aix.security.fixes.txt

`Date: Thu, 6 May 1999 11:15:15 +0200  
From: Ciaran Deignan <[email protected]>  
To: [email protected]  
Subject: AIX Security Fixes Update  
  
The IBM mail server just distributed the following file.  
This information has been integrated into the bull_check verification tool  
(version 1.0.9904.1) available from http://www-frec.bull.com/ (in the  
year2000 section of the download page).  
Note: most of the APARs are old.  
  
  
---------- Forwarded message ----------  
Date: Thu, 6 May 1999 01:04:31 -0500  
>From: AIX Service Mail Server <[email protected]>  
To: [email protected]  
Subject: Security_APARs  
  
This is a list of security related APARs for current releases of AIX.  
To facilitate ease of ordering all security related APARs for each  
release can be ordered using the following packaging APARs.  
  
AIX 4.3: IX89365 (updated 04/99)  
  
AIX 4.2: IX89364 (updated 04/99)  
  
AIX 4.1: IX89362 (updated 04/99)  
  
APARs can be ordered using FixDist. For additional information on FixDist  
send e-mail with a subject of "FixDist" to [email protected], or  
refer to the following URL:  
  
http://service.software.ibm.com/rs6k/fixes.html  
===========================================================================  
AIX 4.3 APARs  
  
IX72045 CDE LOGIN GIVES INVALID USER NAME MESSAGE BEFORE PW ENTERED  
IX72553 SECURITY: VULNERABILITY IN I/O SIGNAL HANDLING  
IX73077 SECURITY: FTP BOUNCE VULNERABILITY  
IX73214 SECURITY: TELNET DENIAL OF SERVICE ATTACK  
IX73438 SECURITY: VULNERABILITY IN DTAPPGATHER  
IX73586 SECURITY HOLE IN FTP, TFTP, UTFTP  
IX73836 /ETC/HOSTS.EQUIV IS ALLOWING WRONG USERS TO LOG IN  
IX73951 SECURITY: ROUTED SHOULD IGNORE TRACE PACKETS  
IX73961 PCNFSD DAEMON UPDATES WTMP FILE INCORRECTLY  
IX74296 PROGRAMS USING LEX GENERATED SOURCE COREDUMP  
IX74599 SECURITY: VULNERABILITY IN DIGEST  
IX74793 SECURITY HOLE IN TN3270  
IX74802 CSH CORE DUMPS WHEN ENV VARIABLE IS LONGER THAN 2K  
IX75275 SECURITY: LOGSYMPTOM FOLLOWS SYMLINKS  
IX75554 SECURITY: TIMEX CREATES INSECURE TEMPORARY FILES  
IX75564 ETHERNET DRIVER PASSES PACKETS TOO SMALL CAUSING CRASH  
IX75761 BAD FILE HANDLE CAN CRASH LOCK DAEMON  
IX75840 SECURITY: DEAD.LETTER CREATED WITH GROUP PRINTQ  
IX75864 SECURITY: /BIN/MAN CREATES INSECURE TEMPORARY FILES  
IX76039 SECURITY: DPID2 CORE DUMPS IN WORLD WRITABLE DIRECTORY  
IX76040 SECURITY: SNMPD LOG FILE FOLLOWS SYMLINKS  
IX76049 SECURITY: CDE TRASHINFO FILE CREATED WORLD-WRITABLE  
IX76960 BIND: CERT ADVISORY CA-98.05  
IX76962 BIND: CERT ADVISORY CA-98.05  
IX77338 SECURITY: SORT CREATES INSECURE TEMPORARY FILES  
IX77508 CDE MAILER (DTMAIL) ALLOWS A USER TO READ A MAILBOX WHICH THE  
IX77592 SECURITY: PORTMAP CREATES INSECURE TEMPORARY FILES  
IX78071 IFCONFIG.AT HAVE A WRONG FILE PERMISSIONS  
IX78202 SECURITY: BUFFER OVERFLOWS IN XTERM AND AIXTERM.  
