Mandrake Linux@7.0 Security Vulnerabilities and Issues — Mandrake Linux@7.0 CVE List

Lucene search

MandrakesoftMandrake Linux7.0

33 matches found

cve•added 2001/01/22 5:0 a.m.•86 views

CVE-2000-0844

Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.

10CVSS7.7AI score0.00891EPSS

cve•added 2001/05/07 4:0 a.m.•73 views

CVE-2001-0169

When using the LD_PRELOAD environmental variable in SUID or SGID applications, glibc does not verify that preloaded libraries in /etc/ld.so.cache are also SUID/SGID, which could allow a local user to overwrite arbitrary files by loading a library from /lib or /usr/lib.

2.1CVSS6.3AI score0.00142EPSS

cve•added 2000/10/13 4:0 a.m.•62 views

CVE-2000-0508

rpc.lockd in Red Hat Linux 6.1 and 6.2 allows remote attackers to cause a denial of service via a malformed request.

5CVSS7.4AI score0.06568EPSS

cve•added 2003/04/02 5:0 a.m.•62 views

CVE-2002-0638

setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utili...

6.2CVSS6.4AI score0.00085EPSS

cve•added 2001/05/07 4:0 a.m.•58 views

CVE-2001-0125

exmh 2.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the exmhErrorMsg temporary file.

1.2CVSS6.3AI score0.00076EPSS

cve•added 2001/01/22 5:0 a.m.•57 views

CVE-2000-0867

Kernel logging daemon (klogd) in Linux does not properly cleanse user-injected format strings, which allows local users to gain root privileges by triggering malformed kernel messages.

7.2CVSS6.5AI score0.00071EPSS

cve•added 2000/10/13 4:0 a.m.•55 views

CVE-2000-0566

makewhatis in Linux man package allows local users to overwrite files via a symlink attack.

7.2CVSS6.2AI score0.00083EPSS

cve•added 2001/01/09 5:0 a.m.•54 views

CVE-2000-1134

Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash, follow symlinks when processing << redirects (aka here-documents or in-here documents), which allows local users to overwrite files of other users via a symlink attack.

7.2CVSS6.2AI score0.00177EPSS

cve•added 2001/05/07 4:0 a.m.•52 views

CVE-2001-0119

getty_ps 2.0.7j allows local users to overwrite arbitrary files via a symlink attack.

1.2CVSS6.4AI score0.00068EPSS

cve•added 2001/05/07 4:0 a.m.•52 views

CVE-2001-0142

squid 2.3 and earlier allows local users to overwrite arbitrary files via a symlink attack in some configurations.

1.2CVSS6.3AI score0.00076EPSS

cve•added 2001/05/07 4:0 a.m.•51 views

CVE-2001-0117

sdiff 2.7 in the diffutils package allows local users to overwrite files via a symlink attack.

1.2CVSS6.2AI score0.00124EPSS

cve•added 2001/06/27 4:0 a.m.•50 views

CVE-2001-0441

Buffer overflow in (1) wrapping and (2) unwrapping functions of slrn news reader before 0.9.7.0 allows remote attackers to execute arbitrary commands via a long message header.

7.5CVSS7.8AI score0.01437EPSS

cve•added 2000/07/12 4:0 a.m.•49 views

CVE-2000-0336

Linux OpenLDAP server allows local users to modify arbitrary files via a symlink attack.

2.1CVSS6.4AI score0.00042EPSS

cve•added 2000/07/19 4:0 a.m.•49 views

CVE-2000-0606

Buffer overflow in kon program in Kanji on Console (KON) package on Linux may allow local users to gain root privileges via a long -StartupMessage parameter.

7.2CVSS7.2AI score0.00063EPSS

cve•added 2001/09/18 4:0 a.m.•49 views

CVE-2001-0473

Format string vulnerability in Mutt before 1.2.5 allows a remote malicious IMAP server to execute arbitrary commands.

7.5CVSS7.3AI score0.00811EPSS

cve•added 2001/05/07 4:0 a.m.•48 views

CVE-2001-0139

inn 2.2.3 allows local users to overwrite arbitrary files via a symlink attack in some configurations.

1.2CVSS6.3AI score0.00076EPSS

cve•added 2001/09/18 4:0 a.m.•48 views

CVE-2001-0388

time server daemon timed allows remote attackers to cause a denial of service via malformed packets.

