The bsd-finger component of NetKit contains a flaw related to the parsing of real names from the password file. Specifically, when handling the & character, an error could occur that "probably has security implications" according to the vendor.
NetKit (netkit-rsh) contains a flaw that is triggered when the program authenticates a user after the opening of stedrr in rexecd. This may allow an unauthenticated attacker to use the service to port scan an arbitrary system, using the vulnerable rexecd as a proxy.
IRIX contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the netprint program calls the disable command via a system() call without supplying an absolute path. The PATH environment variable for finding and executing the disable program can be trivially modified by a malicious user. This flaw may lead to a loss of integrity.
IBM AIX is prone to a flaw in the way it loads libraries. The /usr/games/fortune binary uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows a local attacker to inject custom code that will be run with the privilege of the program or user executing the program.
A local overflow exists in FreeBSD. Its ppp fails to validate input for the HOME environment variable, resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code to gain root privileges resulting in a loss of integrity.
Lotus Domino contains a flaw that allows a remote attacker to access databases via HTTP. By manipulating the URL of a document, an attacker can change key components to edit or delete web server content and all data entered is done so under another user ID.
IRIX contains a flaw that may allow an attacker to gain access to unauthorized privileges. When /usr/sbin/datman is executed, the program looks for the presence of .cdplayerrc and ~/.cddb. If neither is present, the program will make a system call to manipulate database names that can be subverted to execute arbitrary commands.
IRIX contains a flaw that may allow a malicious local user to overwrite arbitrary files on the system. The issue is due to the searchbook program creating the iconbook and searchbook desktop files insecurely. It is possible for a user to use a symlink style attack to manipulate arbitrary files, resulting in a loss of integrity.
Solaris chkperm utility contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a malicious user sets the VMSYS variable to a user writeable directory, creates a symlink to .facerc, then executes chkperm which will disclose the first five lines of the file given as an argument resulting in a loss of confidentiality.
IBM AIX contains a flaw where permissions in /usr/sbin/route are set to 4555 by default. This may allow an unprivileged local attacker to modify routing tables. This would allow them to potentially direct traffic to an alternate system under their control, potentially revealing sensitive information.
The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO
warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright
holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.