MidnightBSD

Advisories for digital

CVE-1999-0046 HIGH

Buffer overflow of rlogin program using TERM environmental variable.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
next nextstep 3.1
next nextstep 2.0
sun solaris 2.5.1
data_general dg_ux 1.0
oracle solaris 2.6
hp hp-ux 10.20
netbsd netbsd 1.1
hp hp-ux 10.01
next nextstep 3.0
digital ultrix 2.2
hp hp-ux 10.00
freebsd freebsd 2.0
ibm aix 4.1.3
hp hp-ux 10.34
sun sunos 5.5
ibm aix 4.1
hp hp-ux 10.08
oracle solaris 7.0
digital ultrix 4.1
bsdi bsd_os 1.1
hp hp-ux 10.24
digital ultrix 3.0
next nextstep 3.2
netbsd netbsd 1.0
hp hp-ux 10.09
hp hp-ux 10.10
next nextstep 1.0
bsdi bsd_os 2.1
debian debian_linux 0.93
digital ultrix 4.3
digital ultrix 4.5
data_general dg_ux 2.0
bsdi bsd_os 2.0.1
hp hp-ux 10.16
data_general dg_ux 3.0
sun solaris 2.5
data_general dg_ux 4.0
sun sunos 5.3
sun sunos 5.5.1
sun sunos 4.1.4
oracle solaris -
freebsd freebsd 2.1.5
digital ultrix 4.2
next nextstep 1.0a
hp hp-ux 10.30
sun solaris 2.4
digital ultrix 4.3a
oracle solaris 8
digital unix 4.0a
bsdi bsd_os 2.0
digital ultrix 4.4
ibm aix 4.1.5
sun sunos 4.1.3u1
freebsd freebsd 2.0.5
digital unix 4.0
digital ultrix -
ibm aix 4.1.4
freebsd freebsd 1.1.5.1
next nextstep 2.1
next nextstep -
freebsd freebsd 2.1.0
ibm aix 3.2
digital ultrix 4.0
next nextstep 3.3
ibm aix 4.1.1
sun sunos 5.4
digital unix 3.2g
next nextstep 4.0
ibm aix 4.1.2
digital unix 4.0b
CVE-1999-0073 HIGH

Telnet allows a remote client to specify environment variables including LD_LIBRARY_PATH, allowing an attacker to bypass the normal system libraries and gain root access.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sgi irix 5.1.1
sgi irix 6.0
sgi irix 6.2
sgi irix 5.0.1
digital unix 4.0
sgi irix 5.1
sgi irix 5.0
digital osf_1 3.0
sgi irix 5.2
sgi irix 6.0.1
digital osf_1 2.0
sgi irix 5.3
sgi irix 6.1
sgi irix 6.3
digital osf_1 1.2
digital unix 3.2g
digital osf_1 3.2
digital osf_1 1.3
CVE-1999-0128 MEDIUM

Oversized ICMP ping packets can result in a denial of service, aka Ping o' Death.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
linux linux_kernel 2.0
sco tcp_ip 1.2.1
ibm sng *
ibm sng 2.1
ibm aix 4.2
sco open_desktop 3.0
sco internet_faststart 1.0
sco internet_faststart 1.1
sun sunos 5.5.1
ibm aix 3.2
linux linux_kernel 1.3.0
sco openserver 5.0
digital osf_1 1.3.3
sco openserver 5.0.2
sun sunos 5.4
ibm sng 2.2
sun sunos 5.5
ibm aix 4.1
CVE-1999-0131 HIGH

Buffer overflow and denial of service in Sendmail 8.7.5 and earlier through GECOS field gives root access to local users.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
eric_allman sendmail 8.7.2
redhat linux 3.0.3
ibm aix 4.2
hp hp-ux 10.20
hp hp-ux 10.01
sco internet_faststart 1.0
eric_allman sendmail 8.7.1
ibm aix 3.2
eric_allman sendmail 8.6
sco openserver 5.0
sco openserver 5.0.2
freebsd freebsd 2.1.5
eric_allman sendmail 8.7.5
hp hp-ux 10.10
eric_allman sendmail 8.7.3
eric_allman sendmail 8.7.4
bsdi bsd_os 2.1
digital osf_1 1.3.2
ibm aix 4.1
CVE-1999-0138 HIGH

