MidnightBSD

Advisories for immunix

CVE-1999-1111 HIGH

Vulnerability in StackGuard before 1.21 allows remote attackers to bypass the Random and Terminator Canary security mechanisms by using a non-linear attack which directly modifies a pointer to a return address instead of using a buffer overflow to reach the return address entry itself.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
immunix stackguard *
CVE-2000-0844 HIGH

Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
ibm aix 4.0
ibm aix 4.1.3
sgi irix 6.5.1
debian debian_linux 2.1
ibm aix 4.1.2
sgi irix 6.5.3f
sgi irix 6.4
debian debian_linux 2.3
sgi irix 6.5.8
ibm aix 3.2.4
immunix immunix 6.2
sun sunos 5.5
caldera openlinux *
sgi irix 6.5
turbolinux turbolinux 6.0.3
ibm aix 4.3
turbolinux turbolinux 6.0.1
sgi irix 6.5.4
sgi irix 6.5.7
redhat linux 5.2
slackware slackware_linux 7.1
conectiva linux 4.2
sgi irix 6.2
sun sunos 5.5.1
trustix secure_linux 1.1
suse suse_linux 6.2
redhat linux 5.0
conectiva linux 4.1
sgi irix 6.5.3m
slackware slackware_linux 7.0
turbolinux turbolinux 6.0.4
redhat linux 5.1
turbolinux turbolinux 6.0.2
ibm aix 4.1.4
suse suse_linux 6.1
sun sunos 5.3
conectiva linux 5.0
redhat linux 6.0
ibm aix 4.3.2
sgi irix 6.5.6
sgi irix 6.5.2m
ibm aix 4.1.1
suse suse_linux 7.0
suse suse_linux 6.4
conectiva linux 4.0es
redhat linux 6.2
ibm aix 4.1
sun sunos 5.2
conectiva linux 5.1
redhat linux 6.1
caldera openlinux_ebuilder 3.0
ibm aix 4.1.5
sun sunos 5.0
ibm aix 4.2.1
turbolinux turbolinux 6.0
ibm aix 4.3.1
ibm aix 4.2
sun sunos 5.1
debian debian_linux 2.0
conectiva linux 4.0
sun sunos 5.8
suse suse_linux 6.3
mandrakesoft mandrake_linux 7.1
ibm aix 3.2
mandrakesoft mandrake_linux 7.0
sun sunos 5.4
sun solaris 2.6
trustix secure_linux 1.0
sgi irix 6.3
caldera openlinux_eserver 2.3
ibm aix 3.2.5
debian debian_linux 2.2
sun sunos 5.7
sgi irix 6.5.3
CVE-2000-0963 HIGH

Buffer overflow in ncurses library allows local users to execute arbitrary commands via long environmental information such as TERM or TERMINFO_DIRS.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 3.4
freebsd freebsd 4.0
immunix immunix 6.2
redhat linux 7.0
immunix immunix 7.0_beta
freebsd freebsd 3.5.1
freebsd freebsd 4.1
gnu ncurses *
freebsd freebsd 4.1.1
redhat linux 6.2
CVE-2000-1095 HIGH

modprobe in the modutils 2.3.x package on Linux systems allows a local user to execute arbitrary commands via shell metacharacters.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
conectiva linux 5.1
immunix immunix 6.2
suse suse_linux 7.0
redhat linux 7.0
immunix immunix 7.0_beta
mandrakesoft mandrake_linux 7.2
suse suse_linux 6.4
CVE-2000-1134 HIGH

Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash, follow symlinks when processing << redirects (aka here-documents or in-here documents), which allows local users to overwrite files of other users via a symlink attack.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
redhat linux 5.2
redhat linux 6.2e
conectiva linux 4.2
conectiva linux 4.0
suse suse_linux 7.0
mandrakesoft mandrake_linux 7.2
conectiva linux 4.0es
redhat linux 6.2
mandrakesoft mandrake_linux 7.1
caldera openlinux_edesktop 2.4
mandrakesoft mandrake_linux 7.0
conectiva linux 5.1
conectiva linux 4.1
redhat linux 6.1
immunix immunix 6.2
caldera openlinux_eserver 2.3
caldera openlinux *
hp hp-ux 11.11
mandrakesoft mandrake_linux 6.1
conectiva linux 5.0
mandrakesoft mandrake_linux 6.0
redhat linux 6.0
CVE-2000-1208 HIGH

Format string vulnerability in startprinting() function of printjob.c in BSD-based lpr lpd package may allow local users to gain privileges via an improper syslog call that uses format strings from the checkremote() call.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
netbsd netbsd 1.4.2
netbsd netbsd 1.4.1
immunix immunix 6.2
redhat linux 7.0
netbsd netbsd 1.4
openbsd openbsd 2.7
CVE-2000-1213 HIGH

ping in iputils before 20001010, as distributed on Red Hat Linux 6.2 through 7J and other operating systems, does not drop privileges after acquiring a raw socket, which increases ping's exposure to bugs that otherwise would occur at lower privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
immunix immunix 6.2
redhat linux 7.0
iputils iputils *
redhat linux 6.2
CVE-2000-1214 MEDIUM

