.0.5
caldera coas 1.0.7
CVE-1999-0731 MEDIUM

The KDE klock program allows local users to unlock a session using malformed input.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
caldera openlinux 1.3
caldera openlinux 2.2
CVE-1999-0769 HIGH

Vixie Cron on Linux systems allows local users to set parameters of sendmail commands via the MAILTO environmental variable.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
redhat linux 6.0
redhat linux 4.2
redhat linux 4.1
redhat linux 4.0
paul_vixie vixie_cron 3.0_pl1
redhat linux 5.0
caldera openlinux 2.2
redhat linux 5.1
redhat linux 5.2
debian debian_linux 2.2
debian debian_linux 2.1
CVE-1999-0872 HIGH

Buffer overflow in Vixie cron allows local users to gain root access via a long MAILTO environment variable in a crontab file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
redhat linux 6.0
redhat linux 4.2
redhat linux 4.1
redhat linux 4.0
paul_vixie vixie_cron 3.0_pl1
redhat linux 5.0
caldera openlinux 2.2
redhat linux 5.1
redhat linux 5.2
debian debian_linux 2.2
debian debian_linux 2.1
CVE-1999-0879 HIGH

Buffer overflow in WU-FTPD and related FTP servers allows remote attackers to gain root privileges via macro variables in a message file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
bsdi bsd_os 2.1
caldera openlinux 1.0
bsdi bsd_os 3.0
CVE-1999-0880 MEDIUM

Denial of service in WU-FTPD via the SITE NEWER command, which does not free memory properly.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
bsdi bsd_os 2.1
caldera openlinux 1.0
bsdi bsd_os 3.0
CVE-1999-1182 HIGH

Buffer overflow in run-time linkers (1) ld.so or (2) ld-linux.so for Linux systems allows local users to gain privileges by calling a setuid program with a long program name (argv[0]) and forcing ld.so/ld-linux.so to report an error.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
redhat linux 4.2
redhat linux 4.1
delix dld 5.2
redhat linux 4.0
suse suse_linux 5.0
debian debian_linux 4.0
lst lst_power_linux 2.2
caldera openlinux_lite 1.1
CVE-1999-1288 MEDIUM

Samba 1.9.18 inadvertently includes a prototype application, wsmbconf, which is installed with incorrect permissions including the setgid bit, which allows local users to read and write files and possibly gain privileges via bugs in the program.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
redhat linux *
caldera openlinux 1.3
turbolinux turbolinux *
caldera openlinux 1.0
caldera openlinux 1.2
caldera openlinux 1.1
samba samba 1.9.18
CVE-1999-1570 HIGH

Buffer overflow in sar for OpenServer 5.0.5 allows local users to gain root privileges via a long -o parameter.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
caldera openserver 5.0.5
CVE-2000-0192 MEDIUM

The default installation of Caldera OpenLinux 2.3 includes the CGI program rpm_query, which allows remote attackers to determine what packages are installed on the system.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
caldera openlinux 2.3
CVE-2000-0218 HIGH

Buffer overflow in Linux mount and umount allows local users to gain root privileges via a long relative pathname.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
caldera openlinux 2.3
suse suse_linux *
CVE-2000-0369 MEDIUM

The IDENT server in Caldera Linux 2.3 creates multiple threads for each IDENT request, which allows remote attackers to cause a denial of service.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
caldera openlinux 2.3
CVE-2000-0370 HIGH

The debug option in Caldera Linux smail allows remote attackers to execute commands via shell metacharacters in the -D option for the rmail command.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
caldera openlinux 1.3
caldera openlinux 1.0
caldera openlinux 1.2
caldera openlinux 1.1
CVE-2000-0372 HIGH

Vulnerability in Caldera rmt command in the dump package 0.4b4 allows a local user to gain root privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
caldera openlinux *
CVE-2000-0374 HIGH

The default configuration of kdm in Caldera and Mandrake Linux, and possibly other distributions, allows XDMCP connections from any host, which allows remote attackers to obtain sensitive information or bypass additional access restrictions.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
caldera openlinux 2.3
caldera openlinux 2.2
CVE-2000-0438 HIGH

