| OSVDB ID | Disclosure Date | Title |
|---|
|
83849
Description:
NetKit (netkit-base) contains a flaw related to multiple components. The issue is triggered when an error occurs. This may allow an attacker to spoof an h_length header in the DNS responses.
|
1996-12-29
|
NetKit (netkit-base) Multiple Component DNS h_length Spoofing Weakness
|
|
83848
Description:
The bsd-finger component of NetKit contains a flaw related to the parsing of real names from the password file. Specifically, when handling the & character, an error could occur that "probably has security implications" according to the vendor.
|
1996-12-29
|
NetKit Finger (bsd-finger) Full Name Handling Unspecified Issue
|
|
83847
Description:
NetKit (netkit-rsh) contains a flaw that is triggered when the program authenticates a user after the opening of stedrr in rexecd. This may allow an unauthenticated attacker to use the service to port scan an arbitrary system, using the vulnerable rexecd as a proxy.
|
1996-12-29
|
NetKit (netkit-rsh) rexecd stderr Unauthenticated Port Scan Proxy
|
|
83846
Description:
NetKit (netkit-ftp) contains a flaw that is triggered by an unspecified issue in /tmp during the creation of new files. No further details have been provided.
|
1996-12-29
|
NetKit (netkit-ftp) /tmp File Creation Unspecified Issue
|
|
993
Description:
IRIX contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the netprint program calls the disable command via a system() call without supplying an absolute path. The PATH environment variable for finding and executing the disable program can be trivially modified by a malicious user. This flaw may lead to a loss of integrity.
|
1996-12-27
|
IRIX netprint PATH Subversion Privilege Escalation
|
|
105
Description:
(Description Provided by CVE) : The jj CGI program allows command execution via shell metacharacters.
|
1996-12-24
|
Multiple Vendor jj CGI Arbitrary Command Execution
|
|
9605
Description:
(Description Provided by CVE) : Vulnerability in direct audio user space code on HP-UX 10.20 and 10.10 allows local users to cause a denial of service.
|
1996-12-24
|
HP-UX Direct Audio User Space Code Local DoS
|
|
29235
Description:
Unknown / Incomplete
|
1996-12-22
|
CERN httpd IP/Hostname Mismatch Access Protection Bypass
|
|
8670
Description:
(Description Provided by CVE) : aspppd on Solaris 2.5 x86 allows local users to modify arbitrary files and gain root privileges via a symlink attack on the /tmp/.asppp.fifo file.
|
1996-12-20
|
Solaris aspppd /tmp/.asppp.fifo Symlink Privilege Escalation
|
|
83140
Description:
IBM AIX is prone to a flaw in the way it loads libraries. The /usr/games/fortune binary uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows a local attacker to inject custom code that will be run with the privilege of the program or user executing the program.
|
1996-12-20
|
IBM AIX fortune LIBPATH Path Subversion Local Privilege Escalation
|
|
11454
Description:
(Description Provided by CVE) : Oversized ICMP ping packets can result in a denial of service, aka Ping o' Death.
|
1996-12-18
|
Multiple Vendor Oversized ICMP Ping Packet DoS (Ping of Death)
|
|
6085
Description:
A local overflow exists in FreeBSD. Its ppp fails to validate input for the HOME environment variable, resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code to gain root privileges resulting in a loss of integrity.
|
1996-12-16
|
FreeBSD ppp HOME Environment Local Overflow
|
|
11505
Description:
(Description Provided by CVE) : Buffer overflow in Vixie Cron library up to version 3.0 allows local users to obtain root access via a long environmental variable.
|
1996-12-16
|
Vixie Cron Long Environment Variable Local Overflow
|
|
3101
Description:
Lotus Domino contains a flaw that allows a remote attacker to access databases via HTTP. By manipulating the URL of a document, an attacker can change key components to edit or delete web server content and all data entered is done so under another user ID.
|
1996-12-12
|
IBM Lotus Domino Predictable URI Remote Arbitrary Document Access
|
|
17001
Description:
Unknown / Incomplete
|
1996-12-11
|
Sendmail initgroups() Privilege Drop Failure Issue
|
|
83565
Description:
IRIX contains a flaw that may allow an attacker to gain access to unauthorized privileges. When /usr/sbin/datman is executed, the program looks for the presence of .cdplayerrc and ~/.cddb. If neither is present, the program will make a system call to manipulate database names that can be subverted to execute arbitrary commands.
|
1996-12-10
|
IRIX /usr/sbin/datman Local Privilege Escalation
|
|
55269
Description:
(Description Provided by CVE) : Denial of service in Windows NT IIS server using ..\..
|
1996-12-09
|
Microsoft IIS Traversal GET Request Remote DoS
|
|
9598
Description:
(Description Provided by CVE) : Buffer overflow in chfn command in HP-UX 9.X through 10.20 allows local users to gain privileges via a long command line argument.
|
1996-12-09
|
HP-UX chfn Command Line Argument Local Overflow
|
|
8563
Description:
IRIX contains a flaw that may allow a malicious local user to overwrite arbitrary files on the system. The issue is due to the searchbook program creating the iconbook and searchbook desktop files insecurely. It is possible for a user to use a symlink style attack to manipulate arbitrary files, resulting in a loss of integrity.
|
1996-12-06
|
IRIX Desktop searchbook Insecure Permission Privilege Escalation
|
|
6994
Description:
Solaris chkperm utility contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a malicious user sets the VMSYS variable to a user writeable directory, creates a symlink to .facerc, then executes chkperm which will disclose the first five lines of the file given as an argument resulting in a loss of confidentiality.
|
1996-12-05
|
Solaris FACE chkperm VMSYS Environmental Variable Symlink Arbitrary File Disclosure
|
|
1093
Description:
(Description Provided by CVE) : Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others.
|
1996-12-04
|
INN Control Message Arbitrary Command Execution
|
|
1005
Description:
(Description Provided by CVE) : lquerypv in AIX 4.1 and 4.2 allows local users to read arbitrary files by specifying the file in the -h command line parameter.
|
1996-12-03
|
IBM AIX lquerypv -h Arbitrary File Access
|
|
1011
Description:
(Description Provided by CVE) : Buffer overflow in Korn Shell (ksh) suid_exec program on IRIX 6.x and earlier, and possibly other operating systems, allows local users to gain root privileges.
|
1996-12-02
|
IRIX Korn Shell (ksh) suid_exec Local Overflow
|
|
83139
Description:
IBM AIX contains a flaw where permissions in /usr/sbin/route are set to 4555 by default. This may allow an unprivileged local attacker to modify routing tables. This would allow them to potentially direct traffic to an alternate system under their control, potentially revealing sensitive information.
|
1996-12-02
|
IBM AIX route Unprivileged Routing Manipulation
|
|
1113
Description:
(Description Provided by CVE) : Sendmail allows local users to write to a file and gain group permissions via a .forward or :include: file.
|
1996-12-02
|
Sendmail Group Write File Hardlink Privilege Escalation
|