Buffer overflows in the (1) outpack or (2) buf variables of ping in iputils before 20001010, as distributed on Red Hat Linux 6.2 through 7J and other operating systems, may allow local users to gain privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
immunix immunix 6.2
redhat linux 7.0
iputils iputils *
redhat linux 6.2
CVE-2001-0116 LOW

gpm 1.19.3 allows local users to overwrite arbitrary files via a symlink attack.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
mandrakesoft mandrake_linux 7.0
redhat linux 7.0
immunix immunix 7.0_beta
mandrakesoft mandrake_linux 7.2
mandrakesoft mandrake_linux 6.1
mandrakesoft mandrake_linux 6.0
mandrakesoft mandrake_linux 7.1
CVE-2001-0117 LOW

sdiff 2.7 in the diffutils package allows local users to overwrite files via a symlink attack.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
mandrakesoft mandrake_linux 7.0
mandrakesoft mandrake_linux_corporate_server 1.0.1
redhat linux 7.0
immunix immunix 7.0_beta
trustix secure_linux 1.1
mandrakesoft mandrake_linux 7.2
mandrakesoft mandrake_linux 6.1
mandrakesoft mandrake_linux 6.0
mandrakesoft mandrake_linux 7.1
trustix secure_linux 1.2
CVE-2001-0118 LOW

rdist 6.1.5 allows local users to overwrite arbitrary files via a symlink attack.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
mandrakesoft mandrake_linux 7.0
redhat linux 7.0
immunix immunix 7.0_beta
mandrakesoft mandrake_linux 7.2
mandrakesoft mandrake_linux 6.1
mandrakesoft mandrake_linux 6.0
mandrakesoft mandrake_linux 7.1
CVE-2001-0119 LOW

getty_ps 2.0.7j allows local users to overwrite arbitrary files via a symlink attack.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
mandrakesoft mandrake_linux 7.0
redhat linux 7.0
immunix immunix 7.0_beta
mandrakesoft mandrake_linux 7.2
mandrakesoft mandrake_linux 6.1
mandrakesoft mandrake_linux 6.0
mandrakesoft mandrake_linux 7.1
CVE-2001-0120 LOW

useradd program in shadow-utils program may allow local users to overwrite arbitrary files via a symlink attack.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
mandrakesoft mandrake_linux 7.0
redhat linux 7.0
immunix immunix 7.0_beta
mandrakesoft mandrake_linux 7.2
mandrakesoft mandrake_linux 6.1
mandrakesoft mandrake_linux 6.0
mandrakesoft mandrake_linux 7.1
CVE-2001-0138 LOW

privatepw program in wu-ftpd before 2.6.1-6 allows local users to overwrite arbitrary files via a symlink attack.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
mandrakesoft mandrake_linux 7.0
mandrakesoft mandrake_linux_corporate_server 1.0.1
redhat linux 7.0
immunix immunix 7.0_beta
mandrakesoft mandrake_linux 7.2
mandrakesoft mandrake_linux 6.1
debian debian_linux 2.2
mandrakesoft mandrake_linux 6.0
mandrakesoft mandrake_linux 7.1
CVE-2001-0139 LOW

inn 2.2.3 allows local users to overwrite arbitrary files via a symlink attack in some configurations.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
mandrakesoft mandrake_linux 7.0
caldera openlinux_eserver 2.3
redhat linux 7.0
immunix immunix 7.0_beta
caldera openlinux_desktop 2.3
mandrakesoft mandrake_linux 7.2
mandrakesoft mandrake_linux 6.1
debian debian_linux 2.2
mandrakesoft mandrake_linux 6.0
mandrakesoft mandrake_linux 7.1
caldera openlinux_edesktop 2.4
CVE-2001-0140 LOW

arpwatch 2.1a4 allows local users to overwrite arbitrary files via a symlink attack in some configurations.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
mandrakesoft mandrake_linux 7.0
redhat linux 7.0
immunix immunix 7.0_beta
mandrakesoft mandrake_linux 7.2
mandrakesoft mandrake_linux 6.1
mandrakesoft mandrake_linux 6.0
mandrakesoft mandrake_linux 7.1
CVE-2001-0142 LOW

squid 2.3 and earlier allows local users to overwrite arbitrary files via a symlink attack in some configurations.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
mandrakesoft mandrake_linux 7.0
national_science_foundation squid_web_proxy 2.3_stable4
redhat linux 7.0
immunix immunix 7.0_beta
trustix secure_linux 1.1
mandrakesoft mandrake_linux 7.2
mandrakesoft mandrake_linux 6.1
mandrakesoft mandrake_linux 6.0
mandrakesoft mandrake_linux 7.1
trustix secure_linux 1.2
CVE-2001-0143 LOW

vpop3d program in linuxconf 1.23r and earlier allows local users to overwrite arbitrary files via a symlink attack.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
redhat linux 7.0
immunix immunix 7.0_beta
CVE-2001-0170 LOW

