MidnightBSD

Advisories for next

CVE-1999-0032 HIGH

Buffer overflow in lpr, as used in BSD-based systems including Linux, allows local users to execute arbitrary code as root via a long -C (classification) command line option.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 4.1.3u1
sgi irix 5.1.1
sgi irix 6.0.1
sgi irix 5.0
freebsd freebsd 2.0.5
sgi irix 5.2
bsdi bsd_os 2.1
sgi irix 6.4
sgi irix 6.2
sgi irix 5.3
sgi irix 6.3
next nextstep 4.0
sgi irix 5.1
sun sunos 4.1.4
next nextstep 4.1
sgi irix 6.0
freebsd freebsd 2.0
sgi irix 6.1
freebsd freebsd 2.1.0
sgi irix 5.0.1
freebsd freebsd 2.1.5
CVE-1999-0046 HIGH

Buffer overflow of rlogin program using TERM environmental variable.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
netbsd netbsd 1.1
ibm aix 4.1.1
next nextstep 3.3
ibm aix 3.2
hp hp-ux 10.30
digital ultrix 4.1
sun sunos 5.5.1
digital ultrix 2.2
hp hp-ux 10.00
next nextstep 3.1
next nextstep -
digital ultrix 4.0
digital unix 4.0b
oracle solaris 2.6
oracle solaris 7.0
next nextstep 3.2
freebsd freebsd 2.1.5
hp hp-ux 10.16
bsdi bsd_os 2.0.1
digital ultrix 4.4
data_general dg_ux 4.0
digital ultrix 3.0
oracle solaris -
next nextstep 3.0
ibm aix 4.1.5
hp hp-ux 10.20
freebsd freebsd 1.1.5.1
sun sunos 4.1.4
sun solaris 2.5.1
next nextstep 1.0a
sun sunos 5.3
freebsd freebsd 2.0
ibm aix 4.1.4
sun solaris 2.5
ibm aix 4.1.3
bsdi bsd_os 2.0
next nextstep 2.0
digital unix 4.0
sun sunos 4.1.3u1
freebsd freebsd 2.0.5
bsdi bsd_os 2.1
sun sunos 5.4
hp hp-ux 10.10
next nextstep 4.0
data_general dg_ux 3.0
digital unix 4.0a
hp hp-ux 10.08
netbsd netbsd 1.0
next nextstep 1.0
freebsd freebsd 2.1.0
digital ultrix 4.5
oracle solaris 8
digital ultrix -
ibm aix 4.1
data_general dg_ux 2.0
sun solaris 2.4
ibm aix 4.1.2
debian debian_linux 0.93
hp hp-ux 10.01
data_general dg_ux 1.0
hp hp-ux 10.34
bsdi bsd_os 1.1
digital ultrix 4.3a
hp hp-ux 10.09
digital ultrix 4.2
hp hp-ux 10.24
sun sunos 5.5
digital unix 3.2g
next nextstep 2.1
digital ultrix 4.3
CVE-1999-0078 LOW

pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, or execute arbitrary commands through arguments in the RPC call.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ncr mp-ras 2.03
ibm aix 4.1
sco openserver 5
sun sunos 4.1
ibm aix 3.2
sun sunos 5.4
sgi irix 5.3
nec up-ux_v *
ncr mp-ras 3.0
hp hp-ux *
next nextstep *
sun sunos 5.5
sco unixware 2.1
bsdi bsd_os *
ibm aix 4.2
ncr mp-ras 3.01
freebsd freebsd 6.2
CVE-1999-0956 HIGH

The NeXT NetInfo _writers property allows local users to gain root privileges or conduct a denial of service.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
next nextstep 1.0a
next nextstep 1.0
next nextstep 2.1
next nextstep 3.0
next nextstep 2.0
CVE-1999-1193 HIGH

The "me" user in NeXT NeXTstep 2.1 and earlier has wheel group privileges, which could allow the me user to use the su command to become root.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
next next *
CVE-1999-1198 HIGH

BuildDisk program on NeXT systems before 2.0 does not prompt users for the root password, which allows local users to gain root privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
next next *
CVE-1999-1391 HIGH

Vulnerability in NeXT 1.0a and 1.0 with publicly accessible printers allows local users to gain privileges via a combination of the npd program and weak directory permissions.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
next next 1.0
next next 1.0a
CVE-1999-1392 HIGH

Vulnerability in restore0.9 installation script in NeXT 1.0a and 1.0 allows local users to gain root privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
next next 1.0
next nex 1.0a
CVE-1999-1468 MEDIUM

rdist in various UNIX systems uses popen to execute sendmail, which allows local users to gain root privileges by modifying the IFS (Internal Field Separator) variable.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sgi irix 3.3.1
sun sunos 4.1
sgi irix 3.3.2
sgi irix 3.3.3
cray unicos 6.0
cray unicos 6.0e
sun sunos 4.0.3
sun sunos 4.1.1
sgi irix 3.3
sgi irix 4.0
sun sunos 4.1psr_a
next next 2.1
next next 2.0
cray unicos 6.1
sun sunos 4.0.3c