Redhat Linux vulnerabilities

CVE-1999-1496 [LOW] CVE-1999-1496: Sudo 1.5 in Debian Linux 2.1 and Red Hat 6.0 allows local users to determine the existence of arbitr Sudo 1.5 in Debian Linux 2.1 and Red Hat 6.0 allows local users to determine the existence of arbitrary files by attempting to execute the target filename as a program, which generates a different error message when the file does not exist.

CVE-1999-0804 [MEDIUM] CVE-1999-0804: Denial of service in Linux 2.2.x kernels via malformed ICMP packets containing unusual types, codes, Denial of service in Linux 2.2.x kernels via malformed ICMP packets containing unusual types, codes, and IP header lengths.

CVE-2000-0364 [MEDIUM] CVE-2000-0364: screen and rxvt in Red Hat Linux 6.0 do not properly set the modes of tty devices, which allows loca screen and rxvt in Red Hat Linux 6.0 do not properly set the modes of tty devices, which allows local users to write to other ttys.

CVE-2000-0365 [MEDIUM] CVE-2000-0365: Red Hat Linux 6.0 installs the /dev/pts file system with insecure modes, which allows local users to Red Hat Linux 6.0 installs the /dev/pts file system with insecure modes, which allows local users to write to other tty devices.

CVE-1999-0434 [HIGH] CVE-1999-0434: XFree86 xfs command is vulnerable to a symlink attack, allowing local users to create files in restr XFree86 xfs command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service.

CVE-1999-0433 [MEDIUM] CVE-1999-0433: XFree86 startx command is vulnerable to a symlink attack, allowing local users to create files in re XFree86 startx command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service.

CVE-1999-0405 [HIGH] CVE-1999-0405: A buffer overflow in lsof allows local users to obtain root privilege. A buffer overflow in lsof allows local users to obtain root privilege.

CVE-1999-0368 [CRITICAL] CVE-1999-0368: Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto.

CVE-1999-0002 [CRITICAL] CWE-119 CVE-1999-0002: Buffer overflow in NFS mountd gives root access to remote attackers, mostly in Linux systems. Buffer overflow in NFS mountd gives root access to remote attackers, mostly in Linux systems.

CVE-1999-1048 [MEDIUM] CVE-1999-1048: Buffer overflow in bash 2.0.0, 1.4.17, and other versions allows local attackers to gain privileges Buffer overflow in bash 2.0.0, 1.4.17, and other versions allows local attackers to gain privileges by creating an extremely large directory name, which is inserted into the password prompt via the \w option in the PS1 environmental variable when another user changes into that directory.

CVE-1999-1406 [LOW] CVE-1999-1406: dumpreg in Red Hat Linux 5.1 opens /dev/mem with O_RDWR access, which allows local users to cause a dumpreg in Red Hat Linux 5.1 opens /dev/mem with O_RDWR access, which allows local users to cause a denial of service (crash) by redirecting fd 1 (stdout) to the kernel.

CVE-1999-1490 [HIGH] CVE-1999-1490: xosview 1.5.1 in Red Hat 5.1 allows local users to gain root access via a long HOME environmental va xosview 1.5.1 in Red Hat 5.1 allows local users to gain root access via a long HOME environmental variable.

CVE-1999-0009 [CRITICAL] CVE-1999-0009: Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases. Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases.

CVE-1999-0011 [MEDIUM] CWE-1067 CVE-1999-0011: Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases via CNAME record and zone transfer Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases via CNAME record and zone transfer.

CVE-1999-0010 [MEDIUM] CVE-1999-0010: Denial of Service vulnerability in BIND 8 Releases via maliciously formatted DNS messages. Denial of Service vulnerability in BIND 8 Releases via maliciously formatted DNS messages.

CVE-1999-1407 [LOW] CVE-1999-1407: ifdhcpc-done script for configuring DHCP on Red Hat Linux 5 allows local users to append text to arb ifdhcpc-done script for configuring DHCP on Red Hat Linux 5 allows local users to append text to arbitrary files via a symlink attack on the dhcplog file.

CVE-1999-0502 [HIGH] CVE-1999-0502: A Unix account has a default, null, blank, or missing password. A Unix account has a default, null, blank, or missing password.

CVE-1999-0192 [CRITICAL] CVE-1999-0192: Buffer overflow in telnet daemon tgetent routing allows remote attackers to gain root access via the Buffer overflow in telnet daemon tgetent routing allows remote attackers to gain root access via the TERMCAP environmental variable.

CVE-1999-1095 [HIGH] CVE-1999-1095: sort creates temporary files and follows symbolic links, which allows local users to modify arbitrar sort creates temporary files and follows symbolic links, which allows local users to modify arbitrary files that are writable by the user running sort, as observed in updatedb and other programs that use sort.

CVE-1999-1182 [HIGH] CVE-1999-1182: Buffer overflow in run-time linkers (1) ld.so or (2) ld-linux.so for Linux systems allows local user Buffer overflow in run-time linkers (1) ld.so or (2) ld-linux.so for Linux systems allows local users to gain privileges by calling a setuid program with a long program name (argv[0]) and forcing ld.so/ld-linux.so to report an error.