cpe:/a:eric_allman:sendmail:5.58 CVE-1999-0095 1988-10-01T00:00:00.000-04:00 2008-09-09T08:33:41.790-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS BID 1 OSVDB 195 The debug command in Sendmail is enabled, allowing attackers to execute commands as root. cpe:/a:ftp:ftp cpe:/a:ftpcd:ftpcd CVE-1999-0082 1988-11-11T00:00:00.000-05:00 2008-09-09T08:33:40.853-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS FarmerVenema Improving the Security of Your Site by Breaking Into it CWD ~root command in ftpd allows root access. cpe:/o:bsd:bsd:4.3 cpe:/o:bsd:bsd:4.2 CVE-1999-1471 1989-01-01T00:00:00.000-05:00 2008-09-05T16:19:36.257-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT CA-1989-01 BID 4 XF bsd-passwd-bo(7152) Buffer overflow in passwd in BSD based operating systems 4.3 and earlier allows local users to gain root privileges by specifying a long shell or GECOS field. cpe:/o:sun:sunos:4.0.1 cpe:/o:sun:sunos:4.0.3 cpe:/o:sun:sunos:4.0 CVE-1999-1122 1989-07-26T00:00:00.000-04:00 2008-09-05T16:18:46.417-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 CERT CA-1989-02 XF sun-restore-gain-privileges(6695) BID 3 CIAC CIAC-08 Vulnerability in restore in SunOS 4.0.3 and earlier allows local users to gain privileges. cpe:/o:sun:sunos:4.0.3c cpe:/o:sun:sunos:4.0.1 cpe:/o:sun:sunos:4.0.2 cpe:/o:sun:sunos:4.0.3 cpe:/o:sun:sunos:4.0 CVE-1999-1467 1989-10-26T00:00:00.000-04:00 2008-09-05T16:19:35.630-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT CA-1989-07 XF sun-rcp(3165) BID 5 Vulnerability in rcp on SunOS 4.0.x allows remote attackers from trusted hosts to execute arbitrary commands as root, possibly related to the configuration of the nobody user. cpe:/o:sun:sunos:4.0.3c cpe:/o:sun:sunos:4.0.1 cpe:/o:sun:sunos:4.0.2 cpe:/o:sun:sunos:4.0.3 cpe:/o:sun:sunos:4.0 cpe:/o:sun:sunos:3.5 CVE-1999-1506 1990-01-29T00:00:00.000-05:00 2008-09-05T16:19:41.257-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 CERT CA-1990-01 BID 6 Vulnerability in SMI Sendmail 4.0 and earlier, on SunOS up to 4.0.3, allows remote attackers to access user bin. cpe:/a:sun:nfs CVE-1999-0084 1990-05-01T00:00:00.000-04:00 2008-09-05T16:16:25.283-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS XF nfs-mknod(78) Certain NFS servers allow users to use mknod to gain privileges by creating a writable kmem device and setting the UID to 0. cpe:/o:freebsd:freebsd:3.0 cpe:/o:freebsd:freebsd:3.4 cpe:/o:freebsd:freebsd:3.3 cpe:/o:freebsd:freebsd:3.2 cpe:/o:freebsd:freebsd:3.1 CVE-2000-0388 1990-05-09T00:00:00.000-04:00 2008-09-10T15:04:33.930-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS BID 1185 FREEBSD FreeBSD-SA-00:17 Buffer overflow in FreeBSD libmytinfo library allows local users to execute commands via a long TERMCAP environmental variable. cpe:/o:sun:sunos:4.1.1 cpe:/o:sun:sunos:4.0.1 cpe:/o:sun:sunos:4.1 cpe:/o:sun:sunos:4.0.2 cpe:/o:sun:sunos:4.0.3 cpe:/o:sun:sunos:4.0 cpe:/o:sun:sunos:3.5 CVE-1999-0209 1990-08-14T00:00:00.000-04:00 2008-09-09T08:34:01.117-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 BID 8 The SunView (SunTools) selection_svc facility allows remote users to read files. cpe:/a:next:next:2.0 CVE-1999-1198 1990-10-03T00:00:00.000-04:00 2008-09-05T16:18:57.260-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT CA-1990-06 CIAC B-01 BID 11 XF nextstep-builddisk-root-access(7141) BuildDisk program on NeXT systems before 2.0 does not prompt users for the root password, which allows local users to gain root privileges. cpe:/a:next:next:1.0a cpe:/a:next:next:1.0 CVE-1999-1391 1990-10-03T00:00:00.000-04:00 2008-09-05T16:19:24.600-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT CA-1990-06 CIAC B-01 BID 10 XF nextstep-npd-root-access(7143) Vulnerability in NeXT 1.0a and 1.0 with publicly accessible printers allows local users to gain privileges via a combination of the npd program and weak directory permissions. cpe:/a:next:next:1.0 cpe:/a:next:nex:1.0a CVE-1999-1392 1990-10-03T00:00:00.000-04:00 2008-09-05T16:19:24.740-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT CA-1990-06 BID 9 CIAC B-01 XF nextstep-restore09-root-access(7144) Vulnerability in restore0.9 installation script in NeXT 1.0a and 1.0 allows local users to gain root privileges. cpe:/o:digital:vms:5.3 CVE-1999-1057 1990-10-25T00:00:00.000-04:00 2008-09-05T16:18:37.230-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 CERT CA-1990-07 CIAC B-04 BID 12 XF vms-analyze-processdump-privileges(7137) VMS 4.0 through 5.3 allows local users to gain privileges via the ANALYZE/PROCESS_DUMP dcl command. cpe:/o:sgi:irix:3.3.1 cpe:/o:sgi:irix:3.3 CVE-1999-1554 1990-10-31T00:00:00.000-05:00 2008-09-05T16:19:48.163-04:00 2.1 LOCAL LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 CERT CA-1990-08 BID 13 XF sgi-irix-reset(3164) /usr/sbin/Mail on SGI IRIX 3.3 and 3.3.1 does not properly set the group ID to the group ID of the user who started Mail, which allows local users to read the mail of other users. cpe:/o:sun:sunos:4.1.1 CVE-1999-1197 1990-12-20T00:00:00.000-05:00 2008-09-05T16:18:57.117-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT CA-1990-12 BID 14 XF sunos-tioccons-console-redirection(7140) TIOCCONS in SunOS 4.1.1 does not properly check the permissions of a user who tries to redirect console output and input, which could allow a local user to gain privileges. cpe:/o:hp:apollo_domain_os:sr10.2 cpe:/o:hp:apollo_domain_os:sr10.3:beta CVE-1999-1115 1990-12-31T00:00:00.000-05:00 2008-09-05T16:18:45.430-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT CA-1990-04 BID 7 XF apollo-suidexec-unauthorized-access(6721) CIAC A-30 Vulnerability in the /etc/suid_exec program in HP Apollo Domain/OS sr10.2 and sr10.3 beta, related to the Korn Shell (ksh). cpe:/o:sun:sunos:4.1.1 cpe:/o:sun:sunos:4.1 CVE-1999-1258 1991-01-15T00:00:00.000-05:00 2008-09-05T16:19:05.883-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 XF sun-pwdauthd(1782) SUN 00102 rpc.pwdauthd in SunOS 4.1.1 and earlier does not properly prevent remote access to the daemon, which allows remote attackers to obtain sensitive system information. cpe:/o:sun:sunos:4.1.1 cpe:/o:sun:sunos:4.1 cpe:/o:sun:sunos:4.0.3 CVE-1999-1438 1991-02-22T00:00:00.000-05:00 2008-09-05T16:19:31.490-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT CA-1991-01 SUN 00105 BID 15 Vulnerability in /bin/mail in SunOS 4.1.1 and earlier allows local users to gain root privileges via certain command line arguments. cpe:/o:sun:sunos:4.1.1 CVE-1999-1211 1991-03-27T00:00:00.000-05:00 2008-09-05T16:18:59.167-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT CA-1991-02 XF sun-intelnetd(574) Vulnerability in in.telnetd in SunOS 4.1.1 and earlier allows local users to gain root privileges. cpe:/o:sun:sunos:4.0.3c cpe:/o:sun:sunos:4.0.3 CVE-1999-1212 1991-03-27T00:00:00.000-05:00 2008-09-05T16:18:59.307-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT CA-1991-02 XF sun-intelnetd(574) Vulnerability in in.rlogind in SunOS 4.0.3 and 4.0.3c allows local users to gain root privileges. cpe:/o:digital:ultrix:4.1 cpe:/o:digital:ultrix:4.0 CVE-1999-1194 1991-05-01T00:00:00.000-04:00 2008-09-05T16:18:56.713-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT CA-1991-05 XF dec-chroot(577) BID 17 chroot in Digital Ultrix 4.1 and 4.0 is insecurely installed, which allows local users to gain privileges. cpe:/a:next:next:2.1 CVE-1999-1193 1991-05-14T00:00:00.000-04:00 2008-09-05T16:18:56.570-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT CA-1991-06 XF next-me(581) BID 20 The "me" user in NeXT NeXTstep 2.1 and earlier has wheel group privileges, which could allow the me user to use the su command to become root. cpe:/o:sun:sunos:4.1.1 cpe:/o:sun:sunos:4.1 cpe:/o:sun:sunos:4.0.3 CVE-1999-1123 1991-05-20T00:00:00.000-04:00 2008-09-05T16:18:46.573-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT CA-1991-07 XF sun-sourcetapes(582) SUN 00107 BID 22 BID 21 The installation of Sun Source (sunsrc) tapes allows local users to gain root privileges via setuid root programs (1) makeinstall or (2) winstall. cpe:/o:att:svr4:4.0 CVE-1999-1034 1991-05-23T00:00:00.000-04:00 2008-09-05T16:18:34.057-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT CA-1991-08 BID 23 XF sysv-login(583) CIAC B-28 Vulnerability in login in AT&T System V Release 4 allows local users to gain privileges. cpe:/o:digital:ultrix:4.2 CVE-1999-1415 1991-08-23T00:00:00.000-04:00 2008-09-05T16:19:28.163-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 CERT CA-91.13 BID 27 Vulnerability in /usr/bin/mail in DEC ULTRIX before 4.2 allows local users to gain privileges. cpe:/a:ncsa:telnet CVE-1999-1090 1991-09-10T00:00:00.000-04:00 2008-09-05T16:18:41.963-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 CERT CA-1991-15 XF ftp-ncsa(1844) The default configuration of NCSA Telnet package for Macintosh and PC enables FTP, even though it does not include an "ftp=yes" line, which allows remote attackers to read and modify arbitrary files. CVE-1999-0498 1991-09-27T00:00:00.000-04:00 2008-09-09T08:34:39.197-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS TFTP is not running in a restricted directory, allowing a remote attacker to access sensitive information such as password files. cpe:/o:sun:sunos:4.0.3c cpe:/o:sgi:irix:4.0 cpe:/o:cray:unicos:6.0 cpe:/o:cray:unicos:6.1 cpe:/o:sun:sunos:4.1 cpe:/o:sun:sunos:4.0.3 cpe:/o:sun:sunos:4.1.1 cpe:/o:sun:sunos:4.1psr_a cpe:/a:next:next:2.0 cpe:/o:sgi:irix:3.3.2 cpe:/a:next:next:2.1 cpe:/o:sgi:irix:3.3.1 cpe:/o:sgi:irix:3.3 cpe:/o:sgi:irix:3.3.3 cpe:/o:cray:unicos:6.0e CVE-1999-1468 1991-10-22T00:00:00.000-04:00 2008-09-10T15:01:59.960-04:00 6.2 LOCAL HIGH NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT CA-91.20 BID 31 MISC http://www.alw.nih.gov/Security/8lgm/8lgm-Advisory-01.html OSVDB 8106 XF rdist-popen-gain-privileges(7160) rdist in various UNIX systems uses popen to execute sendmail, which allows local users to gain root privileges by modifying the IFS (Internal Field Separator) variable. cpe:/o:sun:sunos:4.1.1 CVE-1999-0167 1991-12-06T00:00:00.000-05:00 2008-09-09T08:33:53.697-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS In SunOS, NFS file handles could be guessed, giving unauthorized access to the exported file system. cpe:/o:hp:apollo_domain_os:sr10.3 CVE-1999-1493 1991-12-18T00:00:00.000-05:00 2008-09-05T16:19:39.413-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT CA-1991-23 XF apollo-crp-root-access(7158) BID 34 Vulnerability in crp in Hewlett Packard Apollo Domain OS SR10 through SR10.3 allows remote attackers to gain root privileges via insecure system calls, (1) pad_$dm_cmd and (2) pad_$def_pfk(). cpe:/o:digital:ultrix:4.1 cpe:/o:digital:ultrix:4.2 CVE-1999-1032 1991-12-31T00:00:00.000-05:00 2008-09-05T16:18:33.777-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT CA-1991-11 BID 26 XF ultrix-telnet(584) CIAC B-36 Vulnerability in LAT/Telnet Gateway (lattelnet) on Ultrix 4.1 and 4.2 allows attackers to gain root privileges. cpe:/o:att:svr4:4.0 CVE-1999-1059 1992-02-25T00:00:00.000-05:00 2008-09-05T16:18:37.527-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT CA-1992-04 BID 36 XF att-rexecd(3159) Vulnerability in rexec daemon (rexecd) in AT&T TCP/IP 4.0 for various SVR4 systems allows remote attackers to execute arbitrary commands. cpe:/o:ibm:aix:3.1 cpe:/o:ibm:aix:3.2 CVE-1999-0627 1992-03-01T00:00:00.000-05:00 2008-09-09T08:35:08.743-04:00 0.0 NETWORK LOW NONE NONE NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 The rexd service is running, which uses weak authentication that can allow an attacker to execute commands. cpe:/o:ibm:aix:3.2 CVE-1999-1121 1992-03-19T00:00:00.000-05:00 2008-09-05T16:18:46.277-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT CA-1992-06 XF ibm-uucp(554) BID 38 OSVDB 891 The default configuration for UUCP in AIX before 3.2 allows local users to gain root privileges. cpe:/o:ibm:aix:3.1 cpe:/o:ibm:aix:3.2 CVE-1999-0117 1992-03-31T00:00:00.000-05:00 2008-09-09T08:33:47.057-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS AIX passwd allows local users to gain root access. cpe:/o:ibm:aix:::32-bit CVE-1999-1119 1992-04-27T00:00:00.000-04:00 2008-09-05T16:18:45.993-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT CA-1992-09 XF aix-anon-ftp(3154) BID 41 FTP installation script anon.ftp in AIX insecurely configures anonymous FTP, which allows remote attackers to execute arbitrary commands. cpe:/o:sun:sunos:4.1.2 CVE-1999-1142 1992-05-27T00:00:00.000-04:00 2008-09-05T16:18:49.323-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT CA-1992-11 XF sun-env(3152) SUN 00116 SunOS 4.1.2 and earlier allows local users to gain privileges via "LD_*" environmental variables to certain dynamically linked setuid or setgid programs such as (1) login, (2) su, or (3) sendmail, that change the real and effective user ids to the same user. cpe:/o:sun:sunos:4.1.3 cpe:/o:sun:sunos:4.1.3c CVE-1999-0168 1992-06-04T00:00:00.000-04:00 2008-09-09T08:33:53.757-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS The portmapper may act as a proxy and redirect service requests from an attacker, making the request appear to come from the local host, possibly bypassing authentication that would otherwise have taken place. For example, NFS file systems could be mounted through the portmapper despite export restrictions. cpe:/o:sun:sunos:4.1.1 cpe:/o:sun:sunos:4.1.2 cpe:/o:sun:sunos:4.1 CVE-1999-0214 1992-07-21T00:00:00.000-04:00 2008-09-09T08:34:01.507-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 Denial of service by sending forged ICMP unreachable packets. cpe:/o:sun:sunos:4.1.1 cpe:/o:sun:sunos:4.1.2 cpe:/o:sun:sunos:4.1 CVE-1999-1396 1992-07-21T00:00:00.000-04:00 2008-09-05T16:19:25.337-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT CA-1992-15 BID 49 XF sun-integer-multiplication-access(7150) Vulnerability in integer multiplication emulation code on SPARC architectures for SunOS 4.1 through 4.1.2 allows local users to gain root access or cause a denial of service (crash). cpe:/a:dec:dec_openvms:5.4 cpe:/a:dec:dec_openvms:5.1.1 cpe:/a:dec:dec_openvms:5.1.2 cpe:/a:dec:dec_openvms:5.4.1 cpe:/a:dec:dec_openvms:5.1 cpe:/a:dec:dec_openvms:5.0 cpe:/a:dec:dec_openvms:5.2.1 cpe:/a:dec:dec_openvms:5.3 cpe:/a:dec:dec_openvms:5.2 cpe:/a:dec:dec_openvms:5.4.2 cpe:/a:dec:dec_openvms:5.1b cpe:/a:dec:dec_openvms:5.0.1 cpe:/a:dec:dec_openvms:5.0.2 cpe:/a:dec:dec_openvms:5.3.1 cpe:/a:dec:dec_openvms:5.3.2 CVE-1999-1395 1992-11-17T00:00:00.000-05:00 2009-10-31T00:02:35.750-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT CA-92.16 CERT CA-1992-18 BID 51 XF vms-monitor-gain-privileges(7136) OSVDB 59332 Vulnerability in Monitor utility (SYS$SHARE:SPISHR.EXE) in VMS 5.0 through 5.4-2 allows local users to gain privileges. cpe:/o:cisco:ios:9.1 CVE-1999-1306 1992-12-10T00:00:00.000-05:00 2008-09-05T16:19:12.727-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 CERT CA-1992-20 Cisco IOS 9.1 and earlier does not properly handle extended IP access lists when the IP route cache is enabled and the "established" keyword is set, which could allow attackers to bypass filters. cpe:/o:cisco:ios:9.1 cpe:/o:cisco:ios:8.2 cpe:/o:cisco:ios:9.0 cpe:/o:cisco:ios:8.3 CVE-1999-1466 1992-12-10T00:00:00.000-05:00 2008-09-05T16:19:35.477-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 CERT CA-1992-20 BID 53 Vulnerability in Cisco routers versions 8.2 through 9.1 allows remote attackers to bypass access control lists when extended IP access lists are used on certain interfaces, the IP route cache is enabled, and the access list uses the "established" keyword. cpe:/o:sun:sunos:4.1.1 cpe:/o:sun:sunos:4.1.2 cpe:/o:sun:sunos:4.1 CVE-1999-1021 1992-12-30T00:00:00.000-05:00 2008-09-05T16:18:32.197-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT CA-1992-15 BID 47 SUN 00117 XF nfs-uid(82) NFS on SunOS 4.1 through 4.1.2 ignores the high order 16 bits in a 32 bit UID, which allows a local user to gain root access if the lower 16 bits are set to 0, as fixed by the NFS jumbo patch upgrade. CVE-1999-1056 1992-12-31T00:00:00.000-05:00 2008-09-09T08:36:47.930-04:00 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-1999-1395. Reason: This candidate is a duplicate of CVE-1999-1395. Notes: All CVE users should reference CVE-1999-1395 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. cpe:/o:hp:hp-ux CVE-1999-0312 1993-01-13T00:00:00.000-05:00 2008-09-09T08:34:16.477-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 HP ypbind allows attackers with root privileges to modify NIS data. cpe:/o:sun:sunos:4.1.1 cpe:/o:sun:sunos:4.1.2 cpe:/o:sun:sunos:4.1.3 cpe:/o:sun:sunos:4.1psr_a cpe:/o:sun:sunos:4.1.3c cpe:/o:sun:sunos:4.1 cpe:/o:sun:sunos:4.1.3u1 CVE-1999-1507 1993-02-03T00:00:00.000-05:00 2008-09-05T16:19:41.413-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT CA-1993-03 BID 59 XF sun-dir(521) Sun SunOS 4.1 through 4.1.3 allows local attackers to gain root access via insecure permissions on files and directories such as crash. cpe:/o:commodore:amiga_unix:2.1p2a CVE-1999-1218 1993-02-18T00:00:00.000-05:00 2008-09-05T16:19:00.167-04:00 2.1 LOCAL LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 CERT CA-1993-04 XF amiga-finger(522) Vulnerability in finger in Commodore Amiga UNIX 2.1p2a and earlier allows local users to read arbitrary files. cpe:/a:dec:dec_openvms_vax:5.5.2 cpe:/a:dec:dec_openvms_axp:1.0 CVE-1999-1312 1993-02-24T00:00:00.000-05:00 2008-09-05T16:19:13.523-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT CA-1993-05 XF openvms-local-privilege-elevation(7142) Vulnerability in DEC OpenVMS VAX 5.5-2 through 5.0, and OpenVMS AXP 1.0, allows local users to gain system privileges. cpe:/h:cisco:router:9.17 cpe:/h:cisco:router:9.0 cpe:/h:cisco:router:9.1 cpe:/h:cisco:router:8.2 cpe:/h:cisco:router:8.3 CVE-1999-1216 1993-04-22T00:00:00.000-04:00 2008-09-05T16:18:59.867-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS CERT CA-1993-07 XF cisco-sourceroute(541) CIAC D-15 Cisco routers 9.17 and earlier allow remote attackers to bypass security restrictions via certain IP source routed packets that should normally be denied using the "no ip source-route" command. cpe:/o:sco:open_desktop:1.1 cpe:/o:sco:open_desktop:2.0 cpe:/o:sco:unix:4.0 CVE-1999-1162 1993-05-24T00:00:00.000-04:00 2008-09-05T16:18:52.117-04:00 6.4 NETWORK LOW NONE NONE PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 CERT CA-1993-08 XF sco-passwd-deny(542) Vulnerability in passwd in SCO UNIX 4.0 and earlier allows attackers to cause a denial of service by preventing users from being able to log into the system. cpe:/a:university_of_minnesota:gopherd CVE-1999-0124 1993-08-09T00:00:00.000-04:00 2008-09-09T08:33:48.587-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS Vulnerabilities in UMN gopher and gopher+ versions 1.12 and 2.0x allow an intruder to read any files that can be accessed by the gopher daemon. cpe:/o:novell:netware:4.0 cpe:/o:novell:netware:4.01 CVE-1999-1215 1993-09-16T00:00:00.000-04:00 2008-09-05T16:18:59.727-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 CERT CA-1993-12 XF novell-login(545) CIAC D-21 LOGIN.EXE program in Novell Netware 4.0 and 4.01 temporarily writes user name and password information to disk, which could allow local users to gain privileges. cpe:/o:sco:unix:system_v386_3.2_operating_system_4.x