The bsd-finger component of NetKit contains a flaw related to the parsing of real names from the password file. Specifically, when handling the & character, an error could occur that "probably has security implications" according to the vendor.
NetKit (netkit-rsh) contains a flaw that is triggered when the program authenticates a user after the opening of stedrr in rexecd. This may allow an unauthenticated attacker to use the service to port scan an arbitrary system, using the vulnerable rexecd as a proxy.
IRIX contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the netprint program calls the disable command via a system() call without supplying an absolute path. The PATH environment variable for finding and executing the disable program can be trivially modified by a malicious user. This flaw may lead to a loss of integrity.
IBM AIX is prone to a flaw in the way it loads libraries. The /usr/games/fortune binary uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows a local attacker to inject custom code that will be run with the privilege of the program or user executing the program.
A local overflow exists in FreeBSD. Its ppp fails to validate input for the HOME environment variable, resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code to gain root privileges resulting in a loss of integrity.
Lotus Domino contains a flaw that allows a remote attacker to access databases via HTTP. By manipulating the URL of a document, an attacker can change key components to edit or delete web server content and all data entered is done so under another user ID.
IRIX contains a flaw that may allow an attacker to gain access to unauthorized privileges. When /usr/sbin/datman is executed, the program looks for the presence of .cdplayerrc and ~/.cddb. If neither is present, the program will make a system call to manipulate database names that can be subverted to execute arbitrary commands.
IRIX contains a flaw that may allow a malicious local user to overwrite arbitrary files on the system. The issue is due to the searchbook program creating the iconbook and searchbook desktop files insecurely. It is possible for a user to use a symlink style attack to manipulate arbitrary files, resulting in a loss of integrity.
Solaris chkperm utility contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a malicious user sets the VMSYS variable to a user writeable directory, creates a symlink to .facerc, then executes chkperm which will disclose the first five lines of the file given as an argument resulting in a loss of confidentiality.
IBM AIX contains a flaw where permissions in /usr/sbin/route are set to 4555 by default. This may allow an unprivileged local attacker to modify routing tables. This would allow them to potentially direct traffic to an alternate system under their control, potentially revealing sensitive information.
IRIX contains a flaw that may allow a malicious local user to overwrite arbitrary files on the system. The issue is due to the fsdump program creating files insecurely. It is possible for a user to use a symlink style attack to manipulate arbitrary files, resulting in a loss of integrity.
(Description Provided by CVE) : Kerberos 4 allows remote attackers to obtain sensitive information via a malformed UDP packet that generates an error string that inadvertently includes the realm name and the last user.
IRIX contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a malicious user can create arbitrary directories using a command line option for the cdplayer program, which is setuid root. This flaw may lead to a loss of integrity.
IBM AIX contains a flaw that may allow a malicious local user to manipulate arbitrary files on the system. The issue is due to the /usr/sbin/fibred script creating temporary files insecurely. It is possible for a local attacker to use a symlink attack against the /usr/sbin/fibred.log file to cause the program to unexpectedly write to, or overwrite an attacker specified file. This may allow an attacker to gain escalated privileges
Secure Sockets Layer (SSL) version 2 (v2) has been found to contain several weaknesses. Depending on the time and resources of an attacker, any communication protected by SSLv2 may be vulnerable to Man-in-The-Middle (MiTM) attacks that could allow data tampering or disclosure. SSLv2 flaws in summary: - SSL encrypted web requests traffic analysis can disclose which pages were downloaded, length of data downloaded, what web servers were accessed and more. This requires sniffing or physical access and is considered a passive attack. - Bellovin cut-and-paste attack. This requires sniffing and MiTM manipulation and is considered an active attack. - Bellovin short-block attack. This requires sniffing and MiTM manipulation and is considered an active attack. - Insecure MAC use post-encryption. This is considered a design flaw weakness. - Horton Principle failure. This requires sniffing and MiTM manipulation and is considered an active attack. - Ciphersuite rollback attack. This requires sniffing and MiTM manipulation. - Diffie-hellman Key-exchange MiTM attack. - 40-bit MAC use. This is considered a design flaw weakness.
The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO
warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright
holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.