Top: Advisories: Unix

AIX

BSD

Linux

SGI

Solaris

• CA-2000-17: Input Validation Problem In rpc.statd
  The CERT/CC has begun receiving reports of an input validation vulnerability in the rpc.statd program being exploited. This program is included, and often installed by default, in several popular Linux distributions.
  
• CA-2001-17: Check Point RDP Bypass Vulnerability
  
  
• CA-99-01 Trojan TCP Wrappers
  The CERT Coordination Center has received confirmation that some copies of the source code for the TCP Wrappers tool (tcpd) were modified by an intruder and contain a Trojan horse. An intruder can gain unauthorized root access to any host running this Trojan horse version of TCP Wrappers.
  
• CA-99-05 Vulnerability in statd exposes vulnerability in automountd
  Important new vendor information was added to this advisory, which describes two vulnerabilities, one in statd and one in automountd, that are being used together by intruders to gain access to vulnerable systems.
  
• CA-99-08 Buffer overflow vulnerability in rpc.cmsd
  There is a buffer overflow vulnerability in the Calendar Manager Service Daemon, rpc.cmsd. This vulnerability allows remote and local users to execute arbitrary code with the privileges of cmsd, typically root. A tool to exploit this vulnerability has been publicly released.
  
• CA-99-11 Four Vulnerabilities in the Common Desktop Environment
  Multiple vulnerabilities have been identified in some distributions of the Common Desktop Environment (CDE). These vulnerabilities are different from those discussed in CA-98.02.
  
• CA-99-12 Buffer Overflow in amd
  There is a buffer overflow vulnerability in the logging facility of the amd daemon. By exploiting this vulnerability, remote intruders can execute arbitrary code as the user running the amd daemon (usually root).
  
• CA-99-13 Multiple Vulnerabilities in WU-FTPD
  Three vulnerabilities have been identified in WU-FTPD and other ftp daemons based on the WU-FTPD source code. WU-FTPD is a common package used to provide File Transfer Protocol (FTP) services.
  
• CA-99-15 Buffer Overflows in SSH daemon and RSAREF2 Library
  Some versions of sshd are vulnerable to a buffer overflow that can allow an intruder to influence certain variables internal to the program. This vulnerability alone does not allow an intruder to execute code. However, a vulnerability in RSAREF2 can be used in conjunction to allow remote intruder to execute arbitrary code.
  
• CiscoSecure Access Control Server for UNIX Remote Administration
  In CiscoSecure Access Control Server (CiscoSecure ACS) for UNIX, versions``1.0 through 2.3.2, there is a database access protocol that could permit``unauthorized remote users to read and write the server database without``authentication. Depending on the network environment, this might permit``unauthorized users to modify the access policies enforced by the``CiscoSecure ACS.
  

[ 1 2 ]