Download
| Alert*
CVE-2001-0125
exmh 2.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the exmhErrorMsg temporary file. CVE-2001-0169 When using the LD_PRELOAD environmental variable in SUID or SGID applications, glibc does not verify that preloaded libraries in /etc/ld.so.cache are also SUID/SGID, which could allow a local user to overwrite arbitrary files by loading a library from /lib or /usr/lib. CVE-2001-0140 arpwatch 2.1a4 allows local users to overwrite arbitrary files via a symlink attack in some configurations. CVE-2000-0633 Vulnerability in Mandrake Linux usermode package allows local users to to reboot or halt the system. CVE-2001-0120 useradd program in shadow-utils program may allow local users to overwrite arbitrary files via a symlink attack. CVE-2001-0142 squid 2.3 and earlier allows local users to overwrite arbitrary files via a symlink attack in some configurations. CVE-2001-0128 Zope before 2.2.4 does not properly compute local roles, which could allow users to bypass specified access restrictions and gain privileges. CVE-2000-1134 Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash, follow symlinks when processing << redirects (aka here-documents or in-here documents), which allows local users to overwrite files of other users via a symlink attack. CVE-2000-1059 The default configuration of the Xsession file in Mandrake Linux 7.1 and 7.0 bypasses the Xauthority access control mechanism with an "xhost + localhost" command, which allows local users to sniff X Windows events and gain privileges. CVE-2000-0607 Buffer overflow in fld program in Kanji on Console (KON) package on Linux may allow local users to gain root privileges via an input file containing long CHARSET_REGISTRY or CHARSET_ENCODING settings. CVE-2000-0606 Buffer overflow in kon program in Kanji on Console (KON) package on Linux may allow local users to gain root privileges via a long -StartupMessage parameter. CVE-2001-0178 kdesu program in KDE2 (KDE before 2.2.0-6) does not properly verify the owner of a UNIX socket that is used to send a password, which allows local users to steal passwords and gain privileges. CVE-2000-0867 Kernel logging daemon (klogd) in Linux does not properly cleanse user-injected format strings, which allows local users to gain root privileges by triggering malformed kernel messages. CVE-2000-0844 Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen. CVE-2000-0566 makewhatis in Linux man package allows local users to overwrite files via a symlink attack. CVE-2000-0883 The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory. CVE-2001-0119 getty_ps 2.0.7j allows local users to overwrite arbitrary files via a symlink attack. CVE-2001-0116 gpm 1.19.3 allows local users to overwrite arbitrary files via a symlink attack. CVE-2001-0138 privatepw program in wu-ftpd before 2.6.1-6 allows local users to overwrite arbitrary files via a symlink attack. CVE-2001-0117 sdiff 2.7 in the diffutils package allows local users to overwrite files via a symlink attack. CVE-2001-0139 inn 2.2.3 allows local users to overwrite arbitrary files via a symlink attack in some configurations. CVE-2001-0118 rdist 6.1.5 allows local users to overwrite arbitrary files via a symlink attack. CVE-2000-1042 Buffer overflow in ypserv in Mandrake Linux 7.1 and earlier, and possibly other Linux operating systems, allows an attacker to gain root privileges when ypserv is built without a vsyslog() function. CVE-2000-1043 Format string vulnerability in ypserv in Mandrake Linux 7.1 and earlier, and possibly other Linux operating systems, allows an attacker to gain root privileges when ypserv is built without a vsyslog() function. CVE-2000-0718 A race condition in MandrakeUpdate allows local users to modify RPM files while they are in the /tmp directory before they are installed. CVE-2001-0441 Buffer overflow in (1) wrapping and (2) unwrapping functions of slrn news reader before 0.9.7.0 allows remote attackers to execute arbitrary commands via a long message header. CVE-2001-0388 time server daemon timed allows remote attackers to cause a denial of service via malformed packets. CVE-2001-0440 Buffer overflow in logging functions of licq before 1.0.3 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands. CVE-2001-1030 Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning. CVE-2001-0279 Buffer overflow in sudo earlier than 1.6.3p6 allows local users to gain root privileges. CVE-2001-0473 Format string vulnerability in Mutt before 1.2.5 allows a remote malicious IMAP server to execute arbitrary commands. CVE-2001-0416 sgml-tools (aka sgmltools) before 1.0.9-15 creates temporary files with insecure permissions, which allows other users to read files that are being processed by sgml-tools. CVE-2001-0977 slapd in OpenLDAP 1.x before 1.2.12, and 2.x before 2.0.8, allows remote attackers to cause a denial of service (crash) via an invalid Basic Encoding Rules (BER) length field. CVE-2001-0439 licq before 1.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a URL. CVE-2001-0736 Vulnerability in (1) pine before 4.33 and (2) the pico editor, included with pine, allows local users local users to overwrite arbitrary files via a symlink attack. CVE-2001-0458 Multiple buffer overflows in ePerl before 2.2.14-0.7 allow local and remote attackers to execute arbitrary commands. CVE-2001-1449 The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories. CVE-2002-0638 setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utilit ... CVE-2002-1814 Buffer overflow in efstools in Bonobo, when installed setuid, allows local users to execute arbitrary code via long command line arguments. CVE-2002-0083 Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges. |