Buffer overflow in lpr, as used in BSD-based systems including Linux, allows local users to execute arbitrary code as root via a long -C (classification) command line option.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 4.1.3u1 |
| sgi | irix | 5.1.1 |
| sgi | irix | 6.0.1 |
| sgi | irix | 5.0 |
| freebsd | freebsd | 2.0.5 |
| sgi | irix | 5.2 |
| bsdi | bsd_os | 2.1 |
| sgi | irix | 6.4 |
| sgi | irix | 6.2 |
| sgi | irix | 5.3 |
| sgi | irix | 6.3 |
| next | nextstep | 4.0 |
| sgi | irix | 5.1 |
| sun | sunos | 4.1.4 |
| next | nextstep | 4.1 |
| sgi | irix | 6.0 |
| freebsd | freebsd | 2.0 |
| sgi | irix | 6.1 |
| freebsd | freebsd | 2.1.0 |
| sgi | irix | 5.0.1 |
| freebsd | freebsd | 2.1.5 |
Buffer overflow of rlogin program using TERM environmental variable.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netbsd | netbsd | 1.1 |
| ibm | aix | 4.1.1 |
| next | nextstep | 3.3 |
| ibm | aix | 3.2 |
| hp | hp-ux | 10.30 |
| digital | ultrix | 4.1 |
| sun | sunos | 5.5.1 |
| digital | ultrix | 2.2 |
| hp | hp-ux | 10.00 |
| next | nextstep | 3.1 |
| next | nextstep | - |
| digital | ultrix | 4.0 |
| digital | unix | 4.0b |
| oracle | solaris | 2.6 |
| oracle | solaris | 7.0 |
| next | nextstep | 3.2 |
| freebsd | freebsd | 2.1.5 |
| hp | hp-ux | 10.16 |
| bsdi | bsd_os | 2.0.1 |
| digital | ultrix | 4.4 |
| data_general | dg_ux | 4.0 |
| digital | ultrix | 3.0 |
| oracle | solaris | - |
| next | nextstep | 3.0 |
| ibm | aix | 4.1.5 |
| hp | hp-ux | 10.20 |
| freebsd | freebsd | 1.1.5.1 |
| sun | sunos | 4.1.4 |
| sun | solaris | 2.5.1 |
| next | nextstep | 1.0a |
| sun | sunos | 5.3 |
| freebsd | freebsd | 2.0 |
| ibm | aix | 4.1.4 |
| sun | solaris | 2.5 |
| ibm | aix | 4.1.3 |
| bsdi | bsd_os | 2.0 |
| next | nextstep | 2.0 |
| digital | unix | 4.0 |
| sun | sunos | 4.1.3u1 |
| freebsd | freebsd | 2.0.5 |
| bsdi | bsd_os | 2.1 |
| sun | sunos | 5.4 |
| hp | hp-ux | 10.10 |
| next | nextstep | 4.0 |
| data_general | dg_ux | 3.0 |
| digital | unix | 4.0a |
| hp | hp-ux | 10.08 |
| netbsd | netbsd | 1.0 |
| next | nextstep | 1.0 |
| freebsd | freebsd | 2.1.0 |
| digital | ultrix | 4.5 |
| oracle | solaris | 8 |
| digital | ultrix | - |
| ibm | aix | 4.1 |
| data_general | dg_ux | 2.0 |
| sun | solaris | 2.4 |
| ibm | aix | 4.1.2 |
| debian | debian_linux | 0.93 |
| hp | hp-ux | 10.01 |
| data_general | dg_ux | 1.0 |
| hp | hp-ux | 10.34 |
| bsdi | bsd_os | 1.1 |
| digital | ultrix | 4.3a |
| hp | hp-ux | 10.09 |
| digital | ultrix | 4.2 |
| hp | hp-ux | 10.24 |
| sun | sunos | 5.5 |
| digital | unix | 3.2g |
| next | nextstep | 2.1 |
| digital | ultrix | 4.3 |
pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, or execute arbitrary commands through arguments in the RPC call.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ncr | mp-ras | 2.03 |
| ibm | aix | 4.1 |
| sco | openserver | 5 |
| sun | sunos | 4.1 |
| ibm | aix | 3.2 |
| sun | sunos | 5.4 |
| sgi | irix | 5.3 |
| nec | up-ux_v | * |
| ncr | mp-ras | 3.0 |
| hp | hp-ux | * |
| next | nextstep | * |
| sun | sunos | 5.5 |
| sco | unixware | 2.1 |
| bsdi | bsd_os | * |
| ibm | aix | 4.2 |
| ncr | mp-ras | 3.01 |
| freebsd | freebsd | 6.2 |
The NeXT NetInfo _writers property allows local users to gain root privileges or conduct a denial of service.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| next | nextstep | 1.0a |
| next | nextstep | 1.0 |
| next | nextstep | 2.1 |
| next | nextstep | 3.0 |
| next | nextstep | 2.0 |
The "me" user in NeXT NeXTstep 2.1 and earlier has wheel group privileges, which could allow the me user to use the su command to become root.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| next | next | * |
BuildDisk program on NeXT systems before 2.0 does not prompt users for the root password, which allows local users to gain root privileges.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| next | next | * |
Vulnerability in NeXT 1.0a and 1.0 with publicly accessible printers allows local users to gain privileges via a combination of the npd program and weak directory permissions.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| next | next | 1.0 |
| next | next | 1.0a |
Vulnerability in restore0.9 installation script in NeXT 1.0a and 1.0 allows local users to gain root privileges.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| next | next | 1.0 |
| next | nex | 1.0a |
rdist in various UNIX systems uses popen to execute sendmail, which allows local users to gain root privileges by modifying the IFS (Internal Field Separator) variable.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sgi | irix | 3.3.1 |
| sun | sunos | 4.1 |
| sgi | irix | 3.3.2 |
| sgi | irix | 3.3.3 |
| cray | unicos | 6.0 |
| cray | unicos | 6.0e |
| sun | sunos | 4.0.3 |
| sun | sunos | 4.1.1 |
| sgi | irix | 3.3 |
| sgi | irix | 4.0 |
| sun | sunos | 4.1psr_a |
| next | next | 2.1 |
| next | next | 2.0 |
| cray | unicos | 6.1 |
| sun | sunos | 4.0.3c |