Buffer overflow in fdmount on Linux systems allows local users in the "floppy" group to execute arbitrary commands via a long mountpoint parameter.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
slackware slackware_linux 3.4
suse suse_linux 4.3
slackware slackware_linux 3.3
slackware slackware_linux 3.9
turbolinux turbolinux 6.0.1
slackware slackware_linux 3.6
suse suse_linux 5.0
suse suse_linux 4.4
turbolinux turbolinux 6.0.2
suse suse_linux 6.4
turbolinux turbolinux 6.0
suse suse_linux 5.3
suse suse_linux 4.2
suse suse_linux 6.3
slackware slackware_linux 4.0
slackware slackware_linux 3.5
suse suse_linux 6.0
caldera openlinux 7.0
suse suse_linux 4.4.1
suse suse_linux 6.2
suse suse_linux 6.1
suse suse_linux 7.0
suse suse_linux 5.1
suse suse_linux 5.2
CVE-2000-0491 HIGH

Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and wdm allows remote attackers to execute arbitrary commands or cause a denial of service via a long FORWARD_QUERY request.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
suse suse_linux 6.2
caldera openlinux *
suse suse_linux 6.4
gnome gdm 1.0
CVE-2000-0530 HIGH

The KApplication class in the KDE 1.1.2 configuration file management capability allows local users to overwrite arbitrary files.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
caldera openlinux 2.4
kde kde 1.1.2
CVE-2000-0531 LOW

Linux gpm program allows local users to cause a denial of service by flooding the /dev/gpmctl device with STREAM sockets.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
redhat linux 6.0
caldera openlinux 2.3
caldera openlinux 2.4
redhat linux 6.1
caldera openlinux_eserver 2.3
CVE-2000-0566 HIGH

makewhatis in Linux man package allows local users to overwrite files via a symlink attack.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
redhat linux 6.0
caldera openlinux 2.3
mandrakesoft mandrake_linux 7.1
redhat linux 6.2
mandrakesoft mandrake_linux 6.0
redhat linux 5.2
mandrakesoft mandrake_linux 7.0
caldera openlinux 2.4
mandrakesoft mandrake_linux 6.1
redhat linux 6.1
CVE-2000-0594 MEDIUM

BitchX IRC client does not properly cleanse an untrusted format string, which allows remote attackers to cause a denial of service via an invite to a channel whose name includes special formatting characters.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
caldera openlinux_edesktop 2.4
freebsd freebsd 4.0
mandrakesoft mandrake_linux 2007
caldera openlinux_ebuilder 2.3
caldera openlinux_desktop 2.3
freebsd freebsd 3.5
caldera openlinux_eserver 2.3
CVE-2000-0844 HIGH

Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
conectiva linux 5.1
sgi irix 6.2
conectiva linux 5.0
sun sunos 5.7
mandrakesoft mandrake_linux 7.1
sgi irix 6.5.2m
redhat linux 6.2
sun sunos 5.5
ibm aix 4.1.2
slackware slackware_linux 7.0
debian debian_linux 2.1
ibm aix 4.1.1
sgi irix 6.5.3
caldera openlinux *
turbolinux turbolinux 6.0.4
turbolinux turbolinux 6.0.2
ibm aix 4.1.3
sun solaris 2.6
ibm aix 3.2
ibm aix 4.1.5
debian debian_linux 2.3
sgi irix 6.5.7
sun sunos 5.1
sgi irix 6.5.3m
conectiva linux 4.2
sun sunos 5.8
sun sunos 5.5.1
conectiva linux 4.0
sgi irix 6.5.3f
redhat linux 5.2
ibm aix 4.2
sgi irix 6.5.8
suse suse_linux 6.1
trustix secure_linux 1.0
debian debian_linux 2.0
immunix immunix 6.2
debian debian_linux 2.2
sgi irix 6.5.6
ibm aix 3.2.4
sun sunos 5.3
sgi irix 6.5
ibm aix 4.3.1
redhat linux 6.0
trustix secure_linux 1.1
sun sunos 5.4
ibm aix 3.2.5
caldera openlinux_ebuilder 3.0
turbolinux turbolinux 6.0.1
ibm aix 4.3.2
suse suse_linux 6.4
turbolinux turbolinux 6.0
sgi irix 6.4
sun sunos 5.2
conectiva linux 4.0es
ibm aix 4.1.4
sgi irix 6.3
ibm aix 4.2.1
suse suse_linux 6.3
redhat linux 5.1
conectiva linux 4.1
ibm aix 4.1
suse suse_linux 6.2
ibm aix 4.0
slackware slackware_linux 7.1
sgi irix 6.5.1
redhat linux 5.0
sun sunos 5.0
sgi irix 6.5.4
suse suse_linux 7.0
mandrakesoft mandrake_linux 7.0
turbolinux turbolinux 6.0.3
ibm aix 4.3
redhat linux 6.1
caldera openlinux_eserver 2.3
CVE-2000-0892 LOW

