CVE-2000-0093

An installation of Red Hat uses DES password encryption with crypt() for the initial password, instead of md5.

CVE-2000-0355

pg and pb in SuSE pbpg 1.x package allows an attacker to read arbitrary files.

CVE-2002-0068

Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service (core dump) and possibly execute arbitrary code with an ftp:// URL with a larger number of special characters, which exceed the buffer when Squid URL-escapes the characters.

CVE-1999-0704

Buffer overflow in Berkeley automounter daemon (amd) logging facility provided in the Linux am-utils package and others.

CVE-1999-0740

Remote attackers can cause a denial of service on Linux in.telnetd telnet daemon through a malformed TERM environmental variable.

CVE-1999-1329

Buffer overflow in SysVInit in Red Hat Linux 5.1 and earlier allows local users to gain privileges.

CVE-1999-1333

automatic download option in ncftp 2.4.2 FTP client in Red Hat Linux 5.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the names of files that are to be downloaded.

CVE-1999-1347

Xsession in Red Hat Linux 6.1 and earlier can allow local users with restricted accounts to bypass execution of the .xsession file by starting kde, gnome or anotherlevel from kdm.

CVE-1999-1348

Linuxconf on Red Hat Linux 6.0 and earlier does not properly disable PAM-based access to the shutdown command, which could allow local users to cause a denial of service.

CVE-2000-0358

ORBit and gnome-session in Red Hat Linux 6.1 allows remote attackers to crash a program.

CVE-2000-0378

The pam_console PAM module in Linux systems performs a chown on various devices upon a user login, but an open file descriptor for those devices can be maintained after the user logs out, which allows that user to sniff activity on these devices when subsequent users log in.

CVE-2001-0116

gpm 1.19.3 allows local users to overwrite arbitrary files via a symlink attack.

CVE-2001-0118

rdist 6.1.5 allows local users to overwrite arbitrary files via a symlink attack.

CVE-2001-0120

useradd program in shadow-utils program may allow local users to overwrite arbitrary files via a symlink attack.

CVE-2003-0194

tcpdump does not properly drop privileges to the pcap user when starting up.

CVE-1999-1182

Buffer overflow in run-time linkers (1) ld.so or (2) ld-linux.so for Linux systems allows local users to gain privileges by calling a setuid program with a long program name (argv[0]) and forcing ld.so/ld-linux.so to report an error.

CVE-2000-0604

gkermit in Red Hat Linux is improperly installed with setgid uucp, which allows local users to modify files owned by uucp.

CVE-2000-1213

ping in iputils before 20001010, as distributed on Red Hat Linux 6.2 through 7J and other operating systems, does not drop privileges after acquiring a raw socket, which increases ping's exposure to bugs that otherwise would occur at lower privileges.

CVE-2001-1375

tcl/tk package (tcltk) 8.3.1 searches for its libraries in the current working directory before other directories, which could allow local users to execute arbitrary code via a Trojan horse library that is under a user-controlled directory.

CVE-2002-1509

A patch for shadow-utils 20000902 causes the useradd command to create a mail spool files with read/write privileges of the new user's group (mode 660), which allows other users in the same group to read or modify the new user's incoming email.

CVE-1999-0798

Buffer overflow in bootpd on OpenBSD, FreeBSD, and Linux systems via a malformed header type.

CVE-1999-1186

rxvt, when compiled with the PRINT_PIPE option in various Linux operating systems including Linux Slackware 3.0 and RedHat 2.1, allows local users to gain root privileges by specifying a malicious program using the -print-pipe command line parameter.

CVE-2000-0248

The web GUI for the Linux Virtual Server (LVS) software in the Red Hat Linux Piranha package has a backdoor password that allows remote attackers to execute arbitrary commands.

CVE-2000-0286

X fontserver xfs allows local users to cause a denial of service via malformed input to the server.

CVE-2000-0607

Buffer overflow in fld program in Kanji on Console (KON) package on Linux may allow local users to gain root privileges via an input file containing long CHARSET_REGISTRY or CHARSET_ENCODING settings.

CVE-2000-0668

pam_console PAM module in Linux systems allows a user to access the system console and reboot the system when a display manager such as gdm or kdm has XDMCP enabled.