glibc 2.1.9x and earlier does not properly clear the RESOLV_HOST_CONF, HOSTALIASES, or RES_OPTIONS environmental variables when executing setuid/setgid programs, which could allow local users to read arbitrary files.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
conectiva linux 4.2
conectiva linux 4.0
immunix immunix 7.0_beta
conectiva linux 4.0es
conectiva linux 6.0
debian debian_linux 2.3
conectiva linux 5.1
conectiva linux graficas
conectiva linux 4.1
conectiva linux ecommerce
redhat linux 7.0
conectiva linux 5.0
CVE-2001-0416 LOW

sgml-tools (aka sgmltools) before 1.0.9-15 creates temporary files with insecure permissions, which allows other users to read files that are being processed by sgml-tools.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
immunix immunix 6.2
debian sgml-tools 1.0.9.15
immunix immunix 7.0_beta
immunix immunix 7.0
mandrakesoft mandrake_linux 7.2
mandrakesoft mandrake_linux 6.1
mandrakesoft mandrake_linux 6.0
mandrakesoft mandrake_linux 7.1
CVE-2001-0473 HIGH

Format string vulnerability in Mutt before 1.2.5 allows a remote malicious IMAP server to execute arbitrary commands.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
redhat linux 5.2
immunix immunix 7.0_beta
conectiva linux *
immunix immunix 7.0
mandrakesoft mandrake_linux 7.2
redhat linux 6.2
mandrakesoft mandrake_linux 7.1
mandrakesoft mandrake_linux 7.0
redhat linux 6.1
immunix immunix 6.2
redhat linux 7.0
mandrakesoft mandrake_linux 6.1
mandrakesoft mandrake_linux 6.0
redhat linux 6.0
mutt mutt *
CVE-2001-0641 MEDIUM

Buffer overflow in man program in various distributions of Linux allows local user to execute arbitrary code as group man via a long -S option.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
redhat linux 5.2
suse suse_linux 7.0
immunix immunix 7.0_beta
immunix immunix 7.0
suse suse_linux 6.4
suse suse_linux 6.2
suse suse_linux 6.3
redhat linux 6.2
immunix immunix 6.2
suse suse_linux 7.1
redhat linux 7.0
suse suse_linux 6.0
suse suse_linux 6.1
CVE-2001-0736 LOW

Vulnerability in (1) pine before 4.33 and (2) the pico editor, included with pine, allows local users local users to overwrite arbitrary files via a symlink attack.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
redhat linux 5.2
mandrakesoft mandrake_linux_corporate_server 1.0.1
immunix immunix 7.0_beta
immunix immunix 7.0
mandrakesoft mandrake_linux 7.2
redhat linux 6.2
university_of_washington pine *
mandrakesoft mandrake_linux 7.1
mandrakesoft mandrake_linux 8.0
immunix immunix 6.2
redhat linux 7.0
engardelinux secure_linux 1.0.1
CVE-2001-0738 MEDIUM

LogLine function in klogd in sysklogd 1.3 in various Linux distributions allows an attacker to cause a denial of service (hang) by causing null bytes to be placed in log messages.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
immunix immunix 6.2
immunix immunix 7.0_beta
immunix immunix 7.0
debian debian_linux 2.2
debian debian_linux 1.3
CVE-2001-1030 HIGH

Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
mandrakesoft mandrake_single_network_firewall 7.2
squid squid_web_proxy 2.3stable4
mandrakesoft mandrake_linux_corporate_server 1.0.1
immunix immunix 7.0_beta
immunix immunix 7.0
squid squid_web_proxy 2.3stable3
trustix secure_linux 1.1
mandrakesoft mandrake_linux 7.2
caldera openlinux_server 3.1
mandrakesoft mandrake_linux 7.1
mandrakesoft mandrake_linux 8.0
trustix secure_linux 1.2
immunix immunix 6.2
redhat linux 7.0
trustix secure_linux 1.01
CVE-2002-0083 HIGH

Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-193,

Products Affected

Vendor Product Version
mandrakesoft mandrake_single_network_firewall 7.2
suse suse_linux 7.0
mandrakesoft mandrake_linux 7.2
suse suse_linux 6.4
conectiva linux 6.0
mandrakesoft mandrake_linux 8.0
redhat linux 7.1
conectiva linux 5.1
conectiva linux graficas
suse suse_linux 7.1
suse suse_linux 7.2
redhat linux 7.0
openpkg openpkg 1.0
suse suse_linux 7.3
redhat linux 7.2
mandrakesoft mandrake_linux_corporate_server 1.0.1
mandrakesoft mandrake_linux 8.1
immunix immunix 7.0
trustix secure_linux 1.1
mandrakesoft mandrake_linux 7.1
trustix secure_linux 1.2
trustix secure_linux 1.5
conectiva linux ecommerce
engardelinux secure_linux 1.0.1
openbsd openssh *
conectiva linux 5.0
conectiva linux 7.0
CVE-2002-1565 HIGH

Buffer overflow in url_filename function for wget 1.8.1 allows attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a long URL.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
immunix immunix 7