CVE-2005-3070

CVE-2005-3070 affects HylaFax 4.2.1 and earlier. It reports that HylaFax does not create or verify ownership of the UNIX domain socket, which could allow a local attacker to read faxes and cause a denial of service by abusing the hyla.unix socket file. The issue is documented across multiple sour...

CVE-1999-1402

The access permissions for a UNIX domain socket are ignored in Solaris 2.x and SunOS 4.x, and other BSD-based operating systems before 4.4, which could allow local users to connect to the socket and possibly disrupt or control the operations of the program using that socket...

CVE-2001-0178

CVE-2001-0178 affects KDE2’s kdesu: the keep-password feature uses a UNIX socket to pass authentication data, but KDE2 (before 2.2.0-6) does not verify the socket listener’s identity. This can allow local users to obtain root passwords and gain privileges. Multiple advisories confirm the issue an...

CVE-2001-0178

kdesu program in KDE2 KDE before 2.2.0-6 does not properly verify the owner of a UNIX socket that is used to send a password, which allows local users to steal passwords and gain privileges...

CVE-2001-0178

kdesu program in KDE2 KDE before 2.2.0-6 does not properly verify the owner of a UNIX socket that is used to send a password, which allows local users to steal passwords and gain privileges...

FreeBSD 3.1 / Solaris 2.6 - Domain Socket

// source: https://www.securityfocus.com/bid/456/info Solaris 2.6 and many other unices/clones have a serious problem with their unix domain socket implementation that has it's origins in old BSD code. Any unix socket created by any application is set mode 4777. In Solaris versions 2.5 and earlie...