cpe:/o:sco:unix:system_v386_3.2_operating_system_2.0 cpe:/o:sco:unix:system_v386_3.2_operating_system cpe:/o:sco:open_desktop_lite:3.0 cpe:/o:sco:open_desktop:1.0 cpe:/o:sco:unix:system_v386_3.2_operating_system_4.0 cpe:/o:sco:open_desktop:2.0 cpe:/o:sco:open_desktop:3.0 cpe:/o:sco:openserver:3.0 CVE-1999-1138 1993-09-17T00:00:00.000-04:00 2008-09-05T16:18:48.727-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT CA-1993-13 XF sco-homedir(546) SCO UNIX System V/386 Release 3.2, and other SCO products, installs the home directories (1) /tmp for the dos user, and (2) /usr/tmp for the asg user, which allows other users to gain access to those accounts since /tmp and /usr/tmp are world-writable. cpe:/o:sun:sunos:4.1.1 cpe:/o:sun:solaris:1.0 cpe:/o:sun:sunos:4.1.2 cpe:/o:sun:solaris:1.1c cpe:/o:sun:solaris:1.1 cpe:/o:sun:sunos:4.1.3 cpe:/o:sun:sunos:4.1.3c cpe:/o:sun:solaris:1.0.1 CVE-1999-1318 1993-09-17T00:00:00.000-04:00 2008-09-10T15:01:42.430-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS SUNBUG 1121935 XF sun-su-path(7480) /usr/5bin/su in SunOS 4.1.3 and earlier uses a search path that includes the current working directory (.), which allows local users to gain privileges via Trojan horse programs. cpe:/a:eric_allman:sendmail CVE-1999-0145 1993-09-30T00:00:00.000-04:00 2008-09-09T08:33:50.680-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT CA-1993-14 CERT CA-1990-11 BUGTRAQ 19950206 sendmail wizard thing... FarmerVenema Improving the Security of Your Site by Breaking Into it Sendmail WIZ command enabled, allowing root access. cpe:/o:sun:solaris:2.2 cpe:/o:sun:solaris cpe:/o:sun:sunos:5.0 cpe:/o:sun:sunos cpe:/o:sun:sunos:4.1 CVE-1999-1137 1993-10-01T00:00:00.000-04:00 2008-09-05T16:18:48.587-04:00 2.1 LOCAL LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 XF sun-audio(549) CIAC E-01 SUN 00122 OSVDB 6436 The permissions for the /dev/audio device on Solaris 2.2 and earlier, and SunOS 4.1.x, allow any local user to read from the device, which could be used by an attacker to monitor conversations happening near a machine that has a microphone. cpe:/o:sun:solaris:2.0 cpe:/o:sun:solaris:::x86 CVE-1999-0334 1993-12-16T00:00:00.000-05:00 2008-09-09T08:34:18.117-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS In Solaris 2.2 and 2.3, when fsck fails on startup, it allows a local user with physical access to obtain root access. cpe:/a:rpc.walld:rpc.walld CVE-1999-0181 1994-01-01T00:00:00.000-05:00 2008-09-09T08:33:54.790-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 The wall daemon can be used for denial of service, social engineering attacks, or to execute remote commands. cpe:/o:hp:hp-ux:9.00 cpe:/o:hp:hp-ux:9.01 CVE-1999-1242 1994-02-07T00:00:00.000-05:00 2008-09-05T16:19:03.603-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS XF hp-subnet-config(2162) HP HPSBUX9402-003 Vulnerability in subnetconfig in HP-UX 9.01 and 9.0 allows local users to gain privileges. cpe:/o:sun:sunos:4.1.1 cpe:/o:sun:sunos:4.1.2 cpe:/o:sun:sunos:4.1.3 cpe:/o:sun:solaris:2.0 cpe:/o:sun:sunos:4.1.3c CVE-1999-0211 1994-02-14T00:00:00.000-05:00 2008-09-09T08:34:01.257-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 BID 24 Extra long export lists over 256 characters in some mount daemons allows NFS directories to be mounted by anyone. cpe:/o:ibm:aix:3.2.5 cpe:/o:ibm:aix:3.2.4 CVE-1999-0338 1994-02-24T00:00:00.000-05:00 2008-09-09T08:34:18.383-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS AIX Licensed Program Product performance tools allow local users to gain root access. cpe:/o:sun:solaris:1.1.1a cpe:/o:sun:sunos:4.1 CVE-1999-0120 1994-03-21T00:00:00.000-05:00 2008-09-09T08:33:48.320-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS SUN 00126 Sun/Solaris utmp file allows local users to gain root access if it is writable by users other than root. cpe:/o:hp:hp-ux:9 CVE-1999-1135 1994-04-20T00:00:00.000-04:00 2008-09-10T15:01:10.337-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS XF hp-vue(2284) HP HPSBUX9504-027 Vulnerability in VUE 3.0 in HP 9.x allows local users to gain root privileges, as fixed by PHSS_4994 and PHSS_5438. cpe:/o:hp:hp-ux:8 cpe:/o:hp:hp-ux:9 CVE-1999-1146 1994-05-04T00:00:00.000-04:00 2008-09-05T16:18:49.883-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS XF hp-glanceplus-gpm(2060) HP HPSBUX9405-011 Vulnerability in Glance and gpm programs in GlancePlus for HP-UX 9.x and earlier allows local users to access arbitrary files and gain privileges. cpe:/o:sun:sunos:4.1 CVE-1999-1388 1994-05-13T00:00:00.000-04:00 2008-09-05T16:19:24.197-04:00 6.2 LOCAL HIGH NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS BUGTRAQ 19940514 [8lgm]-Advisory-7.UNIX.passwd.11-May-1994.NEWFIX BUGTRAQ 19940513 [8lgm]-Advisory-7.UNIX.passwd.11-May-1994 BUGTRAQ 19941218 Sun Patch Id #102060-01 passwd in SunOS 4.1.x allows local users to overwrite arbitrary files via a symlink attack and the -F command line argument. cpe:/o:hp:hp-ux:9 CVE-1999-1134 1994-05-18T00:00:00.000-04:00 2008-09-10T15:01:10.243-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS CIAC E-23 XF hp-vue(2284) HP HPSBUX9404-008 Vulnerability in Vue 3.0 in HP 9.x allows local users to gain root privileges, as fixed by PHSS_4038, PHSS_4055, and PHSS_4066. cpe:/o:ibm:aix:3.1 cpe:/o:ibm:aix:3.2 cpe:/o:ibm:aix:3.2.5 cpe:/o:ibm:aix:3.2.4 CVE-1999-0113 1994-05-23T00:00:00.000-04:00 2008-09-09T08:33:46.773-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS BID 458 Some implementations of rlogin allow root access if given a -froot parameter. cpe:/o:hp:hp-ux CVE-1999-0423 1994-06-01T00:00:00.000-04:00 2008-09-09T08:34:31.210-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS HP HPSBUX9903-093 Vulnerability in hpterm on HP-UX 10.20 allows local users to gain additional privileges. cpe:/o:ibm:aix:3.1 cpe:/o:ibm:aix:2.2.1 cpe:/o:ibm:aix:3.2 cpe:/o:ibm:aix:1.3 cpe:/o:ibm:aix:1.2.1 CVE-1999-0337 1994-06-03T00:00:00.000-04:00 2008-09-09T08:34:18.320-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS AIX batch queue (bsh) allows local and remote users to gain additional privileges when network printing is enabled. cpe:/a:great_circle_associates:majordomo:1.91 cpe:/a:great_circle_associates:majordomo:1.90 CVE-1999-0207 1994-06-09T00:00:00.000-04:00 2008-09-09T08:34:00.977-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS Remote attacker can execute commands through Majordomo using the Reply-To field and a "lists" command. cpe:/o:hp:hp-ux:9 CVE-1999-1239 1994-07-13T00:00:00.000-04:00 2008-09-05T16:19:03.180-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS XF hp-xauthority(2261) HP HPSBUX9407-015 HP-UX 9.x does not properly enable the Xauthority mechanism in certain conditions, which could allow local users to access the X display even when they have not explicitly been authorized to do so. cpe:/o:ibm:aix:3.1 cpe:/o:ibm:aix:3.2 cpe:/o:ibm:aix:3.2.5 cpe:/o:ibm:aix:3.2.4 CVE-1999-1552 1994-07-20T00:00:00.000-04:00 2008-09-10T15:02:10.163-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS BID 358 BUGTRAQ 19940720 xnews and XDM dpsexec (DPS Server) when running under XDM in IBM AIX 3.2.5 and earlier does not properly check privileges, which allows local users to overwrite arbitrary files and gain privileges. cpe:/o:sgi:irix:5.1 cpe:/o:sgi:irix:6.0.1 cpe:/o:sgi:irix:5.1.1 cpe:/o:sgi:irix:5.2 cpe:/o:sgi:irix:6.0 CVE-1999-1494 1994-08-09T00:00:00.000-04:00 2008-09-05T16:19:39.553-04:00 2.1 LOCAL LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 XF sgi-colorview(2112) BUGTRAQ 19950307 sigh. another Irix 5.2 hole. BID 336 SGI 19950209-00-P BUGTRAQ 19940809 Re: IRIX 5.2 Security Advisory colorview in Silicon Graphics IRIX 5.1, 5.2, and 6.0 allows local attackers to read arbitrary files via the -text argument. cpe:/o:sgi:irix:5.1 cpe:/o:sgi:irix:5.2 CVE-1999-1219 1994-08-11T00:00:00.000-04:00 2008-09-05T16:19:00.307-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT CA-1994-13 XF sgi-prn-mgr(511) BID 468 CIAC E-33 Vulnerability in sgihelp in the SGI help system and print manager in IRIX 5.2 and earlier allows local users to gain root privileges, possibly through the clogin command. cpe:/o:hp:hp-ux:9.05 cpe:/o:hp:hp-ux:8 cpe:/o:hp:hp-ux:9 CVE-1999-1238 1994-09-21T00:00:00.000-04:00 2008-09-05T16:19:03.040-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS XF hp-core-diag-fileset(2262) HP HPSBUX9409-017 Vulnerability in CORE-DIAG fileset in HP message catalog in HP-UX 9.05 and earlier allows local users to gain privileges. cpe:/o:sgi:irix:4 cpe:/o:sgi:irix:5.3 cpe:/o:sgi:irix:5.2 CVE-1999-1022 1994-10-02T00:00:00.000-04:00 2008-09-05T16:18:32.337-04:00 6.2 LOCAL HIGH NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS XF sgi-serialports(2111) BID 464 BUGTRAQ 19941002 serial_ports administrative program in IRIX 4.x and 5.x trusts the user's PATH environmental variable to find and execute the ls program, which allows local users to gain root privileges via a Trojan horse ls program. CVE-1999-1310 1994-11-04T00:00:00.000-05:00 2008-09-10T15:01:41.883-04:00 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-1999-1022. Reason: This candidate is a duplicate of CVE-1999-1022. Notes: All CVE users should reference CVE-1999-1022 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. cpe:/o:sco:unix:3.2 cpe:/o:sco:open_desktop_lite:3.0 cpe:/o:sco:open_desktop:2.0 cpe:/o:sco:openserver_network_system:3.0 cpe:/o:sco:unix:4.0 cpe:/o:sco:open_desktop:3.0 cpe:/o:sco:unix:4.1 cpe:/o:sco:openserver_enterprise_system:3.0 cpe:/o:sco:unix:4.2 CVE-1999-1302 1994-11-30T00:00:00.000-05:00 2008-09-10T15:01:40.913-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS CIAC F-05 XF sco-pt_chmod(7586) OSVDB 8797 