Buffer overflow of rlogin program using TERM environmental variable.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| next | nextstep | 3.1 |
| next | nextstep | 2.0 |
| sun | solaris | 2.5.1 |
| data_general | dg_ux | 1.0 |
| oracle | solaris | 2.6 |
| hp | hp-ux | 10.20 |
| netbsd | netbsd | 1.1 |
| hp | hp-ux | 10.01 |
| next | nextstep | 3.0 |
| digital | ultrix | 2.2 |
| hp | hp-ux | 10.00 |
| freebsd | freebsd | 2.0 |
| ibm | aix | 4.1.3 |
| hp | hp-ux | 10.34 |
| sun | sunos | 5.5 |
| ibm | aix | 4.1 |
| hp | hp-ux | 10.08 |
| oracle | solaris | 7.0 |
| digital | ultrix | 4.1 |
| bsdi | bsd_os | 1.1 |
| hp | hp-ux | 10.24 |
| digital | ultrix | 3.0 |
| next | nextstep | 3.2 |
| netbsd | netbsd | 1.0 |
| hp | hp-ux | 10.09 |
| hp | hp-ux | 10.10 |
| next | nextstep | 1.0 |
| bsdi | bsd_os | 2.1 |
| debian | debian_linux | 0.93 |
| digital | ultrix | 4.3 |
| digital | ultrix | 4.5 |
| data_general | dg_ux | 2.0 |
| bsdi | bsd_os | 2.0.1 |
| hp | hp-ux | 10.16 |
| data_general | dg_ux | 3.0 |
| sun | solaris | 2.5 |
| data_general | dg_ux | 4.0 |
| sun | sunos | 5.3 |
| sun | sunos | 5.5.1 |
| sun | sunos | 4.1.4 |
| oracle | solaris | - |
| freebsd | freebsd | 2.1.5 |
| digital | ultrix | 4.2 |
| next | nextstep | 1.0a |
| hp | hp-ux | 10.30 |
| sun | solaris | 2.4 |
| digital | ultrix | 4.3a |
| oracle | solaris | 8 |
| digital | unix | 4.0a |
| bsdi | bsd_os | 2.0 |
| digital | ultrix | 4.4 |
| ibm | aix | 4.1.5 |
| sun | sunos | 4.1.3u1 |
| freebsd | freebsd | 2.0.5 |
| digital | unix | 4.0 |
| digital | ultrix | - |
| ibm | aix | 4.1.4 |
| freebsd | freebsd | 1.1.5.1 |
| next | nextstep | 2.1 |
| next | nextstep | - |
| freebsd | freebsd | 2.1.0 |
| ibm | aix | 3.2 |
| digital | ultrix | 4.0 |
| next | nextstep | 3.3 |
| ibm | aix | 4.1.1 |
| sun | sunos | 5.4 |
| digital | unix | 3.2g |
| next | nextstep | 4.0 |
| ibm | aix | 4.1.2 |
| digital | unix | 4.0b |
Telnet allows a remote client to specify environment variables including LD_LIBRARY_PATH, allowing an attacker to bypass the normal system libraries and gain root access.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sgi | irix | 5.1.1 |
| sgi | irix | 6.0 |
| sgi | irix | 6.2 |
| sgi | irix | 5.0.1 |
| digital | unix | 4.0 |
| sgi | irix | 5.1 |
| sgi | irix | 5.0 |
| digital | osf_1 | 3.0 |
| sgi | irix | 5.2 |
| sgi | irix | 6.0.1 |
| digital | osf_1 | 2.0 |
| sgi | irix | 5.3 |
| sgi | irix | 6.1 |
| sgi | irix | 6.3 |
| digital | osf_1 | 1.2 |
| digital | unix | 3.2g |
| digital | osf_1 | 3.2 |
| digital | osf_1 | 1.3 |
Oversized ICMP ping packets can result in a denial of service, aka Ping o' Death.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| linux | linux_kernel | 2.0 |
| sco | tcp_ip | 1.2.1 |
| ibm | sng | * |
| ibm | sng | 2.1 |
| ibm | aix | 4.2 |
| sco | open_desktop | 3.0 |
| sco | internet_faststart | 1.0 |
| sco | internet_faststart | 1.1 |
| sun | sunos | 5.5.1 |
| ibm | aix | 3.2 |
| linux | linux_kernel | 1.3.0 |
| sco | openserver | 5.0 |
| digital | osf_1 | 1.3.3 |
| sco | openserver | 5.0.2 |
| sun | sunos | 5.4 |
| ibm | sng | 2.2 |
| sun | sunos | 5.5 |
| ibm | aix | 4.1 |
Buffer overflow and denial of service in Sendmail 8.7.5 and earlier through GECOS field gives root access to local users.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| eric_allman | sendmail | 8.7.2 |
