MidnightBSD

Advisories for compaq

CVE-1999-0771 MEDIUM

The web components of Compaq Management Agents and the Compaq Survey Utility allow a remote attacker to read arbitrary files via a .. (dot dot) attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
compaq power_management 2.0
compaq insight_management_agent *
CVE-1999-0772 MEDIUM

Denial of service in Compaq Management Agents and the Compaq Survey Utility via a long string sent to port 2301.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
compaq power_management 2.0
compaq insight_management_agent *
CVE-1999-1152 MEDIUM

Compaq/Microcom 6000 Access Integrator does not disconnect a client after a certain number of failed login attempts, which allows remote attackers to guess usernames or passwords via a brute force attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-307,

Products Affected

Vendor Product Version
compaq microcom_6000_firmware -
compaq_microcom microcom_6000_access_integrator *
CVE-1999-1355 HIGH

BMC Patrol component, when installed with Compaq Insight Management Agent 4.23 and earlier, or Management Agents for Servers 4.40 and earlier, creates a PFCUser account with a default password and potentially dangerous privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
compaq management_agents_for_servers *
compaq insight_management_agent *
CVE-1999-1356 MEDIUM

Compaq Integration Maintenance Utility as used in Compaq Insight Manager agent before SmartStart 4.50 modifies the legal notice caption (LegalNoticeCaption) and text (LegalNoticeText) in Windows NT, which could produce a legal notice that is in violation of the security policy.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
compaq smartstart *
CVE-2000-0946 MEDIUM

Compaq Easy Access Keyboard software 1.3 does not properly disable access to custom buttons when the screen is locked, which could allow an attacker to gain privileges or execute programs without authorization.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
compaq easy_access_keyboard_software 1.3
CVE-2000-1209 HIGH

The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) (5) Compaq Insight Manager, and (6) Visio 2000, which allows remote attackers to gain privileges, as exploited by worms such as Voyager Alpha Force and Spida.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
compaq insight_manager_xe 2.1
compaq insight_manager_xe 1.21
compaq insight_manager_xe 2.1c
compaq insight_manager_xe 2.2
compaq insight_manager 7.0
compaq insight_manager_xe 1.1
compaq insight_manager_xe 2.1b
microsoft data_engine 1.0
microsoft msde 2000
CVE-2001-0134 HIGH

Buffer overflow in cpqlogin.htm in web-enabled agents for various Compaq management software products such as Insight Manager and Management Agents allows remote attackers to execute arbitrary commands via a long user name.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
digital unix 4.0g
compaq insight_manager_xe 1.21
compaq management_agents 4.36j
compaq foundation_agents 1.0
compaq insight_management_agent 4.37e
compaq foundation_agents 4.0
compaq survey_utility 2.17
compaq intelligent_cluster_administrator 1.0
compaq foundation_agents 2.1
compaq insight_manager_xe 1.0
compaq system_healthcheck 3.0
compaq open_san_manager 1.0
compaq insight_manager_lc 1.3c
compaq armada_insight_manager 4.20j
compaq enterprise_volume_manager-command_scripter 1.0
compaq foundation_agents 4.90
digital unix 5.0
compaq storage_allocation_reporter 1.0
compaq survey_utility 2.33
compaq sanworks_resource_monitor 1.0
digital unix 4.0f
compaq enterprise_volume_manager-command_scripter 1.1
compaq armada_insight_manager 4.20
compaq survey_utility 2.18
compaq intelligent_cluster_administrator 2.1
compaq management_agents 4.35j
compaq insight_manager_lc 1.50a
compaq management_agents 4.30j
compaq management_agents 4.36e
compaq insight_management_desktop_web_agent 3.7
CVE-2001-0374 HIGH

The HTTP server in Compaq web-enabled management software for (1) Foundation Agents, (2) Survey, (3) Power Manager, (4) Availability Agents, (5) Intelligent Cluster Administrator, and (6) Insight Manager can be used as a generic proxy server, which allows remote attackers to bypass access restrictions via the management port, 2301.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
compaq web-enabled_management *
CVE-2001-0434 MEDIUM

The LogDataListToFile ActiveX function used in (1) Knowledge Center and (2) Back web components of Compaq Presario computers allows remote attackers to modify arbitrary files and cause a denial of service.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
compaq presario *
CVE-2001-0728 MEDIUM

