Microsoft Windows NT 4.0 contains a flaw that may allow a remote denial of service. The issue is triggered when a remote attacker causes an access violation within LSASS.exe causing the process to stop running, and will result in loss of availability for the operating system.
Samba is prone to an overflow condition. This issue is triggered when smbmount fails to properly sanitize user-supplied input resulting in a buffer overflow. With a specially crafted multiple variable username, a local attacker can potentially execute arbitrary code.
A local overflow exists in SVGAlib/zgv. The product fails to verify the length of the HOME environment variable, resulting in a buffer overflow. By setting this variable to an overly long value, arbitrary code can be executed as root, resulting in a loss of availability.
(Description Provided by CVE) : ping in Solaris 2.3 through 2.6 allows local users to cause a denial of service (crash) via a ping request to a multicast address through the loopback interface, e.g. via ping -i.
Ultrix contains a flaw that is triggered by dxterm being given setuid privileges. This may allow a remote attacker to log output data to arbitrary files, which will overwrite pre-existing data on that file.
(Description Provided by CVE) : Solaris Solstice AdminSuite (AdminSuite) 2.1 uses unsafe permissions when adding new users to the NIS+ password table, which allows local users to gain root access by modifying their password table entries.
(Description Provided by CVE) : Solaris Solstice AdminSuite (AdminSuite) 2.1 incorrectly sets write permissions on source files for NIS maps, which could allow local users to gain privileges by modifying /etc/passwd.
(Description Provided by CVE) : Solaris Solstice AdminSuite (AdminSuite) 2.1 and 2.2 allows local users to gain privileges via the save option in the Database Manager, which is running with setgid bin privileges.
Solaris contains a flaw that may allow a local denial of service. The issue is triggered by an error in rsh that allows an attacker to manipulate a root-owned socket, which will result in loss of availability for the program / service.
(Description Provided by CVE) : rsh daemon (rshd) generates different error messages when a valid username is provided versus an invalid name, which allows remote attackers to determine valid users on the system.
NetKit (netkit-tftp) contains a flaw that allows an attacker to traverse outside of a restricted path. The issue is due to tftpd not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../). This directory traversal attack would allow the attacker to gain access to arbitrary files.
A local overflow exists in some versions of the at(1) program. The program fails to validate input properly resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code as root resulting in a loss of integrity and confidentiality.
qmail-smtpd contains a flaw that may allow a remote denial of service. The issue is triggered by sending an email with a large number of recipient addresses. Qmail will attempt to process such message, which will consume all memory on the server host, and will result in loss of availability for this computer.
(Description Provided by CVE) : The snprintf function in the db library 1.85.4 ignores the size parameter, which could allow attackers to exploit buffer overflows that would be prevented by a properly implemented snprintf.
IBM AIX contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when a buffer overflow occurs in mount, which will cause a segfault and core dump file. Using a symlink, the core file can be used to create or overwrite a file. By setting an environment variable with arbitrary content, it will be appended to the file. Leveraging this against a file such as .rhosts will allow for privileged access to an arbitrary account.
The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO
warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright
holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.