10CVSS6.7AI score0.00992EPSS

cve•added 2001/05/07 4:0 a.m.•47 views

CVE-2001-0138

privatepw program in wu-ftpd before 2.6.1-6 allows local users to overwrite arbitrary files via a symlink attack.

1.2CVSS6.3AI score0.00076EPSS

cve•added 2000/04/25 4:0 a.m.•45 views

CVE-2000-0184

Linux printtool sets the permissions of printer configuration files to be world-readable, which allows local attackers to obtain printer share passwords.

2.1CVSS6.7AI score0.00079EPSS

cve•added 2000/04/10 4:0 a.m.•45 views

CVE-2000-0186

Buffer overflow in the dump utility in the Linux ext2fs backup package allows local users to gain privileges via a long command line argument.

7.2CVSS7.3AI score0.00063EPSS

cve•added 2001/05/07 4:0 a.m.•43 views

CVE-2001-0116

gpm 1.19.3 allows local users to overwrite arbitrary files via a symlink attack.

1.2CVSS6.4AI score0.00068EPSS

cve•added 2001/05/07 4:0 a.m.•43 views

CVE-2001-0118

rdist 6.1.5 allows local users to overwrite arbitrary files via a symlink attack.

1.2CVSS6.8AI score0.00068EPSS

cve•added 2001/05/07 4:0 a.m.•43 views

CVE-2001-0120

useradd program in shadow-utils program may allow local users to overwrite arbitrary files via a symlink attack.

1.2CVSS6.4AI score0.00068EPSS

cve•added 2001/05/07 4:0 a.m.•43 views

CVE-2001-0178

kdesu program in KDE2 (KDE before 2.2.0-6) does not properly verify the owner of a UNIX socket that is used to send a password, which allows local users to steal passwords and gain privileges.

2.1CVSS6.4AI score0.00102EPSS

cve•added 2001/01/22 5:0 a.m.•42 views

CVE-2000-1059

The default configuration of the Xsession file in Mandrake Linux 7.1 and 7.0 bypasses the Xauthority access control mechanism with an "xhost + localhost" command, which allows local users to sniff X Windows events and gain privileges.

7.2CVSS6.5AI score0.00047EPSS

cve•added 2000/05/17 4:0 a.m.•41 views

CVE-1999-1008

xsoldier program allows local users to gain root access via a long argument.

7.2CVSS6.9AI score0.00152EPSS

cve•added 2000/07/19 4:0 a.m.•41 views

CVE-2000-0607

Buffer overflow in fld program in Kanji on Console (KON) package on Linux may allow local users to gain root privileges via an input file containing long CHARSET_REGISTRY or CHARSET_ENCODING settings.

7.2CVSS7.3AI score0.00111EPSS

cve•added 2001/01/22 5:0 a.m.•40 views

CVE-2000-0883

The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.

5CVSS6.7AI score0.05259EPSS

cve•added 2001/01/22 5:0 a.m.•40 views

CVE-2000-1042

Buffer overflow in ypserv in Mandrake Linux 7.1 and earlier, and possibly other Linux operating systems, allows an attacker to gain root privileges when ypserv is built without a vsyslog() function.

10CVSS7.1AI score0.00498EPSS

cve•added 2001/05/07 4:0 a.m.•40 views

CVE-2001-0140

arpwatch 2.1a4 allows local users to overwrite arbitrary files via a symlink attack in some configurations.

1.2CVSS6.4AI score0.00068EPSS

cve•added 2000/07/12 4:0 a.m.•36 views

CVE-2000-0454

Buffer overflow in Linux cdrecord allows local users to gain privileges via the dev parameter.

7.2CVSS7.2AI score0.00144EPSS

cve•added 2001/01/22 5:0 a.m.•33 views

CVE-2000-1043

Format string vulnerability in ypserv in Mandrake Linux 7.1 and earlier, and possibly other Linux operating systems, allows an attacker to gain root privileges when ypserv is built without a vsyslog() function.

10CVSS6.8AI score0.00461EPSS

cve•added 2000/10/20 4:0 a.m.•31 views

CVE-2000-0718

A race condition in MandrakeUpdate allows local users to modify RPM files while they are in the /tmp directory before they are installed.

1.2CVSS6.6AI score0.00057EPSS