The suidperl and sperl program do not give up root privileges when changing UIDs back to the original users, allowing root access.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
linux linux_kernel 1.2.0
linux linux_kernel 2.0
ibm aix 3.2.5
freebsd freebsd 2.0.5
apple a_ux 3.1.1
hp hp-ux 10
ibm aix 4
nec ews-ux_v 4.2
freebsd freebsd 2.1.0
nec up-ux_v 4.2mp
hp hp-ux 8
hp hp-ux 9
nec ews-ux_v 4.2mp
freebsd freebsd 2.0
nec asl_ux_4800 *
digital osf_1 1.3
CVE-1999-0170 HIGH

Remote attackers can mount an NFS file system in Ultrix or OSF, even if it is denied on the access list.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
digital ultrix *
CVE-1999-0303 MEDIUM

Buffer overflow in BNU UUCP daemon (uucpd) through long hostnames.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openbsd 2.1
sun solaris 2.5
netbsd netbsd 1.3
sun solaris 1.1.4
sun sunos 4.1.3
sun solaris *
sun sunos 5.3
sun sunos 5.5.1
sun sunos 5.0
sun sunos 5.2
sun sunos 4.1.4
digital osf_1 1.1
netbsd netbsd 1.3.1
sun sunos 5.4
sun solaris 2.4
openbsd openbsd 2.2
sun sunos -
sun solaris 1.1.3
sun sunos 5.1
sun sunos 5.5
CVE-1999-0358 HIGH

Digital Unix 4.0 has a buffer overflow in the inc program of the mh package.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
digital unix 4.0e
digital unix 4.0
digital unix 4.0d
digital unix 4.0b
digital unix 4.0a
digital unix 4.0c
CVE-1999-0406 HIGH

Digital Unix Networker program nsralist has a buffer overflow which allows local users to obtain root privilege.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
digital unix *
CVE-1999-0513 MEDIUM

ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack that can cause a denial of service.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
linux linux_kernel 2.0
ibm aix 3.2.5
netbsd netbsd 1.2
sun solaris 2.5.1
sun solaris 2.5
hp hp-ux 10.20
freebsd freebsd 2.2.2
sun sunos 5.5.1
freebsd freebsd 2.1.5
ibm aix 3.2.4
sun solaris 2.4
freebsd freebsd 2.1.7.1
digital unix 4.0a
sun sunos 5.5
freebsd freebsd 2.0.5
freebsd freebsd 2.2.3
digital unix 4.0
hp hp-ux 11.00
freebsd freebsd 2.2.4
digital unix 4.0d
freebsd freebsd 1.1.5.1
ibm aix 3.1
digital unix 4.0c
freebsd freebsd 2.1.0
sun solaris 2.6
ibm aix 3.2
linux linux_kernel 2.1
sun sunos 5.4
digital unix 3.2g
sun sunos -
freebsd freebsd 2.1.6
digital unix 4.0b
CVE-1999-0687 HIGH

The ToolTalk ttsession daemon uses weak RPC authentication, which allows a remote attacker to execute commands.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.7
sun solaris 2.5.1
sun solaris 2.5
ibm aix 4.2.1
ibm aix 4.3
sun solaris 7.0
ibm aix 4.3.2
sun sunos 5.3
sun sunos 5.5.1
cde cde 1.0.2
sun sunos 4.1.4
cde cde 1.2
sun solaris 2.4
ibm aix 4.1.3
ibm aix 4.3.1
cde cde 2.1
sun sunos 5.5
ibm aix 4.1
ibm aix 4.1.5
digital unix 4.0f
sun sunos 4.1.3u1
digital unix 4.0d
ibm aix 4.2
ibm aix 4.1.4
cde cde 1.1
sun solaris 2.6
cde cde 2.0
cde cde 2.120
cde cde 1.0.1
ibm aix 4.1.1
sun sunos 5.4
sun sunos -
ibm aix 4.1.2
CVE-1999-0691 HIGH