Buffer overflow in Compaq Management Agents before 5.2, included in Compaq Web-enabled Management Software, allows local users to gain privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
compaq management_agents *
CVE-2001-0840 HIGH

Buffer overflow in Compaq Insight Manager XE 2.1b and earlier allows remote attackers to execute arbitrary code via (1) SNMP and (2) DMI.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
compaq insight_manager_xe 2.1
compaq insight_manager_xe 1.21
compaq insight_manager_xe 2.1b
compaq insight_manager_xe 1.0
CVE-2001-1033 MEDIUM

Compaq TruCluster 1.5 allows remote attackers to cause a denial of service via a port scan from a system that does not have a DNS PTR record, which causes the cluster to enter a "split-brain" state.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
compaq tru64 5.1
compaq trucluster 1.5
compaq tru64 5.0
CVE-2001-1092 LOW

msgchk in Digital UNIX 4.0G and earlier allows a local user to read the first line of arbitrary files via a symlink attack on the .mh_profile file.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
compaq tru64 4.0e
compaq tru64 4.0g
compaq tru64 4.0d
compaq tru64 4.0f
CVE-2001-1093 HIGH

Buffer overflow in msgchk in Digital UNIX 4.0G and earlier allows local users to execute arbitrary code via a long command line argument.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
compaq tru64 4.0e
compaq tru64 4.0g
compaq tru64 4.0d
compaq tru64 4.0f
CVE-2001-1435 MEDIUM

inetd in Compaq Tru64 UNIX 5.1 allows attackers to cause a denial of service (network connection loss) by causing one of the services handled by inetd to core dump during startup, which causes inetd to stop accepting connections to all of its services.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
compaq tru64 5.1
CVE-2002-0093 HIGH

Buffer overflow in ipcs for HP Tru64 UNIX 4.0f through 5.1a may allow attackers to execute arbitrary code, a different vulnerability than CVE-2001-0423.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
compaq tru64 5.1a
compaq tru64 4.0g
compaq tru64 5.1
compaq tru64 4.0f
compaq tru64 5.0a
CVE-2002-0677 HIGH

CDE ToolTalk database server (ttdbserver) allows remote attackers to overwrite arbitrary memory locations with a zero, and possibly gain privileges, via a file descriptor argument in an AUTH_UNIX procedure call, which is used as a table index by the _TT_ISCLOSE procedure.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.7
caldera unixware 7.1.1
sgi irix 6.5.14
compaq tru64 5.1a
sgi irix 5.2
sun sunos 5.5.1
ibm aix 4.3.3
sgi irix 6.0
hp hp-ux 11.00
sgi irix 6.5.8
sgi irix 6.5.6
sgi irix 5.3
caldera unixware 7
sgi irix 6.1
sun sunos 5.8
sgi irix 6.2
hp hp-ux 11.11
sgi irix 6.5.4
sgi irix 6.5.10
caldera unixware 7.1_.0
hp hp-ux 10.10
compaq tru64 5.1
sgi irix 6.5.1
sgi irix 6.3
sgi irix 6.5.3
sgi irix 6.5.13
sgi irix 6.5.2
sgi irix 6.5.9
sgi irix 6.5.16
sgi irix 6.5.12
compaq tru64 4.0g
compaq tru64 4.0f
sgi irix 6.5.11
xi_graphics dextop 2.1
hp hp-ux 10.20
sgi irix 6.5
sgi irix 6.0.1
sun solaris 2.6
sgi irix 6.5.5
sgi irix 6.4
sgi irix 6.5.15
ibm aix 5.1
caldera openunix 8.0
compaq tru64 5.0a
hp hp-ux 10.24
sgi irix 6.5.7
CVE-2002-0678 HIGH