IX78248 SECURITY: VULNERABILITY IN GROUP SHUTDOWN  
IX78349 SECURITY: BAD PERMISSIONS ON /ETC/SECURITY/LOGIN.CFG  
IX78564 SECURITY:LONG FONTNAMES CAN OVERFLOW BUFFERS IN FONTSERVER  
IX78612 SECURITY: BUFFER OVERFLOWS IN XAW AND XMU.  
IX78646 SECURITY: RC.NET.SERIAL CREATES INSECURE TEMPORARY FILES  
IX78719 NFS V2 DOES NOT HANDLE 65535 AS A UID  
IX78732 SECURITY: FILES IN /VAR/DT ARE CREATED INSECURELY BY CDE LOGIN  
IX79136 SECURITY: INSECURE TEMPORARY FILES IN DIAGSUP SCRIPTS  
IX79139 SECURITY: ACLPUT/ACLEDIT CREATE INSECURE TEMPORARY FILES  
IX79679 "RCP SECURITY PROBLEM"  
IX79681 SECURITY: INSECURE TEMPORARY FILES IN CMDMISC SCRIPTS  
IX79682 SECURITY: INSECURE TEMPORARY FILES IN CMDSCCS SCRIPTS  
IX79683 SECURITY: INSECURE TEMPORARY FILES IN CMDTZ SCRIPTS  
IX79700 SECURITY: INSECURE TEMPORARY FILES IN CMDNLS SCRIPTS  
IX79701 SECURITY: INSECURE TEMPORARY FILES IN CMDTEXT SCRIPTS  
IX79857 SECURITY HOLE  
IX79909 NSLOOKUP CORE DUMPS WITH LONG STRINGS  
IX79979 SECURITY: VULNERABILITY IN GROUP SHUTDOWN  
IX80036 SECURITY: CRON CREATES INSECURE LOCK FILE  
IX80387 SECURITY: INSECURE CREATION OF LPD LOCK FILE  
IX80391 SECURITY: INSECURE TEMPORARY FILES IN CMDSNAP SCRIPTS  
IX80470 SECURITY: PTRACE() PROBLEM WITH SET-GID PROGRAMS  
IX80510 SECURITY: DON'T INHERIT CLOSED STDIN,STDOUT,STDERR DESCRIPTORS  
IX80543 SECURITY:LIBNSL BUFFER OVERRUNS  
IX80548 SECURITY: RAS SCRIPTS SHOULDN'T FOLLOW SYMLINKS  
IX80549 SECURITY: /BIN/MORE CREATES INSECURE TEMPORARY FILES  
IX80762 SECURITY: /BIN/VI CREATES INSECURE TEMPORARY FILES  
IX80792 SECURITY: BUFFER OVERFLOWS IN IMAPD  
IX81058 SECURITY: INSECURE TEMPORARY FILES IN CMDBSYS SCRIPTS  
IX81077 SECURITY: TTYLOCK() ALLOWS CREATION OF WORLD-READABLE FILES  
IX81078 SECURITY: INSECURE TEMPORARY FILES IN CMDFILES SCRIPTS  
IX81442 SECURITY: VULNERABILITY IN RPC.TTDBSERVERD  
IX81507 SECURITY: MORE VULNERABILITIES IN PCNFSD  
IX81999 POST COMMAND SHOULD NOT BE SUID  
IX82002 FORCE REXECD USER PRIVILEDGES  
IX83752 SECURITY: VULNERABILITY IN AUTOFS  
IX84493 SECURITY: VULNERABILITY IN SETGID EXECUTABLES  
IX84642 SECURITY: VULNERABILITY IN INFOEXPLORER DAEMON (INFOD)  
IX85233 SECURITY : MAILBOX GETS CORRUPTED  
IX85556 SECURITY: BUFFER OVERFLOW IN FTP CLIENT  
IX85600 BOOTP: CERT ADVISORY  
IX87016 REMBAK FAILS WHEN INVOKED WITH VERY LONG USERNAME/HOSTNAME  
===========================================================================  
AIX 4.2 APARs  
  
IX59743 RDIST HAS A SECURITY HOLE.  
