Unauthorized privileged access or denial of service via dtappgather program in CDE.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hp | hp-ux | 11.00 |
| cde | cde | 1.2 |
| ibm | aix | 4.2 |
| cde | cde | 1.2_x86 |
| ibm | aix | 4.3 |
| ibm | aix | 4.1 |
| hp | vvos | 10.24 |
| cde | cde | 1.01_x86 |
| cde | cde | 1.02 |
| cde | cde | 1.01 |
| hp | hp-ux | 10.20 |
| cde | cde | 1.02_x86 |
| hp | hp-ux | 10.10 |
Buffer overflow in AIX dtterm program for the CDE.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ibm | aix | 4.2 |
| cde | cde | * |
| ibm | aix | 4.1 |
The ToolTalk ttsession daemon uses weak RPC authentication, which allows a remote attacker to execute commands.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 7.0 |
| sun | sunos | 5.5 |
| cde | cde | 2.120 |
| digital | unix | 4.0f |
| sun | sunos | 4.1.4 |
| ibm | aix | 4.1 |
| ibm | aix | 4.3.1 |
| sun | sunos | 4.1.3u1 |
| ibm | aix | 4.2.1 |
| sun | sunos | 5.7 |
| ibm | aix | 4.3.2 |
| sun | sunos | 5.3 |
| cde | cde | 2.1 |
| cde | cde | 2.0 |
| cde | cde | 1.2 |
| ibm | aix | 4.2 |
| ibm | aix | 4.3 |
| digital | unix | 4.0d |
| sun | solaris | 2.5.1 |
| ibm | aix | 4.1.1 |
| ibm | aix | 4.1.2 |
| sun | sunos | 5.4 |
| cde | cde | 1.1 |
| sun | solaris | 2.4 |
| ibm | aix | 4.1.5 |
| sun | solaris | 2.6 |
| cde | cde | 1.0.2 |
| sun | solaris | 2.5 |
| ibm | aix | 4.1.4 |
| sun | sunos | - |
| ibm | aix | 4.1.3 |
| cde | cde | 1.0.1 |
| sun | sunos | 5.5.1 |
The CDE dtspcd daemon allows local users to execute arbitrary commands via a symlink attack.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cde | cde | 2.1 |
| cde | cde | 2.0 |
| cde | cde | 1.2 |
| sun | solaris | 7.0 |
| sun | sunos | 5.5 |
| cde | cde | 2.120 |
| sun | solaris | 2.5.1 |
| cde | cde | 1.1 |
| sun | solaris | 2.6 |
| cde | cde | 1.0.2 |
| sun | sunos | 5.7 |
| sun | solaris | 2.5 |
| sun | sunos | - |
| cde | cde | 1.0.1 |
| sun | sunos | 5.5.1 |
HP CDE program includes the current directory in root's PATH variable.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cde | cde | * |
| hp | hp-ux | 10 |
Buffer overflow in the AddSuLog function of the CDE dtaction utility allows local users to gain root privileges via a long user name.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 7.0 |
| sun | sunos | 5.5 |
| digital | unix | 4.0f |
| ibm | aix | 4.1 |
| ibm | aix | 4.3.1 |
| ibm | aix | 4.2.1 |
| sun | sunos | 5.7 |
| ibm | aix | 4.3.2 |
| digital | unix | 4.0e |
| cde | cde | 2.1 |
| cde | cde | 2.0 |
| cde | cde | 1.2 |
| ibm | aix | 4.2 |
| ibm | aix | 4.3 |
| digital | unix | 4.0d |
| sun | solaris | 2.5.1 |
| ibm | aix | 4.1.1 |
| ibm | aix | 4.1.2 |
| sun | sunos | 5.4 |
| cde | cde | 1.1 |
| sun | solaris | 2.4 |
| ibm | aix | 4.1.5 |
| sun | solaris | 2.6 |
| cde | cde | 1.0.2 |
| ibm | aix | 4.1.4 |
| ibm | aix | 4.1.3 |
| cde | cde | 1.0.1 |
| sun | sunos | 5.5.1 |
The dtlogin program in Compaq Tru64 UNIX allows local users to gain root privileges.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| digital | unix | * |
| transarc | afs | * |
| cde | cde | * |
| mit | kerberos_5 | - |