Some telnet clients allow remote telnet servers to request environment variables from the client that may contain sensitive information, or remote web servers to obtain the information via a telnet: URL.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
caldera openlinux *
u_win u_win *
CVE-2000-0917 HIGH

Format string vulnerability in use_syslog() function in LPRng 3.6.24 allows remote attackers to execute arbitrary commands.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
redhat linux 7.0
trustix secure_linux 1.1
caldera openlinux_edesktop 2.4
caldera openlinux *
trustix secure_linux 1.0
caldera openlinux_ebuilder 3.0
caldera openlinux_eserver 2.3
CVE-2000-1134 HIGH

Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash, follow symlinks when processing << redirects (aka here-documents or in-here documents), which allows local users to overwrite files of other users via a symlink attack.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
redhat linux 6.0
conectiva linux 5.1
mandrakesoft mandrake_linux 7.2
conectiva linux 4.2
caldera openlinux_edesktop 2.4
conectiva linux 5.0
mandrakesoft mandrake_linux 7.1
redhat linux 6.2
conectiva linux 4.0
redhat linux 5.2
conectiva linux 4.1
mandrakesoft mandrake_linux 6.1
caldera openlinux *
hp hp-ux 11.11
mandrakesoft mandrake_linux 6.0
suse suse_linux 7.0
redhat linux 6.2e
mandrakesoft mandrake_linux 7.0
immunix immunix 6.2
redhat linux 6.1
caldera openlinux_eserver 2.3
conectiva linux 4.0es
CVE-2000-1195 HIGH

telnet daemon (telnetd) from the Linux netkit package before netkit-telnet-0.16 allows remote attackers to bypass authentication when telnetd is running with the -L command line option.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
caldera openlinux_edesktop 2.3
caldera openlinux_eserver 2.3
CVE-2001-0139 LOW

inn 2.2.3 allows local users to overwrite arbitrary files via a symlink attack in some configurations.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
mandrakesoft mandrake_linux 7.2
redhat linux 7.0
caldera openlinux_edesktop 2.4
mandrakesoft mandrake_linux 7.1
immunix immunix 7.0_beta
mandrakesoft mandrake_linux 6.0
caldera openlinux_desktop 2.3
mandrakesoft mandrake_linux 7.0
debian debian_linux 2.2
mandrakesoft mandrake_linux 6.1
caldera openlinux_eserver 2.3
CVE-2001-0178 LOW

kdesu program in KDE2 (KDE before 2.2.0-6) does not properly verify the owner of a UNIX socket that is used to send a password, which allows local users to steal passwords and gain privileges.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
mandrakesoft mandrake_linux 7.2
caldera openlinux_edesktop 2.4
mandrakesoft mandrake_linux 7.1
suse suse_linux 6.3
suse suse_linux 6.0
mandrakesoft mandrake_linux 6.1
suse suse_linux 6.2
suse suse_linux 6.1
conectiva linux 6.0
suse suse_linux 6.4
suse suse_linux 7.0
mandrakesoft mandrake_linux 7.0
mandrakesoft mandrake_linux_corporate_server 1.0.1
CVE-2001-0181 HIGH

Format string vulnerability in the error logging code of DHCP server and client in Caldera Linux allows remote attackers to execute arbitrary commands.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
caldera openlinux_edesktop 2.4
caldera openlinux_eserver 2.3.1
caldera openlinux_desktop 2.3
CVE-2001-0850 HIGH