| redhat | linux | 3.0.3 |
| ibm | aix | 4.2 |
| hp | hp-ux | 10.20 |
| hp | hp-ux | 10.01 |
| sco | internet_faststart | 1.0 |
| eric_allman | sendmail | 8.7.1 |
| ibm | aix | 3.2 |
| eric_allman | sendmail | 8.6 |
| sco | openserver | 5.0 |
| sco | openserver | 5.0.2 |
| freebsd | freebsd | 2.1.5 |
| eric_allman | sendmail | 8.7.5 |
| hp | hp-ux | 10.10 |
| eric_allman | sendmail | 8.7.3 |
| eric_allman | sendmail | 8.7.4 |
| bsdi | bsd_os | 2.1 |
| digital | osf_1 | 1.3.2 |
| ibm | aix | 4.1 |
The suidperl and sperl program do not give up root privileges when changing UIDs back to the original users, allowing root access.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| linux | linux_kernel | 1.2.0 |
| linux | linux_kernel | 2.0 |
| ibm | aix | 3.2.5 |
| freebsd | freebsd | 2.0.5 |
| apple | a_ux | 3.1.1 |
| hp | hp-ux | 10 |
| ibm | aix | 4 |
| nec | ews-ux_v | 4.2 |
| freebsd | freebsd | 2.1.0 |
| nec | up-ux_v | 4.2mp |
| hp | hp-ux | 8 |
| hp | hp-ux | 9 |
| nec | ews-ux_v | 4.2mp |
| freebsd | freebsd | 2.0 |
| nec | asl_ux_4800 | * |
| digital | osf_1 | 1.3 |
Remote attackers can mount an NFS file system in Ultrix or OSF, even if it is denied on the access list.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| digital | ultrix | * |
Buffer overflow in BNU UUCP daemon (uucpd) through long hostnames.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| openbsd | openbsd | 2.1 |
| sun | solaris | 2.5 |
| netbsd | netbsd | 1.3 |
| sun | solaris | 1.1.4 |
| sun | sunos | 4.1.3 |
| sun | solaris | * |
| sun | sunos | 5.3 |
| sun | sunos | 5.5.1 |
| sun | sunos | 5.0 |
| sun | sunos | 5.2 |
| sun | sunos | 4.1.4 |
| digital | osf_1 | 1.1 |
| netbsd | netbsd | 1.3.1 |
| sun | sunos | 5.4 |
| sun | solaris | 2.4 |
| openbsd | openbsd | 2.2 |
| sun | sunos | - |
| sun | solaris | 1.1.3 |
| sun | sunos | 5.1 |
| sun | sunos | 5.5 |
Digital Unix 4.0 has a buffer overflow in the inc program of the mh package.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| digital | unix | 4.0e |
| digital | unix | 4.0 |
| digital | unix | 4.0d |
| digital | unix | 4.0b |
| digital | unix | 4.0a |
| digital | unix | 4.0c |
Digital Unix Networker program nsralist has a buffer overflow which allows local users to obtain root privilege.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| digital | unix | * |
ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack that can cause a denial of service.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| linux | linux_kernel | 2.0 |
| ibm | aix | 3.2.5 |
| netbsd | netbsd | 1.2 |
| sun | solaris | 2.5.1 |
| sun | solaris | 2.5 |
| hp | hp-ux | 10.20 |
| freebsd | freebsd | 2.2.2 |
| sun | sunos | 5.5.1 |
| freebsd | freebsd | 2.1.5 |
| ibm | aix | 3.2.4 |
| sun | solaris | 2.4 |
| freebsd | freebsd | 2.1.7.1 |
| digital | unix | 4.0a |
| sun | sunos | 5.5 |
| freebsd | freebsd | 2.0.5 |
| freebsd | freebsd | 2.2.3 |
| digital | unix | 4.0 |
| hp | hp-ux | 11.00 |
| freebsd | freebsd | 2.2.4 |
| digital | unix | 4.0d |
| freebsd | freebsd | 1.1.5.1 |
| ibm | aix | 3.1 |
| digital | unix | 4.0c |
| freebsd | freebsd | 2.1.0 |
| sun | solaris | 2.6 |
| ibm | aix | 3.2 |
| linux | linux_kernel | 2.1 |
