(Description Provided by CVE) : In Sendmail, attackers can gain root privileges via SMTP by specifying an improper "mail from" address and an invalid "rcpt to" address that would cause the mail to bounce to a program.
A local overflow exists in BSD. The passwd program fails to check bounds on a long shell or GECOS field causing a buffer overflow. With a specially crafted request, an attacker can change the flow of execution to gain root privileges, which will result in a loss of integrity.
Sendmail contains a flaw that may allow a remote attacker to execute commands without authentication. The issue is triggered when an attacker connects to the SMTP service (port 25), and issues the 'DEBUG' command. If enable, this may allow an attacker to pipe arbitrary commands that will be executed under the same privileges as Sendmail.
Multiple FTP daemons contains a flaw that may allow a remote attacker to gain access to unauthorized privileges. The issue is triggered when issuing a specially crafted request to the CWD ~root command, which may allow a remote attacker to gain access to root privileges, resulting in a loss of integrity.
SunOS contains a flaw that allows a hostile user with console access to gain root privileges. If a user has a valid login to the machine (even with restricted shell), they can take advantage of the unprotected memory of a SunOS system. By taking note of the u.u_cred elements of the user structure, it will provide the required memory addresses for the user to edit the active memory via the PROM monitor. By changing the current UID of the running process and restoring the session, any active shell's privileges can be upgraded to root level privileges.
SunOS contains a flaw that may allow a local unprivileged user to gain root privielges. The issue is due to the 'sync' account containing no password, allowing anyone to access it without authentication. Further, by supplying a custom sync library when logging into the account, the system will execute arbitrary commands under the 'sync' privileged ID, usually with root equivilent privileges.
SunOS contains a flaw related to the default unpassworded 'sync' account that may allow local and remote users to carry out unintended activities. First, local users may use the account to obscure their entry in the 'who' output. This may make it difficult for administrators to track user activity or notice suspicious behavior. Second, if the 'root' account is set to use / as a home directory, the 'sync' account (which defaults to / for home directory) may execute start up files before running the /bin/sync command as intended. This may allow an unprivileged local/remote attacker to execute programs unexpectedly, and potentially gain access to the system through other means such as breaking out of interactive processes. Third, a remote user may be able to use the account to see the local 'motd' (message of the day) file which could disclose sensitive system information.
The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO
warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright
holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.