Buffer overflow in the AddSuLog function of the CDE dtaction utility allows local users to gain root privileges via a long user name.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.7
sun solaris 2.5.1
ibm aix 4.2.1
ibm aix 4.3
sun solaris 7.0
ibm aix 4.3.2
sun sunos 5.5.1
cde cde 1.0.2
cde cde 1.2
sun solaris 2.4
ibm aix 4.1.3
ibm aix 4.3.1
cde cde 2.1
sun sunos 5.5
ibm aix 4.1
ibm aix 4.1.5
digital unix 4.0f
digital unix 4.0e
digital unix 4.0d
ibm aix 4.2
ibm aix 4.1.4
cde cde 1.1
sun solaris 2.6
cde cde 2.0
cde cde 1.0.1
ibm aix 4.1.1
sun sunos 5.4
ibm aix 4.1.2
CVE-1999-0713 HIGH

The dtlogin program in Compaq Tru64 UNIX allows local users to gain root privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
cde cde *
transarc afs *
mit kerberos_5 -
digital unix *
CVE-1999-0714 LOW

Vulnerability in Compaq Tru64 UNIX edauth command.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
digital unix 4.0e
digital unix 4.0
digital unix 3.2g
digital unix 4.0d
digital unix 4.0b
digital unix 4.0a
digital unix 4.0c
CVE-1999-1032 HIGH

Vulnerability in LAT/Telnet Gateway (lattelnet) on Ultrix 4.1 and 4.2 allows attackers to gain root privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
digital ultrix 4.2
digital ultrix 4.1
CVE-1999-1044 MEDIUM

Vulnerability in Advanced File System Utility (advfs) in Digital UNIX 4.0 through 4.0d allows local users to gain privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
digital unix v4.0
digital unix *
CVE-1999-1057 MEDIUM

VMS 4.0 through 5.3 allows local users to gain privileges via the ANALYZE/PROCESS_DUMP dcl command.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
digital vms *
CVE-1999-1103 MEDIUM

dxconsole in DEC OSF/1 3.2C and earlier allows local users to read arbitrary files by specifying the file with the -file parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
digital osf_1 *
CVE-1999-1194 HIGH

chroot in Digital Ultrix 4.1 and 4.0 is insecurely installed, which allows local users to gain privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
digital ultrix 4.0
digital ultrix 4.1
CVE-1999-1210 HIGH

xterm in Digital UNIX 4.0B *with* patch kit 5 allows local users to overwrite arbitrary files via a symlink attack on a core dump file, which is created when xterm is called with a DISPLAY environmental variable set to a display that xterm cannot access.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
digital unix 4.0b
CVE-1999-1221 LOW

dxchpwd in Digital Unix (OSF/1) 3.x allows local users to modify arbitrary files via a symlink attack on the dxchpwd.log file.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
digital unix 3
CVE-1999-1225 MEDIUM

rpc.mountd on Linux, Ultrix, and possibly other operating systems, allows remote attackers to determine the existence of a file on the server by attempting to mount that file, which generates different error messages depending on whether the file exists or not.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris *
netbsd netbsd 2.0.4
openbsd openbsd *
linux linux_kernel 2.6.20.1
digital ultrix *
CVE-1999-1415 MEDIUM

Vulnerability in /usr/bin/mail in DEC ULTRIX before 4.2 allows local users to gain privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
digital ultrix *
CVE-1999-1458 HIGH

Buffer overflow in at program in Digital UNIX 4.0 allows local users to gain root privileges via a long command line argument.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
digital unix 4.0e
digital unix 4.0
digital unix 4.0d
digital unix 4.0b
digital unix 4.0a
digital unix 4.0c
CVE-1999-1558 HIGH

Vulnerability in loginout in Digital OpenVMS 7.1 and earlier allows unauthorized access when external authentication is enabled.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
digital digital_openvms 7.1
digital digital_openvms_axp 7.1
CVE-2000-0314 MEDIUM

traceroute in NetBSD 1.3.3 and Linux systems allows local users to flood other systems by providing traceroute with a large waittime (-w) option, which is not parsed properly and sets the time delay for sending packets to zero.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
debian debian_linux 2.0.34
redhat linux 2.0.34
slackware slackware_linux 2.0.34
netbsd netbsd *
digital unix 4.0
CVE-2000-0315 MEDIUM

traceroute in NetBSD 1.3.3 and Linux systems allows local unprivileged users to modify the source address of the packets, which could be used in spoofing attacks.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
debian debian_linux 2.0.34
redhat linux 2.0.34
slackware slackware_linux 2.0.34
netbsd netbsd *
digital unix 4.0
CVE-2000-0845 MEDIUM

kdebug daemon (kdebugd) in Digital Unix 4.0F allows remote attackers to read arbitrary files by specifying the full file name in the initialization packet.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
digital unix 4.0f
CVE-2001-0134 HIGH

