Trustix Secure Linux vulnerabilities

CVE-2000-1009 [HIGH] CVE-2000-1009: dump in Red Hat Linux 6.2 trusts the pathname specified by the RSH environmental variable, which all dump in Red Hat Linux 6.2 trusts the pathname specified by the RSH environmental variable, which allows local users to obtain root privileges by modifying the RSH variable to point to a Trojan horse program.

CVE-2000-0844 [CRITICAL] CWE-264 CVE-2000-0844: Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected fo Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.

CVE-2000-0867 [HIGH] CVE-2000-0867: Kernel logging daemon (klogd) in Linux does not properly cleanse user-injected format strings, which Kernel logging daemon (klogd) in Linux does not properly cleanse user-injected format strings, which allows local users to gain root privileges by triggering malformed kernel messages.

CVE-2000-0791 [MEDIUM] CVE-2000-0791: Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows lo Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.

CVE-2000-0666 [CRITICAL] CVE-2000-0666: rpc.statd in the nfs-utils package in various Linux distributions does not properly cleanse untruste rpc.statd in the nfs-utils package in various Linux distributions does not properly cleanse untrusted format strings, which allows remote attackers to gain root privileges.