Sco Open Desktop vulnerabilities

CVE-1999-1185 [HIGH] CVE-1999-1185: Buffer overflow in SCO mscreen allows local users to gain root privileges via a long terminal entry Buffer overflow in SCO mscreen allows local users to gain root privileges via a long terminal entry (TERM) in the .mscreenrc file.

CVE-1999-0009 [CRITICAL] CVE-1999-0009: Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases. Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases.

CVE-1999-0011 [MEDIUM] CWE-1067 CVE-1999-0011: Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases via CNAME record and zone transfer Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases via CNAME record and zone transfer.

CVE-1999-0010 [MEDIUM] CVE-1999-0010: Denial of Service vulnerability in BIND 8 Releases via maliciously formatted DNS messages. Denial of Service vulnerability in BIND 8 Releases via maliciously formatted DNS messages.

CVE-1999-0017 [HIGH] CVE-1999-0017: FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP clien FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce.

CVE-1999-1209 [HIGH] CVE-1999-1209: Vulnerability in scoterm in SCO OpenServer 5.0 and SCO Open Desktop/Open Server 3.0 allows local use Vulnerability in scoterm in SCO OpenServer 5.0 and SCO Open Desktop/Open Server 3.0 allows local users to gain root privileges.

CVE-1999-0024 [MEDIUM] CVE-1999-0024: DNS cache poisoning via BIND, by predictable query IDs. DNS cache poisoning via BIND, by predictable query IDs.

CVE-1999-0033 [HIGH] CVE-1999-0033: Command execution in Sun systems via buffer overflow in the at program. Command execution in Sun systems via buffer overflow in the at program.

CVE-1999-0345 [MEDIUM] CVE-1999-0345: Jolt ICMP attack causes a denial of service in Windows 95 and Windows NT systems. Jolt ICMP attack causes a denial of service in Windows 95 and Windows NT systems.

CVE-1999-0128 [MEDIUM] CVE-1999-0128: Oversized ICMP ping packets can result in a denial of service, aka Ping o' Death. Oversized ICMP ping packets can result in a denial of service, aka Ping o' Death.

CVE-1999-0023 [HIGH] CVE-1999-0023: Local user gains root privileges via buffer overflow in rdist, via lookup() function. Local user gains root privileges via buffer overflow in rdist, via lookup() function.

CVE-1999-0019 [MEDIUM] CVE-1999-0019: Delete or create a file via rpc.statd, due to invalid information. Delete or create a file via rpc.statd, due to invalid information.

CVE-1999-1302 [HIGH] CVE-1999-1302: Unspecified vulnerability in pt_chmod in SCO UNIX 4.2 and earlier allows local users to gain root ac Unspecified vulnerability in pt_chmod in SCO UNIX 4.2 and earlier allows local users to gain root access.

CVE-1999-1303 [HIGH] CVE-1999-1303: Vulnerability in prwarn in SCO UNIX 4.2 and earlier allows local users to gain root access. Vulnerability in prwarn in SCO UNIX 4.2 and earlier allows local users to gain root access.

CVE-1999-1305 [HIGH] CVE-1999-1305: Vulnerability in "at" program in SCO UNIX 4.2 and earlier allows local users to gain root access. Vulnerability in "at" program in SCO UNIX 4.2 and earlier allows local users to gain root access.

CVE-1999-1304 [HIGH] CVE-1999-1304: Vulnerability in login in SCO UNIX 4.2 and earlier allows local users to gain root access. Vulnerability in login in SCO UNIX 4.2 and earlier allows local users to gain root access.

CVE-1999-1138 [CRITICAL] CVE-1999-1138: SCO UNIX System V/386 Release 3.2, and other SCO products, installs the home directories (1) /tmp fo SCO UNIX System V/386 Release 3.2, and other SCO products, installs the home directories (1) /tmp for the dos user, and (2) /usr/tmp for the asg user, which allows other users to gain access to those accounts since /tmp and /usr/tmp are world-writable.

CVE-1999-1162 [MEDIUM] CVE-1999-1162: Vulnerability in passwd in SCO UNIX 4.0 and earlier allows attackers to cause a denial of service by Vulnerability in passwd in SCO UNIX 4.0 and earlier allows attackers to cause a denial of service by preventing users from being able to log into the system.