CERT VB-94:01 Unspecified vulnerability in pt_chmod in SCO UNIX 4.2 and earlier allows local users to gain root access. cpe:/o:sco:unix:3.2 cpe:/o:sco:open_desktop_lite:3.0 cpe:/o:sco:open_desktop:2.0 cpe:/o:sco:openserver_network_system:3.0 cpe:/o:sco:unix:4.0 cpe:/o:sco:open_desktop:3.0 cpe:/o:sco:unix:4.1 cpe:/o:sco:openserver_enterprise_system:3.0 cpe:/o:sco:unix:4.2 CVE-1999-1303 1994-11-30T00:00:00.000-05:00 2008-09-10T15:01:41.007-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS SCO 94:001 Vulnerability in prwarn in SCO UNIX 4.2 and earlier allows local users to gain root access. cpe:/o:sco:unix:3.2 cpe:/o:sco:open_desktop_lite:3.0 cpe:/o:sco:open_desktop:2.0 cpe:/o:sco:openserver_network_system:3.0 cpe:/o:sco:unix:4.0 cpe:/o:sco:open_desktop:3.0 cpe:/o:sco:unix:4.1 cpe:/o:sco:openserver_enterprise_system:3.0 cpe:/o:sco:unix:4.2 CVE-1999-1304 1994-11-30T00:00:00.000-05:00 2008-09-10T15:01:41.087-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS SCO 94:001 Vulnerability in login in SCO UNIX 4.2 and earlier allows local users to gain root access. cpe:/o:sco:unix:3.2 cpe:/o:sco:open_desktop_lite:3.0 cpe:/o:sco:open_desktop:2.0 cpe:/o:sco:openserver_network_system:3.0 cpe:/o:sco:unix:4.0 cpe:/o:sco:open_desktop:3.0 cpe:/o:sco:unix:4.1 cpe:/o:sco:openserver_enterprise_system:3.0 cpe:/o:sco:unix:4.2 CVE-1999-1305 1994-11-30T00:00:00.000-05:00 2008-09-10T15:01:41.163-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS CIAC F-05 Vulnerability in "at" program in SCO UNIX 4.2 and earlier allows local users to gain root access. cpe:/o:hp:hp-ux:8.06 cpe:/o:hp:hp-ux:9.00 cpe:/o:hp:hp-ux:8.02 cpe:/o:hp:hp-ux:8.00 CVE-1999-1248 1994-11-30T00:00:00.000-05:00 2008-09-05T16:19:04.460-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS XF hp-supportwatch(2058) HP HPSBUX9411-019 Vulnerability in Support Watch (aka SupportWatch) in HP-UX 8.0 through 9.0 allows local users to gain privileges. cpe:/o:mandrakesoft:mandrake_linux:7.0 cpe:/o:mandrakesoft:mandrake_linux:6.0 cpe:/o:redhat:linux:6.1 cpe:/o:redhat:linux:6.0 cpe:/o:mandrakesoft:mandrake_linux:6.1 cpe:/o:redhat:linux:6.2 cpe:/o:debian:debian_linux:2.2 cpe:/o:debian:debian_linux:2.1 CVE-2000-0508 1994-12-19T00:00:00.000-05:00 2008-09-05T16:21:11.393-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 BID 1372 BUGTRAQ 20000608 Remote DOS in linux rpc.lockd XF linux-lockd-remote-dos rpc.lockd in Red Hat Linux 6.1 and 6.2 allows remote attackers to cause a denial of service via a malformed request. cpe:/o:microsoft:windows_nt:4.0 CVE-1999-0077 1995-01-01T00:00:00.000-05:00 2008-09-09T08:33:40.477-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 XF tcp-seq-predict(139) Predictable TCP sequence numbers allow spoofing. CVE-1999-0232 1995-02-01T00:00:00.000-05:00 2008-09-09T08:34:03.007-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS Buffer overflow in NCSA WebServer (version 1.5c) gives remote access. cpe:/a:ncsa:ncsa_web_server:1.4.1 cpe:/a:ncsa:ncsa_web_server:1.4 cpe:/a:ncsa:ncsa_web_server:1.3 CVE-1999-0235 1995-02-17T00:00:00.000-05:00 2008-09-09T08:34:03.210-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 Buffer overflow in NCSA WebServer (1.4.1 and below) gives remote access. cpe:/o:slackware:slackware_linux CVE-1999-0242 1995-03-01T00:00:00.000-05:00 2008-09-09T08:34:03.680-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 Remote attackers can access mail files via POP3 in some Linux systems that are using shadow passwords. cpe:/o:bsd:bsd CVE-1999-1098 1995-03-03T00:00:00.000-05:00 2008-09-05T16:18:43.087-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 CERT CA-1995-03 CIAC F-12 OSVDB 4881 XF bsd-telnet(516) Vulnerability in BSD Telnet client with encryption and Kerberos 4 authentication allows remote attackers to decrypt the session via sniffing. cpe:/o:sgi:irix:6.0.1 cpe:/o:sgi:irix:5.2 cpe:/o:sgi:irix:6.0 CVE-1999-1243 1995-03-03T00:00:00.000-05:00 2008-09-05T16:19:03.743-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS XF sgi-permissions(2113) CIAC F-16 SGI 19950301-01-P373 SGI Desktop Permissions Tool in IRIX 6.0.1 and earlier allows local users to modify permissions for arbitrary files and gain privileges. cpe:/a:satan:satan:1.1 cpe:/a:satan:satan:1.0 CVE-1999-0151 1995-04-03T00:00:00.000-04:00 2008-09-09T08:33:52.570-04:00 7.6 NETWORK HIGH NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS The SATAN session key may be disclosed if the user points the web browser to other sites, possibly allowing root access. cpe:/o:sun:sunos:5.7 CVE-1999-1080 1995-05-10T00:00:00.000-04:00 2008-09-05T16:18:40.527-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS BUGTRAQ 19990510 SunOS 5.7 rmmount, no nosuid. BUGTRAQ 19991011 XF solaris-rmmount-gain-root(8350) BID 250 rmmount in SunOS 5.7 may mount file systems without the nosuid flag set, contrary to the documentation and its use in previous versions of SunOS, which could allow local users with physical access to gain root privileges by mounting a floppy or CD-ROM that contains a setuid program and running volcheck, when the file systems do not have the nosuid option specified in rmmount.conf. cpe:/o:cisco:ios:10.3%284.2%29 cpe:/o:cisco:ios:10.3%283.4%29 CVE-1999-0161 1995-07-31T00:00:00.000-04:00 2008-09-09T08:33:53.290-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS OSVDB 797 In Cisco IOS 10.3, with the tacacs-ds or tacacs keyword, an extended IP access control list could bypass filtering. cpe:/a:john_s._roberts:anyform:2.0 cpe:/a:john_s._roberts:anyform:1.0 CVE-1999-0066 1995-07-31T00:00:00.000-04:00 2008-09-09T08:33:39.727-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS BID 719 AnyForm CGI remote execution. cpe:/a:matt_wright:formmail CVE-1999-0172 1995-08-02T00:00:00.000-04:00 2008-09-09T08:33:54.040-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS FormMail CGI program allows remote execution of commands. cpe:/a:eric_allman:sendmail:8.6.10 CVE-1999-0203 1995-08-17T00:00:00.000-04:00 2008-09-09T08:34:00.710-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS In Sendmail, attackers can gain root privileges via SMTP by specifying an improper "mail from" address and an invalid "rcpt to" address that would cause the mail to bounce to a program. cpe:/o:sun:sunos:4.1.1 cpe:/o:sun:sunos:4.1.2 cpe:/o:sun:sunos:4.1.3 cpe:/o:sun:sunos:4.1.4 cpe:/a:sendmail:sendmail:5.61 cpe:/a:sendmail:sendmail:5.59 cpe:/o:sun:sunos:4.1.4jl cpe:/o:sun:sunos:4.1.3c cpe:/a:sendmail:sendmail:5.65 cpe:/o:sun:sunos:4.1.3u1 CVE-1999-1580 1995-08-23T00:00:00.000-04:00 2008-09-05T16:19:51.897-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT CA-1995-11 CERT-VN VU#3278 BID 7829 AUSCERT AA-95.09 MISC http://www.alw.nih.gov/Security/8lgm/8lgm-Advisory-21.html SunOS sendmail 5.59 through 5.65 uses popen to process a forwarding host argument, which allows local users to gain root privileges by modifying the IFS (Internal Field Separator) variable and passing crafted values to the -oR option. cpe:/o:sun:sunos:5.3 cpe:/o:sun:sunos:5.4 cpe:/o:sun:sunos:5.4::x86 CVE-1999-0164 1995-08-29T00:00:00.000-04:00 2008-09-09T08:33:53.493-04:00 6.2 LOCAL HIGH NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS OSVDB 8346 A race condition in the Solaris ps command allows an attacker to overwrite critical files. cpe:/a:aladdin_enterprises:ghostscript:3.22 cpe:/a:aladdin_enterprises:ghostscript:2.6 CVE-1999-0155 1995-08-31T00:00:00.000-04:00 2008-09-09T08:33:52.867-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS The ghostscript command with the -dSAFER option allows remote attackers to execute commands. cpe:/o:linux:linux_kernel:2.6.20.1 CVE-1999-0245 1995-09-07T00:00:00.000-04:00 2008-09-09T08:34:03.883-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS Some configurations of NIS+ in Linux allowed attackers to log in as the user "+". cpe:/h:livingston_portmaster:portmaster CVE-1999-0218 1995-10-01T00:00:00.000-04:00 2008-09-09T08:34:01.853-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 Livingston portmaster machines could be rebooted via a series of commands. cpe:/o:sgi:irix:5.0.1 cpe:/o:digital:osf_1:1.2 cpe:/o:digital:unix:4.0 cpe:/o:digital:osf_1:1.3 cpe:/o:digital:osf_1:2.0 cpe:/o:sgi:irix:5.1 cpe:/o:sgi:irix:6.0.1::xfs cpe:/o:sgi:irix:5.0 cpe:/o:sgi:irix:6.0.1 cpe:/o:sgi:irix:6.3 cpe:/o:sgi:irix:5.1.1 cpe:/o:sgi:irix:5.3 cpe:/o:sgi:irix:5.2 cpe:/o:sgi:irix:6.0 cpe:/o:sgi:irix:6.2 cpe:/o:sgi:irix:6.1 cpe:/o:digital:osf_1:3.2 cpe:/o:sgi:irix:5.3::xfs cpe:/o:digital:osf_1:3.0 cpe:/o:digital:unix:3.2g CVE-1999-0073 1995-10-13T00:00:00.000-04:00 2008-09-09T08:33:40.210-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS Telnet allows a remote client to specify environment variables including LD_LIBRARY_PATH, allowing an attacker to bypass the normal system libraries and gain root access. cpe:/o:sun:solaris:2.4::x86 cpe:/o:ibm:aix:3.2 cpe:/o:ibm:aix:4.1 cpe:/o:bsdi:bsd_os:2.0.1 cpe:/o:cray:unicos:9.0 cpe:/o:sun:solaris:2.4 cpe:/o:sun:solaris:2.3 cpe:/o:sun:sunos:4.1.3 cpe:/o:bsdi:bsd_os:2.0 cpe:/o:convex:convexos:10.2 cpe:/o:sun:sunos:4.1.4 cpe:/o:convex:convexos:10.1 cpe:/o:convex:spp-ux:3 cpe:/o:convex:convexos:11.1 cpe:/o:convex:convexos:11.0 cpe:/o:cray:unicos:8.0 cpe:/o:sun:sunos:4.1.3u1 cpe:/o:cray:unicos:8.3 CVE-1999-0099 1995-10-19T00:00:00.000-04:00 2008-09-09T08:33:42.103-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS Buffer overflow in syslog utility allows local or remote attackers to gain root privileges. cpe:/o:sun:solaris:2.5.1::x86 cpe:/o:sun:solaris:2.6::x86 cpe:/o:sgi:irix cpe:/o:sun:solaris:2.5::x86 cpe:/o:sun:solaris:7.0::x86 cpe:/a:xfree86_project:x11r6 CVE-1999-0241 1995-11-01T00:00:00.000-05:00 2008-09-09T08:34:03.617-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS Guessable magic cookies in X Windows allows remote attackers to execute commands, e.g. through xterm. cpe:/a:washington_university:wu-ftpd:2.4 CVE-1999-0080 1995-11-30T00:00:00.000-05:00 2008-09-09T08:33:40.697-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS Certain configurations of wu-ftp FTP server 2.4 use a _PATH_EXECPATH setting to a directory with dangerous commands, such as /bin, which allows remote authenticated users to gain root access via the "site exec" command. cpe:/o:slackware:slackware_linux:3.0 CVE-1999-0123 1995-12-01T00:00:00.000-05:00 2008-09-05T16:16:30.923-04:00 3.7 LOCAL HIGH NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS Race condition in Linux mailx command allows local users to read user files. cpe:/o:hp:hp-ux:8 cpe:/o:hp:hp-ux:9 CVE-1999-0325 1995-12-01T00:00:00.000-05:00 2008-09-09T08:34:17.477-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS HP HPSBUX9406-013 vhe_u_mnt program in HP-UX allows local users to create root files through symlinks. cpe:/a:sam_lantinga:splitvt:1.6.3 CVE-1999-0316 1995-12-01T00:00:00.000-05:00 2008-09-09T08:34:16.757-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS Buffer overflow in Linux splitvt command gives root access to local users. cpe:/o:ibm:aix:3.2 cpe:/o:nec:asl_ux_4800 cpe:/o:sgi:irix:5.1 cpe:/o:sgi:irix:4 cpe:/o:sgi:irix:5.0 cpe:/o:sgi:irix:3 cpe:/o:nec:ews-ux_v cpe:/o:sgi:irix:5.2 cpe:/o:nec:up-ux_v cpe:/o:ibm:aix:4.1 CVE-1999-0208 1995-12-12T00:00:00.000-05:00 2008-09-09T08:34:01.057-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS rpc.ypupdated (NIS) allows remote users to execute arbitrary commands. cpe:/o:redhat:linux:2.1 cpe:/a:rxvt:rxvt cpe:/o:slackware:slackware_linux:3.0 CVE-1999-1186 1996-01-02T00:00:00.000-05:00 2008-09-05T16:18:55.557-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS BUGTRAQ 19960102 rxvt security hole rxvt, when compiled with the PRINT_PIPE option in various Linux operating systems including Linux Slackware 3.0 and RedHat 2.1, allows local users to gain root privileges by specifying a malicious program using the -print-pipe command line parameter. cpe:/o:sgi:irix:5.2 cpe:/o:sgi:irix:5 cpe:/o:sgi:irix:6.0 cpe:/o:sgi:irix:6.1 CVE-1999-1319 1996-01-03T00:00:00.000-05:00 2008-09-10T15:01:42.493-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS SGI 19960101-01-PX XF irix-object-server(7430) Vulnerability in object server program in SGI IRIX 5.2 through 6.1 allows remote attackers to gain root privileges in certain configurations. cpe:/o:redhat:linux:2.1 CVE-1999-1491 1996-02-02T00:00:00.000-05:00 2008-09-05T16:19:39.130-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS BID 354 BUGTRAQ 19960202 abuse Red Hat 2.1 security hole abuse.console in Red Hat 2.1 uses relative pathnames to find and execute the undrv program, which allows local users to execute arbitrary commands via a path that points to a Trojan horse program. CVE-1999-0103 1996-02-08T00:00:00.000-05:00 2008-09-09T08:33:45.603-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 Echo and chargen, or other combinations of UDP services, can be used in tandem to flood the server, a.k.a. UDP bomb or UDP packet storm. cpe:/a:mit:kerberos:4.0 cpe:/o:sun:solaris:2.4 cpe:/o:sun:solaris:2.3 cpe:/a:process_software:multinet:3.4 cpe:/a:process_software:multinet:3.5 cpe:/a:mit:kerberos:5 CVE-1999-0143 1996-02-21T00:00:00.000-05:00 2008-09-09T08:33:49.883-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS Kerberos 4 key servers allow a user to masquerade as another by breaking and generating session keys. cpe:/a:microsoft:internet_information_server:1.0 CVE-1999-0233 1996-02-25T00:00:00.000-05:00 2008-09-09T08:34:03.070-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS MSKB Q155056 MSKB Q148188 IIS 1.0 allows users to execute arbitrary commands using .bat or .cmd files. cpe:/a:netscape:navigator cpe:/a:sun:java CVE-1999-0142 1996-03-01T00:00:00.000-05:00 2008-09-09T08:33:49.820-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS The Java Applet Security Manager implementation in Netscape Navigator 2.0 and Java Developer's Kit 1.0 allows an applet to connect to arbitrary hosts. cpe:/a:ncsa:ncsa_httpd:1.5a::export cpe:/a:apache:http_server:1.0.3 CVE-1999-0067 1996-03-20T00:00:00.000-05:00 2008-09-09T08:33:39.807-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT CA-1996-06 BID 629 OSVDB 136 phf CGI program allows remote command execution through shell metacharacters. cpe:/a:netscape:navigator:2.02 CVE-1999-0141 1996-03-29T00:00:00.000-05:00 2008-09-09T08:33:49.757-04:00 3.7 LOCAL HIGH NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS SUN 00134 Java Bytecode Verifier allows malicious applets to execute arbitrary commands as the user of the applet. cpe:/a:apache:http_server cpe:/a:ncsa:ncsa_web_server CVE-1999-0070 1996-04-01T00:00:00.000-05:00 2008-09-09T08:33:40.007-04:00 5.0 NETWORK LOW NONE NONE PARTIAL NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 test-cgi program allows an attacker to list files on the server. cpe:/o:digital:osf_1:3.2c CVE-1999-1103 1996-04-03T00:00:00.000-05:00 2008-09-05T16:18:43.777-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 CERT VB-96.05 CIAC G-18 MISC http://www.tao.ca/fire/bos/0209.html XF osf-dxconsole-gain-privileges(7138) dxconsole in DEC OSF/1 3.2C and earlier allows local users to read arbitrary files by specifying the file with the -file parameter. cpe:/o:hp:hp-ux cpe:/o:next:nextstep cpe:/o:ibm:aix:3.2 cpe:/a:ncr:mp-ras:2.03 cpe:/o:sco:unixware:2.1 cpe:/a:ncr:mp-ras:3.01 cpe:/o:sgi:irix:5.3 cpe:/o:sun:solaris:2.5 cpe:/o:sun:sunos:4.1 cpe:/o:ibm:aix:4.1 cpe:/o:nec:up-ux_v cpe:/o:ibm:aix:4.2 cpe:/o:sun:solaris:2.4 cpe:/o:sco:openserver:5 cpe:/o:bsdi:bsd_os cpe:/o:freebsd:freebsd:6.2:stable cpe:/a:ncr:mp-ras:3.0 CVE-1999-0078 1996-04-18T00:00:00.000-04:00 2008-09-09T08:33:40.557-04:00 1.9 LOCAL MEDIUM NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, or execute arbitrary commands through arguments in the RPC call. cpe:/o:ibm:aix:3.2 cpe:/a:ncr:mp-ras:2.03 cpe:/a:data_general:dg_ux:4.11 cpe:/o:nighthawk:cx_ux cpe:/o:sun:sunos:5.4::x86 cpe:/o:sco:open_desktop:3 cpe:/o:sco:open_desktop:2 cpe:/o:sgi:irix:6.1 cpe:/o:ibm:aix:4.1 cpe:/o:sco:openserver:3.0 cpe:/o:sco:unixware:2 cpe:/o:sun:sunos:4.1.3 cpe:/o:sun:sunos:5.5::x86 cpe:/o:sun:sunos:4.1.4 cpe:/o:sco:openserver:5.0 cpe:/o:sun:sunos:5.3 cpe:/o:sun:sunos:5.4 cpe:/o:nighthawk:powerux cpe:/a:ncr:mp-ras:3.0 cpe:/o:sun:sunos:5.5 CVE-1999-0019 1996-04-24T00:00:00.000-04:00 2008-09-09T08:33:32.460-04:00 5.0 NETWORK LOW NONE NONE PARTIAL NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 SUN 00135 Delete or create a file via rpc.statd, due to invalid information. cpe:/o:freebsd:freebsd:2.0 cpe:/o:freebsd:freebsd:2.2 cpe:/o:freebsd:freebsd:2.1.0 cpe:/o:freebsd:freebsd:2.2:current cpe:/o:freebsd:freebsd:2.0.5 cpe:/o:freebsd:freebsd:2.1:stable CVE-1999-1314 1996-05-17T00:00:00.000-04:00 2008-09-10T15:01:42.147-04:00 2.1 LOCAL LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 FREEBSD FreeBSD-SA-96:10 XF unionfs-mount-ordering(7429) CIAC G-24 Vulnerability in union file system in FreeBSD 2.2 and earlier, and possibly other operating systems, allows local users to cause a denial of service (system reload) via a series of certain mount_union commands. cpe:/o:freebsd:freebsd:2.0 cpe:/o:freebsd:freebsd:2.2 cpe:/o:freebsd:freebsd:2.1.0 cpe:/o:freebsd:freebsd:2.0.5 CVE-1999-1313 1996-05-23T00:00:00.000-04:00 2008-09-05T16:19:13.663-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS CIAC G-24 FREEBSD FreeBSD-SA-96:11 XF bsd-man-command-sequence(7348) Manual page reader (man) in FreeBSD 2.2 and earlier allows local users to gain privileges via a sequence of commands. CVE-1999-0522 1996-05-28T00:00:00.000-04:00 2008-09-09T08:34:58.117-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS The permissions for a system-critical NIS+ table (e.g. passwd) are inappropriate. CVE-1999-0509 1996-05-29T00:00:00.000-04:00 2008-09-09T08:34:57.180-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 Perl, sh, csh, or other shell interpreters are installed in the cgi-bin directory on a WWW site, which allows remote attackers to execute arbitrary commands. cpe:/o:sco:internet_faststart:1.0 cpe:/o:sco:openserver:5.0 cpe:/o:sco:openserver:5.0.2 CVE-1999-1253 1996-06-07T00:00:00.000-04:00 2008-09-05T16:19:05.163-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT VB-96.10 XF sco-kernel(1965) SCO 96:001 Vulnerability in a kernel error handling routine in SCO OpenServer 5.0.2 and earlier, and SCO Internet FastStart 1.0, allows local users to gain root privileges. cpe:/o:hp:hp-ux:10.01 cpe:/o:hp:hp-ux:10.00 CVE-1999-1205 1996-06-07T00:00:00.000-04:00 2008-09-05T16:18:58.320-04:00 2.1 LOCAL LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 HP HPSBUX9607-035 BUGTRAQ 19960607 HP-UX B.10.01 vulnerability XF hp-nettune(414) nettune in HP-UX 10.01 and 10.00 is installed setuid root, which allows local users to cause a denial of service by modifying critical networking configuration information. cpe:/o:linux:linux_kernel:2.0 cpe:/o:apple:a_ux:3.1.1 cpe:/o:ibm:aix:4 cpe:/o:digital:osf_1:1.3 cpe:/o:freebsd:freebsd:2.1.0 cpe:/o:nec:asl_ux_4800 cpe:/o:freebsd:freebsd:2.0.5 cpe:/o:ibm:aix:3.2.5 cpe:/o:freebsd:freebsd:2.0 cpe:/o:nec:up-ux_v:4.2mp cpe:/o:hp:hp-ux:10 cpe:/o:nec:ews-ux_v:4.2mp cpe:/o:linux:linux_kernel:1.2.0 cpe:/o:nec:ews-ux_v:4.2 cpe:/o:hp:hp-ux:8 cpe:/o:hp:hp-ux:9 CVE-1999-0138 1996-06-26T00:00:00.000-04:00 2008-09-09T08:33:49.557-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS The suidperl and sperl program do not give up root privileges when changing UIDs back to the original