CDE ToolTalk database server (ttdbserver) allows local users to overwrite arbitrary files via a symlink attack on the transaction log file used by the _TT_TRANSACTION RPC procedure.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.7
caldera unixware 7.1.1
sgi irix 6.5.14
compaq tru64 5.1a
sgi irix 5.2
sun sunos 5.5.1
ibm aix 4.3.3
caldera unixware 7.1.0
sgi irix 6.0
hp hp-ux 11.00
sgi irix 6.5.8
sgi irix 6.5.6
sgi irix 5.3
caldera unixware 7.0
sgi irix 6.1
sun sunos 5.8
sgi irix 6.2
hp hp-ux 11.11
sgi irix 6.5.4
sgi irix 6.5.10
hp hp-ux 10.10
compaq tru64 5.1
sgi irix 6.5.1
sgi irix 6.3
sgi irix 6.5.3
sgi irix 6.5.13
sgi irix 6.5.2
sgi irix 6.5.9
sgi irix 6.5.16
sgi irix 6.5.12
compaq tru64 4.0g
compaq tru64 4.0f
sgi irix 6.5.11
xi_graphics dextop 2.1
hp hp-ux 10.20
sgi irix 6.5
sgi irix 6.0.1
sun solaris 2.6
sgi irix 6.5.5
sgi irix 6.4
sgi irix 6.5.15
ibm aix 5.1
sun solaris 9.0
caldera openunix 8.0
compaq tru64 5.0a
hp hp-ux 10.24
sgi irix 6.5.7
CVE-2002-0679 HIGH

Buffer overflow in Common Desktop Environment (CDE) ToolTalk RPC database server (rpc.ttdbserverd) allows remote attackers to execute arbitrary code via an argument to the _TT_CREATE_FILE procedure.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.7
caldera unixware 7.1.1
compaq tru64 5.1a
sun sunos 5.5.1
ibm aix 4.3.3
caldera unixware 7.1.0
hp hp-ux 11.00
compaq tru64 4.0g
compaq tru64 4.0f
xi_graphics dextop 2.1
hp hp-ux 10.20
sun solaris 2.6
caldera unixware 7.0
sun sunos 5.8
hp hp-ux 11.11
hp hp-ux 10.10
compaq tru64 5.1
ibm aix 5.1
sun solaris 9.0
caldera openunix 8.0
compaq tru64 5.0a
hp hp-ux 10.24
CVE-2002-0816 HIGH

Buffer overflow in su in Tru64 Unix 5.x allows local users to gain root privileges via a long username and argument.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
compaq tru64 5.1a
compaq tru64 4.0g
compaq tru64 5.1
compaq tru64 4.0f
compaq tru64 5.0
compaq tru64 5.0a
CVE-2002-0883 HIGH

Vulnerability in Compaq ProLiant BL e-Class Integrated Administrator 1.0 and 1.10, allows authenticated users with Telnet, SSH, or console access to conduct unauthorized activities.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
compaq proliant_bl_e-class_integrated_administrator_firmware 1.0
compaq proliant_bl_e-class_integrated_administrator_firmware 1.10
CVE-2002-1129 HIGH

Buffer overflow in dxterm allows local users to execute arbitrary code via a long -xrm argument.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
compaq tru64 4.0f_pk7_bl18
compaq tru64 5.1a
digital osf_1 3.2c
digital osf_1 3.2de1
compaq tru64 4.0f_pk6_bl17
compaq tru64 5.1_pk4_bl18
digital osf_1 3.2f
compaq tru64 5.1a_pk1_bl1
digital osf_1 3.2de2
digital osf_1 3.2b
compaq tru64 5.1
digital osf_1 3.2g
compaq tru64 4.0g
compaq tru64 4.0f
digital osf_1 3.2d
compaq tru64 5.1_pk5_bl19
compaq tru64 5.0_pk4_bl18
compaq tru64 5.0_pk4_bl17
compaq tru64 5.1a_pk2_bl2
digital osf_1 3.2
digital osf_1 3.0b
compaq tru64 5.0a_pk3_bl17
compaq tru64 5.1_pk3_bl17
digital osf_1 3.0
compaq tru64 5.0
compaq tru64 5.0a
compaq tru64 4.0g_pk3_bl17
CVE-2002-1202 HIGH

Unknown vulnerability in routed for HP Tru64 UNIX V4.0F through V5.1A allows local and remote attackers to read arbitrary files.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
compaq tru64 4.0f_pk7_bl18
compaq tru64 5.0a_pk3_bl17
compaq tru64 5.1a_pk3_bl3
compaq tru64 5.1_pk5_bl19
compaq tru64 4.0g_pk3_bl17
CVE-2002-1513 MEDIUM