A configuration error in the libdb1 package in OpenLinux 3.1 uses insecure versions of the snprintf and vsnprintf functions, which could allow local or remote users to exploit those functions with a buffer overflow.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
caldera openlinux 3.1
CVE-2001-0851 MEDIUM

Linux kernel 2.0, 2.2 and 2.4 with syncookies enabled allows remote attackers to bypass firewall rules by brute force guessing the cookie.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
caldera openlinux_edesktop 2.4
suse suse_linux 6.3
caldera openlinux_eserver 2.3.1
linux linux_kernel 2.4.0
suse suse_linux 7.3
caldera openlinux_workstation 3.1
linux linux_kernel 2.2.0
suse suse_linux 7.1
caldera openlinux 2.3
suse suse_linux 7.2
linux linux_kernel 2.0
caldera openlinux_server 3.1
suse suse_linux 6.4
suse suse_linux 7.0
CVE-2001-0858 MEDIUM

Buffer overflow in pppattach and other linked PPP utilities in Caldera Open Unix 8.0 and UnixWare 7.1.0 and 7.1.1 allows local users to gain privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
caldera unixware 7.1.0
caldera openunix 8.0
caldera unixware 7.1.1
CVE-2001-0869 HIGH

Format string vulnerability in the default logging callback function _sasl_syslog in common.c in Cyrus SASL library (cyrus-sasl) may allow remote attackers to execute arbitrary commands.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
redhat linux 7.0
suse suse_linux 7.2
caldera openlinux_eserver 3.1
redhat linux 7.2
suse suse_linux 7.0
redhat linux_powertools 6.2
suse suse_linux 7.3
caldera openlinux_workstation 3.1
suse suse_linux 7.1
CVE-2001-0980 HIGH

docview before 1.0-15 allows remote attackers to execute arbitrary commands via shell metacharacters that are processed when converting a man page to a web page.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
caldera openlinux_server 3.1
caldera openlinux_workstation 3.1
CVE-2001-1030 HIGH

Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
mandrakesoft mandrake_linux 7.2
trustix secure_linux 1.1
mandrakesoft mandrake_linux 7.1
immunix immunix 7.0_beta
squid squid_web_proxy 2.3stable3
mandrakesoft mandrake_single_network_firewall 7.2
squid squid_web_proxy 2.3stable4
immunix immunix 7.0
redhat linux 7.0
trustix secure_linux 1.01
caldera openlinux_server 3.1
mandrakesoft mandrake_linux 8.0
trustix secure_linux 1.2
immunix immunix 6.2
mandrakesoft mandrake_linux_corporate_server 1.0.1
CVE-2001-1062 HIGH

Buffer overflow in mana in OpenServer 5.0.6a and earlier allows local users to execute arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
caldera openserver *
CVE-2001-1063 HIGH

Buffer overflow in uidadmin in Caldera Open Unix 8.0.0 and UnixWare 7 allows local users to gain root privileges via a long -S (scheme) command line argument.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
caldera unixware 7
caldera openunix 8.0
CVE-2001-1153 HIGH

lpsystem in OpenUnix 8.0.0 allows local users to cause a denial of service and possibly execute arbitrary code via a long command line argument.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
caldera openunix 8.0
CVE-2001-1164 HIGH

Buffer overflow in uucp utilities in UnixWare 7 allows local users to execute arbitrary code via long command line arguments to (1) uucp, (2) uux, (3) bnuconvert, (4) uucico, (5) uuxcmd, or (6) uuxqt.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
caldera unixware 7.0
CVE-2001-1359 HIGH

Volution clients 1.0.7 and earlier attempt to contact the computer creation daemon (CCD) when an LDAP authentication failure occurs, which allows remote attackers to fully control clients via a Trojan horse Volution server.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
caldera volution 1.0.7
caldera volution 1.0
caldera volution 1.0.6
CVE-2001-1478 HIGH

Buffer overflow in xlock in UnixWare 7.1.0 and 7.1.1 and Open Unix 8.0.0 allows local users to execute arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
caldera unixware 7.1.0
caldera openunix 8.0
caldera unixware 7.1.1
CVE-2001-1576 MEDIUM