| sun | sunos | 5.4 |
| digital | unix | 3.2g |
| sun | sunos | - |
| freebsd | freebsd | 2.1.6 |
| digital | unix | 4.0b |
The ToolTalk ttsession daemon uses weak RPC authentication, which allows a remote attacker to execute commands.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.7 |
| sun | solaris | 2.5.1 |
| sun | solaris | 2.5 |
| ibm | aix | 4.2.1 |
| ibm | aix | 4.3 |
| sun | solaris | 7.0 |
| ibm | aix | 4.3.2 |
| sun | sunos | 5.3 |
| sun | sunos | 5.5.1 |
| cde | cde | 1.0.2 |
| sun | sunos | 4.1.4 |
| cde | cde | 1.2 |
| sun | solaris | 2.4 |
| ibm | aix | 4.1.3 |
| ibm | aix | 4.3.1 |
| cde | cde | 2.1 |
| sun | sunos | 5.5 |
| ibm | aix | 4.1 |
| ibm | aix | 4.1.5 |
| digital | unix | 4.0f |
| sun | sunos | 4.1.3u1 |
| digital | unix | 4.0d |
| ibm | aix | 4.2 |
| ibm | aix | 4.1.4 |
| cde | cde | 1.1 |
| sun | solaris | 2.6 |
| cde | cde | 2.0 |
| cde | cde | 2.120 |
| cde | cde | 1.0.1 |
| ibm | aix | 4.1.1 |
| sun | sunos | 5.4 |
| sun | sunos | - |
| ibm | aix | 4.1.2 |
Buffer overflow in the AddSuLog function of the CDE dtaction utility allows local users to gain root privileges via a long user name.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.7 |
| sun | solaris | 2.5.1 |
| ibm | aix | 4.2.1 |
| ibm | aix | 4.3 |
| sun | solaris | 7.0 |
| ibm | aix | 4.3.2 |
| sun | sunos | 5.5.1 |
| cde | cde | 1.0.2 |
| cde | cde | 1.2 |
| sun | solaris | 2.4 |
| ibm | aix | 4.1.3 |
| ibm | aix | 4.3.1 |
| cde | cde | 2.1 |
| sun | sunos | 5.5 |
| ibm | aix | 4.1 |
| ibm | aix | 4.1.5 |
| digital | unix | 4.0f |
| digital | unix | 4.0e |
| digital | unix | 4.0d |
| ibm | aix | 4.2 |
| ibm | aix | 4.1.4 |
| cde | cde | 1.1 |
| sun | solaris | 2.6 |
| cde | cde | 2.0 |
| cde | cde | 1.0.1 |
| ibm | aix | 4.1.1 |
| sun | sunos | 5.4 |
| ibm | aix | 4.1.2 |
The dtlogin program in Compaq Tru64 UNIX allows local users to gain root privileges.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cde | cde | * |
| transarc | afs | * |
| mit | kerberos_5 | - |
| digital | unix | * |
Vulnerability in Compaq Tru64 UNIX edauth command.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| digital | unix | 4.0e |
| digital | unix | 4.0 |
| digital | unix | 3.2g |
| digital | unix | 4.0d |
| digital | unix | 4.0b |
| digital | unix | 4.0a |
| digital | unix | 4.0c |
Vulnerability in LAT/Telnet Gateway (lattelnet) on Ultrix 4.1 and 4.2 allows attackers to gain root privileges.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| digital | ultrix | 4.2 |
| digital | ultrix | 4.1 |
Vulnerability in Advanced File System Utility (advfs) in Digital UNIX 4.0 through 4.0d allows local users to gain privileges.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| digital | unix | v4.0 |
| digital | unix | * |
VMS 4.0 through 5.3 allows local users to gain privileges via the ANALYZE/PROCESS_DUMP dcl command.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| digital | vms | * |
dxconsole in DEC OSF/1 3.2C and earlier allows local users to read arbitrary files by specifying the file with the -file parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| digital | osf_1 | * |
chroot in Digital Ultrix 4.1 and 4.0 is insecurely installed, which allows local users to gain privileges.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| digital | ultrix | 4.0 |
