Buffer overflow in NLS (Natural Language Service).
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cray | unicos | 9.2 |
| gnu | libc | 5.0.9 |
| ibm | aix | 4.1 |
| gnu | libc | 5.2.18 |
| ibm | aix | 3.2.5 |
| ibm | aix | 4.2 |
| cray | unicos | 9.0 |
| cray | unicos_max | 1.3 |
| redhat | linux | 4.0 |
| gnu | libc | 5.3.12 |
| slackware | slackware_linux | 3.1 |
| cray | unicos | 1.5 |
Buffer overflow in syslog utility allows local or remote attackers to gain root privileges.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| convex | convexos | 11.0 |
| convex | convexos | 11.1 |
| cray | unicos | 8.3 |
| ibm | aix | 4.1 |
| convex | spp-ux | 3 |
| bsdi | bsd_os | 2.0.1 |
| sun | sunos | 4.1.3 |
| cray | unicos | 9.0 |
| ibm | aix | 3.2 |
| sun | sunos | 5.4 |
| sun | sunos | 4.1.4 |
| convex | convexos | 10.2 |
| bsdi | bsd_os | 2.0 |
| cray | unicos | 8.0 |
| sun | sunos | 4.1.3u1 |
| convex | convexos | 10.1 |
| sun | solaris | 2.4 |
| sun | sunos | 5.3 |
The default configuration of the Array Services daemon (arrayd) disables authentication, allowing remote users to gain root privileges.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sgi | irix | 6.3 |
| sgi | irix | 6.4 |
| sgi | irix | 6.5.3 |
| sgi | irix | 6.5.2 |
| sgi | irix | 6.5.1 |
| sgi | irix | 6.2 |
| sgi | irix | 6.5 |
| sgi | irix | 6.5.4 |
| cray | unicos | * |
Vulnerability in accton in Cray UNICOS 6.1 and 6.0 allows local users to read arbitrary files and modify system accounting configuration.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cray | unicos | 6.0 |
| cray | unicos | 6.1 |
rdist in various UNIX systems uses popen to execute sendmail, which allows local users to gain root privileges by modifying the IFS (Internal Field Separator) variable.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sgi | irix | 4.0 |
| sgi | irix | 3.3.2 |
| cray | unicos | 6.0 |
| sgi | irix | 3.3.3 |
| sun | sunos | 4.0.3c |
| next | next | 2.0 |
| sgi | irix | 3.3.1 |
| cray | unicos | 6.0e |
| next | next | 2.1 |
| cray | unicos | 6.1 |
| sun | sunos | 4.1psr_a |
| sun | sunos | 4.0.3 |
| sun | sunos | 4.1 |
| sun | sunos | 4.1.1 |
| sgi | irix | 3.3 |
Format string vulnerability in NQS daemon (nqsdaemon) in NQE 3.3.0.16 for CRAY UNICOS and SGI IRIX allows a local user to gain root privileges by using qsub to submit a batch job whose name contains formatting characters.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sgi | nqsdaemon | 3.3.0.16 |
| cray | unicos | * |
Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| openbsd | openbsd | 2.7 |
| mit | kerberos_5 | 1.2.4 |
| cray | unicos | 6.0 |
| sgi | irix | 6.5.2f |
| openafs | openafs | 1.0 |
| openbsd | openbsd | 2.3 |
| freebsd | freebsd | 4.2 |
| cray | unicos | 9.0 |
| sgi | irix | 6.5.14f |
| sgi | irix | 6.5.9m |
| openbsd | openbsd | 2.6 |
| freebsd | freebsd | 4.6 |
| sgi | irix | 6.5.13 |
| openbsd | openbsd | 3.2 |
| hp | hp-ux | 11.22 |
| openbsd | openbsd | 2.5 |
| sgi | irix | 6.5.17f |
| sgi | irix | 6.5.7f |
| openafs | openafs | 1.0.2 |
| openafs | openafs | 1.3 |
| openafs | openafs | 1.1.1a |
| sgi | irix | 6.5.4 |
| openbsd | openbsd | 3.1 |
| sgi | irix | 6.5.6m |
| freebsd | freebsd | 4.6.2 |
| gnu | glibc | 2.3.2 |
| gnu | glibc | 2.1 |
| openafs | openafs | 1.2 |
| sgi | irix | 6.5.10m |
| openafs | openafs | 1.0.4a |
| openbsd | openbsd | 2.4 |
| sun | solaris | 8.0 |
| openafs | openafs | 1.2.2b |
| sgi | irix | 6.5.2 |
| sgi | irix | 6.5.12 |
| sgi | irix | 6.5.1 |
| openafs | openafs | 1.3.2 |
| openafs | openafs | 1.2.4 |
| freebsd | freebsd | 5.0 |
| sgi | irix | 6.5.9 |
| openafs | openafs | 1.2.3 |
| cray | unicos | 8.0 |
| sgi | irix | 6.5.8m |
| sgi | irix | 6.5.20 |
| cray | unicos | 9.2 |
| openafs | openafs | 1.1.1 |
| freebsd | freebsd | 4.1 |