IX60069 /VAR/DT SECURITY PROBLEM  
IX60892 BUFFER OVERFLOW CAUSES CORE DUMP IN TZSET()  
IX61125 POSSIBLE BUFFER OVERFLOW BUG IN /USR/BIN/AT  
IX61127 SECURITY: POSSIBLE BUFFER OVERFLOW IN RWHOD  
IX61199 NETWORK INTERFACES PADDING TO MINIMUM LENGTH LEAVE OLD DATA IN  
IX61304 CERTS VU#12851:SENDMAIL GIVES LOCAL USER ACCESS TO DEFAULT USER  
IX61305 CERTS#12002:SENDMAIL LETS USER BECOME ROOT WITH CHFN COMMAND  
IX61858 LARGE ICMP PACKETS CAN CRASH MACHINE  
IX62144 BUFFER OVERFLOW IN GETHOSTBYNAME()  
IX62428 CERT: SYN FLOOD DENIAL-OF-SERVICE ATTACKS  
IX63068 CERT: SENDMAIL SIGHUP VULNERABILITY  
IX64204 SECURITY: LQUERYPV ALLOWS NON-ROOT USER TO READ ANY FILE  
IX64443 CERTS:VU#3075 SENDMAIL VULNERABILITY  
IX65281 SECURITY: HOSTS.EQUIV SHOULD BE IGNORED IF WORLD-WRITABLE  
IX65473 CERT: BUFFER OVERFLOW IN TALKD  
IX65538 CERT: FTPD RACE CONDITION IN SIGNAL HANDLING  
IX65685 SECURITY: BUFFER OVERFLOW IN /USR/SBIN/LOGIN  
IX66068 /USR/SBIN/MOUNT CREATES ROOT-OWNED CORE  
IX66232 CORE DUMP FOR ILLEGAL LENGTH STRING IN SOME LVM COMMANDS  
IX66344 SECURITY: LIBPATH USED FOR SETGID EXECUTABLES  
IX66352 SECURITY: BUFFER OVERFLOWS IN LIBXT.A  
IX66405 /TMP/XLOGFILE HAS WRONG PERMISSION.  
IX66461 BUFFER OVERFLOW IN LIBXT.A  
IX66819 RECONNECTING A TCP SOCKET CAN CRASH THE SYSTEM  
IX66824 SECURITY: BUFFER OVERFLOWS IN LIBX11.A  
IX66950 SECURITY: BUFFER OVERFLOW IN /USR/LIB/ERRDEMON  
IX67318 CERT: POSSIBLE BUFFER OVERFLOW IN FINGER DAEMON  
IX67325 /TMP/LAST_UUID PERMISSIONS AND MISSING SYMBOLS  
IX67377 CERT: BUFFER OVERFLOW IN NLS ENVIRONMENT VARIABLES  
IX68087 SECURITY: VULNERABILITY IN RPC.PCNFSD  
IX68191 SECURITY: BUFFER OVERFLOWS IN XLOCK  
IX68250 BUFFER OVERFLOWS IN /USR/SBIN/MOUNT  
IX68707 SECURITY: X11 RESOURCE MANAGER BUFFER OVERFLOW.  
IX68769 CERT : CMSD SECURITY PROBLEM  
IX68801 SECURITY: POSSIBLE BUFFER OVERFLOW IN GECOS HANDLING  
IX69106 BUFFER OVERFLOW IN DTTERM.  
IX69113 BUFFER OVERFLOW IN XTERM.  