The UCX POP server in HP TCP/IP services for OpenVMS 4.2 through 5.3 allows local users to truncate arbitrary files via the -logfile command line option, which overrides file system permissions because the server runs with the SYSPRV and BYPASS privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
compaq tcp-ip_services 5.1
compaq tcp-ip_services 5.3
compaq tcp-ip_services 5.0a
compaq tcp-ip_services 4.2
CVE-2002-2000 LOW

ACMS 4.3 and 4.4 in OpenVMS Alpha 7.2 and 7.3 does not properly use process privileges, which allows attackers to access data.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
compaq acms 4.4
compaq acms 4.3
CVE-2002-2002 HIGH

Buffer overflow in libc in Compaq Tru64 4.0F, 5.0, 5.1 and 5.1A allows attackers to execute arbitrary code via long (1) LANG and (2) LOCPATH environment variables.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
compaq tru64 5.1a
compaq tru64 5.1
compaq tru64 4.0f
compaq tru64 5.0
CVE-2002-2003 MEDIUM

ypbind in Compaq Tru64 4.0F, 4.0G, 5.0A, 5.1 and 5.1A allows remote attackers to cause the process to core dump via certain network packets generated by nmap.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
compaq tru64 5.1a
compaq tru64 4.0g
compaq tru64 5.1
compaq tru64 4.0f
compaq tru64 5.0a
CVE-2002-2004 MEDIUM

portmapper in Compaq Tru64 4.0G and 5.0A allows remote attackers to cause a denial of service via a flood of packets.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
compaq tru64 4.0g
compaq tru64 5.0a
CVE-2002-2071 MEDIUM

Compaq Tru64 4.0 d allows remote attackers to cause a denial of service in (1) telnet, (2) FTP, (3) ypbind, (4) rpc.lockd, (5) snmp, (6) ttdbserverd, and possibly other services via a TCP SYN scan, as demonstrated using nmap.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
compaq tru64 4.0e
CVE-2002-2422 MEDIUM

Cross-site scripting (XSS) vulnerability in Compaq Insight Management Agents 2.0, 2.1, 3.6.0, 4.2 and 4.3.7 allows remote attackers to inject arbitrary web script or HTML via a URL, which inserts the script into the resulting error message.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
compaq insight_management_agent 2.0
compaq insight_management_agent 4.2
compaq insight_management_agent 2.1_b
compaq insight_management_agent 3.6.0
compaq insight_management_agent 4.37
compaq insight_management_agent 2.1
CVE-2003-0161 HIGH

