MidnightBSD

Advisories for engardelinux

CVE-2001-0736 LOW

Vulnerability in (1) pine before 4.33 and (2) the pico editor, included with pine, allows local users local users to overwrite arbitrary files via a symlink attack.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
immunix immunix 7.0_beta
mandrakesoft mandrake_linux_corporate_server 1.0.1
redhat linux 7.0
university_of_washington pine *
immunix immunix 7.0
immunix immunix 6.2
engardelinux secure_linux 1.0.1
mandrakesoft mandrake_linux 7.2
mandrakesoft mandrake_linux 7.1
redhat linux 6.2
mandrakesoft mandrake_linux 8.0
redhat linux 5.2
CVE-2001-0739 HIGH

Guardian Digital WebTool in EnGarde Secure Linux 1.0.1 allows restarted services to inherit some environmental variables, which could allow local users to gain root privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
engardelinux secure_linux 1.0.1
CVE-2001-1240 HIGH

The default configuration of sudo in Engarde Secure Linux 1.0.1 allows any user in the admin group to run certain commands that could be leveraged to gain full root access.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
engardelinux secure_linux 1.0.1
CVE-2002-0002 HIGH

Format string vulnerability in stunnel before 3.22 when used in client mode for (1) smtp, (2) pop, or (3) nntp allows remote malicious servers to execute arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
stunnel stunnel 3.3
stunnel stunnel 3.15
stunnel stunnel 3.17
engardelinux secure_linux 1.0.1
stunnel stunnel 3.22
stunnel stunnel 3.14
stunnel stunnel 3.20
stunnel stunnel 3.13
stunnel stunnel 3.19
stunnel stunnel 3.4a
stunnel stunnel 3.18
stunnel stunnel 3.21
mandrakesoft mandrake_linux 8.1
stunnel stunnel 3.7
stunnel stunnel 3.24
stunnel stunnel 3.12
stunnel stunnel 3.21b
stunnel stunnel 3.9
stunnel stunnel 3.21c
stunnel stunnel 3.16
stunnel stunnel 3.11
stunnel stunnel 3.21a
redhat linux 7.2
stunnel stunnel 3.8
stunnel stunnel 3.10
CVE-2002-0083 HIGH

Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-193,

Products Affected

Vendor Product Version
trustix secure_linux 1.5
mandrakesoft mandrake_linux_corporate_server 1.0.1
suse suse_linux 7.1
openbsd openssh *
immunix immunix 7.0
suse suse_linux 7.3
conectiva linux 5.0
conectiva linux graficas
engardelinux secure_linux 1.0.1
redhat linux 7.1
mandrakesoft mandrake_linux 7.2
trustix secure_linux 1.2
mandrakesoft mandrake_linux 7.1
trustix secure_linux 1.1
suse suse_linux 6.4
mandrakesoft mandrake_single_network_firewall 7.2
mandrakesoft mandrake_linux 8.0
conectiva linux ecommerce
conectiva linux 6.0
redhat linux 7.0
openpkg openpkg 1.0
mandrakesoft mandrake_linux 8.1
suse suse_linux 7.0
conectiva linux 5.1
conectiva linux 7.0
suse suse_linux 7.2
redhat linux 7.2
CVE-2003-0101 HIGH

miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns (CRLF) in Base-64 encoded strings during Basic authentication, which allows remote attackers to spoof a session ID and gain root privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
usermin usermin 0.9
usermin usermin 0.6
usermin usermin 0.97
usermin usermin 0.8
usermin usermin 0.92
usermin usermin 0.7
usermin usermin 0.96
usermin usermin 0.91
usermin usermin 0.5
usermin usermin 0.99
usermin usermin 0.4
webmin webmin 1.0.60
usermin usermin 0.95
usermin usermin 0.98
webmin webmin 1.0.50
engardelinux guardian_digital_webtool 1.2
usermin usermin 0.94
usermin usermin 0.93
CVE-2003-0962 HIGH

Heap-based buffer overflow in rsync before 2.5.7, when running in server mode, allows remote attackers to execute arbitrary code and possibly escape the chroot jail.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
andrew_tridgell rsync 2.5.2
engardelinux secure_linux 1.2
andrew_tridgell rsync 2.5.3
andrew_tridgell rsync 2.5.1
andrew_tridgell rsync 2.3.1
andrew_tridgell rsync 2.5.4
slackware slackware_linux current
engardelinux secure_linux 1.1
slackware slackware_linux 9.1
engardelinux secure_community 2.0
andrew_tridgell rsync 2.5.0
andrew_tridgell rsync 2.5.5
redhat rsync 2.5.5-4
andrew_tridgell rsync 2.4.6
andrew_tridgell rsync 2.3.2
slackware slackware_linux 9.0
andrew_tridgell rsync 2.4.8
slackware slackware_linux 8.1
andrew_tridgell rsync 2.4.5
redhat rsync 2.5.4-2
engardelinux secure_community 1.0.1
andrew_tridgell rsync 2.4.3
redhat rsync 2.5.5-1
redhat rsync 2.4.6-2
andrew_tridgell rsync 2.4.4
andrew_tridgell rsync 2.5.6
engardelinux secure_linux 1.5
andrew_tridgell rsync 2.4.0
andrew_tridgell rsync 2.4.1
redhat rsync 2.4.6-5
CVE-2004-0535 LOW

The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows local users to read portions of kernel memory. NOTE: this issue was originally incorrectly reported as a "buffer overflow" by some sources.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
linux linux_kernel 2.4.15
mandrakesoft mandrake_linux_corporate_server 2.1
suse suse_linux 8.1
suse suse_linux 8
linux linux_kernel 2.4.18
linux linux_kernel 2.4.21
linux linux_kernel 2.4.19
linux linux_kernel 2.4.26
suse suse_linux_firewall_cd *
suse suse_email_server iii
linux linux_kernel 2.4.24
linux linux_kernel 2.4.7
linux linux_kernel 2.4.16
linux linux_kernel 2.4.10
suse suse_linux 9.0
suse suse_linux_database_server *
linux linux_kernel 2.4.6
engardelinux secure_linux 1.5
suse suse_linux 9.1
mandrakesoft mandrake_linux 9.1
linux linux_kernel 2.4.0
linux linux_kernel 2.4.20
suse suse_linux_office_server *
suse suse_email_server 3.1
linux linux_kernel 2.4.3
mandrakesoft mandrake_multi_network_firewall 8.2
suse suse_office_server *
linux linux_kernel 2.4.9
suse suse_linux_firewall_live-cd *
linux linux_kernel 2.4.2
linux linux_kernel 2.4.23
mandrakesoft mandrake_linux 9.2
linux linux_kernel 2.4.12
linux linux_kernel 2.4.23_ow2
engardelinux secure_community 2.0
linux linux_kernel 2.4.17
linux linux_kernel 2.4.24_ow1
linux linux_kernel 2.4.1
linux linux_kernel 2.4.27
suse suse_linux 8.0
linux linux_kernel 2.4.4
linux linux_kernel 2.4.25
linux linux_kernel 2.4.13
conectiva linux 9.0
mandrakesoft mandrake_linux 10.0
linux linux_kernel 2.4.22
suse suse_linux_connectivity_server *
suse suse_linux 8.2
suse suse_linux 7
linux linux_kernel 2.4.8
linux linux_kernel 2.4.5
gentoo linux 1.4
suse suse_linux_admin-cd_for_firewall *
conectiva linux 8.0
linux linux_kernel 2.4.11
linux linux_kernel 2.4.14