IX69169 SECURITY: BUFFER OVERFLOW IN WRITESRV DAEMON  
IX69171 SECURITY: BUFFER OVERFLOW IN /BIN/RCP  
IX69180 SECURITY: BUFFER OVERFLOW IN DTACTION  
IX69704 SECURITY: BUFFER OVERFLOW IN AIXTERM  
IX69714 CERT: VULNERABILITY IN YPPROC_XFR RPC  
IX70035 LARGE MMAP REGION CAN RUN OUT OF PAGING SPACE AND HANG  
IX70233 SECURITY: /USR/BIN/VACATION VULNERABILITY  
IX70237 SECURITY: CACHE POISONING  
IX70239 SECURITY: DISALLOW SENDMAIL -C FOR USERS IN GROUP SYSTEM  
IX70263 CERT CA-97.09: VULNERABILITY IN IMAP/POP  
IX70389 /ETC/HOSTS.EQUIV IS ALLOWING WRONG USERS TO LOGIN  
IX70396 SECURITY: COPYCORE CREATES WORLD-READABLE DUMPS  
IX70397 SECURITY: VULNERABILITY IN SRCMSTR  
IX70660 SECURITY: SYSLOG DENIAL-OF-SERVICE VULNERABILITY  
IX70766 POSSIBLE COREDUMP IN TPARM() ROUTINE  
IX70815 MAKE NSLOOKUP SUID ROOT ONLY FOR RES_INIT  
IX70875 SECURITY: BUFFER OVERFLOW IN RDIST  
IX70886 SECURITY: FTP CLIENT INTERPRETS SERVER PROVIDED FILENAMES  
IX70916 ONLY ALLOW LOOPBACK AS INTERFACE FOR PORTMAP REGISTER  
IX70918 SECURITY: RPC.MOUNTD ALLOWS FILENAME DISCOVERY  
IX71277 SECURITY: VULNERABILITY IN LIBISODE.A  
IX71403 SECURITY: BUFFER OVERFLOWS IN RNETRC()  
IX71405 SECURITY: DISCARD LOOPBACK PACKETS ON EXTERNAL INTERFACES  
IX71517 SECURITY: VULNERABILITY IN PIODMGRSU  
IX71581 SYSTEM FILE COULD BE OVERWRITTEN BY DTAPPINTEGRATE  
IX71779 SECURITY: VULNERABILITY IN I/O SIGNAL HANDLING  
IX71795 SECURITY: VULNERABILITY IN /USR/SBIN/PORTMIR  
IX71806 NFSV3 ACCESS FOR OTHERS INCORRECT  
IX71810 SECURITY: BAD TEMPORARY FILE CREATED FROM /USR/BIN/CFGMIR  
IX71927 CDE LOGIN GIVES INVALID USER NAME MESSAGE BEFORE PW ENTERED  
IX72021 SECURITY: BUFFER OVERFLOW IN XDAT  
IX73022 NFS UID MISMATCH POSSIBLE ON CREATE  
IX73076 SECURITY: FTP BOUNCE VULNERABILITY  
IX73430 SEC: /USR/SBIN/MKLV SHELL SCRIPT HAS SET-UID BIT SET  
IX73437 SECURITY: VULNERABILITY IN DTAPPGATHER  
IX73580 SECURITY: TELNET DENIAL OF SERVICE ATTACK  
IX73755 PTY_SETNAME MISMANAGES THE PROCESS CREDENTIAL  
IX73893 PCNFSD DAEMON UPDATES WTMP FILE INCORRECTLY  
IX73949 SECURITY: ROUTED SHOULD IGNORE TRACE PACKETS  
IX74023 PROGRAMS USING LEX GENERATED SOURCE COREDUMPS  
IX74335 SECURITY: NFS NOT HANDLING EXPORTS CORRECTLY  
IX75157 BAD FILE HANDLE CAN CRASH LOCK DAEMON  
IX75195 ETHERNET DRIVER PASSES PACKETS TOO SMALL CAUSING CRASH  
IX75417 SECURITY HOLE IN TN3270  
IX76015 NFS V2 DOES HANDLE 65535 AS A UID  
IX76268 SECURITY: LOGSYMPTOM FOLLOWS SYMLINKS  
IX76269 SECURITY: DPID2 CORE DUMPS IN WORLD WRITABLE DIRECTORY  
IX76270 SECURITY HOLE IN FTP, TFTP, UTFTP  
IX76272 SECURITY: VULNERABILITY IN DIGEST  
IX76276 SECURITY: DEAD.LETTER CREATED WITH GROUP PRINTQ  
IX76853 SECURITY: TIMEX CREATES INSECURE TEMPORARY FILES  
IX76861 REFRESHING INETD TOO MANY TIMES CAN KILL IT  