users, allowing root access. cpe:/a:novell:web_server:1.0 CVE-1999-0175 1996-07-01T00:00:00.000-04:00 2008-09-09T08:33:54.243-04:00 5.0 NETWORK LOW NONE NONE PARTIAL NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 The convert.bas program in the Novell web server allows a remote attackers to read any file on the system that is internally accessible by the web server. cpe:/o:ibm:aix:4.1.4 cpe:/o:ibm:aix:4.1.3 cpe:/o:ibm:aix:4.1.5 cpe:/o:ibm:aix:4.1.2 cpe:/o:ibm:aix:4.1.1 cpe:/o:freebsd:freebsd:2.0.5 cpe:/o:sun:solaris:4.1.3:u1 cpe:/o:sgi:irix:5.3::xfs cpe:/o:freebsd:freebsd:2.0 cpe:/o:sun:solaris:4.1.1 cpe:/o:sgi:irix:5.0.1 cpe:/o:sun:solaris:4.1.2 cpe:/o:ibm:aix:3.1 cpe:/o:sun:solaris:4.1.3 cpe:/o:ibm:aix:3.2 cpe:/o:hp:hp-ux:10.00 cpe:/o:freebsd:freebsd:2.1.0 cpe:/o:sgi:irix:6.0.1::xfs cpe:/o:sgi:irix:5.1 cpe:/o:sgi:irix:6.4 cpe:/o:sgi:irix:6.3 cpe:/o:sgi:irix:6.0.1 cpe:/o:sgi:irix:5.0 cpe:/o:sgi:irix:5.3 cpe:/o:sgi:irix:5.1.1 cpe:/o:sgi:irix:5.2 cpe:/o:sgi:irix:6.0 cpe:/o:ibm:aix:3.2.5 cpe:/o:sgi:irix:6.2 cpe:/o:ibm:aix:3.2.4 cpe:/o:sgi:irix:6.1 cpe:/o:ibm:aix:4.1 cpe:/o:sun:solaris:2.2 cpe:/o:sun:solaris:2.1 cpe:/o:ibm:aix:4.2 cpe:/o:sun:solaris:2.4 cpe:/o:sun:solaris:2.3 cpe:/o:sun:solaris:2.0 cpe:/o:bsdi:bsd_os:1.1 CVE-1999-0022 1996-07-03T00:00:00.000-04:00 2008-09-09T08:33:34.993-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS SUN 00179 Local user gains root privileges via buffer overflow in rdist, via expstr() function. cpe:/a:fred_n._van_kempen:dip:3.3.7o CVE-1999-0137 1996-07-09T00:00:00.000-04:00 2008-09-09T08:33:49.477-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS The dip program on many Linux systems allows local users to gain root access via a buffer overflow. cpe:/o:freebsd:freebsd:2.1.5 CVE-1999-1301 1996-07-16T00:00:00.000-04:00 2008-09-05T16:19:11.960-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS CIAC G-31 FREEBSD FreeBSD-SA-96:17 XF rzsz-command-execution(7540) A design flaw in the Z-Modem protocol allows the remote sender of a file to execute arbitrary programs on the client, as implemented in rz in the rzsz module of FreeBSD before 2.1.5, and possibly other programs. cpe:/o:redhat:enterprise_linux:4.0::enterprise_server cpe:/o:ubuntu:ubuntu_linux:4.10 cpe:/o:mandrakesoft:mandrake_linux:cs3.0 cpe:/o:mandrakesoft:mandrake_linux:10.1 cpe:/o:freebsd:freebsd:2.1.0 cpe:/o:mandrakesoft:mandrake_linux:10.0 cpe:/o:redhat:enterprise_linux:4.0::workstation cpe:/o:mandrakesoft:mandrake_linux:9.2 cpe:/o:redhat:enterprise_linux:4.0::advanced_server cpe:/o:mandrakesoft:mandrake_linux:cs2.1 cpe:/o:debian:debian_linux:3.0 cpe:/o:redhat:enterprise_linux_desktop:4.0 CVE-1999-1572 1996-07-16T00:00:00.000-04:00 2008-09-10T15:02:13.993-04:00 2.1 LOCAL LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 XF cpio-o-archive-insecure-permissions(19167) TRUSTIX 2005-0003 REDHAT RHSA-2005:080 REDHAT RHSA-2005:073 MISC http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/1391 DEBIAN DSA-664 REDHAT RHSA-2005:806 MANDRAKE MDKSA-2005:032 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2005-212.pdf SECUNIA 17532 SECUNIA 17063 SECUNIA 14357 BUGTRAQ 20050204 [USN-75-1] cpio vulnerability cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files. cpe:/o:sco:tcp_ip:1.2.1 cpe:/o:sun:sunos:5.5.1 cpe:/o:sco:tcp_ip:1.2.0 cpe:/o:sco:unixware:2.0 cpe:/o:sco:open_desktop:2.0 cpe:/o:sco:unixware:2.1 cpe:/o:freebsd:freebsd:2.0.5 cpe:/o:sco:open_desktop:3.0 cpe:/o:sco:internet_faststart:1.0 cpe:/o:freebsd:freebsd:2.0 cpe:/o:sun:sunos:4.1.3 cpe:/o:freebsd:freebsd:2.2 cpe:/o:sun:sunos:4.1.4 cpe:/o:sco:openserver:5.0 cpe:/o:sun:sunos:5.3 cpe:/o:sun:sunos:5.4 cpe:/o:bsdi:bsd_os cpe:/o:sun:solaris:2.5.1 cpe:/o:sun:solaris:1.1.2 cpe:/o:sun:sunos:5.5 cpe:/o:ibm:aix:3.2 cpe:/o:freebsd:freebsd:2.1.0 cpe:/a:inet:inet:6.01 cpe:/o:sco:openserver:5.0.2 cpe:/o:sun:solaris:2.5 cpe:/o:ibm:aix:4.1 cpe:/o:ibm:aix:4.2 cpe:/o:sun:solaris:1.1.1a cpe:/o:sco:openserver:2.0 cpe:/o:sun:solaris:2.4 cpe:/o:sun:solaris:1.1 cpe:/o:sun:solaris:2.3 cpe:/a:inet:inet:5.01 cpe:/o:sun:sunos:4.1.3u1 CVE-1999-0023 1996-07-24T00:00:00.000-04:00 2008-09-09T08:33:35.070-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS Local user gains root privileges via buffer overflow in rdist, via lookup() function. cpe:/o:sun:solaris:2.5.1::x86 cpe:/o:sun:solaris:2.5::x86 cpe:/o:sun:solaris:2.5.1 cpe:/o:sun:solaris:2.5 cpe:/o:sun:solaris:2.5.1::ppc CVE-1999-0135 1996-07-25T00:00:00.000-04:00 2008-09-09T08:33:49.337-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS admintool in Solaris allows a local user to write to arbitrary files and gain root access. cpe:/o:sun:sunos:5.5::x86 cpe:/o:sun:sunos:5.5.1 cpe:/o:sun:solaris:2.5.1 cpe:/o:sun:sunos:5.5.1::x86 cpe:/o:sun:solaris:2.5 cpe:/o:sun:sunos:5.5 CVE-1999-0136 1996-07-31T00:00:00.000-04:00 2008-09-09T08:33:49.413-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS Kodak Color Management System (KCMS) on Solaris allows a local user to write to arbitrary files and gain root access. cpe:/o:bsdi:bsd_os:2.1 cpe:/o:linux:linux_kernel:2.6.20.1 CVE-1999-0335 1996-08-01T00:00:00.000-04:00 2008-09-09T08:34:18.180-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS DEPRECATED. This entry has been deprecated. It is a duplicate of CVE-1999-0032. cpe:/o:sun:solaris:2.4::x86 cpe:/o:sun:solaris:2.4 CVE-1999-1413 1996-08-03T00:00:00.000-04:00 2008-09-05T16:19:27.883-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS BID 296 BUGTRAQ 19960803 Exploiting Zolaris 2.4 ?? :) Solaris 2.4 before kernel jumbo patch -35 allows set-gid programs to dump core even if the real user id is not in the set-gid group, which allows local users to overwrite or create files at higher privileges by causing a core dump, e.g. through dmesg. cpe:/o:sun:sunos:5.5::x86 cpe:/o:sun:sunos:5.5.1 cpe:/o:sun:sunos:5.4 cpe:/o:sun:sunos:5.4::x86 cpe:/o:sun:sunos:5.5.1::x86 cpe:/o:sun:sunos:5.5 CVE-1999-0134 1996-08-06T00:00:00.000-04:00 2008-09-09T08:33:49.273-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS OSVDB 8159 vold in Solaris 2.x allows local users to gain root access. cpe:/a:adobe:framemaker CVE-1999-0133 1996-08-14T00:00:00.000-04:00 2008-09-09T08:33:49.210-04:00 2.1 LOCAL LOW NONE NONE PARTIAL NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 fm_fls license server for Adobe Framemaker allows local users to overwrite arbitrary files and gain root access. cpe:/o:sun:solaris:2.4::x86 cpe:/o:sun:solaris:2.2 cpe:/o:sun:solaris:2.1 cpe:/o:sun:solaris:2.4 cpe:/o:sun:sunos:4.1.1 cpe:/o:sun:solaris:2.3 cpe:/o:sun:sunos:4.1.2 cpe:/o:sun:sunos:4.1.3 cpe:/o:hp:hp-ux:10 cpe:/o:sun:solaris:2.0 cpe:/o:sun:sunos:4.1.3c cpe:/o:hp:hp-ux:9 cpe:/o:sun:sunos:4.1.3u1 CVE-1999-0132 1996-08-15T00:00:00.000-04:00 2008-09-09T08:33:49.133-04:00 2.1 LOCAL LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 CERT CA-1996-19 XF expreserve(401) OSVDB 11723 Expreserve, as used in vi and ex, allows local users to overwrite arbitrary files and gain root access. cpe:/o:ibm:aix:4.2 cpe:/o:freebsd:freebsd:6.2:stable cpe:/o:netbsd:netbsd:2.0.4 CVE-1999-0085 1996-08-21T00:00:00.000-04:00 2008-09-09T08:33:41.103-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS XF rwhod(119) XF rwhod-vuln(118) Buffer overflow in rwhod on AIX and other operating systems allows remote attackers to execute arbitrary code via a UDP packet with a long hostname. cpe:/o:freebsd:freebsd:2.1.0 cpe:/o:slackware:slackware_linux:3.0 cpe:/a:university_of_washington:pine:3.94 CVE-1999-1187 1996-08-26T00:00:00.000-04:00 2008-09-05T16:18:55.697-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS XF pine-tmpfile(416) BUGTRAQ 19960826 [BUG] Vulnerability in PINE Pine before version 3.94 allows local users to gain privileges via a symlink attack on a lockfile that is created when a user receives new mail. cpe:/a:sendmail:sendmail:8.6.7 CVE-1999-1309 1996-08-30T00:00:00.000-04:00 2008-09-05T16:19:13.147-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT CA-1994-12 BUGTRAQ 19940315 Security problem in sendmail versions 8.x.x BUGTRAQ 19940315 anyone know details? BUGTRAQ 19940314 sendmail -d problem (OLD yet still here) XF sendmail-debug-gain-root(7155) BUGTRAQ 19940327 sendmail exploit script - resend BUGTRAQ 19940315 so... Sendmail before 8.6.7 allows local users to gain root access via a large value in the debug (-d) command line option. cpe:/o:hp:hp-ux:10.01 cpe:/o:hp:hp-ux:10.00 cpe:/o:hp:hp-ux:10.10 cpe:/o:hp:hp-ux:10.20 cpe:/o:hp:hp-ux:9 CVE-1999-0324 1996-09-01T00:00:00.000-04:00 2008-09-09T08:34:17.413-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS HP HPSBUX9702-053 ppl program in HP-UX allows local users to create root files through symlinks. cpe:/o:sco:unixware:2.1.0 cpe:/o:sco:unixware:2.0.x CVE-1999-1252 1996-09-04T00:00:00.000-04:00 2008-09-05T16:19:05.023-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT VB-96.15 XF sco-system-call(1966) SCO 96:002 Vulnerability in a certain system call in SCO UnixWare 2.0.x and 2.1.0 allows local users to access arbitrary files and gain root privileges. cpe:/a:eric_allman:sendmail:8.6 cpe:/o:hp:hp-ux:10.01 cpe:/o:ibm:aix:3.2 cpe:/a:eric_allman:sendmail:8.7.1 cpe:/a:eric_allman:sendmail:8.7.2 cpe:/o:digital:osf_1:1.3.2 cpe:/a:eric_allman:sendmail:8.7.5 cpe:/a:eric_allman:sendmail:8.7.3 cpe:/o:hp:hp-ux:10.10 cpe:/o:sco:openserver:5.0.2 cpe:/a:eric_allman:sendmail:8.7.4 cpe:/o:hp:hp-ux:10.20 cpe:/o:ibm:aix:4.1 cpe:/o:ibm:aix:4.2 cpe:/o:sco:internet_faststart:1.0 cpe:/o:sco:openserver:5.0 cpe:/o:redhat:linux:3.0.3 cpe:/o:bsdi:bsd_os:2.1 cpe:/o:freebsd:freebsd:2.1.5 CVE-1999-0131 1996-09-11T00:00:00.000-04:00 2008-09-09T08:33:49.070-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS BID 717 Buffer overflow