MidnightBSD

Advisories for cde

CVE-1999-0014 HIGH

Unauthorized privileged access or denial of service via dtappgather program in CDE.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 11.00
cde cde 1.2
ibm aix 4.2
cde cde 1.2_x86
ibm aix 4.3
ibm aix 4.1
hp vvos 10.24
cde cde 1.01_x86
cde cde 1.02
cde cde 1.01
hp hp-ux 10.20
cde cde 1.02_x86
hp hp-ux 10.10
CVE-1999-0112 HIGH

Buffer overflow in AIX dtterm program for the CDE.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ibm aix 4.2
cde cde *
ibm aix 4.1
CVE-1999-0687 HIGH

The ToolTalk ttsession daemon uses weak RPC authentication, which allows a remote attacker to execute commands.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 7.0
sun sunos 5.5
cde cde 2.120
digital unix 4.0f
sun sunos 4.1.4
ibm aix 4.1
ibm aix 4.3.1
sun sunos 4.1.3u1
ibm aix 4.2.1
sun sunos 5.7
ibm aix 4.3.2
sun sunos 5.3
cde cde 2.1
cde cde 2.0
cde cde 1.2
ibm aix 4.2
ibm aix 4.3
digital unix 4.0d
sun solaris 2.5.1
ibm aix 4.1.1
ibm aix 4.1.2
sun sunos 5.4
cde cde 1.1
sun solaris 2.4
ibm aix 4.1.5
sun solaris 2.6
cde cde 1.0.2
sun solaris 2.5
ibm aix 4.1.4
sun sunos -
ibm aix 4.1.3
cde cde 1.0.1
sun sunos 5.5.1
CVE-1999-0689 HIGH

The CDE dtspcd daemon allows local users to execute arbitrary commands via a symlink attack.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
cde cde 2.1
cde cde 2.0
cde cde 1.2
sun solaris 7.0
sun sunos 5.5
cde cde 2.120
sun solaris 2.5.1
cde cde 1.1
sun solaris 2.6
cde cde 1.0.2
sun sunos 5.7
sun solaris 2.5
sun sunos -
cde cde 1.0.1
sun sunos 5.5.1
CVE-1999-0690 HIGH

HP CDE program includes the current directory in root's PATH variable.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
cde cde *
hp hp-ux 10
CVE-1999-0691 HIGH

Buffer overflow in the AddSuLog function of the CDE dtaction utility allows local users to gain root privileges via a long user name.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 7.0
sun sunos 5.5
digital unix 4.0f
ibm aix 4.1
ibm aix 4.3.1
ibm aix 4.2.1
sun sunos 5.7
ibm aix 4.3.2
digital unix 4.0e
cde cde 2.1
cde cde 2.0
cde cde 1.2
ibm aix 4.2
ibm aix 4.3
digital unix 4.0d
sun solaris 2.5.1
ibm aix 4.1.1
ibm aix 4.1.2
sun sunos 5.4
cde cde 1.1
sun solaris 2.4
ibm aix 4.1.5
sun solaris 2.6
cde cde 1.0.2
ibm aix 4.1.4
ibm aix 4.1.3
cde cde 1.0.1
sun sunos 5.5.1
CVE-1999-0713 HIGH

The dtlogin program in Compaq Tru64 UNIX allows local users to gain root privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
digital unix *
transarc afs *
cde cde *
mit kerberos_5 -