IX76863 SECURITY: SNMPD LOG FILE FOLLOWS SYMLINKS  
IX76867 SECURITY: /BIN/MAN CREATES INSECURE TEMPORARY FILES  
IX76872 BOS.NET.TCP.CLIENT UPDATES RE-ENABLE SNMP AND DPID2  
IX76875 SECURITY: NON-ROOT USERS CAN CREATE AND BIND TO AF_NDD SOCKETS  
IX76878 SECURITY: CDE TRASHINFO FILE CREATED WORLD-WRITABLE  
IX76879 REMOVE POTENTIAL SECURITY EXPOSURE FROM NETLSD  
IX76886 SECURITY: SORT CREATES INSECURE TEMPORARY FILES  
IX76959 BIND: CERT ADVISORY CA-98.05  
IX76984 LIBBSD SLEEP() RACE CONDITION  
IX77009 CORE FILE MAY CONTAIN DATA FROM OTHER USERS  
IX77089 SETUPTERM CAN CORE DUMP  
IX77506 CDE MAILER (DTMAIL) ALLOWS A USER TO READ A MAILBOX WHICH THE  
IX77830 SECURITY: BUFFER OVERFLOWS IN XTERM AND AIXTERM.  
IX77902 IFCONFIG.AT HAVE A WRONG FILE PERMISSIONS  
IX78596 SECURITY: VULNERABILITY IN GROUP SHUTDOWN  
IX78616 SECURITY:LONG FONTNAMES CAN OVERFLOW BUFFERS IN FONTSERVER  
IX78641 "RCP SECURITY PROBLEM"  
IX78673 SECURITY: BUFFER OVERFLOWS IN XAW AND XMU.  
IX78729 SECURITY: FILES IN /VAR/DT ARE CREATED INSECURELY BY CDE LOGIN  
IX79037 SECURITY: INSECURE TEMPORARY FILES IN DIAGSUP SCRIPTS  
IX79447 SECURITY: CRON CREATES INSECURE LOCK FILE  
IX79473 SECURITY: INSECURE TEMPORARY FILES IN CMDTEXT SCRIPTS  
IX79836 SECURITY: VULNERABILITY IN GROUP SHUTDOWN  
IX79893 SECURITY: PORTMAP CREATES INSECURE TEMPORARY FILES  
IX80138 SECURITY: INSECURE CREATION OF LPD LOCK FILE  
IX80791 SECURITY: BUFFER OVERFLOWS IN IMAPD  
IX81232 SECURITY: BAD PERMISSIONS ON /ETC/SECURITY/LOGIN.CFG  
IX81317 FORCE REXECD USER PRIVILEDGES  
IX81360 SECURITY: /BIN/MORE CREATES INSECURE TEMPORARY FILES  
IX81361 SECURITY: INSECURE TEMPORARY FILES IN CMDFILES SCRIPTS  
IX81364 SECURITY: INSECURE TEMPORARY FILES IN CMDMISC SCRIPTS  
IX81366 SECURITY: INSECURE TEMPORARY FILES IN CMDNLS SCRIPTS  
IX81369 SECURITY: INSECURE TEMPORARY FILES IN CMDSCCS SCRIPTS  
IX81370 SECURITY: INSECURE TEMPORARY FILES IN CMDTZ SCRIPTS  
IX81377 SECURITY: /BIN/VI CREATES INSECURE TEMPORARY FILES  
IX81441 SECURITY: VULNERABILITY IN RPC.TTDBSERVERD  
IX81506 SECURITY: MORE VULNERABILITIES IN PCNFSD  
IX81579 SECURITY: DON'T INHERIT CLOSED STDIN,STDOUT,STDERR DESCRIPTORS  
IX82703 SECURITY:LIBNSL BUFFER OVERRUNS  
IX84230 SECURITY : MAILBOX GETS CORRUPTED  
IX85206 SECURITY: INSECURE TEMPORARY FILES IN CMDBSYS SCRIPTS  
IX85555 SECURITY: BUFFER OVERFLOW IN FTP CLIENT  
IX85599 BOOTP: CERT ADVISORY  
IX87003 REMBAK FAILS WHEN INVOKED WITH VERY LONG USERNAME/HOSTNAME  
IX88195 SECURITY: INSECURE TEMPORARY FILES IN CMDSNAP SCRIPTS  
===========================================================================  
AIX 4.1 APARs  
  
IX55363 CERT ADVISORY CA-95:17 - YPUPDATED VULNERABILITY  
IX55931 CERT ADVISORY ON RPC.STATD  
IX56717 DDTERM PROBLEM AND 256 BYTES LOST AT EACH FAILING OPEN.  
