GCOS-III contains a flaw that may allow a local user to bypass system restrictions. By issuing a crafted sequence to the Assigned GO TO of the TS FOTRAN compiler, it is possible to manipulate the index register value to point to an alternate array. The alternate array could contain instructions that would be executed outside the security envelope.
GCOS-III contains a flaw that may allow a local user to gain elevated privileges. The issue is due to the buffer space made available by the caller to the File System (FILSYS) modules not being zeroed out before return to the caller. By supplying a systematic value to the System Master Catalog (SMC), FILESYS would return an error but not zero the buffer, which could disclose sensitive information such as user login and passwords.
TENEX contains a flaw that may allow a local attacker to more trivially guess user passwords. By carefully examining the virtual memory paging timing for differential timing for page faults, it is possible to determine if a specific character matched a portion of the password. By performing this timing attack for each character of a password, an attacker could effectively brute force a relatively strong password in a matter of minutes, instead of having to exhaust a majority of the possible password space.
The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO
warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright
holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.