229 matches found
CVE-2000-0230
CVE-2000-0230 describes a buffer overflow in the imwheel utility. The vulnerability allows local users to gain root privileges via the imwheel-solo script when a long HOME environment variable is provided. Affected component: imwheel; root privilege escalation as stated. The connected documents c...
CVE-2000-0357
CVE-2000-0357 affects ORBit and esound on Red Hat Linux 6.1, where insufficiently random numbers in authentication keys allow local users to guess keys. The CVSS vector (AV:N/AC:L/Au:N/C:P/I:P/A:P) yields a base score of 7.5 (HIGH). The vulnerability impact covers partial confidentiality, integri...
CVE-2002-0044
CVE-2002-0044 affects GNU Enscript up to version 1.6.1. The vulnerability arises from insecure handling of temporary files (symlink-based attack), enabling local users to overwrite arbitrary files owned by the Enscript user. Public references in Debian DSA-105-1, Mandrake MDKSA-2002:010, and (old...
CVE-1999-1288
CVE-1999-1288 concerns Samba 1.9.18, which ships with a prototype application wsmbconf installed with incorrect permissions (including setgid). This config allows local users to read/write files and, due to bugs in wsmbconf, may enable privilege elevation. The OpenVAS entry reiterates an elevate-...
CVE-1999-1328
CVE-1999-1328 affects linuxconf prior to 1.11.r11-rh3 on Red Hat Linux 5.1. The issue arises from a symlink attack that lets local attackers overwrite arbitrary files and escalate to root privileges. The connected documents confirm the vulnerable component (linuxconf), the affected version range,...
CVE-2000-0170
CVE-2000-0170 describes a buffer overflow in the Linux man program triggered by the MANPAGER environment variable, allowing local users to gain privileges. The connected documents reiterate this root cause and the local-privilege impact, but do not provide concrete details on affected product ver...
CVE-2001-0309
CVE-2001-0309 concerns the Red Hat 6.2 inetd server. The vulnerability is a bug where inetd does not properly close sockets for internal services (chargen, daytime, echo, etc.), allowing a remote attacker to cause a denial of service by issuing a series of connections to these internal services. ...
CVE-2003-0135
CVE-2003-0135 : The vsftpd FTP daemon on Red Hat Linux 9 is not compiled against TCP wrappers and is installed as a standalone service, which prevents it from restricting access as intended. Root cause: lack of wrapper-based access control. Impact and remediation details are not specified in the ...
CVE-1999-1048
CVE-1999-1048 affects Bash versions including 2.0.0 and 1.4.17, where a buffer overflow can be triggered by an extremely large directory name. The vulnerability is exploited via the PS1 prompt (\w) when another user changes into that directory, enabling local privilege escalation. The provided do...
CVE-1999-1490
CVE-1999-1490 affects xosview 1.5.1 in Red Hat 5.1. The issue is a local privilege escalation where an overly long HOME environmental variable enables a non-privileged user to gain root access. The root cause is not expanded in the provided documents beyond the environmental variable manipulation...
CVE-2000-1010
The CVE is a format-string vulnerability in talkd reported across multiple UNIX-like systems. Affected: IRIX (talkd in /usr/etc/talkd), UnixWare 7.1.1 and Open UNIX 8.0.0 (in.talkd); OpenBSD and possibly other BSDs per the CVE description. Root cause: untrusted user-supplied fields in talkd allow...
CVE-2001-0143
The CVE-2001-0143 issue affects the vpop3d component in the linuxconf package (versions 1.23r and earlier). The root cause is a temporary file race (symlink attack) that local users can exploit to overwrite arbitrary files. Public references in the Mandrake advisory MDKSA-2001:011 confirm the vul...
CVE-1999-1407
CVE-1999-1407 affects the ifdhcpc-done script used for configuring DHCP on Red Hat Linux 5. The vulnerability arises from a symlink attack against the dhcplog file, allowing local users to append text to arbitrary files. The provided sources describe the vulnerability and impact (local, partial i...
CVE-2000-0356
Summary: CVE-2000-0356 affects PAM in Red Hat Linux 6.1, where access to disabled NIS accounts is not properly locked. The entry provides no vendor patch/version details or explicit remediation. The CVSSv2 metrics indicate a local, low-complexity flaw with partial confidentiality, integrity, and ...