IX57720 SECURITY PROBLEM IN SENDMAIL  
IX58516 /TMP/XLOGFILE HAS WRONG PERMISSION.  
IX59453 LARGE ICMP PACKETS CAN CRASH MACHINE  
IX59742 RDIST HAS A SECURITY HOLE.  
IX60068 /VAR/DT SECURITY PROBLEM  
IX60680 SECURITY: POSSIBLE BUFFER OVERFLOW IN RWHOD  
IX60873 NETWORK INTERFACES PADDING TO MINIMUM LENGTH LEAVE OLD DATA IN  
IX60890 BUFFER OVERFLOW CAUSES CORE DUMP IN TZSET()  
IX60894 POSSIBLE BUFFER OVERFLOW FOR TZ  
IX61019 BUFFER OVERFLOW IN GETHOSTBYNAME()  
IX61031 BUFFER OVERFLOW IN LIBXT.A  
IX61162 CERTS VU#12851:SENDMAIL GIVES LOCAL USER ACCESS TO DEFAULT USER  
IX61306 CERTS#12002:SENDMAIL LETS USER BECOME ROOT WITH CHFN COMMAND  
IX62476 CERT: SYN FLOOD DENIAL-OF-SERVICE ATTACKS  
IX64203 SECURITY: LQUERYPV ALLOWS NON-ROOT USER TO READ ANY FILE  
IX64459 CERTS:VU#3075 SENDMAIL VULNERABILITY  
IX65472 CERT: BUFFER OVERFLOW IN TALKD  
IX65537 CERT: FTPD RACE CONDITION IN SIGNAL HANDLING  
IX65682 SECURITY: BUFFER OVERFLOW IN /USR/SBIN/LOGIN  
IX65979 /TMP/LAST_UUID SHOULD NOT BE WORLD WRITABLE AND RPC__PKT_NAME ER  
IX66055 /USR/SBIN/MOUNT CREATES ROOT-OWNED CORE  
IX66231 CORE DUMP FOR ILLEGAL LENGTH STRING IN SOME LVM COMMANDS  
IX66340 SECURITY: LIBPATH USED FOR SETGID EXECUTABLES  
IX66449 SECURITY: BUFFER OVERFLOWS IN LIBXT.A  
IX66679 SECURITY: "PIPEBUG IN SENDMAIL"  
IX66736 SECURITY: BUFFER OVERFLOWS IN LIBX11.A  
IX66826 LIBBSD SLEEP() RACE CONDITION  
IX67272 /ETC/HOSTS.EQUIV IS ALLOWING WRONG USERS TO LOGIN  
IX67276 WHEN PRINCIPAL NAME EXCEEDS 1024 CHARACTERS SECD CORES  
IX67317 CERT: POSSIBLE BUFFER OVERFLOW IN FINGER DAEMON  
IX67407 CERT: BUFFER OVERFLOW IN NLS ENVIRONMENT VARIABLES  
IX67601 SECURITY: HOSTS.EQUIV SHOULD BE IGNORED IF WORLD-WRITABLE  
IX68086 SECURITY: VULNERABILITY IN RPC.PCNFSD  
IX68143 SECURITY: VULNERABILITY IN SRCMSTR  
IX68190 SECURITY: BUFFER OVERFLOWS IN XLOCK  
IX68249 BUFFER OVERFLOWS IN /USR/SBIN/MOUNT  
IX68412 RECONNECTING A TCP SOCKET CAN CRASH THE SYSTEM  
IX68688 SECURITY: POSSIBLE BUFFER OVERFLOW IN GECOS HANDLING  
IX68706 SECURITY: X11 RESOURCE MANAGER BUFFER OVERFLOW.  
