Secure Linux@1.1 Security Vulnerabilities and Issues — Secure Linux@1.1 CVE List

Lucene search

TrustixSecure Linux1.1

12 matches found

CVE•added 2002/06/25 4:0 a.m.•205 views

CVE-2002-0083

Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges.

10CVSS9.1AI score0.0158EPSS

CVE•added 2000/10/13 4:0 a.m.•180 views

CVE-2000-0666

rpc.statd in the nfs-utils package in various Linux distributions does not properly cleanse untrusted format strings, which allows remote attackers to gain root privileges.

10CVSS9.6AI score0.34567EPSS

CVE•added 2001/01/22 5:0 a.m.•86 views

CVE-2000-0844

Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.

10CVSS7.7AI score0.00891EPSS

CVE•added 2001/05/07 4:0 a.m.•73 views

CVE-2001-0169

When using the LD_PRELOAD environmental variable in SUID or SGID applications, glibc does not verify that preloaded libraries in /etc/ld.so.cache are also SUID/SGID, which could allow a local user to overwrite arbitrary files by loading a library from /lib or /usr/lib.

2.1CVSS6.3AI score0.00142EPSS

CVE•added 2001/01/22 5:0 a.m.•57 views

CVE-2000-0867

Kernel logging daemon (klogd) in Linux does not properly cleanse user-injected format strings, which allows local users to gain root privileges by triggering malformed kernel messages.

7.2CVSS6.5AI score0.00071EPSS

CVE•added 2002/06/25 4:0 a.m.•53 views

CVE-2001-1030

Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning.

7.5CVSS6.5AI score0.00184EPSS

CVE•added 2001/05/07 4:0 a.m.•52 views

CVE-2001-0142

squid 2.3 and earlier allows local users to overwrite arbitrary files via a symlink attack in some configurations.

1.2CVSS6.3AI score0.00076EPSS

CVE•added 2001/05/07 4:0 a.m.•51 views

CVE-2001-0117

sdiff 2.7 in the diffutils package allows local users to overwrite files via a symlink attack.

1.2CVSS6.2AI score0.00124EPSS

CVE•added 2001/01/22 5:0 a.m.•45 views

CVE-2000-0917

Format string vulnerability in use_syslog() function in LPRng 3.6.24 allows remote attackers to execute arbitrary commands.

10CVSS7.4AI score0.83542EPSS

CVE•added 2004/09/01 4:0 a.m.•38 views

CVE-2002-1319

The Linux kernel 2.4.20 and earlier, and 2.5.x, when running on x86 systems, allows local users to cause a denial of service (hang) via the emulation mode, which does not properly clear TF and NT EFLAGs.

2.1CVSS6.2AI score0.00063EPSS

CVE•added 2000/10/20 4:0 a.m.•37 views

CVE-2000-0791

Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.

4.6CVSS6.7AI score0.0004EPSS

CVE•added 2000/12/11 5:0 a.m.•36 views

CVE-2000-1009

dump in Red Hat Linux 6.2 trusts the pathname specified by the RSH environmental variable, which allows local users to obtain root privileges by modifying the RSH variable to point to a Trojan horse program.

7.2CVSS6.2AI score0.00133EPSS