and denial of service in Sendmail 8.7.5 and earlier through GECOS field gives root access to local users. cpe:/a:bash:bash:1.14.7 cpe:/a:tcsh:tcsh:6.05 CVE-1999-1383 1996-09-13T00:00:00.000-04:00 2008-09-05T16:19:23.447-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS BUGTRAQ 19960919 Vulnerability in expansion of PS1 in bash & tcsh BUGTRAQ 19960913 tee see shell problems (1) bash before 1.14.7, and (2) tcsh 6.05 allow local users to gain privileges via directory names that contain shell metacharacters (` back-tick), which can cause the commands enclosed in the directory name to be executed when the shell expands filenames using the \w option in the PS1 variable. cpe:/a:transarc:dce_distributed_file_system:1.1 CVE-1999-1295 1996-09-17T00:00:00.000-04:00 2008-09-05T16:19:11.103-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS CERT VB-96.16 CERT VB-96.16 XF dfs-login-groups(7154) Transarc DCE Distributed File System (DFS) 1.1 for Solaris 2.4 and 2.5 does not properly initialize the grouplist for users who belong to a large number of groups, which could allow those users to gain access to resources that are protected by DFS. cpe:/o:ibm:aix:4.2 cpe:/h:ibm:sng:2.1 cpe:/h:ibm:sng:2.2 cpe:/o:ibm:aix:3.2.5 cpe:/o:ibm:aix:4.1 CVE-1999-0116 1996-09-19T00:00:00.000-04:00 2008-09-09T08:33:46.977-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 SUN 00136 SGI 19961202-01-PX Denial of service when an attacker sends many SYN packets to create multiple connections without ever sending an ACK to complete the connection, aka SYN flood. cpe:/o:hp:hp-ux:9.04 cpe:/o:hp:hp-ux:9.05 CVE-1999-0961 1996-09-21T00:00:00.000-04:00 2008-09-09T08:36:15.103-04:00 6.2 LOCAL HIGH NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS BUGTRAQ 19960921 Vunerability in HP sysdiag ? HPUX sysdiag allows local users to gain root privileges via a symlink attack during log file creation. cpe:/a:eric_allman:sendmail:8.8.1 cpe:/a:eric_allman:sendmail:8.8 CVE-1999-0206 1996-10-01T00:00:00.000-04:00 2008-09-09T08:34:00.913-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS MIME buffer overflow in Sendmail 8.8.0 and 8.8.1 gives root access. cpe:/o:hp:hp-ux CVE-1999-0246 1996-10-01T00:00:00.000-04:00 2008-09-09T08:34:03.960-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS HP Remote Watch allows a remote user to gain root access. CVE-1999-0319 1996-10-01T00:00:00.000-04:00 2008-09-09T08:34:16.960-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS Buffer overflow in xmcd 2.1 allows local users to gain access through a user resource setting. cpe:/o:hp:hp-ux:8 cpe:/o:hp:hp-ux:9 CVE-1999-0308 1996-10-01T00:00:00.000-04:00 2008-09-09T08:34:16.197-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS HP HPSBUX9410-018 HP-UX gwind program allows users to modify arbitrary files. cpe:/o:suse:suse_linux:4.2 cpe:/o:redhat:linux:3.0.3 cpe:/o:sgi:irix cpe:/o:caldera:openlinux cpe:/o:yggdrasil:linux CVE-1999-0234 1996-10-08T00:00:00.000-04:00 2008-09-09T08:34:03.147-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS Bash treats any character with a value of 255 as a command separator. cpe:/a:washington_university:wu-ftpd CVE-1999-0075 1996-10-16T00:00:00.000-04:00 2008-09-09T08:33:40.353-04:00 5.0 NETWORK LOW NONE NONE PARTIAL NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 OSVDB 5742 PASV core dump in wu-ftpd daemon when attacker uses a QUOTE PASV command after specifying a username and password. cpe:/o:sgi:irix:5.0.1 cpe:/o:freebsd:freebsd:2.1.0 cpe:/o:sgi:irix:5.1 cpe:/o:sgi:irix:6.4 cpe:/o:sgi:irix:5.0 cpe:/o:sgi:irix:6.0.1 cpe:/o:sgi:irix:6.3 cpe:/o:freebsd:freebsd:2.0.5 cpe:/o:sgi:irix:5.1.1 cpe:/o:sgi:irix:5.3 cpe:/o:sgi:irix:5.2 cpe:/o:sgi:irix:6.0 cpe:/o:sgi:irix:6.2 cpe:/o:sgi:irix:6.1 cpe:/o:freebsd:freebsd:2.0 cpe:/o:sun:sunos:4.1.4 cpe:/o:bsdi:bsd_os:2.1 cpe:/o:next:nextstep:4.0 cpe:/o:next:nextstep:4.1 cpe:/o:freebsd:freebsd:2.1.5 cpe:/o:sun:sunos:4.1.3u1 CVE-1999-0032 1996-10-25T00:00:00.000-04:00 2008-09-09T08:33:35.867-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS BID 707 CIAC I-042 SGI 19980402-01-PX Buffer overflow in lpr, as used in BSD-based systems including Linux, allows local users to execute arbitrary code as root via a long -C (classification) command line option. cpe:/o:sun:solaris:2.0 CVE-1999-0277 1996-10-28T00:00:00.000-05:00 2008-09-09T08:34:10.023-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS The WorkMan program can be used to overwrite any file to get root access. cpe:/o:sgi:irix:5.0.1 cpe:/o:sgi:irix:5.1 cpe:/o:sgi:irix:6.0.1::xfs cpe:/o:sgi:irix:6.3 cpe:/o:sgi:irix:5.0 cpe:/o:sgi:irix:6.0.1 cpe:/o:sgi:irix:5.1.1 cpe:/o:sgi:irix:5.3 cpe:/o:sgi:irix:5 cpe:/o:sgi:irix:5.2 cpe:/o:sgi:irix:6.0 cpe:/o:sgi:irix:6.2 cpe:/o:sgi:irix:6.1 cpe:/o:sgi:irix:5.3::xfs CVE-1999-1384 1996-10-30T00:00:00.000-05:00 2008-09-05T16:19:23.587-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS AUSCERT AA-96.08 BID 470 BUGTRAQ 19961030 (Another) vulnerability in new SGIs SGI 19961101-01-I XF irix-systour(7456) Indigo Magic System Tour in the SGI system tour package (systour) for IRIX 5.x through 6.3 allows local users to gain root privileges via a Trojan horse .exitops program, which is called by the inst command that is executed by the RemoveSystemTour program. cpe:/o:hp:hp-ux:10 CVE-1999-0311 1996-11-01T00:00:00.000-05:00 2008-09-09T08:34:16.413-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS HP HPSBUX9612-042 fpkg2swpk in HP-UX allows local users to gain root access. cpe:/o:hp:hp-ux:10 CVE-1999-0336 1996-11-01T00:00:00.000-05:00 2008-09-09T08:34:18.243-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS Buffer overflow in mstm in HP-UX allows local users to gain root access. cpe:/o:hp:hp-ux:10 cpe:/o:hp:hp-ux:9 CVE-1999-1161 1996-11-03T00:00:00.000-05:00 2008-09-05T16:18:51.977-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS HP HPSBUX9704-057 CIAC H-32 BUGTRAQ 19961104 ppl bugs BUGTRAQ 19961103 Re: Untitled XF hp-ppl(7438) Vulnerability in ppl in HP-UX 10.x and earlier allows local users to gain root privileges by forcing ppl to core dump. cpe:/a:caldera:network_desktop:1.0 cpe:/o:redhat:linux:4.0 cpe:/a:eric_allman:sendmail:8.7 cpe:/o:hp:hp-ux:10.01 cpe:/o:hp:hp-ux:10.00 cpe:/a:eric_allman:sendmail:8.8.1 cpe:/a:eric_allman:sendmail:8.8 cpe:/a:eric_allman:sendmail:8.8.2 cpe:/o:hp:hp-ux:10.10 cpe:/o:hp:hp-ux:10.20 cpe:/o:ibm:aix:4.2 cpe:/o:bsdi:bsd_os:2.1 cpe:/o:freebsd:freebsd:2.1.5 cpe:/o:freebsd:freebsd:2.1.6 CVE-1999-0130 1996-11-16T00:00:00.000-05:00 2008-09-09T08:33:49.007-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS BID 716 Local users can start Sendmail in daemon mode and gain root privileges. cpe:/o:digital:unix:3 CVE-1999-1221 1996-11-17T00:00:00.000-05:00 2008-09-05T16:19:00.587-04:00 2.1 LOCAL LOW NONE NONE PARTIAL NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 XF dgux-chpwd(399) BUGTRAQ 19961117 Digital Unix v3.x (v4.x?) security vulnerability dxchpwd in Digital Unix (OSF/1) 3.x allows local users to modify arbitrary files via a symlink attack on the dxchpwd.log file. cpe:/a:kth:kth_kerberos:4 CVE-1999-1099 1996-11-22T00:00:00.000-05:00 2008-09-05T16:18:43.227-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 XF kerberos-user-grab(65) BUGTRAQ 19961122 L0pht Kerberos Advisory Kerberos 4 allows remote attackers to obtain sensitive information via a malformed UDP packet that generates an error string that inadvertently includes the realm name and the last user. cpe:/a:gracenote:cddbd CVE-1999-1240 1996-11-26T00:00:00.000-05:00 2008-09-05T16:19:03.320-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS XF cddbd-bo(2203) Buffer overflow in cddbd CD database server allows remote attackers to execute arbitrary commands via a long log message. cpe:/o:hp:hp-ux:10.01 cpe:/o:hp:hp-ux:10.00 cpe:/o:hp:hp-ux:10.10 cpe:/o:hp:hp-ux:10.20 cpe:/o:hp:hp-ux:9.09 cpe:/o:hp:hp-ux:9.07 cpe:/o:hp:hp-ux:9.08 cpe:/o:hp:hp-ux:9.04 cpe:/o:hp:hp-ux:9.03 cpe:/o:hp:hp-ux:9.06 cpe:/o:hp:hp-ux:9.05 cpe:/o:hp:hp-ux:9.00 cpe:/o:hp:hp-ux:9.10 cpe:/o:hp:hp-ux:9.01 CVE-1999-0050 1996-12-01T00:00:00.000-05:00 2008-09-09T08:33:37.147-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS Buffer overflow in HP-UX newgrp program. cpe:/o:sgi:irix:5.1 cpe:/o:sgi:irix:6.0.1 cpe:/o:sgi:irix:5.3 cpe:/o:sgi:irix:5.1.1 cpe:/o:sgi:irix:5.2 cpe:/o:sgi:irix:6.0 cpe:/o:sgi:irix:6.2 cpe:/o:sgi:irix:6.1 CVE-1999-0044 1996-12-03T00:00:00.000-05:00 2008-09-09T08:33:36.743-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS SGI 19970301-01-P fsdump command in IRIX allows local users to obtain root access by modifying sensitive files. cpe:/o:hp:hp-ux:10.16 cpe:/a:eric_allman:sendmail:8.8 cpe:/o:hp:hp-ux:10.10 cpe:/o:sco:internet_faststart:1.0 cpe:/o:sco:internet_faststart:1.1 cpe:/o:sun:sunos:4.1.4 cpe:/o:sco:openserver:5.0 cpe:/o:sun:solaris:2.5::x86 cpe:/o:sun:solaris:2.5.1 cpe:/o:freebsd:freebsd:2.1.5 cpe:/o:freebsd:freebsd:2.1.6 cpe:/o:sun:solaris:2.4::x86 cpe:/o:sun:solaris:2.5.1::x86 cpe:/o:hp:hp-ux:10.01 cpe:/o:ibm:aix:3.2 cpe:/o:hp:hp-ux:10.00 cpe:/a:eric_allman:sendmail:8.8.1 cpe:/o:freebsd:freebsd:2.1.6.1 cpe:/a:eric_allman:sendmail:8.8.2 cpe:/o:hp:hp-ux:10.20 cpe:/a:eric_allman:sendmail:8.8.3 cpe:/o:sco:openserver:5.0.2 cpe:/o:sun:solaris:2.5 cpe:/o:ibm:aix:4.1 cpe:/o:ibm:aix:4.2 cpe:/o:sun:solaris:2.4 cpe:/o:sun:solaris:2.3 cpe:/o:bsdi:bsd_os:2.1 cpe:/o:sun:sunos:4.1.3u1 CVE-1999-0129 1996-12-03T00:00:00.000-05:00 2008-09-09T08:33:48.930-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS Sendmail allows local users to write to a file and gain group permissions via a .forward or :include: file. cpe:/o:redhat:linux:4.1 cpe:/o:redhat:linux:4.0 cpe:/h:nec:goah_networksv:3.1 