IX68749 CERT : CMSD SECURITY PROBLEM  
IX68834 CORE FILE MAY CONTAIN DATA FROM OTHER USERS  
IX69083 BUFFER OVERFLOW IN DTTERM.  
IX69104 BUFFER OVERFLOW IN XTERM.  
IX69168 SECURITY: BUFFER OVERFLOW IN WRITESRV DAEMON  
IX69170 SECURITY: BUFFER OVERFLOW IN /BIN/RCP  
IX69179 SECURITY: BUFFER OVERFLOW IN DTACTION  
IX69698 SECURITY: BUFFER OVERFLOW IN AIXTERM  
IX70029 LARGE MMAP REGION CAN RUN OUT OF PAGING SPACE AND HANG  
IX70100 ONLY ALLOW LOOPBACK AS INTERFACE FOR PORTMAP REGISTER  
IX70171 POSSIBLE COREDUMP IN SETUPTERM()  
IX70236 SECURITY: CACHE POISONING  
IX70238 SECURITY: DISALLOW SENDMAIL -C FOR USERS IN GROUP SYSTEM  
IX70352 POSSIBLE COREDUMP IN TPARM() ROUTINE  
IX70367 SECURITY: COPYCORE CREATES WORLD-READABLE DUMPS  
IX70368 SECURITY: BUFFER OVERFLOW IN /USR/LIB/ERRDEMON  
IX70370 CERT: MKNOD RACE CONDITION AND BUFFER OVERFLOW  
IX70400 REFRESHING INETD TOO MANY TIMES CAN KILL IT  
IX70659 SECURITY: SYSLOG DENIAL-OF-SERVICE VULNERABILITY  
IX70876 SECURITY: BUFFER OVERFLOW IN RDIST  
IX70885 SECURITY: FTP CLIENT INTERPRETS SERVER PROVIDED FILENAMES  
IX71125 SECURITY: RPC.MOUNTD ALLOWS FILENAME DISCOVERY  
IX71366 SECURITY: DISCARD LOOPBACK PACKETS ON EXTERNAL INTERFACES  
IX71391 SECURITY: BUFFER OVERFLOWS IN RNETRC()  
IX71464 MAKE NSLOOKUP SUID ROOT ONLY FOR RES_INIT  
IX71478 SECURITY: VULNERABILITY IN LIBISODE.A  
IX71514 SECURITY: VULNERABILITY IN PIODMGRSU  
IX71580 SYSTEM FILE COULD BE OVERWRITTEN BY DTAPPINTEGRATE  
IX71832 SECURITY: VULNERABILITY IN I/O SIGNAL HANDLING  
IX72020 SECURITY: BUFFER OVERFLOW IN XDAT  
IX73075 SECURITY: FTP BOUNCE VULNERABILITY  
IX73427 SECURITY: TELNET DENIAL OF SERVICE ATTACK  
IX73436 SECURITY: VULNERABILITY IN DTAPPGATHER  
IX73615 SECURITY: DEAD.LETTER CREATED WITH GROUP PRINTQ  
IX73948 SECURITY: ROUTED SHOULD IGNORE TRACE PACKETS  
IX74022 PROGRAMS USING LEX GENERATED SOURCE COREDUMPS  
IX74421 CSH CORE DUMPS WHEN ENV VARIABLE IS LONGER THAN 2K  
IX74457 FIXED VULNERABILITY IN DIGEST  
IX74663 SEC: /USR/SBIN/MKLV SHELL SCRIPT HAS SET-UID BIT SET  
IX74773 ETHERNET DRIVER PASSES PACKETS TOO SMALL CAUSING CRASH  
IX75149 SECURITY: /BIN/MAN CREATES INSECURE TEMPORARY FILES  
