Openlinux
by Caldera
CVEs (52)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-1999-0043 | Cri | 0.67 | 9.8 | 0.45 | Dec 4, 1996 | Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others. | ||
| CVE-2000-0917 | 0.09 | — | 0.79 | Dec 19, 2000 | Format string vulnerability in use_syslog() function in LPRng 3.6.24 allows remote attackers to execute arbitrary commands. | |||
| CVE-1999-0368 | 0.06 | — | 0.39 | Feb 9, 1999 | Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto. | |||
| CVE-1999-0002 | 0.05 | — | 0.28 | Oct 12, 1998 | Buffer overflow in NFS mountd gives root access to remote attackers, mostly in Linux systems. | |||
| CVE-2000-0844 | 0.04 | — | 0.15 | Nov 14, 2000 | Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen. | |||
| CVE-2000-0594 | 0.04 | — | 0.10 | Jul 4, 2000 | BitchX IRC client does not properly cleanse an untrusted format string, which allows remote attackers to cause a denial of service via an invite to a channel whose name includes special formatting characters. | |||
| CVE-2000-0491 | 0.04 | — | 0.18 | May 24, 2000 | Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and wdm allows remote attackers to execute arbitrary commands or cause a denial of service via a long FORWARD_QUERY request. | |||
| CVE-1999-0879 | 0.04 | — | 0.10 | Oct 1, 1999 | Buffer overflow in WU-FTPD and related FTP servers allows remote attackers to gain root privileges via macro variables in a message file. | |||
| CVE-1999-0009 | 0.04 | — | 0.29 | Apr 8, 1998 | Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases. | |||
| CVE-1999-0042 | 0.04 | — | 0.13 | Apr 7, 1997 | Buffer overflow in University of Washington's implementation of IMAP and POP servers. | |||
| CVE-2002-0004 | 0.03 | — | 0.01 | Feb 27, 2002 | Heap corruption vulnerability in the "at" program allows local users to execute arbitrary code via a malformed execution time, which causes at to free the same memory twice. | |||
| CVE-2000-1134 | 0.03 | — | 0.01 | Jan 9, 2001 | Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash, follow symlinks when processing << redirects (aka here-documents or in-here documents), which allows local users to overwrite files of other users via a symlink attack. | |||
| CVE-2000-0530 | 0.03 | — | 0.01 | May 31, 2000 | The KApplication class in the KDE 1.1.2 configuration file management capability allows local users to overwrite arbitrary files. | |||
| CVE-2000-0438 | 0.03 | — | 0.01 | May 22, 2000 | Buffer overflow in fdmount on Linux systems allows local users in the "floppy" group to execute arbitrary commands via a long mountpoint parameter. | |||
| CVE-2000-0192 | 0.03 | — | 0.06 | Mar 5, 2000 | The default installation of Caldera OpenLinux 2.3 includes the CGI program rpm_query, which allows remote attackers to determine what packages are installed on the system. | |||
| CVE-2000-0218 | 0.03 | — | 0.01 | Feb 3, 2000 | Buffer overflow in Linux mount and umount allows local users to gain root privileges via a long relative pathname. | |||
| CVE-2000-0531 | 0.03 | — | 0.01 | Nov 23, 1999 | Linux gpm program allows local users to cause a denial of service by flooding the /dev/gpmctl device with STREAM sockets. | |||
| CVE-1999-0769 | 0.03 | — | 0.01 | Aug 25, 1999 | Vixie Cron on Linux systems allows local users to set parameters of sendmail commands via the MAILTO environmental variable. | |||
| CVE-2002-0835 | 0.01 | — | 0.07 | Oct 4, 2002 | Preboot eXecution Environment (PXE) server allows remote attackers to cause a denial of service (crash) via certain DHCP packets from Voice-Over-IP (VOIP) phones. | |||
| CVE-1999-0104 | 0.01 | — | 0.09 | Dec 16, 1997 | A later variation on the Teardrop IP denial of service attack, a.k.a. Teardrop-2. |
- risk 0.67cvss 9.8epss 0.45
Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others.
- CVE-2000-0917Dec 19, 2000risk 0.09cvss —epss 0.79
Format string vulnerability in use_syslog() function in LPRng 3.6.24 allows remote attackers to execute arbitrary commands.
- CVE-1999-0368Feb 9, 1999risk 0.06cvss —epss 0.39
Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto.
- CVE-1999-0002Oct 12, 1998risk 0.05cvss —epss 0.28
Buffer overflow in NFS mountd gives root access to remote attackers, mostly in Linux systems.
- CVE-2000-0844Nov 14, 2000risk 0.04cvss —epss 0.15
Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.
- CVE-2000-0594Jul 4, 2000risk 0.04cvss —epss 0.10
BitchX IRC client does not properly cleanse an untrusted format string, which allows remote attackers to cause a denial of service via an invite to a channel whose name includes special formatting characters.
- CVE-2000-0491May 24, 2000risk 0.04cvss —epss 0.18
Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and wdm allows remote attackers to execute arbitrary commands or cause a denial of service via a long FORWARD_QUERY request.
- CVE-1999-0879Oct 1, 1999risk 0.04cvss —epss 0.10
Buffer overflow in WU-FTPD and related FTP servers allows remote attackers to gain root privileges via macro variables in a message file.
- CVE-1999-0009Apr 8, 1998risk 0.04cvss —epss 0.29
Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases.
- CVE-1999-0042Apr 7, 1997risk 0.04cvss —epss 0.13
Buffer overflow in University of Washington's implementation of IMAP and POP servers.
- CVE-2002-0004Feb 27, 2002risk 0.03cvss —epss 0.01
Heap corruption vulnerability in the "at" program allows local users to execute arbitrary code via a malformed execution time, which causes at to free the same memory twice.
- CVE-2000-1134Jan 9, 2001risk 0.03cvss —epss 0.01
Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash, follow symlinks when processing << redirects (aka here-documents or in-here documents), which allows local users to overwrite files of other users via a symlink attack.
- CVE-2000-0530May 31, 2000risk 0.03cvss —epss 0.01
The KApplication class in the KDE 1.1.2 configuration file management capability allows local users to overwrite arbitrary files.
- CVE-2000-0438May 22, 2000risk 0.03cvss —epss 0.01
Buffer overflow in fdmount on Linux systems allows local users in the "floppy" group to execute arbitrary commands via a long mountpoint parameter.
- CVE-2000-0192Mar 5, 2000risk 0.03cvss —epss 0.06
The default installation of Caldera OpenLinux 2.3 includes the CGI program rpm_query, which allows remote attackers to determine what packages are installed on the system.
- CVE-2000-0218Feb 3, 2000risk 0.03cvss —epss 0.01
Buffer overflow in Linux mount and umount allows local users to gain root privileges via a long relative pathname.
- CVE-2000-0531Nov 23, 1999risk 0.03cvss —epss 0.01
Linux gpm program allows local users to cause a denial of service by flooding the /dev/gpmctl device with STREAM sockets.
- CVE-1999-0769Aug 25, 1999risk 0.03cvss —epss 0.01
Vixie Cron on Linux systems allows local users to set parameters of sendmail commands via the MAILTO environmental variable.
- CVE-2002-0835Oct 4, 2002risk 0.01cvss —epss 0.07
Preboot eXecution Environment (PXE) server allows remote attackers to cause a denial of service (crash) via certain DHCP packets from Voice-Over-IP (VOIP) phones.
- CVE-1999-0104Dec 16, 1997risk 0.01cvss —epss 0.09
A later variation on the Teardrop IP denial of service attack, a.k.a. Teardrop-2.
Page 1 of 3