74 matches found
CVE-2001-0554
Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.
CVE-1999-0024
DNS cache poisoning via BIND, by predictable query IDs.
CVE-1999-0017
FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce.
CVE-1999-0038
Buffer overflow in xlock program allows local users to execute commands as root.
CVE-2001-0797
Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and rlogin.
CVE-1999-0513
ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack that can cause a denial of service.
CVE-1999-0003
Execute commands as root via buffer overflow in Tooltalk database server (rpc.ttdbserverd).
CVE-1999-0097
The AIX FTP client can be forced to execute commands from a malicious server through shell metacharacters (e.g. a pipe character).
CVE-2003-0161
The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers...
CVE-1999-0165
NFS cache poisoning.
CVE-2000-0844
Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.
CVE-1999-0046
Buffer overflow of rlogin program using TERM environmental variable.
CVE-1999-0008
Buffer overflow in NIS+, in Sun's rpc.nisd program.
CVE-1999-0009
Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases.
CVE-1999-0011
Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases via CNAME record and zone transfer.
CVE-1999-0019
Delete or create a file via rpc.statd, due to invalid information.
CVE-1999-0010
Denial of Service vulnerability in BIND 8 Releases via maliciously formatted DNS messages.
CVE-1999-0018
Buffer overflow in statd allows root privileges.
CVE-1999-0189
Solaris rpcbind listens on a high numbered UDP port, which may not be filtered since the standard port number is 111.
CVE-1999-0128
Oversized ICMP ping packets can result in a denial of service, aka Ping o' Death.
CVE-1999-0023
Local user gains root privileges via buffer overflow in rdist, via lookup() function.
CVE-1999-0078
pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, or execute arbitrary commands through arguments in the RPC call.
CVE-1999-0054
Sun's ftpd daemon can be subjected to a denial of service.
CVE-1999-0143
Kerberos 4 key servers allow a user to masquerade as another by breaking and generating session keys.
CVE-1999-0022
Local user gains root privileges via buffer overflow in rdist, via expstr() function.
CVE-1999-0210
Automount daemon automountd allows local or remote users to gain privileges via shell metacharacters.
CVE-1999-0055
Buffer overflows in Sun libnsl allow root access.
CVE-1999-0295
Solaris sysdef command allows local users to read kernel memory, potentially leading to root privileges.
CVE-1999-0493
rpc.statd allows remote attackers to forward RPC calls to the local operating system via the SM_MON and SM_NOTIFY commands, which in turn could be used to remotely exploit other bugs such as in automountd.
CVE-1999-0056
Buffer overflow in Sun's ping program can give root access to local users.
CVE-1999-0696
Buffer overflow in CDE Calendar Manager Service Daemon (rpc.cmsd).
CVE-1999-0687
The ToolTalk ttsession daemon uses weak RPC authentication, which allows a remote attacker to execute commands.
CVE-1999-0301
Buffer overflow in SunOS/Solaris ps command.
CVE-2000-0471
Buffer overflow in ufsrestore in Solaris 8 and earlier allows local users to gain root privileges via a long pathname.
CVE-1999-0065
Multiple buffer overflows in how dtmail handles attachments allows a remote attacker to execute commands.
CVE-1999-0134
vold in Solaris 2.x allows local users to gain root access.
CVE-1999-0188
The passwd command in Solaris can be subjected to a denial of service.
CVE-1999-0315
Buffer overflow in Solaris fdformat command gives root access to local users.
CVE-1999-0370
In Sun Solaris and SunOS, man and catman contain vulnerabilities that allow overwriting arbitrary files.
CVE-1999-0129
Sendmail allows local users to write to a file and gain group permissions via a .forward or :include: file.
CVE-1999-0213
libnsl in Solaris allowed an attacker to perform a denial of service of rpcbind.
CVE-1999-0320
SunOS rpc.cmsd allows attackers to obtain root access by overwriting arbitrary files.
CVE-2001-0190
Buffer overflow in /usr/bin/cu in Solaris 2.8 and earlier, and possibly other operating systems, allows local users to gain privileges by executing cu with a long program name (arg0).
CVE-2001-1328
Buffer overflow in ypbind daemon in Solaris 5.4 through 8 allows remote attackers to execute arbitrary code.
CVE-1999-0040
Buffer overflow in Xt library of X Windowing System allows local users to execute commands with root privileges.
CVE-1999-0223
Solaris syslogd crashes when receiving a message from a host that doesn't have an inverse DNS entry.
CVE-1999-0674
The BSD profil system call allows a local user to modify the internal data space of a program via profiling and execve.
CVE-1999-0033
Command execution in Sun systems via buffer overflow in the at program.
CVE-1999-0099
Buffer overflow in syslog utility allows local or remote attackers to gain root privileges.
CVE-1999-0190
Solaris rpcbind can be exploited to overwrite arbitrary files and gain root access.