Redhat Linux vulnerabilities

CVE-2001-0977 [MEDIUM] CVE-2001-0977: slapd in OpenLDAP 1.x before 1.2.12, and 2.x before 2.0.8, allows remote attackers to cause a denial slapd in OpenLDAP 1.x before 1.2.12, and 2.x before 2.0.8, allows remote attackers to cause a denial of service (crash) via an invalid Basic Encoding Rules (BER) length field.

CVE-2001-0439 [HIGH] CVE-2001-0439: licq before 1.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in licq before 1.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.

CVE-2001-0473 [HIGH] CVE-2001-0473: Format string vulnerability in Mutt before 1.2.5 allows a remote malicious IMAP server to execute ar Format string vulnerability in Mutt before 1.2.5 allows a remote malicious IMAP server to execute arbitrary commands.

CVE-2001-0441 [HIGH] CVE-2001-0441: Buffer overflow in (1) wrapping and (2) unwrapping functions of slrn news reader before 0.9.7.0 allo Buffer overflow in (1) wrapping and (2) unwrapping functions of slrn news reader before 0.9.7.0 allows remote attackers to execute arbitrary commands via a long message header.

CVE-2001-0496 [MEDIUM] CVE-2001-0496: kdesu in kdelibs package creates world readable temporary files containing authentication info, whic kdesu in kdelibs package creates world readable temporary files containing authentication info, which can allow local users to gain privileges.

CVE-2001-0309 [MEDIUM] CVE-2001-0309: inetd in Red Hat 6.2 does not properly close sockets for internal services such as chargen, daytime, inetd in Red Hat 6.2 does not properly close sockets for internal services such as chargen, daytime, echo, etc., which allows remote attackers to cause a denial of service via a series of connections to the internal services.

CVE-2001-1028 [HIGH] CVE-2001-1028: Buffer overflow in ultimate_source function of man 1.5 and earlier allows local users to gain privil Buffer overflow in ultimate_source function of man 1.5 and earlier allows local users to gain privileges.

CVE-2001-0197 [CRITICAL] CVE-2001-0197: Format string vulnerability in print_client in icecast 1.3.8beta2 and earlier allows remote attacker Format string vulnerability in print_client in icecast 1.3.8beta2 and earlier allows remote attackers to execute arbitrary commands.

CVE-2001-0233 [CRITICAL] CVE-2001-0233: Buffer overflow in micq client 0.4.6 and earlier allows remote attackers to cause a denial of servic Buffer overflow in micq client 0.4.6 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long Description field.

CVE-2001-0170 [LOW] CVE-2001-0170: glibc 2.1.9x and earlier does not properly clear the RESOLV_HOST_CONF, HOSTALIASES, or RES_OPTIONS e glibc 2.1.9x and earlier does not properly clear the RESOLV_HOST_CONF, HOSTALIASES, or RES_OPTIONS environmental variables when executing setuid/setgid programs, which could allow local users to read arbitrary files.

CVE-2001-0169 [LOW] CVE-2001-0169: When using the LD_PRELOAD environmental variable in SUID or SGID applications, glibc does not verify When using the LD_PRELOAD environmental variable in SUID or SGID applications, glibc does not verify that preloaded libraries in /etc/ld.so.cache are also SUID/SGID, which could allow a local user to overwrite arbitrary files by loading a library from /lib or /usr/lib.

CVE-2001-0128 [HIGH] CVE-2001-0128: Zope before 2.2.4 does not properly compute local roles, which could allow users to bypass specified Zope before 2.2.4 does not properly compute local roles, which could allow users to bypass specified access restrictions and gain privileges.

CVE-2000-0314 [MEDIUM] CVE-2000-0314: traceroute in NetBSD 1.3.3 and Linux systems allows local users to flood other systems by providing traceroute in NetBSD 1.3.3 and Linux systems allows local users to flood other systems by providing traceroute with a large waittime (-w) option, which is not parsed properly and sets the time delay for sending packets to zero.

CVE-2000-0315 [MEDIUM] CVE-2000-0315: traceroute in NetBSD 1.3.3 and Linux systems allows local unprivileged users to modify the source ad traceroute in NetBSD 1.3.3 and Linux systems allows local unprivileged users to modify the source address of the packets, which could be used in spoofing attacks.

CVE-2001-0139 [LOW] CVE-2001-0139: inn 2.2.3 allows local users to overwrite arbitrary files via a symlink attack in some configuration inn 2.2.3 allows local users to overwrite arbitrary files via a symlink attack in some configurations.

CVE-2001-0120 [LOW] CVE-2001-0120: useradd program in shadow-utils program may allow local users to overwrite arbitrary files via a sym useradd program in shadow-utils program may allow local users to overwrite arbitrary files via a symlink attack.

CVE-2001-0143 [LOW] CVE-2001-0143: vpop3d program in linuxconf 1.23r and earlier allows local users to overwrite arbitrary files via a vpop3d program in linuxconf 1.23r and earlier allows local users to overwrite arbitrary files via a symlink attack.

CVE-2001-0142 [LOW] CVE-2001-0142: squid 2.3 and earlier allows local users to overwrite arbitrary files via a symlink attack in some c squid 2.3 and earlier allows local users to overwrite arbitrary files via a symlink attack in some configurations.

CVE-2001-0116 [LOW] CVE-2001-0116: gpm 1.19.3 allows local users to overwrite arbitrary files via a symlink attack. gpm 1.19.3 allows local users to overwrite arbitrary files via a symlink attack.

CVE-2001-0140 [LOW] CVE-2001-0140: arpwatch 2.1a4 allows local users to overwrite arbitrary files via a symlink attack in some configur arpwatch 2.1a4 allows local users to overwrite arbitrary files via a symlink attack in some configurations.