OSVDB: Open Sourced Vulnerability Database

Browse Database

Browsing Vulnerabilities Disclosed in November of 1996

OSVDB ID	Disclosure Date	Title
984 [CLOSE] OSVDB ID : 984 - Disclosed: 1996-11-28 Description: IRIX contains a flaw that may allow a malicious local user to overwrite arbitrary files on the system. The issue is due to the fsdump program creating files insecurely. It is possible for a user to use a symlink style attack to manipulate arbitrary files, resulting in a loss of integrity.	1996-11-28	IRIX fsdump File Modification Privilege Escalation
11893 [CLOSE] OSVDB ID : 11893 - Disclosed: 1996-11-26 Description: (Description Provided by CVE) : Buffer overflow in cddbd CD database server allows remote attackers to execute arbitrary commands via a long log message.	1996-11-26	cddbd CD Database Server Log Message Remote Overflow
4882 [CLOSE] OSVDB ID : 4882 - Disclosed: 1996-11-22 Description: (Description Provided by CVE) : Kerberos 4 allows remote attackers to obtain sensitive information via a malformed UDP packet that generates an error string that inadvertently includes the realm name and the last user.	1996-11-22	Kerberos 4 Malformed UDP Packet Information Disclosure
1114 [CLOSE] OSVDB ID : 1114 - Disclosed: 1996-11-21 Description: (Description Provided by CVE) : Local users can start Sendmail in daemon mode and gain root privileges.	1996-11-21	Sendmail Daemon Mode Local Privilege Escalation
8448 [CLOSE] OSVDB ID : 8448 - Disclosed: 1996-11-21 Description: IRIX contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a malicious user can create arbitrary directories using a command line option for the cdplayer program, which is setuid root. This flaw may lead to a loss of integrity.	1996-11-21	IRIX cdplayer Arbitrary Directory Creation Privilege Escalation
9606 [CLOSE] OSVDB ID : 9606 - Disclosed: 1996-11-21 Description: (Description Provided by CVE) : Certain programs in HP-UX 10.20 do not properly handle large user IDs (UID) or group IDs (GID) over 60000, which could allow local users to gain privileges.	1996-11-21	HP-UX Unspecified Program Large UID/GID Local Privilege Escalation
8754 [CLOSE] OSVDB ID : 8754 - Disclosed: 1996-11-17 Description: (Description Provided by CVE) : dxchpwd in Digital Unix (OSF/1) 3.x allows local users to modify arbitrary files via a symlink attack on the dxchpwd.log file.	1996-11-17	OSF dxchpwd dxchpwd.log Symlink Arbitrary File Modification
15042 [CLOSE] OSVDB ID : 15042 - Disclosed: 1996-11-16 Description: Unknown / Incomplete	1996-11-16	Sendmail HUP Signal Arbitrary Privileged Command Execution
83135 [CLOSE] OSVDB ID : 83135 - Disclosed: 1996-11-12 Description: IBM AIX contains a flaw that may allow a malicious local user to manipulate arbitrary files on the system. The issue is due to the /usr/sbin/fibred script creating temporary files insecurely. It is possible for a local attacker to use a symlink attack against the /usr/sbin/fibred.log file to cause the program to unexpectedly write to, or overwrite an attacker specified file. This may allow an attacker to gain escalated privileges	1996-11-12	IBM AIX fibred /var/tmp/fibred.log Symlink Arbitrary File Manipulation Privilege Escalation
57411 [CLOSE] OSVDB ID : 57411 - Disclosed: 1996-11-11 Description: Unknown / Incomplete	1996-11-11	Check Point FireWall-1 Large Ping Packet Handling ACL Bypass
1628 [CLOSE] OSVDB ID : 1628 - Disclosed: 1996-11-09 Description: (Description Provided by CVE) : Solaris syslogd crashes when receiving a message from a host that doesn't have an inverse DNS entry.	1996-11-09	Solaris syslogd Unresolvable Address Remote DoS
56387 [CLOSE] OSVDB ID : 56387 - Disclosed: 1996-11-01 Description: Secure Sockets Layer (SSL) version 2 (v2) has been found to contain several weaknesses. Depending on the time and resources of an attacker, any communication protected by SSLv2 may be vulnerable to Man-in-The-Middle (MiTM) attacks that could allow data tampering or disclosure. SSLv2 flaws in summary: - SSL encrypted web requests traffic analysis can disclose which pages were downloaded, length of data downloaded, what web servers were accessed and more. This requires sniffing or physical access and is considered a passive attack. - Bellovin cut-and-paste attack. This requires sniffing and MiTM manipulation and is considered an active attack. - Bellovin short-block attack. This requires sniffing and MiTM manipulation and is considered an active attack. - Insecure MAC use post-encryption. This is considered a design flaw weakness. - Horton Principle failure. This requires sniffing and MiTM manipulation and is considered an active attack. - Ciphersuite rollback attack. This requires sniffing and MiTM manipulation. - Diffie-hellman Key-exchange MiTM attack. - 40-bit MAC use. This is considered a design flaw weakness.	1996-11-01	SSLv2 Protocol Multiple Weaknesses
5864 [CLOSE] OSVDB ID : 5864 - Disclosed: 1996-11-01 Description: (Description Provided by CVE) : Buffer overflow in HP-UX cstm program allows local users to gain root privileges.	1996-11-01	HP-UX cstm Local Overflow
5868 [CLOSE] OSVDB ID : 5868 - Disclosed: 1996-11-01 Description: (Description Provided by CVE) : Buffer overflow in mstm in HP-UX allows local users to gain root access.	1996-11-01	HP-UX mstm Local Overflow
9643 [CLOSE] OSVDB ID : 9643 - Disclosed: 1996-11-01 Description: (Description Provided by CVE) : fpkg2swpk in HP-UX allows local users to gain root access.	1996-11-01	HP-UX fpkg2swpk Local Privilege Escalation

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.