| freebsd | freebsd | 4.7 |
| gnu | glibc | 2.2.5 |
| sgi | irix | 6.5.7m |
| gnu | glibc | 2.1.1 |
| sgi | irix | 6.5.7 |
| sgi | irix | 6.5.12f |
| openafs | openafs | 1.0.3 |
| freebsd | freebsd | 4.1.1 |
| sgi | irix | 6.5.10 |
| sgi | irix | 6.5.11f |
| sgi | irix | 6.5 |
| sgi | irix | 6.5.17 |
| mit | kerberos_5 | 1.2.2 |
| sgi | irix | 6.5.3m |
| gnu | glibc | 2.2.4 |
| sun | sunos | 5.7 |
| hp | hp-ux_series_800 | 10.20 |
| sgi | irix | 6.5.12m |
| mit | kerberos_5 | 1.2.5 |
| cray | unicos | 7.0 |
| mit | kerberos_5 | 1.2.7 |
| hp | hp-ux | 11.00 |
| sgi | irix | 6.5.5m |
| sun | sunos | 5.8 |
| gnu | glibc | 2.1.2 |
| openafs | openafs | 1.3.1 |
| openafs | openafs | 1.1 |
| sgi | irix | 6.5.18 |
| sgi | irix | 6.5.9f |
| sgi | irix | 6.5.14m |
| sgi | irix | 6.5.6 |
| sun | solaris | 7.0 |
| gnu | glibc | 2.1.3 |
| sgi | irix | 6.5.8 |
| sgi | irix | 6.5.16f |
| openafs | openafs | 1.0.4 |
| ibm | aix | 4.3.3 |
| cray | unicos | 6.1 |
| sgi | irix | 6.5.11m |
| freebsd | freebsd | 4.4 |
| ibm | aix | 5.1 |
| mit | kerberos_5 | 1.2 |
| sgi | irix | 6.5.4m |
| hp | hp-ux | 11.20 |
| sgi | irix | 6.5.6f |
| sgi | irix | 6.5.14 |
| hp | hp-ux_series_700 | 10.20 |
| sgi | irix | 6.5.15m |
| mit | kerberos_5 | 1.2.1 |
| sgi | irix | 6.5.18f |
| freebsd | freebsd | 4.5 |
| openafs | openafs | 1.2.5 |
| hp | hp-ux | 11.11 |
| gnu | glibc | 2.2.3 |
| cray | unicos | 6.0e |
| sun | sunos | - |
| ibm | aix | 5.2 |
| sgi | irix | 6.5.17m |
| openbsd | openbsd | 2.0 |
| sgi | irix | 6.5.15 |
| sgi | irix | 6.5.13f |
| sgi | irix | 6.5.2m |
| sgi | irix | 6.5.19 |
| hp | hp-ux | 11.04 |
| sgi | irix | 6.5.16 |
| sun | solaris | 2.5.1 |
| cray | unicos | 8.3 |
| cray | unicos | 9.0.2.5 |
| sgi | irix | 6.5.4f |
| gnu | glibc | 2.2.2 |
| mit | kerberos_5 | 1.2.3 |
| sgi | irix | 6.5.5f |
| sgi | irix | 6.5.5 |
| openbsd | openbsd | 2.9 |
| openafs | openafs | 1.2.6 |
| sun | sunos | 5.5.1 |
| sun | solaris | 9.0 |
| hp | hp-ux | 10.20 |
| openafs | openafs | 1.2.2a |
| openbsd | openbsd | 2.1 |
| sgi | irix | 6.5.16m |
| gnu | glibc | 2.2.1 |
| openafs | openafs | 1.2.1 |
| sun | solaris | 2.6 |
| sgi | irix | 6.5.10f |
| hp | hp-ux | 10.24 |
| freebsd | freebsd | 4.0 |
| sgi | irix | 6.5.8f |
| sgi | irix | 6.5.11 |
| sgi | irix | 6.5.15f |
| sgi | irix | 6.5.3 |
| sgi | irix | 6.5.3f |
| openafs | openafs | 1.0.1 |
| gnu | glibc | 2.3.1 |
| sgi | irix | 6.5.18m |
| openbsd | openbsd | 3.0 |
| mit | kerberos_5 | 1.2.6 |
| gnu | glibc | 2.2 |
| openbsd | openbsd | 2.2 |
| freebsd | freebsd | 4.3 |
| openbsd | openbsd | 2.8 |
| sgi | irix | 6.5.13m |
| gnu | glibc | 2.3 |
| openafs | openafs | 1.2.2 |
| cray | unicos | 9.2.4 |
Multiple buffer overflows in Cray UNICOS 9.0.2.2 might allow local users to gain privileges by (1) invoking /usr/bin/script with a long command line argument or (2) setting the -c option of /etc/nu to the name of a file containing a long line.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cray | unicos | 9.0.2.2 |
Format string vulnerability in /bin/ftp in UNICOS 9.0.2.2 allows local users to have an unknown impact via format string specifiers in the quote command. NOTE: because the program is not setuid and not normally called from remote programs, there may not be a typical attack vector for the issue that crosses privilege boundaries. Therefore this may not be a vulnerability.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cray | unicos | 9.0.2.2 |
apinit on Cray devices with CLE before 4.2.UP02 and 5.x before 5.1.UP00 does not use alpsauth data to validate the UID in a launch message, which allows local users to gain privileges via a modified aprun program, aka ID FN5912.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cray | cray_linux_environment | * |
| cray | cray_linux_environment | 5.1 |