The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sendmail sendmail_switch 3.0.2
sendmail sendmail 8.12.7
sun solaris 8.0
sendmail sendmail_switch 3.0.1
compaq tru64 5.1b
sendmail sendmail 8.12.2
compaq tru64 5.1_pk4_bl18
sendmail sendmail 3.0.2
sun solaris 2.5
hp hp-ux 10.16
sendmail sendmail 8.12.8
sun solaris 2.5.1
sendmail sendmail_switch 2.2.3
hp hp-ux 11.0.4
compaq tru64 5.1_pk6_bl20
compaq tru64 4.0g
compaq tru64 5.0f
hp sis *
sun solaris 9.0
compaq tru64 5.0a
hp hp-ux_series_800 10.20
compaq tru64 4.0f_pk7_bl18
sendmail sendmail_switch 2.1.4
compaq tru64 5.1a
hp hp-ux 11.00
sendmail sendmail 2.6.1
sun solaris 2.4
sun sunos 5.5
sendmail sendmail 8.11.6
sendmail sendmail 8.12.0
sendmail sendmail 8.12.3
sendmail sendmail 8.10.2
sendmail sendmail_switch 2.2.4
hp hp-ux 11.20
hp hp-ux 10.30
sendmail sendmail 8.11.1
compaq tru64 4.0f
sendmail sendmail_switch 2.2.2
sendmail sendmail 8.10.1
sendmail sendmail 8.12.5
sun solaris 2.6
compaq tru64 5.0a_pk3_bl17
sendmail sendmail_switch 3.0
sendmail sendmail 8.10
sendmail sendmail 8.11.3
sun sunos 5.4
hp hp-ux 11.22
sendmail sendmail 8.11.2
compaq tru64 5.0
hp hp-ux 10.34
sendmail sendmail_switch 2.2.1
compaq tru64 4.0d_pk9_bl17
sun sunos 5.7
compaq tru64 4.0b
sun sunos 5.5.1
sun solaris 7.0
sendmail sendmail 8.9.1
sendmail sendmail 8.12.1
sendmail sendmail 8.9.3
sendmail sendmail 8.11.5
compaq tru64 4.0f_pk6_bl17
compaq tru64 5.1b_pk1_bl1
hp hp-ux 11.11
sendmail sendmail 8.12.4
hp hp-ux 10.09
sendmail sendmail 2.6.2
sendmail sendmail_switch 3.0.3
sendmail sendmail 8.12
sendmail sendmail 8.9.0
sendmail sendmail 8.9.2
sendmail sendmail_switch 2.1.5
sendmail sendmail_switch 2.1.2
sendmail sendmail 8.11.4
compaq tru64 5.0_pk4_bl17
compaq tru64 5.1a_pk2_bl2
sendmail sendmail_switch 2.1
sendmail sendmail_switch 2.1.3
compaq tru64 4.0g_pk3_bl17
sendmail sendmail 3.0
hp hp-ux 10.00
hp hp-ux 10.01
compaq tru64 5.1a_pk1_bl1
sun sunos 5.8
hp hp-ux 10.10
compaq tru64 5.1
sendmail sendmail 3.0.1
sendmail sendmail 8.11.0
compaq tru64 5.1a_pk3_bl3
sun sunos -
sendmail sendmail_switch 2.2
compaq tru64 4.0d
sendmail sendmail_switch 2.1.1
compaq tru64 5.1_pk5_bl19
hp hp-ux 10.20
hp hp-ux_series_700 10.20
compaq tru64 5.0_pk4_bl18
sendmail sendmail 8.12.6
compaq tru64 5.1_pk3_bl17
sendmail sendmail_switch 2.2.5
hp hp-ux 10.08
sendmail sendmail 2.6
hp hp-ux 10.26
hp hp-ux 10.24
sendmail sendmail 3.0.3
CVE-2003-0196 HIGH

Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service, as discovered by the Samba team and a different vulnerability than CVE-2003-0201.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.7
hp cifs-9000_server a.01.06
compaq tru64 4.0b
sun sunos 5.5.1
sun solaris 7.0
sun solaris 8.0
compaq tru64 5.1b
samba samba 2.0.10
samba-tng samba-tng 0.3.1
samba samba 2.0.5
samba samba 2.2.8
compaq tru64 4.0f_pk6_bl17
samba-tng samba-tng 0.3
samba samba 2.0.9
compaq tru64 5.1_pk4_bl18
samba samba 2.2.2
compaq tru64 5.1b_pk1_bl1
hp hp-ux 11.11
hp hp-ux 11.04
samba samba 2.2.0
sun solaris 2.5.1
samba samba 2.2.0a
samba samba 2.2.6
compaq tru64 5.1_pk6_bl20
hp cifs-9000_server a.01.08
hp cifs-9000_server a.01.07
compaq tru64 4.0g
samba samba 2.0.1
hp cifs-9000_server a.01.09.01
samba samba 2.2.7a
samba samba 2.0.0
compaq tru64 5.0_pk4_bl17
compaq tru64 5.1a_pk2_bl2
samba samba 2.0.3
compaq tru64 5.0f
sun solaris 9.0
samba samba 2.0.8
compaq tru64 5.0a
compaq tru64 4.0g_pk3_bl17
compaq tru64 4.0f_pk7_bl18
samba samba 2.2.1a
compaq tru64 5.1a
samba samba 2.2.7
hp hp-ux 11.00
hp hp-ux 10.01
samba samba 2.0.7
samba samba 2.2.5
compaq tru64 5.1a_pk1_bl1
sun sunos 5.8
samba samba 2.2.4
hp hp-ux 11.20
hp cifs-9000_server a.01.09
samba samba 2.0.6
hp cifs-9000_server a.01.05
compaq tru64 5.1
hp cifs-9000_server a.01.09.02
samba samba 2.0.2
samba samba 2.2.3a
compaq tru64 5.1a_pk3_bl3
hp cifs-9000_server a.01.08.01
sun sunos -
compaq tru64 4.0d
compaq tru64 4.0f
compaq tru64 5.1_pk5_bl19
samba samba 2.0.4
hp hp-ux 10.20
sun solaris 2.6
compaq tru64 5.0_pk4_bl18
samba samba 2.2.3
compaq tru64 5.0a_pk3_bl17
compaq tru64 5.1_pk3_bl17
hp hp-ux 11.22
compaq tru64 5.0
compaq tru64 4.0d_pk9_bl17
hp hp-ux 10.24
CVE-2003-0201 HIGH

Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.7
hp cifs-9000_server a.01.06
compaq tru64 4.0b
sun sunos 5.5.1
sun solaris 7.0
sun solaris 8.0
compaq tru64 5.1b
samba samba 2.0.10
samba-tng samba-tng 0.3.1
samba samba 2.0.5
samba samba 2.2.8
compaq tru64 4.0f_pk6_bl17
samba-tng samba-tng 0.3
samba samba 2.0.9
compaq tru64 5.1_pk4_bl18
compaq tru64 5.1b_pk1_bl1
hp hp-ux 11.11
apple mac_os_x 10.2.1
hp hp-ux 11.04
samba samba 2.2.0
sun solaris 2.5.1
samba samba 2.2.0a
samba samba 2.2.6
compaq tru64 5.1_pk6_bl20
hp cifs-9000_server a.01.08
hp cifs-9000_server a.01.07
compaq tru64 4.0g
samba samba 2.0.1
hp cifs-9000_server a.01.09.01
apple mac_os_x 10.2.4
samba samba 2.2.7a
samba samba 2.0.0
compaq tru64 5.0_pk4_bl17
compaq tru64 5.1a_pk2_bl2
samba samba 2.0.3
compaq tru64 5.0f
sun solaris 9.0
samba samba 2.0.8
compaq tru64 5.0a
compaq tru64 4.0g_pk3_bl17
compaq tru64 4.0f_pk7_bl18
samba samba 2.2.1a
compaq tru64 5.1a
samba samba 2.2.7
hp hp-ux 11.00
hp hp-ux 10.01
samba samba 2.0.7
samba samba 2.2.5
compaq tru64 5.1a_pk1_bl1
sun sunos 5.8
samba samba 2.2.4
hp hp-ux 11.20
hp cifs-9000_server a.01.09
samba samba 2.0.6
hp cifs-9000_server a.01.05
compaq tru64 5.1
apple mac_os_x 10.2.3
hp cifs-9000_server a.01.09.02
samba samba 2.0.2
samba samba 2.2.3a
compaq tru64 5.1a_pk3_bl3
hp cifs-9000_server a.01.08.01
sun sunos -
apple mac_os_x 10.2.2
compaq tru64 4.0d
compaq tru64 4.0f
compaq tru64 5.1_pk5_bl19
samba samba 2.0.4
hp hp-ux 10.20
sun solaris 2.6
compaq tru64 5.0_pk4_bl18
compaq tru64 5.0a_pk3_bl17
compaq tru64 5.1_pk3_bl17
apple mac_os_x 10.2
hp hp-ux 11.22
compaq tru64 5.0
compaq tru64 4.0d_pk9_bl17
hp hp-ux 10.24
CVE-2003-0688 MEDIUM

The DNS map code in Sendmail 8.12.8 and earlier, when using the "enhdnsbl" feature, does not properly initialize certain data structures, which allows remote attackers to cause a denial of service (process crash) via an invalid DNS response that causes Sendmail to free incorrect data.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 5.0
redhat sendmail 8.12.5-7
freebsd freebsd 4.8
sendmail sendmail 8.12.7
sgi irix 6.5.19
sgi irix 6.5.21
freebsd freebsd 4.6
sendmail sendmail 8.12.1
redhat sendmail 8.12.8-4
sendmail sendmail 8.12.3
sendmail sendmail 8.12.5
sendmail sendmail 8.12.2
openbsd openbsd 3.2
sendmail sendmail 8.12.6
freebsd freebsd 4.7
sendmail sendmail 8.12.8
sendmail sendmail 8.12.4
sgi irix 6.5.20
compaq tru64 5.1
compaq tru64 5.0a
CVE-2003-0694 HIGH

