Caldera Openlinux Workstation vulnerabilities

CVE-2003-0658 [MEDIUM] CVE-2003-0658: Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Ap Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.

CVE-2002-0835 [MEDIUM] CVE-2002-0835: Preboot eXecution Environment (PXE) server allows remote attackers to cause a denial of service (cra Preboot eXecution Environment (PXE) server allows remote attackers to cause a denial of service (crash) via certain DHCP packets from Voice-Over-IP (VOIP) phones.

CVE-2002-0512 [MEDIUM] CVE-2002-0512: startkde in KDE for Caldera OpenLinux 2.3 through 3.1.1 sets the LD_LIBRARY_PATH environment variabl startkde in KDE for Caldera OpenLinux 2.3 through 3.1.1 sets the LD_LIBRARY_PATH environment variable to include the current working directory, which could allow local users to gain privileges of other users running startkde via Trojan horse libraries.

CVE-2002-0164 [MEDIUM] CVE-2002-0164: Vulnerability in the MIT-SHM extension of the X server on Linux (XFree86) 4.2.1 and earlier allows l Vulnerability in the MIT-SHM extension of the X server on Linux (XFree86) 4.2.1 and earlier allows local users to read and write arbitrary shared memory, possibly to cause a denial of service or gain privileges.

CVE-2002-0004 [HIGH] CVE-2002-0004: Heap corruption vulnerability in the "at" program allows local users to execute arbitrary code via a Heap corruption vulnerability in the "at" program allows local users to execute arbitrary code via a malformed execution time, which causes at to free the same memory twice.

CVE-2001-0869 [HIGH] CVE-2001-0869: Format string vulnerability in the default logging callback function _sasl_syslog in common.c in Cyr Format string vulnerability in the default logging callback function _sasl_syslog in common.c in Cyrus SASL library (cyrus-sasl) may allow remote attackers to execute arbitrary commands.

CVE-2001-0851 [MEDIUM] CVE-2001-0851: Linux kernel 2.0, 2.2 and 2.4 with syncookies enabled allows remote attackers to bypass firewall rul Linux kernel 2.0, 2.2 and 2.4 with syncookies enabled allows remote attackers to bypass firewall rules by brute force guessing the cookie.

CVE-2001-0980 [HIGH] CVE-2001-0980: docview before 1.0-15 allows remote attackers to execute arbitrary commands via shell metacharacters docview before 1.0-15 allows remote attackers to execute arbitrary commands via shell metacharacters that are processed when converting a man page to a web page.