(Description Provided by CVE) : Quake 2 server 3.13 on Linux does not properly check file permissions for the config.cfg configuration file, which allows local users to read arbitrary files via a symlink from config.cfg to the target file.
Multiple BSDs contain a flaw that may allow a malicious user to spoof TCP connections against BSD hosts on networks that do not filter source routed packets via router packet filters. The issue is triggered when the sysctl system configuration control for "do source route" does not prevent source routed packets from being accepted by 4.4BSD kernels, even when the sysctl variable net.inet.ip.dosourceroute is set to '0'. It is possible that the flaw may result in a loss of integrity.
IBM AIX contains a flaw that may allow a remote denial of service. The issue is triggered when telnetd receives an attack and system runs out of message blocks and hangs, and will result in loss of availability for the telnet service and all other tty activity to hang.
IBM AIX contains a flaw that may allow a malicious local user to overwrite arbitrary files on the system. The issue is due to the iFOR/LS license server (from Gradient Technologies) using a /tmp/last_uuid file that is created insecurely. It is possible for a local attacker to use a symlink attack against the iFOR/LS file to cause the program to unexpectedly write to, or overwrite an attacker specified file.
libpng contains an overflow condition in the png_size_t function. The issue is triggered as user-supplied input is not properly validated in cases when the png_size_t function is smaller than 32 bytes. This may allow a remote attacker to cause an unspecified overflow, resulting in a denial of service or potentially execution of arbitrary code.
(Description Provided by CVE) : Vulnerability in imapd and ipop3d in Slackware 3.4 and 3.3 with shadowing enabled, and possibly other operating systems, allows remote attackers to cause a core dump via a short sequence of USER and PASS commands that do not provide valid usernames or passwords.
The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO
warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright
holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.