Buffer overflow in cron in Caldera UnixWare 7 allows local users to execute arbitrary code via a command line argument.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
caldera unixware 7
CVE-2001-1577 HIGH

Unknown vulnerability in CDE in Caldera OpenUnix 7.1.0, 7.1.1, and 8.0 allows an xterm session to gain privileges when the session is reused.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
caldera unixware 7.1.0
caldera openunix 8.0
caldera unixware 7.1.1
CVE-2002-0004 HIGH

Heap corruption vulnerability in the "at" program allows local users to execute arbitrary code via a malformed execution time, which causes at to free the same memory twice.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
slackware slackware_linux 8.0
freebsd freebsd 4.1.1
redhat linux 6.2
slackware slackware_linux 7.0
suse suse_linux 7.3
netbsd netbsd 1.5.2
caldera openlinux_workstation 3.1
freebsd freebsd 4.2
suse suse_linux 7.1
redhat linux 7.0
suse suse_linux 7.2
slackware slackware_linux 7.1
caldera openlinux_server 3.1
suse suse_linux 6.4
redhat linux 7.2
mandrakesoft mandrake_linux 8.0
mandrakesoft mandrake_linux 8.1
suse suse_linux 7.0
freebsd freebsd 4.4
redhat linux 7.1
debian debian_linux 2.2
freebsd freebsd 4.3
CVE-2002-0105 HIGH

CDE dtlogin in Caldera UnixWare 7.1.0, and possibly other operating systems, allows local users to gain privileges via a symlink attack on /var/dt/Xerrors since /var/dt is world-writable.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
caldera unixware 7.1.0
CVE-2002-0164 MEDIUM

Vulnerability in the MIT-SHM extension of the X server on Linux (XFree86) 4.2.1 and earlier allows local users to read and write arbitrary shared memory, possibly to cause a denial of service or gain privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
caldera openlinux_server 3.1.1
caldera openlinux_server 3.1
caldera openlinux_workstation 3.1.1
caldera openlinux_workstation 3.1
CVE-2002-0246 HIGH

Format string vulnerability in the message catalog library functions in UnixWare 7.1.1 allows local users to gain privileges by modifying the LC_MESSAGE environment variable to read other message catalogs containing format strings from setuid programs such as vxprint.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
caldera unixware 7.1.1
CVE-2002-0311 HIGH

Vulnerability in webtop in UnixWare 7.1.1 and Open UNIX 8.0.0 allows local and possibly remote attackers to gain root privileges via shell metacharacters in the -c argument for (1) in scoadminreg.cgi or (2) service_action.cgi.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
caldera openunix 8.0
caldera unixware 7.1.1
CVE-2002-0442 HIGH

Buffer overflow in dlvr_audit for Caldera OpenServer 5.0.5 and 5.0.6 allows local users to gain root privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
caldera openserver 5.0.5
caldera openserver 5.0.6
CVE-2002-0512 MEDIUM

startkde in KDE for Caldera OpenLinux 2.3 through 3.1.1 sets the LD_LIBRARY_PATH environment variable to include the current working directory, which could allow local users to gain privileges of other users running startkde via Trojan horse libraries.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
caldera openlinux_server 3.1.1
caldera openlinux_workstation 3.1.1
CVE-2002-0517 HIGH

Buffer overflow in X11 library (libX11) on Caldera Open UNIX 8.0.0, UnixWare 7.1.1, and possibly other operating systems, allows local users to gain root privileges via a long -xrm argument to programs such as (1) dtterm or (2) xterm.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
caldera openunix 8.0
caldera unixware 7.1.1
CVE-2002-0677 HIGH