CVE-2000-0829

The tmpwatch utility in Red Hat Linux forks a new process for each directory level, which allows local users to cause a denial of service by creating deeply nested directories in /tmp or /var/tmp/.

CVE-2000-1125

restore 0.4b15 and earlier in Red Hat Linux 6.2 trusts the pathname specified by the RSH environmental variable, which allows local users to obtain root privileges by modifying the RSH variable to point to a Trojan horse program.

CVE-2000-1208

Format string vulnerability in startprinting() function of printjob.c in BSD-based lpr lpd package may allow local users to gain privileges via an improper syslog call that uses format strings from the checkremote() call.

CVE-2001-1002

The default configuration of the DVI print filter (dvips) in Red Hat Linux 7.0 and earlier does not run dvips in secure mode when dvips is executed by lpd, which could allow remote attackers to gain privileges by printing a DVI file that contains malicious commands.

CVE-2001-1028

Buffer overflow in ultimate_source function of man 1.5 and earlier allows local users to gain privileges.

CVE-1999-1299

rcp on various Linux systems including Red Hat 4.0 allows a "nobody" user or other user with UID of 65535 to overwrite arbitrary files, since 65535 is interpreted as -1 by chown and other system calls, which causes the calls to fail to modify the ownership of the file.

CVE-1999-1491

abuse.console in Red Hat 2.1 uses relative pathnames to find and execute the undrv program, which allows local users to execute arbitrary commands via a path that points to a Trojan horse program.

CVE-2000-0118

The Red Hat Linux su program does not log failed password guesses if the su process is killed before it times out, which allows local attackers to conduct brute force password guessing.

CVE-2000-0364

screen and rxvt in Red Hat Linux 6.0 do not properly set the modes of tty devices, which allows local users to write to other ttys.

CVE-2000-0750

Buffer overflow in mopd (Maintenance Operations Protocol loader daemon) allows remote attackers to execute arbitrary commands via a long file name.

CVE-2000-0751

mopd (Maintenance Operations Protocol loader daemon) does not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands.

CVE-2001-0140

arpwatch 2.1a4 allows local users to overwrite arbitrary files via a symlink attack in some configurations.

CVE-2007-5079

Red Hat Enterprise Linux 4 does not properly compile and link gdm with tcp_wrappers on x86_64 platforms, which might allow remote attackers to bypass intended access restrictions.

CVE-1999-0318

Buffer overflow in xmcd 2.0p12 allows local users to gain access through an environmental variable.

CVE-2000-0031

The initscripts package in Red Hat Linux allows local users to gain privileges via a symlink attack.

CVE-2000-0170

Buffer overflow in the man program in Linux allows local users to gain privileges via the MANPAGER environmental variable.

CVE-2000-0816

Linux tmpwatch --fuser option allows local users to execute arbitrary commands by creating files whose names contain shell metacharacters.

CVE-2000-1214

Buffer overflows in the (1) outpack or (2) buf variables of ping in iputils before 20001010, as distributed on Red Hat Linux 6.2 through 7J and other operating systems, may allow local users to gain privileges.

CVE-2001-0309

inetd in Red Hat 6.2 does not properly close sockets for internal services such as chargen, daytime, echo, etc., which allows remote attackers to cause a denial of service via a series of connections to the internal services.

CVE-2002-0067

Squid 2.4 STABLE3 and earlier does not properly disable HTCP, even when "htcp_port 0" is specified in squid.conf, which could allow remote attackers to bypass intended access restrictions.

CVE-2003-0464

The RPC code in Linux kernel 2.4 sets the reuse flag when sockets are created, which could allow local users to bind to UDP ports that are used by privileged services such as nfsd.

CVE-1999-1288

Samba 1.9.18 inadvertently includes a prototype application, wsmbconf, which is installed with incorrect permissions including the setgid bit, which allows local users to read and write files and possibly gain privileges via bugs in the program.

CVE-1999-1346

PAM configuration file for rlogin in Red Hat Linux 6.1 and earlier includes a less restrictive rule before a more restrictive one, which allows users to access the host via rlogin even if rlogin has been explicitly disabled using the /etc/nologin file.

CVE-2000-0356

Pluggable Authentication Modules (PAM) in Red Hat Linux 6.1 does not properly lock access to disabled NIS accounts.