MidnightBSD

Advisories for cray

CVE-1999-0041 HIGH

Buffer overflow in NLS (Natural Language Service).

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
cray unicos 9.2
gnu libc 5.0.9
ibm aix 4.1
gnu libc 5.2.18
ibm aix 3.2.5
ibm aix 4.2
cray unicos 9.0
cray unicos_max 1.3
redhat linux 4.0
gnu libc 5.3.12
slackware slackware_linux 3.1
cray unicos 1.5
CVE-1999-0099 HIGH

Buffer overflow in syslog utility allows local or remote attackers to gain root privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
convex convexos 11.0
convex convexos 11.1
cray unicos 8.3
ibm aix 4.1
convex spp-ux 3
bsdi bsd_os 2.0.1
sun sunos 4.1.3
cray unicos 9.0
ibm aix 3.2
sun sunos 5.4
sun sunos 4.1.4
convex convexos 10.2
bsdi bsd_os 2.0
cray unicos 8.0
sun sunos 4.1.3u1
convex convexos 10.1
sun solaris 2.4
sun sunos 5.3
CVE-1999-0692 HIGH

The default configuration of the Array Services daemon (arrayd) disables authentication, allowing remote users to gain root privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sgi irix 6.3
sgi irix 6.4
sgi irix 6.5.3
sgi irix 6.5.2
sgi irix 6.5.1
sgi irix 6.2
sgi irix 6.5
sgi irix 6.5.4
cray unicos *
CVE-1999-1300 LOW

Vulnerability in accton in Cray UNICOS 6.1 and 6.0 allows local users to read arbitrary files and modify system accounting configuration.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
cray unicos 6.0
cray unicos 6.1
CVE-1999-1468 MEDIUM

rdist in various UNIX systems uses popen to execute sendmail, which allows local users to gain root privileges by modifying the IFS (Internal Field Separator) variable.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sgi irix 4.0
sgi irix 3.3.2
cray unicos 6.0
sgi irix 3.3.3
sun sunos 4.0.3c
next next 2.0
sgi irix 3.3.1
cray unicos 6.0e
next next 2.1
cray unicos 6.1
sun sunos 4.1psr_a
sun sunos 4.0.3
sun sunos 4.1
sun sunos 4.1.1
sgi irix 3.3
CVE-2001-0891 HIGH

Format string vulnerability in NQS daemon (nqsdaemon) in NQE 3.3.0.16 for CRAY UNICOS and SGI IRIX allows a local user to gain root privileges by using qsub to submit a batch job whose name contains formatting characters.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sgi nqsdaemon 3.3.0.16
cray unicos *
CVE-2003-0028 HIGH

Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openbsd 2.7
mit kerberos_5 1.2.4
cray unicos 6.0
sgi irix 6.5.2f
openafs openafs 1.0
openbsd openbsd 2.3
freebsd freebsd 4.2
cray unicos 9.0
sgi irix 6.5.14f
sgi irix 6.5.9m
openbsd openbsd 2.6
freebsd freebsd 4.6
sgi irix 6.5.13
openbsd openbsd 3.2
hp hp-ux 11.22
openbsd openbsd 2.5
sgi irix 6.5.17f
sgi irix 6.5.7f
openafs openafs 1.0.2
openafs openafs 1.3
openafs openafs 1.1.1a
sgi irix 6.5.4
openbsd openbsd 3.1
sgi irix 6.5.6m
freebsd freebsd 4.6.2
gnu glibc 2.3.2
gnu glibc 2.1
openafs openafs 1.2
sgi irix 6.5.10m
openafs openafs 1.0.4a
openbsd openbsd 2.4
sun solaris 8.0
openafs openafs 1.2.2b
sgi irix 6.5.2
sgi irix 6.5.12
sgi irix 6.5.1
openafs openafs 1.3.2
openafs openafs 1.2.4
freebsd freebsd 5.0
sgi irix 6.5.9
openafs openafs 1.2.3
cray unicos 8.0
sgi irix 6.5.8m
sgi irix 6.5.20
cray unicos 9.2
openafs openafs 1.1.1
freebsd freebsd 4.1
freebsd freebsd 4.7
gnu glibc 2.2.5
sgi irix 6.5.7m
gnu glibc 2.1.1
sgi irix 6.5.7
sgi irix 6.5.12f
openafs openafs 1.0.3
freebsd freebsd 4.1.1
sgi irix 6.5.10
sgi irix 6.5.11f
sgi irix 6.5
sgi irix 6.5.17
mit kerberos_5 1.2.2
sgi irix 6.5.3m
gnu glibc 2.2.4
sun sunos 5.7
hp hp-ux_series_800 10.20
sgi irix 6.5.12m
mit kerberos_5 1.2.5
cray unicos 7.0
mit kerberos_5 1.2.7
hp hp-ux 11.00
sgi irix 6.5.5m
sun sunos 5.8
gnu glibc 2.1.2
openafs openafs 1.3.1
openafs openafs 1.1
sgi irix 6.5.18
sgi irix 6.5.9f
sgi irix 6.5.14m
sgi irix 6.5.6
sun solaris 7.0
gnu glibc 2.1.3
sgi irix 6.5.8
sgi irix 6.5.16f
openafs openafs 1.0.4
ibm aix 4.3.3
cray unicos 6.1
sgi irix 6.5.11m
freebsd freebsd 4.4
ibm aix 5.1
mit kerberos_5 1.2
sgi irix 6.5.4m
hp hp-ux 11.20
sgi irix 6.5.6f
sgi irix 6.5.14
hp hp-ux_series_700 10.20
sgi irix 6.5.15m
mit kerberos_5 1.2.1
sgi irix 6.5.18f
freebsd freebsd 4.5
openafs openafs 1.2.5
hp hp-ux 11.11
gnu glibc 2.2.3
cray unicos 6.0e
sun sunos -
ibm aix 5.2
sgi irix 6.5.17m
openbsd openbsd 2.0
sgi irix 6.5.15
sgi irix 6.5.13f
sgi irix 6.5.2m
sgi irix 6.5.19
hp hp-ux 11.04
sgi irix 6.5.16
sun solaris 2.5.1
cray unicos 8.3
cray unicos 9.0.2.5
sgi irix 6.5.4f
gnu glibc 2.2.2
mit kerberos_5 1.2.3
sgi irix 6.5.5f
sgi irix 6.5.5
openbsd openbsd 2.9
openafs openafs 1.2.6
sun sunos 5.5.1
sun solaris 9.0
hp hp-ux 10.20
openafs openafs 1.2.2a
openbsd openbsd 2.1
sgi irix 6.5.16m
gnu glibc 2.2.1
openafs openafs 1.2.1
sun solaris 2.6
sgi irix 6.5.10f
hp hp-ux 10.24
freebsd freebsd 4.0
sgi irix 6.5.8f
sgi irix 6.5.11
sgi irix 6.5.15f
sgi irix 6.5.3
sgi irix 6.5.3f
openafs openafs 1.0.1
gnu glibc 2.3.1
sgi irix 6.5.18m
openbsd openbsd 3.0
mit kerberos_5 1.2.6
gnu glibc 2.2
openbsd openbsd 2.2
freebsd freebsd 4.3
openbsd openbsd 2.8
sgi irix 6.5.13m
gnu glibc 2.3
openafs openafs 1.2.2
cray unicos 9.2.4
CVE-2006-0177 HIGH

Multiple buffer overflows in Cray UNICOS 9.0.2.2 might allow local users to gain privileges by (1) invoking /usr/bin/script with a long command line argument or (2) setting the -c option of /etc/nu to the name of a file containing a long line.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
cray unicos 9.0.2.2
CVE-2006-0178 HIGH

Format string vulnerability in /bin/ftp in UNICOS 9.0.2.2 allows local users to have an unknown impact via format string specifiers in the quote command. NOTE: because the program is not setuid and not normally called from remote programs, there may not be a typical attack vector for the issue that crosses privilege boundaries. Therefore this may not be a vulnerability.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
cray unicos 9.0.2.2
CVE-2014-0748 HIGH

apinit on Cray devices with CLE before 4.2.UP02 and 5.x before 5.1.UP00 does not use alpsauth data to validate the UID in a launch message, which allows local users to gain privileges via a modified aprun program, aka ID FN5912.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
cray cray_linux_environment *
cray cray_linux_environment 5.1