CVE-2001-0496
CVE-2001-0496 affects the kdesu component of kdelibs. Affected software creates world-readable temporary files that contain authentication information, enabling a local attacker to gain privileges on the system. The Mandrake advisory MDKSA-2001:046-3 describes the issue and provides updated packa...
CVE-2001-0859
The CVE-2001-0859 entry concerns Red Hat Linux 7.1 (Korean installation) using kernel version 2.4.3-12, where the init default umask is set to 000. This causes installers to create files with world-writable permissions. The vulnerability details indicate the impact is limited to exposure via worl...
CVE-2001-0869
CVE-2001-0869 is a format-string vulnerability in the Cyrus SASL library (cyrus-sasl) affecting the default logging callback _sasl_syslog in common.c. The Mandrake MDKSA-2002:018 advisory notes a format bug in cyrus-sasl that could allow a remote attacker to obtain access or elevate privileges, w...
CVE-2001-0889
Exim vulnerable to remote command execution when redirecting to a pipe: Exim 3.22 and earlier fail to properly verify the local part of the address, allowing shell metacharacters to run arbitrary commands. Public details from CVE-2001-0889 describe impact as remote command execution with the Exim...
CVE-1999-1095
The CVE-1999-1095 entry concerns the sort utility. It describes that sort creates temporary files and follows symbolic links, enabling a local user to modify arbitrary files writable by the user running sort. This impact is observed in updatedb and other programs that invoke sort. The documents d...
CVE-1999-1335
CVE-1999-1335 concerns the cmu-snmp package’s snmpd server on Red Hat Linux 4.0 prior to 3.3-1. The vulnerability arises because snmpd is configured to allow remote attackers to read and write sensitive information. Affected product: cmu-snmp snmpd; vulnerable version before 3.3-1. Remediation pe...
CVE-2000-1189
CVE-2000-1189 describes a buffer overflow in the pam_localuser PAM module used by Red Hat Linux 7.x and 6.x, enabling privilege escalation. The underlying cause is a memory handling flaw in pam_localuser, leading to complete confidentiality, integrity, and availability impacts as stated in the CV...
CVE-1999-0748
CVE-1999-0748 concerns a vulnerability described as buffer overflows in the Red Hat net-tools package. The available connected records identify the affected software (Red Hat net-tools) and the vulnerability type (buffer overflow) but do not specify affected versions, root cause details, exploit ...
CVE-2000-0934
Glint in Red Hat Linux 5.2 is affected. The vulnerability allows local users to overwrite arbitrary files and cause a denial of service via a symlink attack. Root cause is a symlink-related flaw in Glint that enables path manipulation leading to file overwrites and service disruption. No explicit...
CVE-2000-1009
CVE-2000-1009 concerns Red Hat Linux 6.2 where the backup tool dump relies on the RSH environment variable to decide which program to run remotely. The pathname specified by RSH is trusted, enabling local users to substitute a Trojan horse program and gain root privileges. The root cause is impro...
CVE-2002-0069
CVE-2002-0069 concerns Squid 2.4 STABLE3 and earlier with three issues per Mandrake MDKSA-2002:016-1: (1) memory leak in the SNMP interface that could allow remote DoS; (2) FTP URL handling buffer overflow that could cause DoS and possibly remote code execution (not confirmed); (3) HTCP interface...
CVE-2000-0322
The CVE-2000-0322 vulnerability concerns the Red Hat Piranha Virtual Server Package, where the passwd.php3 CGI script allows local users to execute arbitrary commands via shell metacharacters. Connected documents confirm concrete details: an authenticated attacker could exploit a metacharacter in...
CVE-1999-1542
CVE-1999-1542 affects RPMMail prior to 1.4. An attacker can remotely run commands by sending an e‑mail containing shell metacharacters in the MAIL FROM command, indicating a remote code execution vulnerability caused by unsanitized input in the mail command path. The provided documents do not spe...
CVE-2000-0365
The CVE-2000-0365 entry concerns Red Hat Linux 6.0 where the /dev/pts file system is mounted with insecure modes. This configuration allows local users to write to other tty devices. The provided documents describe the affected component (/dev/pts) and the resulting local access impact but do not...
CVE-1999-1406
The CVE-1999-1406 issue concerns the dumpreg utility in Red Hat Linux 5.1, which opens /dev/mem with O_RDWR. The underlying effect is that a local user can crash the kernel by redirecting stdout (fd 1) to the kernel, enabling a denial of service. The available documents confirm the affected compo...