63 matches found
CVE-2000-0701
The vulnerability CVE-2000-0701 affects the Mailman project’s wrapper program in versions 2.0beta3 and 2.0beta4. The root cause is improper cleansing of untrusted format strings, which permits local privilege escalation. The NVD entry lists local attack vector with low complexity and partial impa...
CVE-2001-0473
CVE-2001-0473 affects the Mutt email client (Imap-related code) prior to version 1.2.5. The vulnerability is a format string issue in the IMAP handling that can allow a remote, malicious IMAP server to execute arbitrary commands on the local machine. The Mandrakelinux MDKSA-2001:031 advisory spec...
CVE-2001-1374
Summary (concrete details from connected documents): The vulnerability is in the expect utility prior to version 5.32, where it searches for its libraries in /var/tmp before other directories. A local attacker could exploit this by placing a Trojan horse library that mkpasswd would load, potentia...
CVE-2003-0540
CVE-2003-0540 affects Postfix 1.1.12 and earlier. The issue stems from the address parser: (1) a malformed envelope address to a local host with a ".!" in MAIL FROM or Errors-To headers can cause the nqmgr to lock, or (2) a valid MAIL FROM with a RCPT TO containing ".!" can lock the SMTP listener...
CVE-2004-0626
The CVE-2004-0626 issue affects the Linux kernel 2.6 netfilter subsystem when using iptables with TCP options. Affected code path is tcp_find_option; a large option length can produce a negative value after casting to char, causing an infinite loop that consumes CPU and leads to remote DoS. This ...
CVE-2005-0207
CVE-2005-0207 corresponds to an unknown vulnerability in Linux kernel 2.4.x, 2.5.x, and 2.6.x where NFS clients can trigger a denial of service via NFS client O_DIRECT error handling. The issue is documented in multiple advisories (RHSA-2005:366 / CESA-2005:366) and CentOS/Ubuntu/NVD entries. Aff...
CVE-2000-0667
The CVE-2000-0667 issue affects the Linux gpm daemon (the General Purpose Mouse utility) and allows a local user to delete arbitrary files. Concrete details from connected sources indicate the vulnerability exists in gpm versions 1.19.2 and earlier and is exploitable by a local user to remove fil...
CVE-2001-0178
CVE-2001-0178 affects KDE2’s kdesu: the keep-password feature uses a UNIX socket to pass authentication data, but KDE2 (before 2.2.0-6) does not verify the socket listener’s identity. This can allow local users to obtain root passwords and gain privileges. Multiple advisories confirm the issue an...
CVE-2000-0668
CVE-2000-0668 affects the Linux pam_console PAM module when a display manager (gdm or kdm) has XDMCP enabled. The vulnerability allows a user to access the system console and reboot the system, with a Medium severity (CVSS v2 base score 5.0) and a Partial availability impact. The provided sources...
CVE-2001-0440
The connected document (MDKSA-2001:032-1) confirms a vulnerability in Licq pre-1.0.3 where received URLs are parsed without sufficient checks and passed to the system() call. This allows remote attackers to cause arbitrary commands to be executed on the client, via crafted URLs, and can lead to d...
CVE-2001-1375
CVE-2001-1375 affects tcl/tk (tcltk) 8.3.1, where libraries may be searched in the current working directory before others. This could allow a local user to execute arbitrary code by placing a Trojan library in a user-controlled directory. The Mandrake advisory notes a related issue and indicates...
CVE-2000-0747
The CVE-2000-0747 entry concerns OpenLDAP prior to version 1.2.11 on Conectiva Linux. The issue arises from the logrotate script sending an improper signal to the kernel log daemon (klogd), which results in klogd being killed. The available records describe the vulnerable component as the logrota...
CVE-2000-0715
Summary (CVE-2000-0715) : The vulnerability affects Red Hat Linux 6.2’s DiskCheck script (diskcheck.pl), a Powertools utility that alerts on near-capacity disks. Diskcheck.pl creates a temporary file in /tmp with a predictable name and runs with elevated privileges (setuid root). An attacker can ...