Buffer overflow in cpqlogin.htm in web-enabled agents for various Compaq management software products such as Insight Manager and Management Agents allows remote attackers to execute arbitrary commands via a long user name.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
compaq armada_insight_manager 4.20j
compaq armada_insight_manager 4.20
compaq survey_utility 2.33
compaq insight_management_desktop_web_agent 3.7
compaq enterprise_volume_manager-command_scripter 1.1
compaq management_agents 4.30j
compaq management_agents 4.36j
compaq insight_manager_xe 1.0
compaq management_agents 4.35j
compaq enterprise_volume_manager-command_scripter 1.0
compaq insight_manager_lc 1.3c
compaq foundation_agents 4.0
compaq storage_allocation_reporter 1.0
compaq survey_utility 2.18
compaq insight_manager_xe 1.21
digital unix 5.0
digital unix 4.0f
compaq insight_management_agent 4.37e
compaq foundation_agents 4.90
compaq management_agents 4.36e
compaq survey_utility 2.17
compaq sanworks_resource_monitor 1.0
compaq system_healthcheck 3.0
compaq intelligent_cluster_administrator 1.0
compaq open_san_manager 1.0
compaq foundation_agents 2.1
digital unix 4.0g
compaq insight_manager_lc 1.50a
compaq foundation_agents 1.0
compaq intelligent_cluster_administrator 2.1
CVE-2001-0369 HIGH

Buffer overflow in lpsched on DGUX version R4.20MU06 and MU02 allows a local attacker to obtain root access via a long command line argument (non-existent printer name).

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
digital unix r4.20mu06
digital unix mu02
CVE-2002-1127 HIGH

Buffer overflow in uucp in Compaq Tru64/OSF1 3.x allows local users to execute arbitrary code via a long source (-s) command line parameter.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
digital osf_1 3.2b
digital osf_1 3.2de2
digital osf_1 3.2c
digital osf_1 3.2g
digital osf_1 3.2de1
digital osf_1 3.2f
digital osf_1 3.2
digital osf_1 3.0
digital osf_1 3.0b
digital osf_1 3.2d
CVE-2002-1128 HIGH

Buffer overflow in inc mail utility for Compaq Tru64/OSF1 3.x allows local users to execute arbitrary code via a long MH environment variable.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
digital osf_1 3.2b
digital osf_1 3.2c
digital osf_1 3.2de1
digital osf_1 3.0
digital osf_1 3.2de2
digital ultrix 3.0
digital osf_1 4.0
digital osf_1 3.2g
digital osf_1 3.2f
digital osf_1 3.2
digital osf_1 3.0b
digital osf_1 3.2d
CVE-2002-1129 HIGH

Buffer overflow in dxterm allows local users to execute arbitrary code via a long -xrm argument.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
compaq tru64 5.1a_pk1_bl1
digital osf_1 3.2c
compaq tru64 5.1
compaq tru64 5.0_pk4_bl17
compaq tru64 5.1_pk4_bl18
compaq tru64 5.0
compaq tru64 5.0_pk4_bl18
compaq tru64 5.1a
digital osf_1 3.2
compaq tru64 4.0f_pk6_bl17
digital osf_1 3.2d
compaq tru64 4.0f
digital osf_1 3.2b
digital osf_1 3.2de1
compaq tru64 5.1_pk5_bl19
digital osf_1 3.0
digital osf_1 3.2de2
compaq tru64 5.1_pk3_bl17
compaq tru64 5.0a_pk3_bl17
compaq tru64 5.1a_pk2_bl2
compaq tru64 5.0a
compaq tru64 4.0g_pk3_bl17
compaq tru64 4.0g
digital osf_1 3.2g
digital osf_1 3.2f
compaq tru64 4.0f_pk7_bl18
digital osf_1 3.0b