The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sendmail sendmail_switch 3.0.2
sendmail sendmail 8.12.7
sun solaris 8.0
netbsd netbsd 1.5.2
sendmail sendmail_switch 3.0.1
compaq tru64 5.1b
ibm aix 5.2
sendmail sendmail 8.12.2
compaq tru64 5.1_pk4_bl18
sendmail sendmail 3.0.2
sendmail advanced_message_server 1.3
sendmail sendmail 8.12.9
apple mac_os_x_server 10.2.1
sgi irix 6.5.21m
netbsd netbsd 1.5.3
apple mac_os_x 10.2.1
sendmail sendmail 8.12.8
netbsd netbsd 1.4.3
sendmail sendmail_switch 2.2.3
netbsd netbsd 1.5
apple mac_os_x_server 10.2.5
apple mac_os_x_server 10.2.6
sgi irix 6.5.17m
sgi irix 6.5.20f
hp hp-ux 11.0.4
sgi irix 6.5.19m
compaq tru64 5.1_pk6_bl20
compaq tru64 4.0g
turbolinux turbolinux_workstation 7.0
gentoo linux 0.5
compaq tru64 4.0f_pk8_bl22
apple mac_os_x 10.2.4
freebsd freebsd 4.5
apple mac_os_x 10.2.5
sun solaris 9.0
turbolinux turbolinux_workstation 6.0
compaq tru64 4.0f_pk7_bl18
sendmail sendmail_switch 2.1.4
compaq tru64 5.1a
netbsd netbsd 1.6
hp hp-ux 11.00
sendmail sendmail 2.6.1
apple mac_os_x_server 10.2.3
sendmail sendmail 8.11.6
netbsd netbsd 1.6.1
sendmail sendmail 8.12.0
sendmail sendmail 8.12.3
sendmail sendmail 8.10.2
sendmail sendmail_switch 2.2.4
sendmail sendmail_pro 8.9.3
apple mac_os_x_server 10.2
gentoo linux 1.1a
sendmail sendmail_pro 8.9.2
freebsd freebsd 5.0
apple mac_os_x 10.2.3
sendmail sendmail 8.11.1
sgi irix 6.5.16
compaq tru64 4.0f
sendmail sendmail_switch 2.2.2
turbolinux turbolinux_server 7.0
sendmail sendmail 8.10.1
sendmail sendmail 8.12.5
sun solaris 2.6
sgi irix 6.5.20m
sendmail sendmail_switch 3.0
freebsd freebsd 4.4
sendmail sendmail 8.10
sendmail sendmail 8.11.3
sgi irix 6.5.15
apple mac_os_x 10.2
turbolinux turbolinux_server 6.5
hp hp-ux 11.22
sendmail sendmail 8.11.2
sgi irix 6.5.19f
freebsd freebsd 3.0
sendmail sendmail_switch 2.2.1
compaq tru64 5.1a_pk5_bl23
sun sunos 5.7
turbolinux turbolinux_server 6.1
sun solaris 7.0
freebsd freebsd 4.6
sendmail sendmail 8.9.1
sendmail sendmail 8.12.1
sendmail sendmail 8.9.3
sendmail sendmail 8.11.5
compaq tru64 4.0f_pk6_bl17
compaq tru64 5.1b_pk1_bl1
hp hp-ux 11.11
gentoo linux 1.2
sendmail sendmail 8.12.4
netbsd netbsd 1.5.1
apple mac_os_x_server 10.2.4
apple mac_os_x 10.2.6
sendmail sendmail 2.6.2
freebsd freebsd 5.1
sendmail sendmail_switch 3.0.3
sgi irix 6.5.18m
apple mac_os_x_server 10.2.2
sendmail sendmail 8.12
sendmail sendmail 8.9.0
sendmail sendmail 8.9.2
compaq tru64 5.1a_pk4_bl21
sendmail sendmail_switch 2.1.5
sendmail sendmail_switch 2.1.2
sendmail sendmail 8.11.4
compaq tru64 5.1a_pk2_bl2
sendmail sendmail_switch 2.1
compaq tru64 4.0g_pk4_bl22
sgi irix 6.5.21f
ibm aix 5.1
sendmail sendmail_switch 2.1.3
freebsd freebsd 4.3
compaq tru64 4.0g_pk3_bl17
ibm aix 4.3.3
turbolinux turbolinux_advanced_server 6.0
sendmail sendmail 3.0
freebsd freebsd 4.9
gentoo linux 1.4
freebsd freebsd 4.0
compaq tru64 5.1a_pk1_bl1
sgi irix 6.5.18f
sun sunos 5.8
sendmail sendmail 8.8.8
sgi irix 6.5.17f
sendmail advanced_message_server 1.2
compaq tru64 5.1
sendmail sendmail 3.0.1
gentoo linux 0.7
compaq tru64 5.1b_pk2_bl22
sendmail sendmail 8.11.0
turbolinux turbolinux_server 8.0
compaq tru64 5.1a_pk3_bl3
freebsd freebsd 4.8
sun sunos -
sendmail sendmail_switch 2.2
apple mac_os_x 10.2.2
sendmail sendmail_switch 2.1.1
compaq tru64 5.1_pk5_bl19
sendmail sendmail 8.12.6
compaq tru64 5.1_pk3_bl17
sendmail sendmail_switch 2.2.5
freebsd freebsd 4.7
sendmail sendmail 2.6
turbolinux turbolinux_workstation 8.0
sendmail sendmail 3.0.3
CVE-2003-0724 HIGH