IX76195 SECURITY HOLE IN TN3270  
IX76329 SECURITY HOLE IN FTP, TFTP, UTFTP  
IX76330 SECURITY: TIMEX CREATES INSECURE TEMPORARY FILES  
IX76331 SECURITY: NON-ROOT USERS CAN CREATE AND BIND TO AF_NDD SOCKETS  
IX76332 SECURITY: LOGSYMPTOM FOLLOWS SYMLINKS  
IX76333 SECURITY: SNMPD LOG FILE FOLLOWS SYMLINKS  
IX76334 SECURITY: CDE TRASHINFO FILE CREATED WORLD-WRITABLE  
IX76522 PTY_SETNAME MISMANAGES THE PROCESS CREDENTIAL - 3  
IX76717 SECURITY: NOTIFYMETH CREATES WORLD-WRITABLE FILES  
IX76846 SECURITY: SORT CREATES INSECURE TEMPORARY FILES  
IX76877 REMOVE POTENTIAL SECURITY EXPOSURE FROM NETLSD  
IX76958 BIND: CERT ADVISORY CA-98.05  
IX77509 CDE MAILER (DTMAIL) ALLOWS A USER TO READ A MAILBOX WHICH THE  
IX77913 SECURITY: BUFFER OVERFLOWS IN XTERM AND AIXTERM.  
IX78350 IFCONFIG.AT HAVE A WRONG FILE PERMISSIONS  
IX78696 SECURITY: FILES IN /VAR/DT ARE CREATED INSECURELY BY CDE LOGIN  
IX78711 CERT: VULNERABILITY IN YPPROC_XFR RPC  
IX78956 SECURITY: BUFFER OVERFLOWS IN XAW AND XMU.  
IX78957 SECURITY:LONG FONTNAMES CAN OVERFLOW BUFFERS IN FONTSERVER  
IX79044 SECURITY: INSECURE TEMPORARY FILES IN DIAGSUP SCRIPTS  
IX79472 SECURITY: INSECURE TEMPORARY FILES IN CMDTEXT SCRIPTS  
IX80137 SECURITY: INSECURE CREATION OF LPD LOCK FILE  
IX80158 SECURITY: INSECURE TEMPORARY FILES IN CMDMISC SCRIPTS  
IX80160 SECURITY: INSECURE TEMPORARY FILES IN CMDNLS SCRIPTS  
IX80163 SECURITY: INSECURE TEMPORARY FILES IN CMDSCCS SCRIPTS  
IX80183 SECURITY: INSECURE TEMPORARY FILES IN CMDTZ SCRIPTS  
IX80840 SECURITY:LIBNSL BUFFER OVERRUNS  
IX80882 POST COMMAND SHOULD NOT BE SUID  
IX81440 SECURITY: VULNERABILITY IN RPC.TTDBSERVERD  
IX81505 SECURITY: MORE VULNERABILITIES IN PCNFSD  
IX81651 SECURITY: DON'T INHERIT CLOSED STDIN,STDOUT,STDERR DESCRIPTORS  
IX81914 SECURITY: BAD PERMISSIONS ON /ETC/SECURITY/LOGIN.CFG  
IX83929 SECURITY: /BIN/VI CREATES INSECURE TEMPORARY FILES  
IX83932 SECURITY: INSECURE TEMPORARY FILES IN CMDFILES SCRIPTS  
IX83943 SECURITY: /BIN/MORE CREATES INSECURE TEMPORARY FILES  
IX85598 BOOTP: CERT ADVISORY  
IX85650 SECURITY: INSECURE TEMPORARY FILES IN CMDBSYS SCRIPTS  
===========================================================================  
  
`