| digital | ultrix | 4.1 |
xterm in Digital UNIX 4.0B *with* patch kit 5 allows local users to overwrite arbitrary files via a symlink attack on a core dump file, which is created when xterm is called with a DISPLAY environmental variable set to a display that xterm cannot access.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| digital | unix | 4.0b |
dxchpwd in Digital Unix (OSF/1) 3.x allows local users to modify arbitrary files via a symlink attack on the dxchpwd.log file.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| digital | unix | 3 |
rpc.mountd on Linux, Ultrix, and possibly other operating systems, allows remote attackers to determine the existence of a file on the server by attempting to mount that file, which generates different error messages depending on whether the file exists or not.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | * |
| netbsd | netbsd | 2.0.4 |
| openbsd | openbsd | * |
| linux | linux_kernel | 2.6.20.1 |
| digital | ultrix | * |
Vulnerability in /usr/bin/mail in DEC ULTRIX before 4.2 allows local users to gain privileges.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| digital | ultrix | * |
Buffer overflow in at program in Digital UNIX 4.0 allows local users to gain root privileges via a long command line argument.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| digital | unix | 4.0e |
| digital | unix | 4.0 |
| digital | unix | 4.0d |
| digital | unix | 4.0b |
| digital | unix | 4.0a |
| digital | unix | 4.0c |
Vulnerability in loginout in Digital OpenVMS 7.1 and earlier allows unauthorized access when external authentication is enabled.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| digital | digital_openvms | 7.1 |
| digital | digital_openvms_axp | 7.1 |
traceroute in NetBSD 1.3.3 and Linux systems allows local users to flood other systems by providing traceroute with a large waittime (-w) option, which is not parsed properly and sets the time delay for sending packets to zero.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 2.0.34 |
| redhat | linux | 2.0.34 |
| slackware | slackware_linux | 2.0.34 |
| netbsd | netbsd | * |
| digital | unix | 4.0 |
traceroute in NetBSD 1.3.3 and Linux systems allows local unprivileged users to modify the source address of the packets, which could be used in spoofing attacks.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 2.0.34 |
| redhat | linux | 2.0.34 |
| slackware | slackware_linux | 2.0.34 |
| netbsd | netbsd | * |
| digital | unix | 4.0 |
kdebug daemon (kdebugd) in Digital Unix 4.0F allows remote attackers to read arbitrary files by specifying the full file name in the initialization packet.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| digital | unix | 4.0f |
Buffer overflow in cpqlogin.htm in web-enabled agents for various Compaq management software products such as Insight Manager and Management Agents allows remote attackers to execute arbitrary commands via a long user name.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| compaq | armada_insight_manager | 4.20j |
| compaq | armada_insight_manager | 4.20 |
| compaq | survey_utility | 2.33 |
| compaq | insight_management_desktop_web_agent | 3.7 |