ssh on HP Tru64 UNIX 5.1B and 5.1A does not properly handle RSA signatures when digital certificates and RSA keys are used, which could allow local and remote attackers to gain privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
compaq tru64 5.1a_pk1_bl1
compaq tru64 5.1a_pk2_bl2
compaq tru64 5.1a
compaq tru64 5.1a_pk3_bl3
compaq tru64 5.1a_pk4_bl21
compaq tru64 5.1b_pk2_bl22
compaq tru64 5.1a_pk5_bl23
CVE-2003-0914 MEDIUM

ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote attackers to poison the cache via a malicious name server that returns negative responses with a large TTL (time-to-live) value.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.7
isc bind 8.2.6
sun solaris 7.0
sun solaris 8.0
freebsd freebsd 4.6
isc bind 8.3.0
nixu namesurfer standard_3.0.1
compaq tru64 5.1b
isc bind 8.4
compaq tru64 4.0f_pk6_bl17
compaq tru64 5.1_pk4_bl18
compaq tru64 5.1b_pk1_bl1
isc bind 8.3.2
hp hp-ux 11.11
compaq tru64 5.1_pk6_bl20
isc bind 8.3.4
compaq tru64 5.1a_pk4_bl21
compaq tru64 4.0g
isc bind 8.2.3
compaq tru64 4.0f_pk8_bl22
isc bind 8.2.4
compaq tru64 5.1a_pk2_bl2
freebsd freebsd 4.5
compaq tru64 4.0g_pk4_bl22
isc bind 8.3.3
sun solaris 9.0
compaq tru64 4.0g_pk3_bl17
isc bind 8.2.5
compaq tru64 4.0f_pk7_bl18
freebsd freebsd 4.6.2
compaq tru64 5.1a
netbsd netbsd 1.6
isc bind 8.3.1
hp hp-ux 11.00
freebsd freebsd 4.9
isc bind 8.2.7
netbsd netbsd 1.6.1
compaq tru64 5.1a_pk1_bl1
sun sunos 5.8
nixu namesurfer suite_3.0.1
compaq tru64 5.1
compaq tru64 5.1b_pk2_bl22
freebsd freebsd 5.0
compaq tru64 5.1a_pk3_bl3
isc bind 8.3.5
freebsd freebsd 4.8
ibm aix 5.1l
compaq tru64 4.0f
compaq tru64 5.1_pk5_bl19
compaq tru64 5.1_pk3_bl17
freebsd freebsd 4.4
freebsd freebsd 4.7
isc bind 8.3.6
isc bind 8.4.1
sco unixware 7.1.1
compaq tru64 5.1a_pk5_bl23
netbsd netbsd current
CVE-2005-0223 MEDIUM

The Software Development Kit (SDK) and Run Time Environment (RTE) 1.4.1 and 1.4.2 for Tru64 UNIX allows remote attackers to cause a denial of service (Java Virtual Machine hang) via object deserialization.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
compaq tru64 *
sun rte 1.4.2
sun rte 1.4.1
sun sdk 1.4.2
sun sdk 1.4.1
CVE-2005-2982 MEDIUM

Cross-site scripting (XSS) vulnerability in CompaqHTTPServer 2.1 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly quoted in the resulting 404 error page.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
compaq compaqhttpserver 2.1