cpe:/a:netscape:news_server:1.1 cpe:/h:nec:goah_networksv:1.2 cpe:/h:nec:goah_intrasv:1.1 cpe:/a:isc:inn:1.4sec2 cpe:/a:isc:inn:1.5 cpe:/o:caldera:openlinux:1.0 cpe:/o:bsdi:bsd_os:2.1 cpe:/a:isc:inn:1.4unoff3 cpe:/a:isc:inn:1.4sec cpe:/a:isc:inn:1.4unoff4 cpe:/h:nec:goah_networksv:2.2 CVE-1999-0043 1996-12-04T00:00:00.000-05:00 2008-09-09T08:33:36.647-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others. cpe:/o:sgi:irix:5.3::xfs cpe:/o:sgi:irix:5.0.1 cpe:/o:sgi:irix:6.0.1::xfs cpe:/o:sgi:irix:5.1 cpe:/o:sgi:irix:6.0.1 cpe:/o:sgi:irix:5.0 cpe:/o:sgi:irix:5.3 cpe:/o:sgi:irix:5.1.1 cpe:/o:sgi:irix:5.2 cpe:/o:sgi:irix:6.0 cpe:/o:sgi:irix:6.2 cpe:/o:sgi:irix:6.1 CVE-1999-1401 1996-12-05T00:00:00.000-05:00 2008-09-05T16:19:26.070-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS BID 463 SGI 19961201-01-PX XF irix-searchbook-permissions(7575) OSVDB 8563 Vulnerability in Desktop searchbook program in IRIX 5.0.x through 6.2 sets insecure permissions for certain user files (iconbook and searchbook). cpe:/a:netscape:communications_server:1.12 cpe:/a:apache:http_server:1.0.5 cpe:/a:apache:http_server:0.8.14 cpe:/a:apache:http_server:0.8.11 cpe:/a:netscape:communications_server:1.1 cpe:/a:netscape:enterprise_server:2.0a cpe:/a:apache:http_server:1.0.2 cpe:/a:apache:http_server:1.0 cpe:/a:netscape:commerce_server:1.12 cpe:/a:apache:http_server:1.1 cpe:/a:apache:http_server:1.0.3 CVE-1999-0045 1996-12-10T00:00:00.000-05:00 2008-09-09T08:33:36.807-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 List of arbitrary files on Web host via nph-test-cgi script. cpe:/o:ibm:aix:4.2 cpe:/o:ibm:aix:3.2 cpe:/o:ibm:aix:4.1 CVE-1999-0101 1996-12-10T00:00:00.000-05:00 2008-09-09T08:33:45.460-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS CIAC H-13 Buffer overflow in AIX and Solaris "gethostbyname" library call allows root access through corrupt DNS host names. cpe:/o:sco:internet_faststart:1.0 cpe:/o:sco:internet_faststart:1.1 cpe:/o:sco:openserver:5.0 cpe:/o:freebsd:freebsd:2.1.6.1 cpe:/o:bsdi:bsd_os cpe:/o:sco:openserver:5.0.2 cpe:/o:freebsd:freebsd:2.1.5 cpe:/o:freebsd:freebsd:2.1.6 CVE-1999-0096 1996-12-10T00:00:00.000-05:00 2008-09-09T08:33:41.883-04:00 5.0 NETWORK LOW NONE NONE PARTIAL NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 SUN 00122 Sendmail decode alias can be used to overwrite sensitive files. cpe:/o:redhat:linux cpe:/o:bsdi:bsd_os:2.1 cpe:/o:freebsd:freebsd:2.1.0 cpe:/o:netbsd:netbsd:2.0.4 cpe:/a:paul_vixie:vixie_cron:3.0 CVE-1999-0297 1996-12-12T00:00:00.000-05:00 2008-09-09T08:34:14.807-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS Buffer overflow in Vixie Cron library up to version 3.0 allows local users to obtain root access via a long environmental variable. cpe:/o:hp:hp-ux:10 cpe:/o:hp:hp-ux:10.20 cpe:/o:hp:hp-ux:9 CVE-1999-1089 1996-12-13T00:00:00.000-05:00 2008-09-05T16:18:41.807-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS CIAC H-21 CIAC H-16 BUGTRAQ 19961209 the HP Bug of the Week! Buffer overflow in chfn command in HP-UX 9.X through 10.20 allows local users to gain privileges via a long command line argument. cpe:/o:linux:linux_kernel:2.0 cpe:/o:sco:tcp_ip:1.2.1 cpe:/o:ibm:aix:3.2 cpe:/o:sun:sunos:5.5.1 cpe:/h:ibm:sng cpe:/o:digital:osf_1:1.3.3 cpe:/o:sun:sunos:5.4::x86 cpe:/o:sco:openserver:5.0.2 cpe:/h:ibm:sng:2.1 cpe:/o:sun:sunos:5.5.1::x86 cpe:/h:ibm:sng:2.2 cpe:/o:sco:open_desktop:3.0 cpe:/o:ibm:aix:4.1 cpe:/o:ibm:aix:4.2 cpe:/o:sco:internet_faststart:1.0 cpe:/o:sco:internet_faststart:1.1 cpe:/o:sun:sunos:5.5::x86 cpe:/o:sco:openserver:5.0 cpe:/o:sun:sunos:5.4 cpe:/o:linux:linux_kernel:1.3.0 cpe:/o:sun:sunos:5.5 CVE-1999-0128 1996-12-18T00:00:00.000-05:00 2008-09-09T08:33:48.867-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 Oversized ICMP ping packets can result in a denial of service, aka Ping o' Death. cpe:/o:hp:hp-ux CVE-1999-0127 1996-12-19T00:00:00.000-05:00 2008-09-09T08:33:48.807-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS swinstall and swmodify commands in SD-UX package in HP-UX systems allow local users to create or overwrite arbitrary files to gain root access. cpe:/o:freebsd:freebsd:2.1.0 cpe:/o:freebsd:freebsd:2.1.6.1 cpe:/o:freebsd:freebsd:1.0 cpe:/o:freebsd:freebsd:2.1.5 cpe:/o:freebsd:freebsd:1.1 cpe:/o:freebsd:freebsd:2.1.6 CVE-1999-1385 1996-12-19T00:00:00.000-05:00 2008-09-10T15:01:50.570-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS FREEBSD FreeBSD-SA-96:20 OSVDB 6085 XF ppp-bo(7465) BUGTRAQ 19961219 Exploit for ppp bug (FreeBSD 2.1.0). Buffer overflow in ppp program in FreeBSD 2.1 and earlier allows local users to gain privileges via a long HOME environment variable. cpe:/o:sun:solaris:2.4::x86 cpe:/o:sun:solaris:2.5.1::x86 cpe:/o:sun:solaris:2.5::x86 CVE-1999-1026 1996-12-20T00:00:00.000-05:00 2008-09-05T16:18:32.917-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS BID 292 BUGTRAQ 19961220 Solaris 2.5 x86 aspppd (semi-exploitable-hole) aspppd on Solaris 2.5 x86 allows local users to modify arbitrary files and gain root privileges via a symlink attack on the /tmp/.asppp.fifo file. cpe:/a:renaud_deraison:jj CVE-1999-0260 1996-12-24T00:00:00.000-05:00 2008-09-09T08:34:08.867-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS The jj CGI program allows command execution via shell metacharacters. cpe:/o:hp:hp-ux:10.10 cpe:/o:hp:hp-ux:10.20 CVE-1999-1251 1996-12-24T00:00:00.000-05:00 2008-09-05T16:19:04.883-04:00 2.1 LOCAL LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 XF hp-audio-panic(2010) HP HPSBUX9612-043 Vulnerability in direct audio user space code on HP-UX 10.20 and 10.10 allows local users to cause a denial of service. cpe:/o:novell:netware:3.12 cpe:/o:microware:os-9 CVE-1999-0265 1997-01-01T00:00:00.000-05:00 2008-09-09T08:34:09.210-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 MSKB Q154174 ICMP redirect messages may crash or lock up a host. cpe:/o:microsoft:windows_nt:4.0 cpe:/o:microsoft:windows_nt:4.0:sp1 cpe:/o:microsoft:windows_nt:4.0:sp2 CVE-1999-0274 1997-01-01T00:00:00.000-05:00 2008-09-09T08:34:09.820-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 Denial of service in Windows NT DNS servers through malicious packet which contains a response to a query that wasn't made. cpe:/a:apache:http_server cpe:/a:ncsa:servers CVE-1999-0236 1997-01-01T00:00:00.000-05:00 2008-09-09T08:34:03.273-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs. cpe:/o:sun:sunos:4.1.1 cpe:/o:sun:sunos:4.1.2 cpe:/o:sun:sunos:4.1.3 cpe:/o:sun:sunos:4.0.3c cpe:/o:sun:sunos:4.1psr_a cpe:/o:sun:sunos:4.1.3a1 cpe:/o:sun:sunos:4.1 cpe:/o:sun:sunos:4.0.3 CVE-1999-0217 1997-01-01T00:00:00.000-05:00 2008-09-09T08:34:01.790-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 Malicious option settings in UDP packets could force a reboot in SunOS 4.1.3 systems. cpe:/o:microsoft:windows_nt cpe:/o:microsoft:windows_2000 CVE-1999-0249 1997-01-01T00:00:00.000-05:00 2008-09-09T08:34:04.273-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS Windows NT RSHSVC program allows remote users to execute arbitrary commands. cpe:/a:talkd:talkd CVE-1999-0251 1997-01-01T00:00:00.000-05:00 2008-09-09T08:34:04.413-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 Denial of service in talk program allows remote attackers to disrupt a user's display. cpe:/a:lsoft:listserv CVE-1999-0252 1997-01-01T00:00:00.000-05:00 2008-09-09T08:34:08.337-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS Buffer overflow in listserv allows arbitrary command execution. cpe:/a:microsoft:internet_information_server:2.0 cpe:/a:microsoft:internet_information_server:3.0 cpe:/a:microsoft:internet_information_server:1.0 CVE-1999-0253 1997-01-01T00:00:00.000-05:00 2008-09-09T08:34:08.397-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 IIS 3.0 with the iis-fix hotfix installed allows remote intruders to read source code for ASP programs by using a %2e instead of a . (dot) in the URL. cpe:/a:eric_allman:sendmail:8.6.9 CVE-1999-0204 1997-01-01T00:00:00.000-05:00 2008-09-09T08:34:00.773-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS Sendmail 8.6.9 allows remote attackers to execute root commands, using ident. cpe:/a:ftp:ftp CVE-1999-0201 1997-01-01T00:00:00.000-05:00 2008-09-09T08:34:00.197-04:00 6.4 NETWORK LOW NONE PARTIAL PARTIAL NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 A quote cwd command on FTP servers can reveal the full path of the home directory of the "ftp" user. cpe:/a:washington_university:wu-ftpd:2.4.1 CVE-1999-0202 1997-01-01T00:00:00.000-05:00 2008-09-09T08:34:00.647-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS The GNU tar command, when used in FTP sessions, may allow an attacker to execute arbitrary commands. cpe:/a:oreilly:oreilly_website:1.1e CVE-1999-0178 1997-01-01T00:00:00.000-05:00 2008-09-09T08:33:54.540-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS XF http-website-winsample(295) BID 2078 OSVDB 8 BUGTRAQ 19970106 Re: signal handling Buffer overflow in the win-c-sample program (win-c-sample.exe) in the WebSite web server 1.1e allows remote attackers to execute arbitrary code via a long query string. cpe:/o:microsoft:windows_nt:3.5.1 cpe:/o:microsoft:windows_95 CVE-1999-0179 1997-01-01T00:00:00.000-05:00 2008-09-09T08:33:54.647-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 MSKB Q140818 Windows NT crashes or locks up when a Samba client executes a "cd .." command on a file share. CVE-1999-0180 1997-01-01T00:00:00.000-05:00 2008-09-09T08:33:54.727-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS in.rshd allows users to login with a NULL username and execute commands. cpe:/a:matt_wright:formmail CVE-1999-0173 1997-01-01T00:00:00.000-05:00 2008-09-09T08:33:54.103-04:00 5.0