(Description Provided by CVE) : Vulnerability in rcp on SunOS 4.0.x allows remote attackers from trusted hosts to execute arbitrary commands as root, possibly related to the configuration of the nobody user.
Sendmail contains a flaw that may allow a remote attacker to overwrite arbitrary files. The issue is due tot he program allowing remote access to the 'decode' alias. By sending a crafted email to the alias, the sendmail program would write user-supplied content to an arbitrary file as well as set custom permissions.
AIX contains a flaw that may allow a local user to gain privileges. The issue is due to the /etc/shadow file shipping with world writeable permissions. A user can add an arbitrary account with root privileges to the file, and then login under the newly created ID.
passwd contains an implementation flaw that may allow a local denial of service. The issue is triggered when the 'passwd' command is used in an environment with a very small ulimit value. If /etc/passwd is larger than the ulimit, use of the 'passwd' command will result in a truncated /etc/passwd file. If ulimit was set to 0 the /etc/passwd file will be empty, which will invalidate all password authentication attempts, and result in a loss of availability.
Sendmail contains a flaw that may allow a local attacker to gain increased privileges. The flaw can be exploited by creating a custom .forward file that calls a program to create a SUID shell before connecting to the SMTP port (25) and sending yourself mail from the user you want to invoke the shell as. This will work for any user on the system except root.
fingerd contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a .plan file in a user's home directory is replaced by a symbolic link to another file. fingerd will follow the link and display content of the linked file on subsequent finger requests, resulting in a loss of confidentiality.
The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO
warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright
holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.