CVE-2001-0554

Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.

CVE-1999-0024

DNS cache poisoning via BIND, by predictable query IDs.

CVE-1999-0017

FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce.

CVE-1999-0038

Buffer overflow in xlock program allows local users to execute commands as root.

CVE-2001-0797

Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and rlogin.

CVE-1999-0513

ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack that can cause a denial of service.

CVE-1999-0003

Execute commands as root via buffer overflow in Tooltalk database server (rpc.ttdbserverd).

CVE-1999-0097

The AIX FTP client can be forced to execute commands from a malicious server through shell metacharacters (e.g. a pipe character).

CVE-2003-0161

The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers...

CVE-1999-0165

NFS cache poisoning.

CVE-2000-0844

Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.

CVE-1999-0046

Buffer overflow of rlogin program using TERM environmental variable.

CVE-1999-0008

Buffer overflow in NIS+, in Sun's rpc.nisd program.

CVE-1999-0019

Delete or create a file via rpc.statd, due to invalid information.

CVE-1999-0009

Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases.

CVE-1999-0011

Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases via CNAME record and zone transfer.

CVE-1999-0010

Denial of Service vulnerability in BIND 8 Releases via maliciously formatted DNS messages.

CVE-1999-0018

Buffer overflow in statd allows root privileges.

CVE-1999-0189

Solaris rpcbind listens on a high numbered UDP port, which may not be filtered since the standard port number is 111.

CVE-1999-0128

Oversized ICMP ping packets can result in a denial of service, aka Ping o' Death.

CVE-1999-0023

Local user gains root privileges via buffer overflow in rdist, via lookup() function.

CVE-1999-0078

pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, or execute arbitrary commands through arguments in the RPC call.

CVE-1999-0054

Sun's ftpd daemon can be subjected to a denial of service.

CVE-1999-0143

Kerberos 4 key servers allow a user to masquerade as another by breaking and generating session keys.

CVE-1999-0022

Local user gains root privileges via buffer overflow in rdist, via expstr() function.

CVE-1999-0210

Automount daemon automountd allows local or remote users to gain privileges via shell metacharacters.

CVE-1999-0493

rpc.statd allows remote attackers to forward RPC calls to the local operating system via the SM_MON and SM_NOTIFY commands, which in turn could be used to remotely exploit other bugs such as in automountd.

CVE-1999-0055

Buffer overflows in Sun libnsl allow root access.

CVE-1999-0295

Solaris sysdef command allows local users to read kernel memory, potentially leading to root privileges.

CVE-1999-0056

Buffer overflow in Sun's ping program can give root access to local users.

CVE-1999-0696

Buffer overflow in CDE Calendar Manager Service Daemon (rpc.cmsd).

CVE-1999-0687

The ToolTalk ttsession daemon uses weak RPC authentication, which allows a remote attacker to execute commands.

CVE-1999-0301

Buffer overflow in SunOS/Solaris ps command.

CVE-2000-0471

Buffer overflow in ufsrestore in Solaris 8 and earlier allows local users to gain root privileges via a long pathname.

CVE-1999-0065

Multiple buffer overflows in how dtmail handles attachments allows a remote attacker to execute commands.

CVE-1999-0134

vold in Solaris 2.x allows local users to gain root access.

CVE-1999-0188

The passwd command in Solaris can be subjected to a denial of service.

CVE-1999-0315

Buffer overflow in Solaris fdformat command gives root access to local users.

CVE-1999-0370

In Sun Solaris and SunOS, man and catman contain vulnerabilities that allow overwriting arbitrary files.

CVE-1999-0129

Sendmail allows local users to write to a file and gain group permissions via a .forward or :include: file.

CVE-1999-0213

libnsl in Solaris allowed an attacker to perform a denial of service of rpcbind.

CVE-1999-0320

SunOS rpc.cmsd allows attackers to obtain root access by overwriting arbitrary files.

CVE-2001-0190

Buffer overflow in /usr/bin/cu in Solaris 2.8 and earlier, and possibly other operating systems, allows local users to gain privileges by executing cu with a long program name (arg0).

CVE-2001-1328

Buffer overflow in ypbind daemon in Solaris 5.4 through 8 allows remote attackers to execute arbitrary code.

CVE-1999-0040

Buffer overflow in Xt library of X Windowing System allows local users to execute commands with root privileges.

CVE-1999-0223

Solaris syslogd crashes when receiving a message from a host that doesn't have an inverse DNS entry.

CVE-1999-0674

The BSD profil system call allows a local user to modify the internal data space of a program via profiling and execve.

CVE-1999-0033

Command execution in Sun systems via buffer overflow in the at program.

CVE-1999-0099

Buffer overflow in syslog utility allows local or remote attackers to gain root privileges.

CVE-1999-0190

Solaris rpcbind can be exploited to overwrite arbitrary files and gain root access.