CDE ToolTalk database server (ttdbserver) allows remote attackers to overwrite arbitrary memory locations with a zero, and possibly gain privileges, via a file descriptor argument in an AUTH_UNIX procedure call, which is used as a table index by the _TT_ISCLOSE procedure.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sgi irix 6.1
hp hp-ux 10.24
sgi irix 6.5.14
sgi irix 6.5.5
sgi irix 6.2
hp hp-ux 10.20
sun sunos 5.7
sgi irix 6.5.2
hp hp-ux 11.00
sgi irix 6.5.9
ibm aix 4.3.3
xi_graphics dextop 2.1
sgi irix 6.5.3
compaq tru64 4.0f
sgi irix 6.5.11
sgi irix 6.0
ibm aix 5.1
sgi irix 6.4
sun solaris 2.6
caldera unixware 7.1_.0
sgi irix 6.5.10
sgi irix 6.5.12
compaq tru64 5.1
caldera unixware 7.1.1
sgi irix 6.5.7
compaq tru64 4.0g
sgi irix 6.3
sun sunos 5.8
sun sunos 5.5.1
compaq tru64 5.0a
sgi irix 6.0.1
sgi irix 5.3
caldera unixware 7
sgi irix 6.5.15
sgi irix 6.5.8
hp hp-ux 11.11
sgi irix 6.5.1
compaq tru64 5.1a
sgi irix 6.5.4
sgi irix 6.5.16
hp hp-ux 10.10
sgi irix 6.5.13
caldera openunix 8.0
sgi irix 5.2
sgi irix 6.5.6
sgi irix 6.5
CVE-2002-0678 HIGH

CDE ToolTalk database server (ttdbserver) allows local users to overwrite arbitrary files via a symlink attack on the transaction log file used by the _TT_TRANSACTION RPC procedure.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sgi irix 6.1
hp hp-ux 10.24
sgi irix 6.5.14
sgi irix 6.5.5
sgi irix 6.2
hp hp-ux 10.20
sun sunos 5.7
sgi irix 6.5.2
hp hp-ux 11.00
sgi irix 6.5.9
ibm aix 4.3.3
xi_graphics dextop 2.1
sgi irix 6.5.3
compaq tru64 4.0f
caldera unixware 7.0
sgi irix 6.5.11
sgi irix 6.0
ibm aix 5.1
sgi irix 6.4
sun solaris 2.6
sgi irix 6.5.10
sgi irix 6.5.12
compaq tru64 5.1
caldera unixware 7.1.1
sgi irix 6.5.7
compaq tru64 4.0g
sgi irix 6.3
sun sunos 5.8
sun solaris 9.0
sun sunos 5.5.1
compaq tru64 5.0a
sgi irix 6.0.1
sgi irix 5.3
sgi irix 6.5.15
sgi irix 6.5.8
hp hp-ux 11.11
sgi irix 6.5.1
caldera unixware 7.1.0
compaq tru64 5.1a
sgi irix 6.5.4
sgi irix 6.5.16
hp hp-ux 10.10
sgi irix 6.5.13
caldera openunix 8.0
sgi irix 5.2
sgi irix 6.5.6
sgi irix 6.5
CVE-2002-0679 HIGH

Buffer overflow in Common Desktop Environment (CDE) ToolTalk RPC database server (rpc.ttdbserverd) allows remote attackers to execute arbitrary code via an argument to the _TT_CREATE_FILE procedure.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 10.24
hp hp-ux 10.20
sun sunos 5.7
sun sunos 5.8
sun solaris 9.0
sun sunos 5.5.1
compaq tru64 5.0a
hp hp-ux 11.00
ibm aix 4.3.3
xi_graphics dextop 2.1
hp hp-ux 11.11
compaq tru64 4.0f
caldera unixware 7.0
caldera unixware 7.1.0
compaq tru64 5.1a
ibm aix 5.1
sun solaris 2.6
hp hp-ux 10.10
caldera openunix 8.0
compaq tru64 5.1
caldera unixware 7.1.1
compaq tru64 4.0g
CVE-2002-0827 HIGH

Vulnerability in pppd on UnixWare 7.1.1 and Open UNIX 8.0.0 allows local users to gain root privileges via (1) ppptalk or (2) ppp, a different vulnerability than CVE-2002-0824.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
caldera openunix 8.0
caldera unixware 7.1.1
CVE-2002-0835 MEDIUM

Preboot eXecution Environment (PXE) server allows remote attackers to cause a denial of service (crash) via certain DHCP packets from Voice-Over-IP (VOIP) phones.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
caldera openlinux_server 3.1.1
hp secure_os 1.0
redhat pre-execution_environment 0.1
caldera openlinux_server 3.1
caldera openlinux_workstation 3.1.1
caldera openlinux_workstation 3.1
CVE-2002-0884 HIGH