| compaq | enterprise_volume_manager-command_scripter | 1.1 |
| compaq | management_agents | 4.30j |
| compaq | management_agents | 4.36j |
| compaq | insight_manager_xe | 1.0 |
| compaq | management_agents | 4.35j |
| compaq | enterprise_volume_manager-command_scripter | 1.0 |
| compaq | insight_manager_lc | 1.3c |
| compaq | foundation_agents | 4.0 |
| compaq | storage_allocation_reporter | 1.0 |
| compaq | survey_utility | 2.18 |
| compaq | insight_manager_xe | 1.21 |
| digital | unix | 5.0 |
| digital | unix | 4.0f |
| compaq | insight_management_agent | 4.37e |
| compaq | foundation_agents | 4.90 |
| compaq | management_agents | 4.36e |
| compaq | survey_utility | 2.17 |
| compaq | sanworks_resource_monitor | 1.0 |
| compaq | system_healthcheck | 3.0 |
| compaq | intelligent_cluster_administrator | 1.0 |
| compaq | open_san_manager | 1.0 |
| compaq | foundation_agents | 2.1 |
| digital | unix | 4.0g |
| compaq | insight_manager_lc | 1.50a |
| compaq | foundation_agents | 1.0 |
| compaq | intelligent_cluster_administrator | 2.1 |
Buffer overflow in lpsched on DGUX version R4.20MU06 and MU02 allows a local attacker to obtain root access via a long command line argument (non-existent printer name).
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| digital | unix | r4.20mu06 |
| digital | unix | mu02 |
Buffer overflow in uucp in Compaq Tru64/OSF1 3.x allows local users to execute arbitrary code via a long source (-s) command line parameter.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| digital | osf_1 | 3.2b |
| digital | osf_1 | 3.2de2 |
| digital | osf_1 | 3.2c |
| digital | osf_1 | 3.2g |
| digital | osf_1 | 3.2de1 |
| digital | osf_1 | 3.2f |
| digital | osf_1 | 3.2 |
| digital | osf_1 | 3.0 |
| digital | osf_1 | 3.0b |
| digital | osf_1 | 3.2d |
Buffer overflow in inc mail utility for Compaq Tru64/OSF1 3.x allows local users to execute arbitrary code via a long MH environment variable.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| digital | osf_1 | 3.2b |
| digital | osf_1 | 3.2c |
| digital | osf_1 | 3.2de1 |
| digital | osf_1 | 3.0 |
| digital | osf_1 | 3.2de2 |
| digital | ultrix | 3.0 |
| digital | osf_1 | 4.0 |
| digital | osf_1 | 3.2g |
| digital | osf_1 | 3.2f |
| digital | osf_1 | 3.2 |
| digital | osf_1 | 3.0b |
| digital | osf_1 | 3.2d |
Buffer overflow in dxterm allows local users to execute arbitrary code via a long -xrm argument.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| compaq | tru64 | 5.1a_pk1_bl1 |
| digital | osf_1 | 3.2c |
| compaq | tru64 | 5.1 |
| compaq | tru64 | 5.0_pk4_bl17 |
| compaq | tru64 | 5.1_pk4_bl18 |
| compaq | tru64 | 5.0 |
| compaq | tru64 | 5.0_pk4_bl18 |
| compaq | tru64 | 5.1a |
| digital | osf_1 | 3.2 |
| compaq | tru64 | 4.0f_pk6_bl17 |
| digital | osf_1 | 3.2d |
| compaq | tru64 | 4.0f |
| digital | osf_1 | 3.2b |
| digital | osf_1 | 3.2de1 |
| compaq | tru64 | 5.1_pk5_bl19 |
| digital | osf_1 | 3.0 |
| digital | osf_1 | 3.2de2 |
| compaq | tru64 | 5.1_pk3_bl17 |
| compaq | tru64 | 5.0a_pk3_bl17 |
| compaq | tru64 | 5.1a_pk2_bl2 |
| compaq | tru64 | 5.0a |
| compaq | tru64 | 4.0g_pk3_bl17 |
| compaq | tru64 | 4.0g |
| digital | osf_1 | 3.2g |
| digital | osf_1 | 3.2f |
| compaq | tru64 | 4.0f_pk7_bl18 |
| digital | osf_1 | 3.0b |