The rlogin command of multiple Unix vendor contains a flaw that may allow a remote attacker to bypass authentication settings. The issue is triggered when using the '-froot' parameter, which allows a remote attacker to gain root access on a system without being prompted for a password resulting in a loss of integrity.
SunOS contains a flaw in "/usr/bin/passwd" binary that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a local attacker creates a symlink to the password file and uses the "passwd -F" option, which will recreate the password file with increased attacker priveilges. This flaw may lead to a loss of integrity.
UCB Pop Server (a.k.a. popper/qpop/qpopper) contains a flaw that may allow a malicious local user to overwrite or create arbitrary root-owned files on the system. The issue is due to the pop program creating temporary files insecurely. It is possible for a user to use a symlink style attack to manipulate arbitrary files, resulting in a loss of integrity.
UCB Pop Server (a.k.a. popper/qpop/qpopper) contains a flaw related to the logging that may allow an attacker to send anonymous, untraceable mail. Popper does not, by default log users. Using XTND XMIT it's possible send mail that cannot be traced back to the user.
The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO
warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright
holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.