Multiple format string vulnerabilities in in.rarpd (ARP server) on Solaris, Caldera UnixWare and Open UNIX, and possibly other operating systems, allows remote attackers to execute arbitrary code via format strings that are not properly handled in the functions (1) syserr and (2) error.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.7
sun sunos 5.8
caldera openunix 8.0
caldera unixware 7.1.1
CVE-2002-0885 HIGH

Multiple buffer overflows in in.rarpd (ARP server) on Solaris, and possibly other operating systems including Caldera UnixWare and Open UNIX, allow remote attackers to execute arbitrary code, possibly via the functions (1) syserr and (2) error.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.7
sun sunos 5.8
caldera openunix 8.0
caldera unixware 7.1.1
CVE-2002-0887 LOW

scoadmin for Caldera/SCO OpenServer 5.0.5 and 5.0.6 allows local users to overwrite arbitrary files via a symlink attack on temporary files, as demonstrated using log files.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
caldera openserver 5.0.5
caldera openserver 5.0.6
CVE-2002-0911 HIGH

Caldera Volution Manager 1.1 stores the Directory Administrator password in cleartext in the slapd.conf file, which could allow local users to gain privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
caldera volution_manager 1.1
CVE-2002-0981 HIGH

Buffer overflow in ndcfg command for UnixWare 7.1.1 and Open UNIX 8.0.0 allows local users to execute arbitrary code via a long command line.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
caldera openunix 8.0
caldera unixware 7.1.1
CVE-2002-0987 HIGH

X server (Xsco) in OpenUNIX 8.0.0 and UnixWare 7.1.1 does not drop privileges before calling programs such as xkbcomp using popen, which could allow local users to gain privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
caldera openunix 8.0
caldera unixware 7.1.1
CVE-2002-0988 HIGH

Buffer overflow in X server (Xsco) in OpenUNIX 8.0.0 and UnixWare 7.1.1, possibly related to XBM/xkbcomp capabilities.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
caldera openunix 8.0
caldera unixware 7.1.1
CVE-2002-1199 MEDIUM

The getdbm procedure in ypxfrd allows local users to read arbitrary files, and remote attackers to read databases outside /var/yp, via a directory traversal and symlink attack on the domain and map arguments.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
caldera openlinux 2.3
sun sunos 5.7
sun sunos 5.8
sco openserver 5.0.5
sun solaris 9.0
sco openserver 5.0.6
sco openserver 5.0.6a
caldera openlinux 2.2
caldera openlinux 2.4
CVE-2002-1231 LOW

SCO UnixWare 7.1.1 and Open UNIX 8.0.0 allows local users to cause a denial of service via an rcp call on /proc.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
caldera openunix 8.0
caldera unixware 7.1.1
CVE-2003-0658 MEDIUM

Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
caldera openserver 5.0.7
caldera openlinux_server 3.1.1
caldera openlinux_workstation 3.1.1
sco unixware 7.1.3
CVE-2014-2933 MEDIUM

Directory traversal vulnerability in dirmng/index.php in Caldera 9.20 allows remote attackers to access arbitrary directories via a crafted pathname.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
caldera caldera 9.20
CVE-2014-2934 HIGH

Multiple SQL injection vulnerabilities in Caldera 9.20 allow remote attackers to execute arbitrary SQL commands via the tr parameter to (1) costview2/jobs.php or (2) costview2/printers.php.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
caldera caldera 9.20
CVE-2014-2935 HIGH

costview3/xmlrpc_server/xmlrpc.php in CostView in Caldera 9.20 allows remote attackers to execute arbitrary commands via shell metacharacters in a methodCall element in a PHP XMLRPC request.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
caldera caldera 9.20
CVE-2014-2936 HIGH

The directory manager in Caldera 9.20 allows remote attackers to conduct variable-injection attacks in the global scope via (1) the maindir_hotfolder parameter to dirmng/index.php, or an unspecified parameter to (2) PPD/index.php, (3) dirmng/docmd.php, or (4) dirmng/param.php.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
caldera caldera 9.20